External Router and Firewall

Similar Messages

• External router and solaris intsallation

  Hi,
  I'm very new to solaris (and *nix world also) so, please, forgive me if this is a silly question, but I've installed solaris 10 express x86, with my pc connected via cross cable to an external router (properly configured). After installlation, I can't see my router.
  Can someone help me, or give some good (and clear/simple...) resource to see?
  thaks!
  Pietro

  Hi,
  I'm very new to solaris (and *nix world also) so, please, forgive me if this is a silly question, but I've installed solaris 10 express x86, with my pc connected via cross cable to an external router (properly configured). After installlation, I can't see my router.
  Can someone help me, or give some good (and clear/simple...) resource to see?
  thaks!
  Pietro

• Internet Edge Router and the Firewall

  What is the best way to monitor an Internet Edge router from the Internal network behind the Firewall?
  We want to pull more information from the edge router like netflow.  We can use SNMPv3 and ACLs to keep the router secure.
  But I am looking for the best config to keep both the router and firewall as secure as possible while still allowing us to monitor performance and faults.
  I am running an ASA and a 2821.

  I'd start with locking down the router configuration if you haven't already. Cisco Configuration Professional (free) offers a nice GUI for analyzing and delivering all the necessary commands to secure the router.
  Getting Netflow from your router doesn't add much more than getting it from your ASA.
  If you're querying through the firewall to the routers using SNMPv3 (and have deleted the v1/v2 communities) that's one good step. The only other thing I might suggest is sending syslogs to your management system from the router. To do that you'll need to add an access-list and probably a NAT entry to your firewall to allow the incoming syslog traffic.
  Most important beyond all the technology is to make sure that your people follow a process to regularly analyze and act upon the information being reported and gathered. Without that all the rest isn't worth the time it take to implement it.

• TMG Traffic For a Specific IP isn't leaving the server despite valid routes and no firewall

  Hi,
   I'm struggling to troubleshoot a TMG networking issue:
  I have a TMG server setup in my DMZ. Inbound traffic hits the a 3rd party firewall router, goes to the TMG server and is then routed back through the 3rd party firewall router to my internal network. I've setup web publishing rules and listeners for IIS
  sites and SMTP traffic using a different IP to listen for 2 different websites and another IP for SMTP.
  The issue I have is that my TMG server can't ping a server on the internal network on a specific IP:
  TMG can ping 192.168.11.190
  TMG cannot ping 192.168.11.191
  Firewall rules are configured to permit traffic (no deny connections are shown in the monitor).
  tracert and pings to 192.168.11.190 hit the internal IP of the 3rd party router
  tracert to 192.168.11.191 simply responds with * * * * before timing out
  Monitoring from within TMG shows the correct IP is being used in both cases (internal NIC 192.168.10.10).
  A route print from TMG has a valid route to the internal network:
  (network)192.168.11.128 (mask) 255.255.255.128 (gateway) 192.168.10.126
  In summary:
   - TMG can ping 192.168.11.190, but not 192.168.11.191
   - Valid routes exists 
   - No firewall rules are blocking communication
   - Traffic to 192.168.11.191 doesn't seem to be leaving the TMG server 
  Any advice on solving this would be appreciated.
  Cheers

  It can have many reasons, but it appears to me you are having a routing issue. I can't say for sure, because I don't have the entire IP Addressing sheme. I assume you have used separate subnets for the External DMZ and Internal DMZ.
  Have you configured the 192.168.11.128/25 subnet as a correct 'Address' range 192.168.11.128 - 192.168.11.255 on the 'Internal' interface within TMG?
  Boudewijn Plomp | BPMi Infrastructure & Security
  This posting is provided "AS IS" with no warranties, and confers no rights. Please remember, if you see a post that helped you please click "Vote as Helpful", and if it answered your question, please click "Mark as Answer".

• TS2709 I have AppleTV and Ipad2 running VJay app to my TV over a private cisco router disabled firewall but I keep loosing the video on my TV after a few minutes what can I do?

  I have AppleTV and Ipad2 running VJay app to my TV over a private cisco router disabled firewall but I keep loosing the video on my TV after a few minutes what can I do?

  I also get this problem on my iPad, so probably not related to the AppleTV. On the iPad I restarted Airport Extreme this time, and then the iPad saw my Home Sharing.
  So to recap, restarting the router or Airport Express allowed the iPad and AppleTV to see Home Sharing. Restarting AppleTV also allows AppleTV to see Home Sharing.
  So does anyone have any idea?
  Thanks

• Can I use Extreme with Time Capsule to extend my gateway router and still use Capsule as "external HD"?

  Bought Airport Extreme with Time Capsule version 7.7.2 with 2 Terabytes Feb 2014. It was probably an expensive mistake, but after searching for weeks for a external hard drive, it seemed reasonably priced to just use the capsule as my external hard drive for the price I paid. Spend an hour with Apple Care to get it working-had to use ethernet cord to my iMac OS 10.8.5 processor 2.5 GHz Intel Core i5. I did not "need" the airport as we have a Winstream SAGEMCOM modem/router (Sagemfast 1704) But, I was desperate and about to lose my old external hard drive with literally had 3 computers worth of information on it. It had already "died" once, but got it back, so once I got the airport/capsule and was told I just paid for an expensive HD, I had no time to take it back to get something else-I had to transfer my info right then. We (Apple Care) could not get it to work as a HD wirelessly. It may be because it was being set up for the first time; I don't know. I was hoping I would get a transcript of all done so I could do it myself if needed later on, but when I looked at my email-they didn't do that. (Don't know if that is normal, I was used to other "techs" sending the email.) So now I really want to try to move my airport and "extend" our wifi as it said on the "box" that you could do...
  Our Windstream router had to be placed in the lower level at the bottom of our stairs. The stairway is "open" (no door going down the steps). I want to place the Extreme at the top of the stairs so that we can use some things in our offices or not have Netflix on our TV lose connectivity when we all are on our computers.
  I know I need an ethernet cord to connect directly with the modem/router to the Airport Extreme.  I don't know what I will need to do after I connect it as it was so goofy when we set it up the first time (With the app it would disappear and not show up..) But my biggest concern is will I be able to still use the capsule as my hard drive and will I be able to do it wirelessly? (Even with it connected by ethernet, every day I have to re-connect to it before I can click on anything on the hard drive. It never shows up on it's own as my old HD did. That drives me nuts.) I do back up using the Time Capsule feature as well. I appreciate any help.

  I am still willing to plug in the ethernet cord to the modem/router and try it IF I was able to get a step by step instructions..
  Connecting the Time Capsule (TC) to the existing Winstream by Ethernet would be the basis for a roaming type network. This type of network allows you to basically "roam" with a wireless client and connect to either router. This, in essence, would provide you with an "extended" wireless network. The Apple routers can work with just about any manufacturers' routers in this fashion.
  The keys to having a successful roaming network are as follows:
  The routers must be interconnected by Ethernet.
  Both routers will broadcast their own Wi-Fi network, but MUST use the same Network Name (or SSID), wireless security type (WPA or WPA2), and wireless password.
  The TC MUST be reconfigured as a bridge.
  Connect a single Ethernet cable between one of the Winstream's LAN ports and the WAN (circle of dots) port on the TC.
  The basic steps are:
  Power-down the Winstream.
  Perform a "factory default" reset on the TC. Leave the TC powered-down after the reset has completed.
  Connect the TC to the Winstream using an Ethernet cable.
  Power-up the Winstream. Wait at least 10-15 minutes to allow it to initialize.
  Power-up the TC. Wait at least 5 minutes to allow it to initialize. (Note: Since we just reset the TC it will be performing as a wireless router that will be broadcasting an unsecured Wi-Fi network with a Network Name of something like: Apple Network NNNNNN)
  Connect your computer to the Winstream's Wi-Fi network.
  Run the AirPort Utility. select the TC, and then, select Edit.
  Go to the Network tab.
  Change the Router Mode option to: Off (Bridge Mode)
  Select the Wireless tab.
  Verify that the Network Mode option is set to: Create a wireless network
  For Wireless Network Name, enter the Wi-Fi network name used by the Winstream.
  For Wireless Security, select the equivalent security type that is used by the Winstream. (Note: Use "WPA/WPA2 Personal" if the Winstream is using WPA/TKIP. Use "WPA2 Personal" is the Winstream is using WPA2/AES.
  For Wireless Password, enter the same password used by the Winstream.
  Select Update and allow the TC to restart.
  As far as your external HD, yes you should still be able to use it as before.

• I have a tesco router and an external hard drive attached to it as a network drive (shared) for my macbook and MB-Air. Have no problems with my MB accessing it, but with MB-AIR it says -  'the version of the server you are trying to connect to is not supp

  I have a tesco router and an external hard drive attached to it as a network drive (shared) for my macbook and MB-Air. Have no problems with my MB accessing it, but with MB-AIR it says -  'the version of the server you are trying to connect to is not supported. pls contact your system administrator to resolve the problem'. MB-Air uses maverick downloaded yesterday - upgrade from mountain lion. MB uses snow leopard still, as i am quite used to it and am thinking of upgrade if mavericks work fine on air. Also have parallel on snow leopard but it is no longer supported according to mac website - if i upgrade am i going to lose my parallel and will have to buy a new one!!!

  Yes, the Old Master file has a folder for each year where I find all photos from that specific year. I am attaching a screen shot of the file.
  In the meantime i have managed to download all photos (it did not download any video files though in mpg, avi, 3gp, m4v,mp4 and mov format) to a new iphoto library. Unfortunately the photos are quite mixed and often doubled up. I ma considering to purchase iphoto library which checks all duplicates in iphoto. this will save me a lot of time. What do you think?

• How to setup wireless time capsule with 3rd party external HDD and router?

  Topic says it all really...
  I've got a linksys router and an iomega external hard drive.
  I want to have wireless time capsule setup but i don't really wanna shell out for an apple time capsule when I have a perfectly working router and hard drive...
  Can it be done? would I be better off buying an airport express/extreme?
  cheers

  Welcome, jackbyo!
  I've got a linksys router
  Good product
  iomega external hard drive.
  1) The drive must be formatted in Mac OS Extended (Journaled) to work with Time Machine.
  2) The drive will need to be connected directly to your Mac via USB or FireWire connection.
  Can it be done?
  As above
  would I be better off buying an airport express/extreme
  The AirPort Express will not support a hard drive.
  Time Machine backups to a drive at the USB port of the AirPort Extreme are not supported by Apple due to corruption issues.

• Is possible to have a time machine backup on an external hd connected to either a primary or secondary router and not have "back to my mac" using 10.7.3?

  Is possible to have a time machine backup on an external hd connected to either a primary or secondary router and not have "back to my mac" using 10.7.3?

  The bottom line is that Apple does not support Time Machine backups at the USB port of the AirPort Extreme. If they don't support their own router, they certainly don't support other routers from other manufacturers.
  Connect the drive directly to the Mac using either USB or FireWire.....or....use a Time Capsule.  Either of these setups will be supported.
  If you want to try the unsupported method(s), you can certainly do so. But, I would suggest that you have a secondary backup plan in place if this is important data that you will be backing up.

• Cisco 877W router and external ADSL modem

  Cisco 877W router and external ADSL modem
  In order to support ADSL2+ on a pre ADSL2+ router and in preparation for a later migration to BT infinity I am trying to configure the Router using an external adsl2+ modem appropriately.
  The original configuration had 3 ports configured as one (internal lan) vlan and bridge group together with one wireless sub-interface, the remaining port configured a second vlan and bridge group with a second wireless sub- interface. The Dialer was a member of the second bridge group. This way the second wireless interface and associated bridge group provided a kind of DMZ for outbound access.
  The configuration I am attempting is similar the lan ports remain the same, but port 0 as a member of the vlan and bridge group (now a pppoe client) associated with one of the wireless sub interfaces as per above. The ATM interface is downed. This nearly works except that if the wireless subinterface on this bridge group is configured the dialer no longer dials giving a 'no dialer string' error. If I do not configure that wireless sub interface all works well.
  If anyone is interested to look I would appreciate any comments. I enclose a sanitised config in which you will note the 'commented out' wireless subnet interface (in red).
  version 12.4
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname xxxxxxxxxxxxxxxxxxxxx
  boot-start-marker
  boot-end-marker
  logging buffered 4096 warnings
  enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
  aaa new-model
  aaa group server radius sdm-vpn-server-group-2
  aaa group server radius rad_eap
   server 192.168.253.1 auth-port 1812 acct-port 1813
   server 192.168.253.1 auth-port 1645 acct-port 1646
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login default local
  aaa authentication login sdm_vpn_xauth_ml_2 group sdm-vpn-server-group-2
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa authorization ipmobile default group rad_pmip
  aaa authorization network sdm_vpn_group_ml_2 local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  clock timezone PCTime 0
  clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
  crypto pki trustpoint TP-self-signed-2834265337
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-2834265337
   revocation-check none
   rsakeypair TP-self-signed-2834265337
  crypto pki certificate chain TP-self-signed-2834265337
   certificate self-signed 01 nvram:IOS-Self-Sig#2F.cer
  dot11 syslog
  dot11 ssid GuestAP
     vlan 101
     authentication open
     authentication key-management wpa
     mbssid guest-mode
     wpa-psk ascii 7 113B162712001F4A2D2B25
  dot11 ssid LanAP
     vlan 100
     authentication open eap eap_methods
     authentication network-eap eap_methods
     authentication key-management wpa
     mbssid guest-mode
  no ip source-route
  ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 10.10.10.1
  ip dhcp excluded-address 192.168.252.1 192.168.252.8
  ip dhcp excluded-address 192.168.252.15 192.168.252.254
  ip dhcp pool sdm-pool1
     import all
     network 192.168.252.0 255.255.255.0
     domain-name XXX.Local
     dns-server xxx.xxx.xxx.xxx
     default-router 192.168.252.254
  ip auth-proxy max-nodata-conns 3
  ip admission max-nodata-conns 3
  no ip bootp server
  no ip domain lookup
  ip domain name XXX.Local
  ip name-server xxx.xxx.xxx.xxx
  ip name-server xxx.xxx.xxx.xxx
  ip reflexive-list timeout 120
  vpdn enable
  vpdn-group 1
   request-dialin
    protocol pppoe
  username administrator privilege 15 secret 5 £££££££££££££££££££££
  class-map type inspect match-any IN_to_OUT_CLASS
   match protocol tcp
   match protocol udp
   match protocol icmp
  class-map type inspect match-any OUT_to_IN_CLASS
   match protocol https
   match protocol smtp extended
  class-map type inspect match-any DMZ_to_IN_CLASS
   match protocol http
   match protocol https
   match protocol smtp extended
  policy-map type inspect DMZ_to_IN_POL
   class type inspect DMZ_to_IN_CLASS
    inspect
   class class-default
    drop log
  policy-map type inspect IN_to_OUT_POL
   class type inspect IN_to_OUT_CLASS
    inspect
   class class-default
    drop log
  policy-map type inspect OUT_to_IN_POL
   class type inspect OUT_to_IN_CLASS
    inspect
   class class-default
    drop log
  zone security INSIDE
  zone security OUTSIDE
  zone security DMZ
  zone-pair security OUT_TO_IN source OUTSIDE destination INSIDE
   service-policy type inspect OUT_to_IN_POL
  zone-pair security IN_TO_OUT source INSIDE destination OUTSIDE
   service-policy type inspect IN_to_OUT_POL
  zone-pair security DMZ_TO_OUT source DMZ destination OUTSIDE
   service-policy type inspect IN_to_OUT_POL
  zone-pair security DMZ_TO_IN source DMZ destination INSIDE
   service-policy type inspect DMZ_to_IN_POL
  bridge irb
  interface Loopback0
   no ip address
  interface Null0
   no ip unreachables
  interface ATM0
   no ip address
   shutdown
   no atm ilmi-keepalive
   dsl operating-mode auto
  interface FastEthernet0
   description Outside Interface (PPPoE)
  interface FastEthernet1
   description Inside Interface
   switchport access vlan 10
  interface FastEthernet2
   description Inside Interface
   switchport access vlan 10
   spanning-tree portfast
  interface FastEthernet3
   description Inside Interface
   switchport access vlan 10
   spanning-tree portfast
  interface Dot11Radio0
   no ip address
   no ip route-cache cef
   no ip route-cache
   encryption vlan 100 mode ciphers aes-ccm tkip
   encryption vlan 101 mode ciphers aes-ccm tkip
   ssid GuestAP
   ssid LanAP
   mbssid
   speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
   channel 2437
   station-role root
  interface Dot11Radio0.100
   description LanAP
   encapsulation dot1Q 100
   no ip route-cache
   no cdp enable
   bridge-group 10
   bridge-group 10 subscriber-loop-control
   bridge-group 10 spanning-disabled
   bridge-group 10 block-unknown-source
   no bridge-group 10 source-learning
   no bridge-group 10 unicast-flooding
  !interface Dot11Radio0.101
  ! description GuestAP
  ! encapsulation dot1Q 101
  ! no ip route-cache
  ! no cdp enable
  ! bridge-group 1
  ! bridge-group 1 subscriber-loop-control
  ! bridge-group 1 spanning-disabled
  ! bridge-group 1 block-unknown-source
  ! no bridge-group 1 source-learning
  ! no bridge-group 1 unicast-flooding
  interface Vlan1
   description $ES_LAN$
   no ip address
   ip virtual-reassembly
   pppoe enable group global
   pppoe-client dial-pool-number 1
   bridge-group 1
  interface Vlan10
   no ip address
   ip virtual-reassembly
   bridge-group 10
  interface Dialer1
   description $FW_OUTSIDE$
   ip address negotiated
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip mtu 1452
   ip nat outside
   ip virtual-reassembly
   zone-member security OUTSIDE
   encapsulation ppp
   ip route-cache flow
   dialer pool 1
   dialer-group 1
   ppp authentication chap pap callin
   ppp chap hostname XXXXXXX
   ppp chap password 7 xxxxxxxxxxxxxxxxxxx
   ppp pap sent-username xxxxxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxx
   ppp ipcp dns request
   ppp ipcp wins request
   hold-queue 224 in
  interface Dialer0
   no ip address
  interface BVI10
   description Inside Interface
   ip address 192.168.253.254 255.255.255.0
   ip access-group 101 in
   ip helper-address 192.168.253.1
   ip nat inside
   ip virtual-reassembly
   zone-member security INSIDE
  interface BVI1
   description DMZ Interface
   ip address 192.168.252.254 255.255.255.0
   ip nat inside
   ip virtual-reassembly
   zone-member security DMZ
  ip local pool SDM_POOL_1 192.168.20.9 192.168.20.14
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip http server
  ip http access-class 1
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 600 life 86400 requests 10000
  ip nat inside source list Inside_Clients_NAT interface Dialer1 overload
  ip nat inside source static 192.168.253.10 xxx.xxx.xxx.xxx
  ip access-list extended DMZ_to_IN_POL
   remark SDM_ACL Category=128
   permit ip any any
  ip access-list extended Inside_Clients_NAT
   remark SDM_ACL Category=2
   permit ip 192.168.253.0 0.0.0.255 any
  logging 192.168.253.10
  access-list 1 remark Auto generated by SDM Management Access feature
  access-list 1 remark SDM_ACL Category=1
  access-list 1 permit 192.168.253.0 0.0.0.255
  access-list 100 remark VTY Access-class list
  access-list 100 remark SDM_ACL Category=1
  access-list 100 permit ip 192.168.253.0 0.0.0.255 any
  access-list 100 deny   ip any any
  access-list 101 remark Auto generated by SDM Management Access feature
  access-list 101 remark SDM_ACL Category=1
  access-list 101 remark Auto generated by SDM for NTP (123) xxx.xxx.xxx.xxx
  access-list 101 permit udp host xxx.xxx.xxx.xxx eq ntp host 192.168.253.254 eq ntp
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq telnet
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 22
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq www
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 443
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq cmd
  access-list 101 deny   tcp any host 192.168.253.254 eq telnet
  access-list 101 deny   tcp any host 192.168.253.254 eq 22
  access-list 101 deny   tcp any host 192.168.253.254 eq www
  access-list 101 deny   tcp any host 192.168.253.254 eq 443
  access-list 101 deny   tcp any host 192.168.253.254 eq cmd
  access-list 101 deny   udp any host 192.168.253.254 eq snmp
  access-list 101 permit ip any any
  access-list 199 permit ip any host 10.1.1.1
  dialer-list 1 protocol ip permit
  no cdp run
  radius-server attribute 32 include-in-access-req format %h
  radius-server host 192.168.253.1 auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXXXXXXXX
  radius-server host 192.168.253.1 auth-port 1645 acct-port 1646 key 7 XXXXXXXXXXXXXXXXXX
  radius-server vsa send accounting
  control-plane
  bridge 1 protocol ieee
  bridge 1 route ip
  bridge 10 protocol ieee
  bridge 10 route ip
  banner login C Border Router
  line con 0
   no modem enable
   transport output telnet
  line aux 0
   transport output telnet
  line vty 0 4
   access-class 100 in
   privilege level 15
   length 0
   transport input telnet ssh
  scheduler max-task-time 5000
  scheduler interval 500
  ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
  ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
  sntp server xxx.xxx.xxx.xxx
  end

  Hi Jody,
  Apologies delay in replying. I have done the following:
  Made two of the FE ports vlan1,BVI1 (for LAN traffic)
  Left one port as VLAN10 as the pppoe client conected to the externalmodem
  Made the last port VLAN10 as well and gave it an IP addess as for a DMZ client.
  I have DHCP configured to serve the DMZ  addresses.
  This all works for LAN clients and also works for a client attachedto that physical DMZ port.
  When I added a dot11radio sub interface into VLAN 10 the wireless client did not get an IP lease. Everything else continued to work.
  I had never thought about this before, but if a dot11radio interface is on the same vlan (but not being part ofa bridge group) why are DHCP broadcasts not propogating to all the vlan members as I would have expected. I recognise that this isa limit in my understanding.
  If I then made VLAN10 a member of a new Bridge Group, I lost WAN connectivity as per original posting.
  I cannot add another VLAN due to the 2 vlan limit in this image.
  Finally regarding your comment about giving it what it wants, what exactly did you have in mind. The dialer already has a dial string parameters configured.
  Think I am about to give upon this.
  Regards,

• Would you tell me If window server installed with "routing and remote access" can output firewall logs.

  I install "routing and remote access" into Window Server and make it work as a firewall.
  When connections are accepted or denied at firewall, would you tell me if the firewall can output the logs ?
  If that function can, would you tell me how to configure ?
  Thanks.

  Hi Kohenro31,
  I'm a little confused about configuring RRAS to work as firewall, cause we usually deploy RRAS as VPN connection, router etc, would you please post more information in detail?
  Routing and Remote Access Service：
  http://technet.microsoft.com/en-us/library/cc754634(v=ws.10).aspx
  In addition, to view firewall event logs please check this article:
  Viewing Firewall and IPsec Events in Event Viewer:
  http://technet.microsoft.com/en-us/library/ff428140(v=WS.10).aspx
  To enable RRAS logs, please check this article:
  Enabling logs for RRAS:
  http://blogs.technet.com/b/rrasblog/archive/2005/12/22/enabling-logs-for-rras.aspx
  If I have any misunderstanding, please let me know.
  Best Regards,
  Anna Wang

• Has anyone enabled time machine using a linksys router and external hard drive? And if so how?

  Has anyone enabled time machine using a link sys router and external hard drive? And if so how?  I have a Linksys E4200 wireless router with a usb port on it.  I also have a Western Digital Elements 1TB external hard drive.  I would like to be able to use this hard drive with time machine.  Has anyone done so and if so how can I do so?

  You might get some responses, but we don't see many Linksys users on an Apple forum so it may be awhile before you see an answer.
  It might be useful to point out that Apple does not even support Time Machine backups to the USB port on their own AirPort Extreme wireless router, so we may be heading down a very slippery slope here.
  I've tried Time Machine backups on an AirPort Extreme router a number of times in the past. It's just not reliable. Works for awhile, then has corruption problems. Or has corruption issues immediately. I once went a month or so and thought I had it nailed, then got smacked with a corrupted set of backups again.
  But, I guess you never know. It might work on the Linksys. If you decide to try this, I would suggest that you have another backup plan in place for your important data.
  Hope that some Linksys users will respond so we can all learn.

• Suddenly my ethernet and firewall are no longer connected. router is good...and can connect only using wifi...suggestions?

  suddenly my ethernet and firewall are no longer connected. router is good...and can connect only using wifi...suggestions?

  SOLUTION! 
  I've been suffering from this problem for a few months.  I tried everything suggested by everyone, and then, today, I had a mad idea. 
  I used to work in a room in the house that's about 12 metres away from the router. It's on the next storey up and horizontally about 8 metres away.  The problem started when I began to work in the same room as the router. 
  Today I became so frustrated that for some reason I walked into a room about 8 metres away on the same level - Guess what?  I connected with no problem at all. Feeling full of joy I walked back to the room where the router is located - Dropped internet connection within a few minutes!  Walked back to the the room that's 8 metres away and, hey presto! I have a connection. I now realise that the problem was that I moved too close to the router.
  I can think of no logical explanation for my experience, but empirically it seems to work.  Does anyone have the faintest idea of why this should be the case?  In the absence of an answer I think I may have to start believing in fairies at the bottom of the garden - I'm just off to set a meal for them.
  By the way, I don't know if it has any significance, but the router is a BT Infinity router that has replaced the incredibly unreliable Virgin Media cable connection

• HT1349 very slow external HDD and usb drive connected to Apple Extreme Router

  Hello
  So I got a western digital USB drive (500gig) and western digital Live 2TB.
  I bought a new Apple Extreme router and connected them both.
  USB drive and external hdd (WD Live 2TB) very slow when connected to Apple Extreme Router, using Lion 10.7 and updated both firmware for router, western digital and Airport Utility.
  Slow means, it takes half an hour to copy 200 Mb of file to the WD Live 2TB, and its connected to my router with a gigabit ethernet cable!
  Is someone else having the same problem, I thought even over usb I should get around 2-5mb range.
  I am using Macbook Pro and 802.11n with Lion 10.7.2
  Please Help

  The USB WD 500 gig is connected to the Airport Extreme using a non-powered USB 2.0 hub, only two things a HP printer and the 500 gig is connected through it. I already formatted it to MAC OS Extended Journalled. ANd I think the speed didnt change.
  For the WD 2TB Live I didnt format it to anything, started using it out of the box. I just updated its firmware. I was having the same speed even when I directly connected it to my Mac Book Pro using ethernet gigabit cable.
  This WD 2TB Live doesnt have any USB 2.0 or USB 3.0 connectors, just the ethernet cable. I wasnt planning to carry it around. Just wanted to use it as a good ol NAS. So then I saw the fix somewhere and connected to this drive via AFP,  afp://MyBookLive._afpovertcp._tcp.local/Public and it become suddenly very fast. Just like how it should be, I easily copied 20 gigs in around 20-25 minutes. (This was dirctly connected to my computer)
  So then I thought my problem is solved and disconnected my WD Live and connected it back to the Apple Router again, and the speed became very slow again. Now both the USB 500 gig and this 2TB Live are slow.
  Time machine is also very slow.
  Thing is I also have a linux and windows machine(in repair, but should be up soon), Since apple is the newest computer I have, I want to make it work on this first. I dont want to use the MACosx journaled on the 2TB right now. Besides formatting the USB 500 gig to this format didnt help with my speed. So the problem can be elsewhere.
  - I will try to get a powered USB hub as woodmeister50 suggested.
  - I dont know how to connect via iCloud as cigame suggested
  Please let me know if you guys have any suggestions. I have tested and returned enough routers in past few weeks. I really want it to work on this combination LionOSX + Airport Extreme + WD Live.
  Thanks

• Difference between Routed and Transperant mode on firewall

  Hi,
  Can any one explain about Routed and transperant mode on Cisco ASA in a simple words..

  To use an example from the University of Wisconsin-Madison, we have about 220 departments, centers, institutes, and other administrative units on our campus.  Some are large and complicated, have their own IT staff, run their own delegated DNS, have multiple sites, and tend to run their own firewalls in routed mode.  This will typically be the case for anyone who is using a lot of vlans to segregate traffic for security or performance reasons.   Converse, some units are small, single-site, have only one subnet, and lack IT staff.  The campus offers them virtual firewall contexts on shared central equipment, and runs those in transparent mode.  In transparent mode the routers distinguish the two sides of the firewall using different vlan tags.  In routed mode, each firewall interface is on its own distinct subnet as well as vlan, and the uplink outside interface needs a distinct transit subnet of its own, usually something between a v4 /29 - /30.
  The choices are not mutual exclusive - I do it both ways on different parts of my network.  Mostly of my traffic is in routed mode on my own gear, but I have one segregated sub-unit using transparent mode on the shared campus gear instead.  Even on a home network you might be doing it both ways; e.g. if you have a broadband DLS or cable modem plus your own separate wifi router, the modem will typically run in transparent mode (bridging traffic), while the wifi+ethernet device will typically run in routed mode to provide NAT44 service.  Cisco ASA gear lets you choose.
  -- Jim Leinweber, WI State Lab of Hygiene