Connecting to a Client behind a RRAS and a Router:

Similar Messages

• Can't Connect to Internet using AirPort Extreme Card and DLink Router

  I have tried just about everything, but I can't seem to connect my MAC OS X 10.3.9 to the internet. I am using the Airport Extreme Card and no networks show up. I am trying to connect to my DLink router. I was told by DLink that it is compatible with AirPort Extreme cards, but the guys at Best Buy were unable to connect to their wireless routers, other than their Mac Router. Please let me know if you have a solution! Thanks

  dannabee, Welcome to the discussion area!
  What Mac do you have?
  Do you have iMac G5 or a Power Mac G5?
  Did you install the AirPort Extreme card yourself?

• FTP-client behind RRAS - unable to connect to external FTP servers

  FTP-client behind RRAS - unable to connect to external FTP servers
  A small network (10-20PCs) without any segmentation - one LAN with one Gateway.
  1. If the Gateway is some small hardware device, there are not any problems to make FTP-connections from LAN to Internet FTP-servers
  2. If the Gateway is Win2003+RRAS+NAT or Win2003+ISA2005, there are not any problems to make FTP-connections from LAN to Internet FTP-servers
  3. But if the gateway is Win2008+RAS+NAT or Win2012+RRAS+NAT, the computers in the LAN are not able to connect to Internet FTP-servers
  I made a few tests:
  1. On Win2012+RRAS+NAT
  TurnOff Windows Firewall for All profiles (Domain, Private, Public) - the problem disappears, it it possible to connect to external Internet FTP-servers.
  2. On Win2012+RRAS+NAT
  TurnOff Windows Firewall only for Domain profile - the problem disappears, it it possible to connect to Internet FTP-servers.
  3. On Win2012+RRAS+NAT
  TurnOn Windows Firewall for All profiles (Domain, Private, Public)
  But I excluded the Internal NIC in this list
  Windows Firewall / Properties / Domain Profile / Protected network connections 
  and the problem disappears again
  My question is:
  What new Firewall rule  I have to make and where to place it (to be able to make FTP-connection from LAN to Internet FTP-servers)?
  I made some attempts to allow port21, but any success.

  Thank you, but did you try this ? 
  Can you describe in detail "exclusion rule for FTP traffic" ?!
  In my previous post, I want to say that if you use Win 2008/2012 RAS+NAT as a network gateway, than it is not possible to make FTP-connections to external FTP servers from the computers behind that gateway.
  And the standard attempts to make "Allow"-rules for port 21 in the gateway firewall (Win 2008/2012), do not solve the problem.
  No matter which FTP-client you can try to use.
  To see this problem, just make few simple tests: 
  ">telnet <ftp-server> 21" 
  with firewall on/off  and inbound/outbound "Allow port 21 rule (All/Domain/Private/Public)"
  In my country, the Government Tax Department uses FTP-protocol to collect monthly data from companies. 
  And it is too stupid scenario (to be a small company and to) upgrade from Win 2003 to a newer 2008/2012 and than to not be able to make all your jobs.
  -------EDIT---------
  The same problem (and its solution) is described here:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/0c68aed6-e22b-4cd4-86bd-f3c767e88349/advanced-firewall-blocking-through-ftp-traffic-rras
  The magic command:
  ">netsh routing ip nat delete ftp"
  solved the problem for me.
  And here is the description of this command - "Disables the FTP proxy on the NAT server."
  http://technet.microsoft.com/en-us/library/cc754535(v=ws.10).aspx#BKMK_106

• Connection between SDM client and server is broken

  Dear All,
  First of all this is what I have
  -NW04 SPS 17
  -NWDS Version: 7.0.09 Build id: 200608262203
  -using VPN connection
  -telnet on port 57018 is succesfull
  I can login to SDM server (from NWDS and from SDM GUI) I can see the state of SDM(green light), restart it, can navigate through tabs in GUI, but every time I am trying to deploy an ear i have this error:
  Deployment exception : Filetransfer failed: Error received from server: Connection between SDM client and server is broken
  Inner exception was :
  Filetransfer failed: Error received from server: Connection between SDM client and server is broken
  I have already read a lot of topics,blogs,notes but didn't find the solution.
  Can anybody help me?
  Best Regards

  Having same issue. Nothing helped so far... Using NWDS 7.0 SP18.
  I have turned SDM tracing on and this is what I see on client side after sending first data package:
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: debug "20120224140253 0280/17 Client: finished sending string part"
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: debug "20120224140253 0280/0 Client: receive String part from Server"
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl.receiveFromServer(NetComm ..): Entering method
  com.sap.bc.cts.tp.net.NetComm.receive(): Entering method
  com.sap.bc.cts.tp.net.NetComm: debug "Method "receive(char[])" could not read all requested bytes. There are still 12 bytes to read"
  com.sap.bc.cts.tp.net.NetComm: debug "Caught IOException during read of header bytes (-1,          43):Connection reset"
  com.sap.bc.cts.tp.net.NetComm: debug "  throwing IOException(net.id_000001)"
  com.sap.bc.cts.tp.net.NetComm.receive(): Exiting method
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: Exiting method
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: debug "20120224140253 0281/1 Client: connection was broken"
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: Exiting method
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: debug "20120224140253 0281/0 Client: finshed sendAndReceive"
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: Exiting method
  My connection on server is still active so I have to restart SDM server to reset and try it again.
  Anyone have idea whats happening?
  Edited by: skyrma on Feb 24, 2012 2:46 PM
  Edited by: skyrma on Feb 24, 2012 2:47 PM
  Edited by: skyrma on Feb 24, 2012 2:47 PM

• Error to connect oracle 10g client and designer BO 4.0

  hello,
  I try to connect oracle 10g client and designer BO 4.0.
  I created an ODBC connection to function in the administration tools of data sources but I can not connect once in designer.
  I tried using the driver directly oracle designer 10 but I have the same error that is this:
  DBD: ORA-12154: TNS: connection identifier specified could not be resolved
  someone there had the same concerns?
  cordially

  Hi,
  so it looks like that your TNSNAMES.ORA file isn`t properly configured. Thats why you can connect with the IDT to your Oracle Database.
  Your DBA`s should sent you the correct TNSNAMES.ORA file or the entry for your DB prior. After the tnsping works, you will be able to use the IDT properly.
  Regards
  -Seb.

• How to share and Access DB (.accdb) with global tables that link to SQL Server tables without having to define ODBC connections on each client PC?

  I have an Access DB with quite a few Linked Tables that point to a SQL Server backend db.  Currently I am using an ODBC connection defined on my pc, but I want other users to be able to download the .accdb file from a share and run.  Will I have
  to define this odbc connection on each client's pc?  Is there a better way to do this without having to have each client manually set this up on their PC?

  I have an Access DB with quite a few Linked Tables that point to a SQL Server backend db.  Currently I am using an ODBC connection defined on my pc, but I want other users to be able to download the .accdb file from a share and run.  Will
  I have to define this odbc connection on each client's pc?  Is there a better way to do this without having to have each client manually set this up on their PC?
  Hi Jason,
  I think you can automate that process. In each application I use a one-record-table in the FE with a field Connected. Connected is default False.
  Starting a database in the development mode ignores this flag. Starting a database in production mode starts, if Not Connected, a procedure to RefreshLink the tables to the BE, and makes Connected = TRUE, so a next startup does not
  result in a new RefreshLink.
  Instead of a Boolean you could also use a string containing the path, or whatever you want.
  Imb.

• Clients Connect to N AP's on 5508 and get different Transfer rates than on 4404

  I have have 2x 4404's (2x) and 2x 5508's all are running 7.0.240.0. When I take an 1142 and associate it to a 4404 I can connect a test client using N at 144Mbps and I can get transfer rates averaging 70Mbps (using iperf tests). When I take the same AP and associate it to a 5508, (same SSID, etc) I connect at 144Mbps but only get average 6Mbps transfer rates. I get the same results with 1252's. I get the same results if I wipe the config on the 5508 and start from scratch. It only happens when connecting at a/n, when I use a b/g AP such as 1132 I connect at 54Mbps on either controller and get transfer rates of 24Mbps. I have enabled disabled LAG (rebooted), moved the 5508 to connect to the same swtich ports, swapped GBICs. The issue happens on both 5508s, TAC has been unable to resolve this and they are confused as well.
  Some of the other things I have tried:
  •-          You are facing the issue on 5508's WLC only.
  •-          Both the WLC and the client reports high connection speed “144Mbps”
  •-          iPerf between wireless and wired showed the following:
  on 4400:  [124]  0.0-16.9 sec   154 MBytes  76.5 Mbits/sec
  On 5500:  [124]  0.0-94.3 sec  70.2 MBytes  6.25 Mbits/sec
  •-          The AP is the same AP, you just bounce it from 1 WLC to another.
  •-          The location of the AP is the same in all the tests, but it can be replicated with an 1142 anywhere on site and get the same results.
  •-          The test PC is the same in both cases
  •-          The configuration is the same on both WLC’s confirmed visaully in GUI and via CLI outputs and compaired.
  •-          The switch is the same, but have tired swapping 4404 and 5508 in data center.
  •-          Tried to swap the GBICs.
  •-          Used different ports on the 5508 (not just diff GBICs)
  •-          Disabled the LAG to rule out the load balancing algorithm.
  •-       Replaced the patch cables
  Used same ip space that the 4404 is using without sucess.
  Upgraded my second 5508 to version 7.5 and exact same resutls.
  Any ideas?

  Hi 
  In my 5508 WLC i have exactly the same problem as you  gsutherland 
  I tried apply this command config 802.11b 11nSupport a-mpdu tx priority all disable
  and i get message 
  "802.11b network not disabled"
  Why i must turn off b standard ?
  Thanks for respons 

• UnixODBC connects, but won't select - 64bit Linux and client 10.2.0.1.0

  ODBC connects, but won't select - 64bit Linux and 64 bit Oracle instant client 10.2.0.1.0, full install (all files but basiclite).
  ODBC can connect to an Oracle database, but cannot describe or select.
  sqlplus can connect and select.
  Also, ODBC can connect and select using a mysql database.
  At end is ODBC trace log, odbcinst.ini and odbc.ini
  Using the isql utility from unixODBC version 2.2.10, I get the following
  ## working tnsnames.ora is located
  $ export TNS_ADMIN=/usr/share/oracle/OraHome_1/network/admin
  $ LD_LIBRARY_PATH=/usr/lib64/oracle isql -v TESTDB foo bar
  | Connected! |
  | |
  | sql-statement |
  | help [tablename] |
  | quit |
  | |
  SQL> describe dual
  [IM003][unixODBC][Driver Manager]Specified driver could not be loaded
  [ISQL]ERROR: Could not SQLAllocStmt
  SQL> select count(*) from dual;
  [IM003][unixODBC][Driver Manager]Specified driver could not be loaded
  [ISQL]ERROR: Could not SQLAllocStmt
  SQL>
  Trace appended at end.
  System Details
  SuSE 9.3 64 bit, 2x Xeon, 8Gb RAM, latest SuSE kernel 2.6.11.4-21.9-smp
  A 64bit full client(10.1.0.3.0) is installed in /usr/share/oracle/OraHome_1, where the tnsnames.ora file is located (in network/admin)
  The 64 bit instant client is installed in /usr/lib64/instantclient_10_2, pointed to by soft-link /usr/lib64/oracle
  I also have a 32bit instant client, which is needed by OpenOffice
  From a shell with unset ORACLE_HOME, and with no Oracle lib in the ld.config path, all 3 versions are able to connect, and describe dual and select (*) from dual;
  export TNS_ADMIN=/usr/share/oracle/OraHome_1/network/admin
  # 10.2 64 bit instant client
  LD_LIBRARY_PATH=/usr/lib64/oracle /usr/lib64/oracle/sqlplus foo/bar@TESTDB
  # 10.2 32 bit instant client
  LD_LIBRARY_PATH=/usr/lib/oracle /usr/lib/oracle/sqlplus foo/bar@TESTDB
  # 10.1 64 bit full client
  LD_LIBRARY_PATH=/usr/share/oracle/OraHome_1/lib /usr/share/oracle/OraHome_1/bin/sqlplus foo/bar@TESTDB
  #### LOG AND INI FILES
  ### odbcinst.ini
  [OracleODBC-10g]
  Description = Oracle ODBC driver for Oracle 10g
  Driver = /usr/lib64/oracle/libsqora.so.10.1
  Setup = /usr/lib64/unixODBC/liboraodbcS.so.1
  FileUsage =
  CPTimeout =
  CPReuse =
  [ODBC]
  Trace = Yes
  TraceFile = /tmp/sql.log
  ForceTrace = No
  Pooling = No
  ### odbc.ini
  [TESTDB]
  Application Attributes = T
  Attributes = W
  BatchAutocommitMode = IfAllSuccessful
  CloseCursor = F
  DisableDPM = F
  DisableMTS = T
  Driver = OracleODBC-10g
  DSN = TESTDB
  EXECSchemaOpt =
  EXECSyntax = T
  Failover = T
  FailoverDelay = 10
  FailoverRetryCount = 10
  FetchBufferSize = 64000
  ForceWCHAR = F
  Lobs = T
  Longs = T
  MetadataIdDefault = F
  QueryTimeout = T
  ResultSets = T
  ServerName = TESTDB
  SQLGetData extensions = F
  Translation DLL =
  Translation Option = 0
  Here is the output from ODBC's trace of the isql session
  [ODBC][27847][__handles.c][444]
            Exit:[SQL_SUCCESS]
                 Environment = 0x507700
  [ODBC][27847][SQLAllocHandle.c][346]
            Entry:
                 Handle Type = 2
                 Input Handle = 0x507700
  [ODBC][27847][SQLAllocHandle.c][464]
            Exit:[SQL_SUCCESS]
                 Output Handle = 0x507ce0
  [ODBC][27847][SQLConnect.c][3527]
            Entry:
                 Connection = 0x507ce0
                 Server Name = [TESTDB][length = 6 (SQL_NTS)]
                 User Name = [foo][length = 3 (SQL_NTS)]
                 Authentication = [bar][length = 3 (SQL_NTS)]
            UNICODE Using encoding ASCII 'ISO8859-1' and UNICODE 'UCS-2LE'
  [ODBC][27847][SQLConnect.c][4101]
            Exit:[SQL_SUCCESS]
  [ODBC][27847][SQLAllocHandle.c][511]
            Entry:
                 Handle Type = 3
                 Input Handle = 0x507ce0
  [ODBC][27847][SQLAllocHandle.c][641]Error: IM003
  [ODBC][27847][SQLError.c][424]
            Entry:
                 Connection = 0x507ce0
                 SQLState = 0x7fffffffd750
                 Native = 0x7fffffffd748
                 Message Text = 0x7fffffffd760
                 Buffer Length = 500
                 Text Len Ptr = 0x7fffffffd74e
  [ODBC][27847][SQLError.c][461]
            Exit:[SQL_SUCCESS]
                 SQLState = IM003
                 Native = 0x7fffffffd748 -> 0
                 Message Text = [[unixODBC][Driver Manager]Specified driver could not be loaded]
  [ODBC][27847][SQLError.c][424]
            Entry:
                 Connection = 0x507ce0
                 SQLState = 0x7fffffffd750
                 Native = 0x7fffffffd748
                 Message Text = 0x7fffffffd760
                 Buffer Length = 500
                 Text Len Ptr = 0x7fffffffd74e
  [ODBC][27847][SQLError.c][461]
            Exit:[SQL_NO_DATA]
  [ODBC][27847][SQLError.c][504]
            Entry:
                 Environment = 0x507700
                 SQLState = 0x7fffffffd750
                 Native = 0x7fffffffd748
                 Message Text = 0x7fffffffd760
                 Buffer Length = 500
                 Text Len Ptr = 0x7fffffffd74e
  [ODBC][27847][SQLError.c][541]
            Exit:[SQL_NO_DATA]
  [ODBC][27847][SQLAllocHandle.c][511]
            Entry:
                 Handle Type = 3
                 Input Handle = 0x507ce0
  [ODBC][27847][SQLAllocHandle.c][641]Error: IM003
  [ODBC][27847][SQLError.c][424]
            Entry:
                 Connection = 0x507ce0
                 SQLState = 0x7fffffffd750
                 Native = 0x7fffffffd748
                 Message Text = 0x7fffffffd760
                 Buffer Length = 500
                 Text Len Ptr = 0x7fffffffd74e
  [ODBC][27847][SQLError.c][461]
            Exit:[SQL_SUCCESS]
                 SQLState = IM003
                 Native = 0x7fffffffd748 -> 0
                 Message Text = [[unixODBC][Driver Manager]Specified driver could not be loaded]
  [ODBC][27847][SQLError.c][424]
            Entry:
                 Connection = 0x507ce0
                 SQLState = 0x7fffffffd750
                 Native = 0x7fffffffd748
                 Message Text = 0x7fffffffd760
                 Buffer Length = 500
                 Text Len Ptr = 0x7fffffffd74e
  [ODBC][27847][SQLError.c][461]
            Exit:[SQL_NO_DATA]
  [ODBC][27847][SQLError.c][504]
            Entry:
                 Environment = 0x507700
                 SQLState = 0x7fffffffd750
                 Native = 0x7fffffffd748
                 Message Text = 0x7fffffffd760
                 Buffer Length = 500
                 Text Len Ptr = 0x7fffffffd74e
  [ODBC][27847][SQLError.c][541]
            Exit:[SQL_NO_DATA]

  We are having similar issue. Could you please let me know how to resolve this issue. If using 32-bit driver is the only solution, please provide the URL to download this.
  Linux gahfndev02 2.6.9-42.0.3.ELsmp #1 SMP Mon Sep 25 17:24:31 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux
  SQL*Plus: Release 10.2.0.1.0 - Production on Mon Jan 22 16:56:41 2007

• Client can not connect to Server installed window server 2008 and using 8.8

  HI all!
  I have a problem when Client  log in to server that installed window server 2008.It can not connect to this server even when restart and key in IP or Server name,...
  I try disable Firewall of window 2008 in server machine and client can connect to server. But when i disable firewall, it's mean  i can not use Remote desktop or terminal service..
  Now, how i can do in order to solve this problem.
  Thanks!

  Hi,
  Take a look at the admin guide (Page 75, 119, 159):
  [http://service.sap.com/~sapidb/011000358700000150922010E.zip]
  If you installed a firewall on the license service computer, make sure that the firewall is not set to port 30000; otherwise, the license service cannot work.
  If you are using Port X, make sure that you open Port X and Port (X+1) in the firewall. For example, if you are using port 10000, make sure to also open port 10001.
  The default communication port is 1143.
  The default port of the SAP Business One license server is 30000 for license communication and 30001 for the license naming service

• URGENT Connection lost between 10.5.4 Server and 10.4.11 & winXP clients

  Hi,
  We are running into a big problem. We just upgrade our server to a new Xserver 8 core running OS X 10.5.4. Previously the server was and older Xserver running 10.4.11, we didn't have problems then.
  After the connection is established everything works and the clients that are running OSX 10.4.11 and windows XP can see the shares via NFS and Samba.
  After an hour or so of working, the clients start loosing the connection and the shares mounted are not accessible anymore. To regain the access we need to reboot the client machine or disconnect and rejoin the domain.
  Each client machine losses its connection independently from the other clients, this means that some people still have access while others don't.
  The connection between the Mac server and the Mac clients is done using NFS, for the windows clients is using Samba.
  Thanks a lot!!

  For starters, use AFP for Macs, not NFS. Seriously.
  Check the logs for smb and the system logs, and post relevant error messages.
  Next step consider wireshark or tcpump to watch your network traffic and try to capture
  a client droppage/disconnect if at all possible.
  Also post the UNedited result of (using the terminal):
  sudo changeip -checkhostname

• Issue connecting via proxy client in SQL Developer 4.0

  Hi SQL Developers,
  I should have posted this earlier, as I have been using SQL Developer 4.0 for several months and noticed the issue some time ago. The environment I am connecting to uses a Windows ISA Proxy desktop client to allow traffic to some databases. I generally use the Oracle Client and OCI connections in SQL Developer. At some point during the SQL Developer releases, connectivity stopped working for certain databases behind the proxy.
  The following clients connect to the database behind the proxy without issue:
  SQL*Plus 11.2.0.1 64-bit
  SQL Developer 4.0.0.12.84 using the SQL*Plus client and OCI
  Connectivity to the database behind the proxy does not work with these versions:
  SQL Developer 4.0.0.13.80 (tested with Oracle client, thin, etc.)
  SQL Developer 4.0.0.13.30 (tested with Oracle client, thin, etc.)
  Error Message:
  An error was encountered performing the requested operation:
  IO Error: The Network Adapter could not establish the connection
  Vendor code 17002
  Connectivity to other non-proxied databases works for all clients above. I've tried re-creating the connections, re-installing, etc. Nothing works except going back to the earlier version of SQL Developer.
  Has anyone else experienced this behavior? I am trying to determine whether the proxy is stopping the client based on a signature or if the client is not routing the connection correctly.
  Thanks,
  Shad

  I think I have found a solution.
  Run the command prompt (CMD) in windows and type in the following:
  setx _JAVA_OPTIONS -Djava.net.preferIPv4Stack=true
  I got this from a java developer and now I'm able to connect

• Lync Client Behind A Proxy

  Can anyone confirm if the Lync client can be configured to route traffic via a proxy, or to use the proxy settings defined in IE?
  I have the following scenario...
  The environment is heavily locked down, and PC's only have access to the Internet via a defined IE proxy.  Internal IM, presence and communication all work fine.  We have configured federation with some remote organizations.  IM and presence
  works fine to these orgs, but when any A/V or application sharing is attempted, the media fails.  I can see from traces this is when the client tries (and fails) to access the A/V edge of the remote federated parties edge server.
  I've looked at the Lync settings, reg settings, group policy ADM and documentation, and cant find anything to a) confirm if this behavior is correct or b) any way to work around it.
  There must be other Lync implementations in hardened environments like this.  Opening up outbound ports is out of the question, so what other options do i have?
  Dave

  Jay, you missed the key word in my last post "internally".  Functionally, everything about the edge server is working fine.  Clients can login internally and externally.  Media flows from internal to external clients is fine.  All SIP/AV/WEBCON
  DNS entries are fine in public DNS along with supporting SRV records.  These interfaces are Nat'd and the AV address is correctly assigned.
  My problem only occurs when an AV session is attempted with a federated partner...
  When any AV or sharing is attempted, from the internal network, to the federated partner, i can see the Lync client attempting to make connections out to the remote federated partners AV edge (something which it will never be able to do as it's behind a
  proxy with no direct Internet access).  This is what I'm trying to address.
  Should the SIP/AV/WEBCON address exist INTERNALLY
  on the corporate DNS servers for internal clients to resolve?  Is this what i have missed?
  Is there anyway to instruct the Lync client to route traffic bound for the Internet via a proxy?
  Surely there must be someone else with this scenario in a locked down environment?

• Problems with Arrowpoint cookies for clients behind a Proxy

  I have in a WebSite clients being load balanced using Arrowpoint cookies to a virtual Server. The CSS load balance between three Apache real servers.
  I have some clients that are behind some kind of Proxy Cache and I have seen with a sniffer that the proxies causing the problem Re-use proxy to our server connections for different requests for multiple clients.
  Then, as I understand the CSS make the forwarding decission based on the cookie of the first request for the first client behind the proxy after establishing the HTTP connection, but when there is a request from other client using this same connection (that must be forwarded to other real server) the request is forwarded to the original web server and fails because we need sticky connections.
  I thought that this wasn't correct but I have read some documents that say that this is called a Proxy role as a "connection cache". Then my question is if there is any workaround for this problem.
  Thanks

  I believe your problem is that the proxy open a few persistent connections with the CSS and loadbalance your client's request over them.
  Once the CSS has associated a connection with a service, it does not look into the request anymore.
  The solution is to disable persistence on the CSS with the command 'no persistent' and 'persistence reset'.
  Find more info at :
  http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080093e06.shtml#crp
  Gilles.

• Contivity vpn client behind router with easy server

  Hi, I've seen this argument before, but without an effective solution.
  I have a contivity client behind a 857 cisco router. This client needs to connect to a remote VPN server.
  With NAT enable and easy VPN server disable all works fine.
  When I enable easy VPN server on the 857 (I need to connect several dial-up cisco vpn client from outside to this office) the contivity client can't connect anymore to the remote vpn server and hang up with the famous "bannet text" error.
  I think that because the external interface of the 857 is waiting for cisco vpn client to connect, it intercepts also the data from the remote contivity vpn server, not forwarding to the client inside the LAN.
  If there is a way to "passthrough" the contivity connection data to the internal client it would be very nice.
  Many thanks, Stefano.

  Hi, I found a possible solution. At this page
  http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080235197.shtml
  this is the interesting part:
  !--- Dynamic crypto map.
  crypto dynamic-map dynmap 1
  set transform-set foo
  match address 199
  access-list 199 permit ip 10.100.100.0 0.0.0.255 192.168.1.0 0.0.0.255
  access-list 199 permit ip host 172.16.142.191 192.168.1.0 0.0.0.255
  I try to put the contivity vpn client to another subnet (192.168.3.10) but the easy vpn server still intercepts its encrypted data.
  Salutes.

• Rmi/iiop with clients behind firewall?

  I have a client app (standalone/applet) that will be running behind a firewall and I'm trying to connect it to S1AS7 through rmi/iiop. I keep getting some connection exceptions on the server when it tries to connect back to the client. Is there anyway to find out which port the server tries to connect to the client so I can open up that port with the firewall? Is there any other workarounds?

  Check out the below document. This is a document for the earlier version of the appserver, but I guess this part should still hold good in S1AS 7 :
  http://docs.sun.com/source/816-5777-10/jpgrichc.htm#24425
  Basically, during the RMI-IIOP communication, the ports are assigned dynamically and hence we cannot exactly say which ports will be used for the response.
  As a general rule of thumb, the response will be going through the ephemeral ports. (Ephemeral ports are temporary ports assigned by a machine's IP stack, and are assigned from a designated range of ports for this purpose. When the connection terminates, the ephemeral port is available for reuse, although most IP stacks won't reuse that port number until the entire pool of ephemeral ports have been used. So, if the client program reconnects, it will be assigned a different ephemeral port number for its side of the new connection.)
  So, it is advisable to open the the entire ephemeral port range in the firewall.
  On Solaris, the ephemeral port range can be determined using the below command :
  # /usr/sbin/ndd /dev/tcp tcp_smallest_anon_port tcp_largest_anon_port
  These values could also be altered using the below commands :
  # /usr/sbin/ndd -set /dev/tcp tcp_smallest_anon_port 49152
  # /usr/sbin/ndd -set /dev/tcp tcp_largest_anon_port 61000
  Hope that helps...
  Cheers,
  VM