Dyn Dns behind Bordermanager 3.8

Similar Messages

• Handling Dyn DNS Active/Failover service while also hosting internal DNS

  I want to try and take advantage of using Dyn DNS failover service for our websites, to where it will detect when our primary public IP address to webserver goes down and will automatically update the dns record to use our 2ndary public IP address in our
  failover site.  The only trouble i'm running into is we also host the domain name internally as well which we normally point to the private of the web server in our primary site.  is there a way to just have the request for that one specific A record
  to go to an external dns server to get resolved while the remaining records can be resolved internally by that server?  tried round robin with the 2 ip's addresses but does not work as i need it to.  Thanks any help is appreciated.
  Michael Duhon

  Hi,
  According to your description, my understanding is that you want the customer to access the website by another public IP when the current public IP down: request for specific A record to go to an external DNS server to get resolved while the remaining records
  can be resolved internally by that server.
  Usually we can use DNS conditional forwarder to redirect the query for a specific domain name to another DNS server, but we can’t specific a DNS server for an A record query.
  Or, you may try to manually add the record in local hosts file.
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Webserver behind Bordermanager 3.7

  I have a Webserver behind bordermanager and can't hit it from the
  outside. I have a public IP on the same network bound as a secondary and
  the Private to public in static NAT table. I have both static and dynamic
  NAT. The private IP is in the HOSTS file along with the address. When
  attemps are made from the outside the browser shows looking up host with
  the proper webaddress then goes to the private IP address port 443 and
  hangs. I even tried adding filter exceptions both in & out. At this
  point am at wit's end (not a long journey).
  Thanks for any help
  Les Hudson
  Bay-Arenac ISD

  hi Les,
  the easiest thing to try is to verify if it's a filtering issue.
  Try to UNLOAD IPFLT at the Bm server console,and see if you can reach the
  internal web site from outside.
  Let me know.
  Caterina Luppi
  Novell Support Connection Volunteer Sysop

• Set up a proper live and local DNS behind a router

  Hello dear friends,
  I'm new to Snow Leopard Server and also i'm quite inexperienced in setting up DNS. We bought a Mac Pro for out small company along with Snow Leopard Server to become independent from our ISP, for some specific services like web hosting, mail and to bring up new services like Address book server, iCal server, FTP, Mobile access etc...
  So for me to do that i have to set up our own DNS first. We already bought our domain name (crisconsult.ro) and since then the site has been hosted on our ISP and then aliased to Apple. We also have our own (fix) public IP 80.86.123.116.
  Having installed SL Server and set-up, behind an Airport extreme router, the server was unable to pick up our name server which is ns.crisconsult.ro. Since the router is the first in the network, the server became second with a local IP 10.0.1.2. This is the same IP that the server automatically set up for DNS, BUT if i keep this ip on our name server (ns) i feel it's not good since:
  host ns.crisconsult.ro returns
  ns.crisconsult.ro has address 10.0.1.2
  and host 80.86.123.116 returns
  116.123.86.80.in-addr.arpa domain name pointer ns.crisconsult.ro.
  As i understand there should be our public IP (80.86.123.116), BUT all the tutorials on the net regarding setting up DNS in Leopard Server point that at DNS one should put the machine's own local IP and have the machine look at itself as DNS in network settings.
  So? Is there a local DNS and a public DNS to set up? What gives?
  I could really appreciate some help in configuring DNS, along to some good and real examples of DNS servers configured behind a router.
  Thanks,
  Andrei

  Andrei,
  I too, would love nothing more than to be able to use DNS on my 10.4, 10.5 & 10.6 servers. Unfortunately, the only way I have found to effectively wield a somewhat complete level of control over the bind DNS included with the server, is to abandon all usage of the Server Admin DNS control in favor of something like webmin. The good news is, webmin gives you a host of other features that I (sadly) don't expect to see within the Apple Server GUI any time soon.
  Bad news, is that the 'best practice' way of setting up a stable, functional DNS on a Mac Server seems to be: clean install, webmin install, and never, ever use the apple DNS interface. Similar rule applies to web server.
  I like to think the measure of a good admin is the ability to fix the problem(s) without having to reinstall completely. However, I can say from much experience and extensive googling, that what you are trying to do is a game of hopscotch in a minefield. You should be VERY familiar with the installation and setup process once you have your box configured the way you want it.
  Hopefully one day Apple will decide to take the bull by the horns and address teh fact that DNS is an integral part of a sever set up these days and provide us users with some of that Apple think-outside-the-box-so-you-dont-have-to product that they have been so well known for. I can't say whether they're in too much of a hurry deploying video iPods or super-duper mice that the server product that you and I would love to see work efectively simply doesn't.
  Sorry to get on a rant, I just want to save you some time that I lost figgerin' on this vexing enigma. I can use citations for my assertions if need be.
  -Chance

• How to set up DNS behind a NAT router...

  I am trying to configure DNS in Panther Server as the SOA for my domains and as a LAN name server. I've read several explainations about setting up DNS including technical document 106853 "How to set up DNS in a NAT environment" which says:
  Note: For Mac OS X Server 10.3 or later, you should use the Server Admin
  application to configure DNS and NAT. Please see the Network Services
  Administration Guide for additional information.
  Seeing how picky BIND is, this sounds like a good idea, except I can't configure views like that.
  Questions:
  1) What happens if I create an A record in my main domain for newmac.mydomain.com-->10.0.1.2? People outside the LAN can't get to it, right?
  2) Can I create really simple names for the LAN like newmac-->10.0.1.2?
  Thanks!

  You can use "system-config-network" command to configure your DNS configuration.

• How to setup DNS behind Airport Extreme and ISP that will not reverse DNS

  Hi,
  I am having issues setting up my Mac Mini with SLS. Right now my server is connected to the internet through my Airport Express. It gets a static address from the router (10.0.1.13). The router also has a static address from my ISP. I own the domain redcedarpoint.com. I have set the A record to point to my static router IP address. I also setup a CNAME for server.redcedarpoint.com to the same address.
  During the initial portion of setup SLS sees my ISP's domain versus my own domain and incorrectly fills the local domain name. I manually changed these to redcedarpoint.com and called the server 'server'. This puts server.redcedarpoint.com into all the host names. Everything seems to work, but now all my users get email addresses like [email protected] versus [email protected]. I have manually set mail host name to redcedarpoint.com (although this is wrong I think). It solves the email addressing issue, but now postfix gives me a warning about a duplicate:
  +Jan 27 21:20:45 server postfix/postmap[70670]: warning: /var/amavis/local_domains.db: duplicate entry: "redcedarpoint.com"+
  My question is: What should I fill in during setup and how should I setup DNS from my hosting service.
  By the way, I am also trying to funnel all inbound and outbound email through my premium Google Apps subscription.
  Here's also the result of postconf -n
  +Last login: Wed Jan 27 21:19:47 on ttys000+
  +server:~ ianknight$ postconf -n+
  +biff = no+
  +command_directory = /usr/sbin+
  +config_directory = /etc/postfix+
  +content_filter = smtp-amavis:[127.0.0.1]:10024+
  +daemon_directory = /usr/libexec/postfix+
  +debugpeerlevel = 2+
  +enableserveroptions = yes+
  +header_checks = pcre:/etc/postfix/customheaderchecks+
  +html_directory = /usr/share/doc/postfix/html+
  +inet_interfaces = all+
  +mail_owner = _postfix+
  +mailboxsizelimit = 0+
  +mailbox_transport = dovecot+
  +mailq_path = /usr/bin/mailq+
  +manpage_directory = /usr/share/man+
  +mapsrbldomains =+
  +messagesizelimit = 10485760+
  +mydestination = $myhostname, localhost.$mydomain, localhost, dmcwatering.com, internationalcardio.com+
  +mydomain = redcedarpoint.com+
  +mydomain_fallback = localhost+
  +myhostname = redcedarpoint.com+
  +mynetworks = 127.0.0.0/8,216.239.32.0/19,64.233.160.0/19,66.249.80.0/20,72.14.192.0/18,209.8 5.128.0/17,66.102.0.0/20,74.125.0.0/16,64.18.0.0/20,207.126.144.0/20,173.194.0.0 /16+
  +newaliases_path = /usr/bin/newaliases+
  +queue_directory = /private/var/spool/postfix+
  +readme_directory = /usr/share/doc/postfix+
  +recipient_delimiter = ++
  +relayhost =+
  +sample_directory = /usr/share/doc/postfix/examples+
  +sendmail_path = /usr/sbin/sendmail+
  +setgid_group = _postdrop+
  +smtpsasl_authenable = yes+
  +smtpsasl_passwordmaps = hash:/etc/postfix/sasl/passwd+
  +smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated rejectrblclient zen.spamhaus.org permit+
  +smtpdenforcetls = no+
  +smtpdhelorequired = yes+
  +smtpdhelorestrictions = rejectinvalid_helohostname rejectnon_fqdn_helohostname+
  +smtpdpw_server_securityoptions = cram-md5,gssapi,login+
  +smtpdrecipientrestrictions = permitsaslauthenticated permit_mynetworks rejectunauthdestination checkpolicyservice unix:private/policy permit+
  +smtpdsasl_authenable = yes+
  +smtpdtlsCAfile =+
  +smtpdtls_certfile =+
  +smtpdtls_excludeciphers = SSLv2, aNULL, ADH, eNULL+
  +smtpdtls_keyfile =+
  +smtpdtlsloglevel = 0+
  +smtpduse_pwserver = yes+
  +smtpdusetls = no+
  +unknownlocal_recipient_rejectcode = 550+
  +virtualaliasmaps =+
  +server:~ ianknight$+

  The first one is easy...
  Jan 27 21:20:45 server postfix/postmap70670: warning: /var/amavis/local_domains.db: duplicate entry: "redcedarpoint.com"
  You have redcedarpoint.com set as both the domain name and the hostname of the server. That is not correct:
  mydomain = redcedarpoint.com
  myhostname = redcedarpoint.com
  In this case, myhostname should be the reverse DNS hostname that the recipient mail server would see on outgoing mail - typically this would be something like 'mail.redcedarpoint.com
  You should also fix the mydestination parameter so that it includes your domain name as well:
  mydestination = $myhostname, localhost.$mydomain, localhost, dmcwatering.com, internationalcardio.com
  mydestination identifies the domains this server accepts mail for. In this setup it will accept mail addressed to @mail.redcedarpoint.com (assuming you fix myhostname, as above), @localhost.redcedarpoint.com, @localhost, @dmcwatering.com and @internationalcardio.com
  Nowhere here does @recedarpoint.com appear, so users won't get mail addressed to [email protected]
  It's easiest to just add redcedarpoint.com to the list of domains the server handles mail for.
  how should I setup DNS from my hosting service
  Your subject implies a reverse DNS question, but there's nothing in this post about reverse DNS. Other than that, you should have an MX record for your domain that points to the public IP address of your router.

• Confussion: DNS/FQDN behind SOHO Firewall/Router

  Hi Everyone,
  I'm a little confused as to the setup of DNS behind a Firewall/Router.
  I have previous had an OS X 10.6 server with DNS setup directly to a Global IP.
  In my new setup, I will have a SOHO Firewall/Router setup at the "edge" with server & clients on the Local LAN. I will need the server to be able to serve up DNS / Open Directory master / Web Services / etc. both publically and privately. The SOHO device will serve up DHCP.
  Port Forwarding on the SOHO router is not an issue, so covered there.
  I am a bit confused on what to do on the DNS side as it is now sitting on private lan but needs to serve out publically as well.
  Is it as simple has having something like the following in the DNS tables?
  Note: dns1.mycompany.com. would have static IP: 192.168.1.10
  dns1.mycompany.com. IN A 123.123.123.123
  dns1.mycompany.com. IN A 192.168.1.10
  10.1.168.192.in-addr.arpa. IN PTR dns1.mycompany.com.
  123.123.123.123.in-addr.arpa. IN PRT dns1.mycompany.com.
  That way there is a machine record and reverse lookup for both internally and externally?
  Message was edited by: Jin597

  I am not saying the following is the only way to do it, but typically you would run your own DNS server internally and may have for example www.yourcompany.com resolve to a local private IP address, and externally you would have your ISP run a DNS server for the same domain but it would resolve to your public IP address.
  The outside world would only see and use the ISPs version and would therefore always use the (correct) public IP address, and your users on the LAN would use your internal DNS server and hence the private IP address.
  It would be possible to do the same all yourself by having two separate DNS servers internally but keeping one for use by your LAN, and the other for use (only) by external users. I don't believe the standard Apple Server Manager utility makes it possible to properly do both on one server.

• Dynamic DNS Port Forwarding Set up on Airport Extreme

  I just bought the new AEBS and am unable to afp into my computer from outside the network. I use a dynamic DNS service (www.dyndns.org) and have not had trouble in the past, but now it tells me that the server does not exist. What is the trick? I have tried many options in the forum, but with no luck. I am using firmware 7.2.1 (that is what came with the base station). My Internet service is through Verizon and I know that it does not provide port problems since it worked with my Netgear router, I don't have file sharing on for mounted disks (there are none attached) and entered my DYN DNS information in the Bonjour tab. I know this should not be so complicated, but nothing seems to work. For some reason, the base station is using port 548 (i have been told) and tried using another port). Someone please help.

  First of all you must install a DDNS Client on the machine you want to access. I don't know if DynDNS has one.
  No-ip.com as one. Just create a free account, install and configure the client software. It will transmit the Wan IP of you network to the no-ip servers, then you'll be able to connect IF the port for afp is routed to the correct machine in the AEBS. Here is a link the the ports used by Apple products:
  http://docs.info.apple.com/article.html?artnum=106439
  Jean-Luc Marechal
  http://www.tarmac.be

• DNS - can't remove "0.0.10.in-addr.arpa" reverse domain!

  I'm having some trouble with DNS behind our firewall. In this case we have an internal block of IP's. We're using the public 10.0.1.xxx subnet. Using OS X Server's DNS service to attempt to add a virtual host to our to our previously working network has created some trouble. First of it always adds the Reverse Zone 0.0.10.in-addr.arpa. to our Zones list. The working one is 1.0.10.in-addr.arpa. so why does it insist on adding this other one? I delete it and save. But it reappears immediately...
  It even shows in the log:
  +03-Sep-2009 08:50:12.083 zone 0.0.10.in-addr.arpa/IN/com.apple.ServerAdmin.DNS.public: loading from master file db.0.0.10.in-addr.arpa. failed: file not found+
  Server is running Leopard (10.5.8)

  Hi,
  When you set up your Kerberos realm on the original 10.0.x.x DNS zone with its accompanying x.0.10.in-addr.arpa then you established a required service. If you still had OD master with Kerberos running when you deleted the 10.0.x.x zone then Kerberos failed and kept trying to use the reverse pointer x.0.10.in-addr.arpa.
  You will probably have to take the OD back to standalone after setting up the new zone with the new address and its reverse pointer. Give the new zone a different host name which results in a new realm. Then repromote OD and have Kerberos established with the new realm and DNS setup.
  At this point it seems Kerberos is borked and you don't have much choice about going to standalone and repromoting to get it back.
  HTH,
  Harry

• Use two dynamic dns updaters  on one machine?

  I am wanting to enable virtual hosting in Apache2 on my PPC leopard mac mini to host more than one domain I own. I've been a DYN DNS customer for many years, but it appears now the costs for adding another domain has skyrocketed. If I keep my first one with them, and go to no-ip for the second, that would mean I would need to run two of their client updater apps. Is that a good idea? Doable? thanx, sam

  OK....I figured it out.
  I was able to set the IPV4 properties on the ones needing filtering to use the IP or OpenDNS as the primary DNS and my server address as the secondary and that works.
  I removed OpenDNS forwarder from the server, flushed dns on all machines and so far it's working perfectly.  The machines that are not going to be filtered just go through the server for DNS.
  Hopefully, after a while it doesn't break down!

• DNS provider help

  yo
  I'd like to use a static hostname to connect to my box (whcih has a dynamic IP), can anyone recomend a good program to use in conjuction with a dns service provider, preferably www.dyns.cx?
  cheers all

  community/noip 2.1.4-1
  A Dynamic DNS Client Updater for no-ip.com services
  Also:
  community/ddclient 3.7.3-1
  Update dynamic DNS entries for accounts on many dynamic DNS services.
  aur/ez-ipupdate 3.0.11b8-2
  A small utility for updating your host name using dyn.dns services.
  aur/inadyn 1.96.2-1
  Simple dynamic DNS client
  aur/inadyn-opendns 1.99-2
  Simple dynamic DNS client with SSL support
  Last edited by byte (2008-02-12 04:15:02)

• Setting up a web server

  Hi,
  I have four or five domains registered and now I’m paying for web hosting (not much, but…). For many months now, I’m reconsidering to set up my own web server (I have DSL connection 24/7 so…).
  One idea was to go with MS 2003 SERVER on some older PC I have, but since I’m not some expert (more or less dummy) for this things… gone down the toilet .
  Then I bought an iMac (the best investment in past few years regarding computers) and on apple.com site I saw OS X SERVER software and more I was reading this more seemed that this is something for me, for my idea to set up a server.
  Now I bought on eBay used G4 Mac Mini and I will install a OS X SERVER (please, don’t tell me that I’m trying to put a BMW engine into SMART… I know that and I hope that will somehow work… if not, there is still eBay to sell everything and there is still a toilet for my idea:-( ). However, the pages I own are not some crucial things for state security, but still I need PHP5 and MySQL (as far as I know OSX have this, right?).
  My questions are:
  To set up web server I need a DNS (like: nameserver.mydomain.com) otherwise nothing, right?
  Do I have to register somewhere my own DNS like domains and to pay annually for this (any suggestion where)?
  Hosting my other web sites (with other domains) on OSX will not be a problem. I suppose that OSX can do this?
  If I have nameserver.mydomain1.com, will be a problem to set up an email server/account for mydomain2.com or I have to set up a DNS also for this second domain (will be on same server)?
  I’m sorry, if my questions are stupid (on the other hand, someone said that there are no stupid questions, the answers can be stupid), but I’m really not familiar with this things.
  Many thanks in advance and excuse me for my English,
  M

  Faganel, did you ever find a "Leopard Server as a Web-Server - Setup for Dummies" kind of guide or article?
  If so, I'd really like answers and tips, to the same kind of questions you have.
  I don't think this is the best forum, to ask for newbie-style advice. The people here are hard-working system-admins, who does web-server setups for a living, and they really don't have time, to answer questions like ours.
  I've done dozens of Windows 2000 web-server setups at work, and the funny thing is, I could probably have helped you, had you gone with the Windows 2003 Server
  However I'm trying to get some Xserves into our server room at work, and am evaluating Leopard Server here at home, and would like to do the same thing as you - Setup a Leo web-server with dyn-dns or something like that.
  But because my knowledge is Windows, and because I've always worked with our own DNS and IP's, I'm having trouble getting my Leopard web-server here at home, to serve to the internet.
  I can get it to serve perfectly to my own sub-net, but when I try to access it from the outside, I get nothing. I've setup my DSL-router to point web-traffic to the Leopard web-servers IP, but still get nothing.
  However, I've just started, and I'm sure I'll get it to work, but some pointers would be really cool - obviously it can be done, just need to get my head around the fact, that I'm home and dealing with DSL and DSL-routers, and not the Ciscos and SonicWalls I'm used to at work
  I must say though, that Leopard Server is an amazing product, and I'm positive well need to start buying Xserves from now on at work. The time saved setting them up and administering them, is HUGE when compared to the Win2000 boxes I have to fight every day at work
  I also think Apple could make a very cool home-server, if they wanted too - I have no idea if it would sell, but Leo Server is almost so easy to setup now, that most people could get the hang of it ...
  Anyways, if you or someone else has a guide, to getting it to serve webpages behind a DSL-router with a static IP, I'd be more than grateful - I'm sure this would impress my boss enough, that I'd get a handsome budget to explore Leopard Server some more - I't just awesome from a SysAdmins point of view.

• Apache in FMS 4 Developer vs XAMPP Environment for PHP

  1.  Have a Flash Webpage under development designed to permit preview and streaming of FLV video.  Downloaded FMS Developer as a test server on my computer.  Apache 2.2 loads with it with a checkbox option to install it or not. I'm able to stream my video OK in this setup using RTMP://localhost and the FLVPlayback component in Flash Pro.  I like some of the OSMF players better like the one in the FMS Start Screen, but I haven't been able to integrate/embed it into my Flash webpage using the HTML provided.  They say just paste it to the webpage, but in ActionScript how do you do that?  None of the online help really explains how to embed Strobe Media Player into an FLA webpage using their HTML.
  2.  I plan to use PayPal Express Checkout for Digital Goods (EC/DG) as my pay facility on the Flash webpage. My videos will play to a cuepoint and then jump to a PayPal button which executes (EC/DG) .  I'm having trouble integrating PayPal with my Flash webpage.  There's a lot of online help, but most solutions involve PHP.  To help me understand PHP I bought the e-book, "Adobe Dreamweaver CS5 for PHP" which recommends downloading the XAMPP platform which contains Apache, PHP, MySQL etc.  I have several questions concerning this:  (a) If I use the XAMPP software, as recommended in the Dreamweaver book, do I have to first uninstall the Apache that comes with FMS? I assume you can't have two Apache's running at the same time. (b) Is FMS the Server or is Apache the server in the FMS installation? (c) Does the Apache software installed with FMS include PHP and MySQL, which seems to be required for any server-side coding?
  You can see by some of these questions that I'm new to all this Server stuff.  I'm doing it myself because I can't afford to pay the $400 to $500 a month for a Video Streaming Host.  I want to use FMS with Amazon Web Services to implement my Streaming Video Project, but I'm not sure I can do it with all the problems I'm encountering.  Anybody know any "reasonable" developers?   ;-)
  Two final questions:
  3.  Why would I need Flash Builder if I have Dreamweaver?  Don't they do essentially the same thing?
  4.  Can I do everything I'm trying to do in 1 and 2 above just using ActionScript and JavaScript, which I understand is just Server-side ActionScript?
  I appreciate any help you can give me on any one or all of these issues.  Thanks
  Joel Cotten
  VideoArts

  1. backup your applications folder, fms.ini and any other config files that you have changed in the FMS install directory.
  2. uninstall FMS
  3. reinstall FMS and uncheck the option to install the bundled apache webserver . FMS should be installed on a seperate server as apache. Flashplayer uses port 80 and it  Will conflict adobe apparently bundles apache to be used as demo. I have never gotten PHP and all its modules such as gd to work on their version of apache. reinstall you applications folder and fms.ini(any thing else you backed up)
  4. install apache 2.2,PHP,PHP PEAR(if you ever want to send mail)  install  mysql and mysql workbench on the server machine.
  5. create a text document and change hide known file extensions in the windows folder options so you can change the text files extension to .html(myEmbedFile.html) paste the html provided into this file put it on the webserver and browse to it.
  Resources to keep in mind.
  1. You can use any desktop machine running windows that is has at least 512 mb of ram as development machine. I have installed all the above mentioned servers on desktop machines. I currently use a single quad core destop for all my delvelopment needs and because its a devlopment machine i took port 80 out of fms.ini and installed IIS,Mysql and FMS on it. Keep in mind if you are using windows 7 that you can install apache and PHP on it but I could not get GD (php graphics module) to install on it an currently use IIS. If you do all of this on Linux its not a problem but you may have to find a patch for FMS to get it to install.
  2. if you want to attach your ip adderess to a domain name use dyn.dns their client will autochange your IP address if your ISP gives you a new one or you change a nic card or for any other reason.
  You should do everything I've described above to be able to learn and create apps as effiecently and with as little hassle as possible.
  You can use a package such as  XAMPP to which will install all the above servers but i prefer to do it one by one and use config files without a config manager and I think its easier to install any sever modules I might want to use in the future to expand my development websites. Your choice though.

• VPN SITE to SITE (RV520-FE-K9 TO RV042)

  Hello Everyboddy,
  I got some issues here, so i hope you can help me out.
  What i´m tryin to do is seting up a vpn betwen these two routers, so i´ve checked the configuration many times but i didn´t find the problem.
  PS: Sorry for hiding the public addresses and info is just that my company does not want to share them.
  Here´s the debug from the SR520:
  Mar  3 16:06:12.359: ISAKMP (0:0): received packet from xxxx.xxxx.xxxx.xxxx dport 50
  0 sport 500 Global (N) NEW SA
  *Mar  3 16:06:12.359: ISAKMP: Created a peer struct for 1xxxx.xxxx.xxxx.xxxx, peer por
  t 500
  *Mar  3 16:06:12.359: ISAKMP: New peer created peer = 0x83B94084 peer_handle = 0
  x8000000B
  *Mar  3 16:06:12.359: ISAKMP: Locking peer struct 0x83B94084, refcount 1 for cry
  pto_isakmp_process_block
  *Mar  3 16:06:12.359: ISAKMP: local port 500, remote port 500
  *Mar  3 16:06:12.359: insert sa successfully sa = 847E3DB8
  *Mar  3 16:06:12.363: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
  *Mar  3 16:06:12.363: ISAKMP:(0):Old State = IKE_READY  New State = IKE_R_MM1
  *Mar  3 16:06:12.363: ISAKMP:(0): processing SA payload. message ID = 0
  *Mar  3 16:06:12.363: ISAKMP:(0):No pre-shared key with xxxx.xxxx.xxxx.xxxx!
  *Mar  3 16:06:12.363: ISAKMP : Scanning profiles for xauth ...
  *Mar  3 16:06:12.363: ISAKMP:(0):Checking ISAKMP transform 0 against priority 1
  policy
  *Mar  3 16:06:12.363: ISAKMP:      life type in seconds
  *Mar  3 16:06:12.363: ISAKMP:      life duration (basic) of 28800
  *Mar  3 16:06:12.363: ISAKMP:      encryption DES-CBC
  *Mar  3 16:06:12.363: ISAKMP:      hash MD5
  *Mar  3 16:06:12.363: ISAKMP:      auth pre-share
  *Mar  3 16:06:12.363: ISAKMP:      default group 1
  *Mar  3 16:06:12.363: ISAKMP:(0):Preshared authentication offered but does not m
  atch policy!
  *Mar  3 16:06:12.363: ISAKMP:(0):atts are not acceptable. Next payload is 0
  *Mar  3 16:06:12.363: ISAKMP:(0):no offers accepted!
  *Mar  3 16:06:12.363: ISAKMP:(0): phase 1 SA policy not acceptable! (local xxxx.xxxx.xxxx.xxxx
  remote 1xxxx.xxxx.xxxx.xxxx)
  *Mar  3 16:06:12.363: ISAKMP (0:0): incrementing error counter on sa, attempt 1
  of 5: construct_fail_ag_init
  *Mar  3 16:06:12.363: ISAKMP:(0): sending packet to xxxx.xxxx.xxxx.xxxx my_port 500 p
  eer_port 500 (R) MM_NO_STATE
  *Mar  3 16:06:12.363: ISAKMP:(0):Sending an IKE IPv4 Packet.
  *Mar  3 16:06:12.363: ISAKMP:(0):peer does not do paranoid keepalives.
  ot accepted" state (R) MM_NO_STATE (peer 1xxxx.xxxx.xxxx.xxxx)
  *Mar  3 16:06:12.363: ISAKMP (0:0): FSM action returned error: 2
  *Mar  3 16:06:12.363: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MOD
  E
  *Mar  3 16:06:12.363: ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_R_MM1
  *Mar  3 16:06:12.367: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal n
  ot accepted" state (R) MM_NO_STATE (peer xxxx.xxxx.xxxx.xxxx)
  *Mar  3 16:06:12.367: ISAKMP: Unlocking peer struct 0x83B94084 for isadb_mark_sa
  _deleted(), count 0
  *Mar  3 16:06:12.367: ISAKMP: Deleting peer node by peer_reap for xxxx.xxxx.xxxx.xxxx
  : 83B94084
  *Mar  3 16:06:12.367: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
  *Mar  3 16:06:12.367: ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_DEST_SA
  *Mar  3 16:06:12.367: IPSEC(key_engine): got a queue event with 1 KMI message(s)
  *Mar  3 16:06:12.367: ISAKMP:(0):deleting SA reason "No reason" state (R) MM_NO_
  STATE (peer 190.75.132.212)
  *Mar  3 16:06:12.367: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_ERROR
  *Mar  3 16:06:12.367: ISAKMP:(0):Old State = IKE_DEST_SA  New State = IKE_DEST_S
  A
  HERE´S THE CONFIGURATION SR520:
  Current configuration : 5091 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname SR520_LEBRUN
  boot-start-marker
  boot-end-marker
  logging message-counter syslog
  enable secret 5 $1$UuTx$Y.koYevk4/LPbBf64zkuS0
  aaa new-model
  aaa authentication login default local
  aaa authentication login tango_authen_login line local
  aaa authorization exec default local
  aaa authorization exec tango_author_exec if-authenticated
  aaa session-id common
  crypto pki trustpoint TP-self-signed-3291959072
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-3291959072
  revocation-check none
  rsakeypair TP-self-signed-3291959072
  crypto pki certificate chain TP-self-signed-3291959072
  certificate self-signed 01
    30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 33323931 39353930 3732301E 170D3032 30333032 32313534
    30325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32393139
    35393037 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100BBD5 6B0E11F1 D03D650E 22115792 E4CBC7A1 F2B744E6 AE965A32 36220A4B
    42BC3422 2291666D D013575C E56640E5 59327E55 F9DE394E 4AC4F9EF 6C25D0ED
    15F402F3 E2CDFEC5 B4E5CC55 CEC08A98 98EAEDCD 3A6C6D97 329FBC31 21502310
    DF5E553A F158389E 555BE050 81E888C0 261E0E86 BE3498D7 71991DBF 68250D68
    BCAF0203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603
    551D1104 1F301D82 1B535235 32305F4C 45425255 4E2E6C65 6272756E 5F6E6370
    2E636F6D 301F0603 551D2304 18301680 14E61EB4 559D8ACF 0A51400E E47A2A17
    1D85DAF7 A6301D06 03551D0E 04160414 E61EB455 9D8ACF0A 51400EE4 7A2A171D
    85DAF7A6 300D0609 2A864886 F70D0101 04050003 81810031 A3CB3462 64797A5B
    81BBC615 0044A2A4 4E392911 FB79B865 63E51183 A4DDC805 DBD9C8AD 3199C6FE
    8791B246 E94D2CE5 59D7288B 6D72A231 FB9E4EFE 67167CF2 822145EB 372E666E
    8289DE17 3187B72E 620BE58E C864F8B3 D84308A0 29995603 A19A9F94 79955C6F
    666491F6 226F2546 02DDE1D8 112DCF7A 1DC9F003 635972
          quit
  dot11 syslog
  ip source-route
  ip dhcp excluded-address 192.168.2.1
  ip dhcp pool 1
     import all
     network 192.168.2.0 255.255.255.0
     default-router 192.168.2.1
     domain-name labrun_ncp.com
     dns-server 200.44.32.12 200.11.248.12
  ip cef
  ip domain name lebrun_ncp.com
  ip ddns update method sdm_ddns1
  HTTP
    add http://[email protected]/nic/update?system=dyn
  dns&hostname=<h>&myip=<a>
    remove http://[email protected]/nic/update?system=
  dyndns&hostname=<h>&myip=<a>
  interval maximum 2 0 0 0
  interval minimum 1 0 0 0
  no vlan accounting input
  no ipv6 cef
  multilink bundle-name authenticated
  username Admin privilege 15 secret 5 $1$cixn$hZS19piuPlZSX9vDLPCbK1
  crypto isakmp policy 1
  encryp des
  hash md5
  authentication pre-share
  lifetime 28800
  crypto isakmp key xxxxxxx address 192.168.4.0 255.255.255.0
  crypto ipsec security-association idle-time 300
  crypto ipsec transform-set VPN_LEBRUN_TIMON esp-des esp-md5-hmac
  crypto map LEBRU_TIMON 1 ipsec-isakmp
  set peer xxxx.xxxx.dyndns.org
  set transform-set VPN_LEBRUN_TIMON
  match address 110
  archive
  log config
    hidekeys
  interface FastEthernet0
  description INTERFACE DIRECTLY CONNECTED TO IPPX KX-NCP1000
  switchport access vlan 2
  interface FastEthernet1
  description INTERFACE DIRECTLY CONNECTED TO RECORDING SERVER POLTYS
  POLTYS_NCP
  switchport access vlan 2
  interface FastEthernet2
  description FREE
  switchport access vlan 2
  interface FastEthernet3
  description FREE
  switchport access vlan 2
  interface FastEthernet4
  description INTERFACE DIRECTLY CONNECTED TO MODEM ADLS NETOPIA 2246n-XG
  ip dhcp client update dns server none
  ip ddns update hostname xxxx.xxxx.dyndns.org
  ip ddns update sdm_ddns1
  ip address dhcp client-id FastEthernet4
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  crypto map LEBRU_TIMON
  interface Vlan1
  no ip address
  interface Vlan2
  ip address 192.168.2.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  ip default-gateway 192.168.2.1
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 FastEthernet4
  ip http server
  ip http secure-server
  ip http client username Admin
  ip http client password 0 xxxx.xxxx
  ip nat inside source list 1 interface FastEthernet4 overload
  ip nat inside source list 115 interface FastEthernet4 overload
  access-list 1 remark SDM_ACL Category=2
  access-list 1 permit 192.168.2.0 0.0.0.255
  access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255
  access-list 115 deny   ip 0.0.2.0 192.168.4.0 any
  access-list 115 permit ip 192.168.2.0 0.0.0.255 any
  control-plane
  banner login ^COUTE^C
  banner motd ^COUTE^C
  line con 0
  password telguer001
  no modem enable
  line aux 0
  line vty 0 4
  authorization exec tango_author_exec
  login authentication tango_authen_login
  scheduler max-task-time 5000
  end
  RV042 CONFIG:

  Sorry for butting in....
  Have you tried to create the VPN tunnel using the "local" and "remote" security groups as RANGE rather than SUBNET? really that should do exactly what you are describing.
  When that is configured, the IPSec tunnel does two things,
  1. Only allows traffic from IPs defined in the tunnel (both WAN and LAN source and destination) -- this is the ACL
  2. Creates a route statement for all allowed devices through the tunnel.
  Try this first and let us know, if you already did this please post a log.

• Remote Connection using Back to my Mac for Time Capsule?

  How do I connect to my Time Capsule and connected usb drive/printer now that Back to my Mac for Mobile Me is disabled and iCloud is running Back to my Mac?
  More information:
  I used to use the Mobile Me's version of Back to my Mac to enable connecting with my time Capsule, but how is this done now that iCloud has taken over Back to my Mac and I have upgraded to Lion.
  I have a Feb2011 MBP and a 2010 minimac the macmini is always connected to the time capsule, but I would like to be able to connect directly to the time capsule without having to go through the macmini.
  Thank you for your help

  It is possible but I am not sure it is worth the hassle..
  Your key issue here is public IP for your network.. if you have a static ip you are fine.. but very few people have this. It also depends on how the TC is setup.. is it the main router for the network or plugged into a modem router which has the role of main router, even if you use the TC as a secondary router.
  Without more info..
  1. This is easy if you have a static public IP and the TC is the main router and gets the public IP on the wan port.. just go to disk sharing in the airport utility manual setup and check for wan (internet access).
  2. If you have a dynamic IP, then you will have to sort out how you are going to find that IP.. the normal method to use dyndns account is not directly applicable because the TC has no client. It is possible to set up dyn dns but you will need to purchase your own domain name.
  3. You may find it easier to use standard router and bridge the TC. A standard router can be setup to port forward 548 AFP files service to the TC ip address. You may or maynot be able to access the printer. Certainly would be easier if the printer has IPP services. And is a true network printer.
  4. Use vpn.. get a vpn router so you can setup proper vpn endpoints.. then you use VPN service to access your local network.. this is far more secure and will work with dyndns just fine.