EZVPN public internet split tunnel with dialer interface

Similar Messages

• Create a public Internet facing site with SharePoint Foundation

  Hi,
  Would I be able to use SharePoint Foundation to create a public Internet facing site? In addition, where can I find tutorial on how to create public Internet facing sites?
  Thanks a lot!
  Eduardo

  Hi Eduardo,
  You can create public Internet facing site using SharePoint Foundation, e.g. www.wssdemo.com
  Regards,
  Vladimir
  MCTS, SharePoint tips blog: http://buyevich.blogspot.com

• CISCO ASA 5505 Split Tunnel DNS with Site to Site VPN

  I have a working configuration for Site to Site VPN between our head office and a private AWS VPC instance.
  The tunnel is active and I can ping the IP address of the remote network and connect to the remote machines using the IP address, but we need to use the FQDN and not the IP.  We have a DNS server set up in AWS for any DNS queries for the remote domain name.
  My question is whether or not the ASA 5505 supports a DNS split tunnel for Site to Site VPN and how it can be configured.
  I can not find where I can interogate the DNS query to be redirected to the VPN tunnel when our domain name is used in a DNS query.  Thus, any pings I try with the FQDN of our servers in AWS are failing as they are going to the default DNS, which is the internet.
  Can any one point me in the right direction on how to configure this DNS rewrite so that we can access our AWS private cloud using FQDN from our AWS domain rather than an IP address?

  Jose, your fix to problem 1 allows all access from the outside, assuming you applied the extended list to the outside interface.  Try to be more restrictive than an '...ip any any' rule for outside_in connections.  For instance, this is what I have for incoming VOIP (access list and nat rules):
  access list rule:
  access-list outside_access_in extended permit udp any object server range 9000 9049 log errors
  nat rule:
  nat (inside,outside) source static server interface service voip-range voip-range
  - 'server' is a network object *
  - 'voip-range' is a service group range
  I'd assume you can do something similar here in combination with my earlier comment:
  access-list incoming extended permit tcp any any eq 5900
  Can you explain your forwarding methodology a little more?  I'm by no means an expert on forwarding, but the way I read what you're trying to do is that you have an inbound VNC request coming in on 5900 and you want the firewall to figure out which host the request should go to.  Or is it vice-versa, the inbound VNC request can be on port 6001-6004 ?

• Split Tunnel VPN and routing public ip traffic

  Hi Everyone,
      I have my split tunnel vpn working well but I need to make an adjustment. We have a few systems in the "cloud" and we only allow access from our corporate WAN IP to those servers. I need to be able to access those servers via VPN connection to the office. I added that public IP subnet to my interesting traffic and the vpn client is sending the traffic across the VPN as expected. The issue is that it somehow drops out inside the firewall it seems. Almost like it doesn't know how to route that request back out to the internet using it's own default gateway. Any thoughts as to what I may be missing, here is some of the relevant code
  same-security-traffic permit intra-interface
  ----Interesting Traffic------
  access-list vpnpool standard permit 10.1.1.0 255.255.255.0
  access-list vpnpool standard permit 10.31.26.0 255.255.255.0
  access-list vpnpool standard permit 10.31.61.0 255.255.255.0
  access-list vpnpool standard permit 10.31.3.128 255.255.255.192
  access-list vpnpool standard permit 10.31.40.128 255.255.255.240
  access-list vpnpool standard permit 10.31.40.64 255.255.255.192
  access-list vpnpool standard permit 50.57.0.0 255.255.0.0  -- Network of cloud servers
  ---Natting----------
  global (outside) 1 71.174.57.78
  global (dmz) 1 interface
  nat (inside) 0 access-list 101
  nat (inside) 1 10.1.1.0 255.255.255.0
  nat (qa) 1 200.200.200.0 255.255.255.0
  nat (dmz) 1 10.1.11.0 255.255.255.0
  nat (dmz2) 1 192.168.1.0 255.255.255.0
  ---Rules and Gateway-------
  access-group inbound in interface outside
  access-group dmz in interface dmz
  route outside 0.0.0.0 0.0.0.0 71.174.57.1 1
  ---VPN-----
  group-policy xxx-remote internal
  group-policy xxx-remote attributes
  wins-server value 10.1.1.5
  dns-server value 10.1.1.5 10.1.1.6
  vpn-idle-timeout 60
  vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
  ipsec-udp enable
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value vpnpool
  default-domain value xxx.local
  split-dns value xxxx.local
  service-type remote-access
  tunnel-group xxx-vpn type remote-access
  tunnel-group xxx-vpn general-attributes
  address-pool vpnpool
  authentication-server-group (outside) RADIUS
  authentication-server-group (dmz) RADIUS
  default-group-policy xxx-remote
  tunnel-group xxx-vpn ipsec-attributes
  pre-shared-key xxxxx

  That was my mistake, I am mixing up code here. The fun of switching between new and old ASA code as well as routers
  Let's do it this way, this should fix the problem. Put the NAT command the way it was as follows:
  nat (Outside) 1 10.1.10.0 255.255.255.0
  Now we add a NAT0 for the Outside interface. You can reuse the ACL we made if you want or make a new one, your call since you have to administrate it.
  no access-list VPN-NAT
  access-list VPN-NAT0 permit ip 10.1.10.0 255.255.255.0 10.0.0.0 255.0.0.0
  nat (Outside) 0 access-list VPN-NAT0
  Now, this should properly NAT the traffic going to the Internet while excluding the traffic destined for your 10.0.0.0/8 subnet using the Nat 0.
  Sorry for the round about fix, but that should take care of it.

• Remote Access VPN, no split tunneling, internet access. NAT translation problem

  Hi everyone, I'm new to the forum.  I have a Cisco ASA 5505 with a confusing (to me) NAT issue.
  Single external IP address (outside interface) with multiple static object NAT translations to allow port forwarding to various internal devices.  The configuration has been working without issues for the last couple years.
  I recently configured a remote access VPN without split tunneling and access to the internet and noticed yesterday that my port forwarding had stopped working.
  I reviewed the new NAT rules for the VPN and found the culprit. 
  I have been reviewing the rules over and over and from everything I can think of, and interpret, I'm not sure how this rule is affecting the port forwarding on the device or how to correct it.
  Here are the NAT rules I have in place: (The "inactive" rule is the culprit.  As soon as I enable this rule, the port forwarding hits a wall)
  nat (inside,outside) source static any any destination static VPN_Subnet VPN_Subnet no-proxy-arp route-lookup
  nat (outside,outside) source static VPN_Subnet VPN_Subnet destination static VPN_Subnet VPN_Subnet no-proxy-arp route-lookup
  nat (outside,outside) source dynamic VPN_Subnet interface inactive
  object network obj_any
  nat (inside,outside) dynamic interface
  object network XXX_HTTP
  nat (inside,outside) static interface service tcp www www
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
  Any help would be appreciated.

  Try by changing the nat rule to nat (outside,outside) after-auto source dynamic VPN_Subnet interface
  With Regards,
  Safwan

• Cisco AnyConnect SSL VPN no split tunnel and no hairpinning internet access

  Greetings,
  I am looking to configure a Cisco ASA 5515X for Cisco AnyConnect Essentials SSL VPN where ALL SSL-VPN traffic is tunneled, no split tunneling or hairpinning on the outside interface. However users require internet access. I need to route traffic out the "trusted" or "inside" interface to another device that performs content-filtering and inspection which then egresses out to the internet from there. Typically this could be done using a route-map (which ASA's do not support) or with a VRF (again, not an option on the ASA). The default route points to the outside interface toward the internet.
  Is there no other method to force all my SSL-VPN traffic out the inside interface toward LAN subnets as needed and have another default route point toward the filtering device?
  OR 
  Am I forced to put the ASA behind the filtering device somehow?

  Hi Jim,
  You can use tunnel default route for vpn traffic:
  ASA(config)# route inside 0.0.0.0 0.0.0.0 <inside hop> tunneled
  configure mode commands/options:
    <1-255>   Distance metric for this route, default is 1
    track     Install route depending on tracked item
    tunneled  Enable the default tunnel gateway option, metric is set to 255
  This route is applicable for only vpn traffic.
  HTH,
  Shetty

• Issues with basic VPN setup and split tunneling

  I have created an SSL VPN to a CISCO ASA 8.6 running ASDM 6.6.
  Im able to connect to the VPN and reach all the devices with the LAN but  Im not able to browse the web. When I enable the split tunnel Im able  to browse the web but then Im not able to reach any internal device.
  Here is part of the show run:
  object network RedInterna
  subnet 150.211.101.0 255.255.255.0
  description Red Interna
  object network NETWORK_OBJ_10.4.1.0_28
  subnet 10.4.1.0 255.255.255.240
  access-list inside_access_in extended permit ip object RedInterna any
  access-list VPN_INTERNET standard permit 150.211.101.0 255.255.255.0
  pager lines 24
  logging enable
  logging asdm informational
  mtu outside 1500
  mtu inside 1500
  mtu management 1500
  ip local pool VPN_POOL 10.4.1.1-10.4.1.14 mask 255.255.255.240
  failover
  failover lan unit secondary
  failover lan interface fail-1 GigabitEthernet0/2
  failover key *****
  failover interface ip fail-1 10.3.1.21 255.255.255.252 standby 10.3.1.22
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-66114.bin
  asdm history enable
  arp timeout 14400
  nat (inside,outside) source static any any destination static  NETWORK_OBJ_10.4.1.0_28 NETWORK_OBJ_10.4.1.0_28 no-proxy-arp  route-lookup
  nat (inside,outside) after-auto source dynamic any interface
  access-group inside_access_in in interface inside
  route outside 0.0.0.0 0.0.0.0 187.217.68.145 1
  route inside 10.0.0.0 255.0.0.0 10.1.1.78 1
  route inside 150.211.0.0 255.255.0.0 10.1.1.78 1
  webvpn
  enable outside
  anyconnect image disk0:/anyconnect-win-3.1.00495-k9.pkg 1
  anyconnect enable
  tunnel-group-list enable
  group-policy GroupPolicy_VPN_ internal
  group-policy GroupPolicy_VPN_ attributes
  wins-server none
  dns-server value 8.8.8.8
  vpn-tunnel-protocol ssl-client
  default-domain value dominio.com.mx
  tunnel-group VPN_ type remote-access
  tunnel-group VPN_ general-attributes
  address-pool VPN_POOL
  default-group-policy GroupPolicy_VPN_
  tunnel-group VPN_ webvpn-attributes
  group-alias VPN_ enable
  I´m not sure if Im missing some small details or setup. Any help will be highly appreciated.
  Thanks!!!

  Hi,
  When you are using Full Tunnel VPN (which is the default setting) you will have a couple of things that you need to configure on the ASA.
  First, the ASA by default won't allow traffic to enter through an interface and then leave through that same interface. This is what essentially happens when the traffic from the VPN Client comes to the ASA and then heads out to the Internet.  In your case the traffic comes through the "outside" and leaves through the "outside" interface.
  You will need this command
  same-security-traffic permit intra-interface
  You can check if its enabled at the moment with the command
  show run same-security-traffic
  Second, the VPN users will need to have NAT configuration just like any LAN users behind the actual ASA. So you will essentially have to configure Dynamic PAT for traffic from "outside" to "outside"
  You can accomplish that with the following configuration
  object network VPN-PAT
  subnet 10.4.1.0 255.255.255.240
  nat (outside,outside) dynamic interface
  I would imagine that this should do it for you to be able to connect to the Internet and to the LAN network when the VPN is active.
  Hope this helps
  Let me know how it goes.
  - Jouni

• Help with Easy VPN client split tunneling.

  Can someone please help me with my config for Easy VPN Client split tunneling. At the moment when the VPN is up I have NO access to the Internet from any host.
  Here's what I am attempting to do. I want only certain host to route all there traffic thou the tunnel and the remaining host to use the default route.
  I created an object-group and access list with the hosts I want to route thou the VPN :-
  object-group network VNPCLIENTS
  description HOSTS ALLOWED ACCESS TO THE VPN
  host 192.168.3.204
  host 192.168.3.42
  host 192.168.3.44
  host 192.168.3.202
  host 192.168.3.43
  access-list 1 remark Internet access list
  access-list 1 permit 192.168.3.0 0.0.0.255
  access-list 101 remark Hosts allowed access to VPN
  access-list 101 permit ip object-group VNPCLIENTS any
  access-list 111 permit udp any any eq 3074
  access-list 111 permit tcp any any eq 3074
  access-list 111 permit udp any any eq 88
  I Then applied the access list to the Virtual interface of the VPN in both directions:-
  interface Virtual-Template1 type tunnel
  no ip address
  ip access-group 101 in
  ip access-group 101 out
  tunnel mode ipsec ipv4
  Now when I connect to the VPN I have no access from any host to the Internet either thought the tunnel or not.
  I must be doing something very wrong. Much appreciate any help.
  Thanks
  Gordon

  Can someone please help me with my config for Easy VPN Client split tunneling. At the moment when the VPN is up I have NO access to the Internet from any host.
  Here's what I am attempting to do. I want only certain host to route all there traffic thou the tunnel and the remaining host to use the default route.
  I created an object-group and access list with the hosts I want to route thou the VPN :-
  object-group network VNPCLIENTS
  description HOSTS ALLOWED ACCESS TO THE VPN
  host 192.168.3.204
  host 192.168.3.42
  host 192.168.3.44
  host 192.168.3.202
  host 192.168.3.43
  access-list 1 remark Internet access list
  access-list 1 permit 192.168.3.0 0.0.0.255
  access-list 101 remark Hosts allowed access to VPN
  access-list 101 permit ip object-group VNPCLIENTS any
  access-list 111 permit udp any any eq 3074
  access-list 111 permit tcp any any eq 3074
  access-list 111 permit udp any any eq 88
  I Then applied the access list to the Virtual interface of the VPN in both directions:-
  interface Virtual-Template1 type tunnel
  no ip address
  ip access-group 101 in
  ip access-group 101 out
  tunnel mode ipsec ipv4
  Now when I connect to the VPN I have no access from any host to the Internet either thought the tunnel or not.
  I must be doing something very wrong. Much appreciate any help.
  Thanks
  Gordon

• Help With split tunneling and multiple subnets behind asa

  Hello All,
  our vpn clients can no longer access internet while connected to vpn.
  I was hoping I could get an answer on here for an issue we are having. let me explain this with as little words as possible.
  here was old network layout:
  ASA
  192.168.1.1   ---->  the rest of the internal subnet (was only subnet in network)
  now
  ASA                              3560
  192.168.254.1/24 ----->192.168.254.2/24-->192.168.1.1/24
                                                                 192.168.2.1/24
  so what we did was route from 3560 to asa  so we would be able to have multiple subnets since our asa has base license.
  Our vpn with easy connect worked with our split tunneling before and now we made the change above and it no longer works. Can someone help me out as to why it no longer works and what changed need to be made to make it work.
  Thank you.
  ciscoasa# sh run
  : Saved
  ASA Version 8.2(2)
  hostname ciscoasa
  enable password 1N7bTm05RXLnBcUc encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.254.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address x.x.x.x 255.255.255.248
  interface Ethernet0/0
  switchport access vlan 2
  ftp mode passive
  clock timezone est -5
  same-security-traffic permit intra-interface
  access-list NoNat extended permit ip any 172.16.5.0 255.255.255.0
  access-list SplitTunnel standard permit 192.168.1.0 255.255.255.0
  access-list SplitTunnel standard permit 192.168.2.0 255.255.255.0
  access-list SplitTunnel standard permit 192.168.254.0 255.255.255.0
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ip local pool VPNPool 172.16.5.1-172.16.5.254 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list NoNat
  nat (inside) 1 0.0.0.0 0.0.0.0
  route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
  route inside 192.168.1.0 255.255.255.0 192.168.254.2 1
  route inside 192.168.2.0 255.255.255.0 192.168.254.2 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set TransformSet1 esp-3des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map DynamicMap1 1 set transform-set TransformSet1
  crypto map MainMap 999 ipsec-isakmp dynamic DynamicMap1
  crypto map MainMap interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet 0.0.0.0 0.0.0.0 inside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ntp server 64.90.182.55 source outside
  webvpn
  enable outside
  svc image disk0:/anyconnect-dart-win-2.5.0217-k9.pkg 1
  svc enable
  tunnel-group-list enable
  group-policy RenotreUsers internal
  group-policy RemoteUsers internal
  group-policy RemoteUsers attributes
  vpn-tunnel-protocol svc webvpn
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value SplitTunnel
  tunnel-group RemoteUsers type remote-access
  tunnel-group RemoteUsers general-attributes
  address-pool VPNPool
  default-group-policy RemoteUsers
  tunnel-group RemoteUsers webvpn-attributes
  group-alias Southeast-Security-VPN enable
  tunnel-group RemoteUsers ipsec-attributes
  pre-shared-key *****

  I think it could be your NAT statement. You should try an avoid using any unless you tunnel everything. Try making this change
  no access-list NoNat extended permit ip any 172.16.5.0 255.255.255.0
  object-group network INTERNAL_NETWORKS
  description Internal Networks
  network-object 192.168.1.0 255.255.255.0
  network-object 192.168.2.0 255.255.255.0
  network-object 192.168.254.0 255.255.255.0
  access-list NoNat extended permit ip object-group INTERNAL_NETWORKS 172.16.5.0 255.255.255.0
  You may have to re-add your NAT0
  nat (inside) 0 access-list NoNat

• VPN split tunneling does not work with filtering enabled

  I restricted our Windows VPN clients  to reach only certain IPs and ports using filtering in their group policy. It works but I would like to add split tunneling for client's local Internet access. I temporary disabled filtering, unchecked the 'user default gateway on remote' box in properties of Windows VPN client, configured networks to be tunneled and it works. The moment I configure filters, my split tunneling does not tunnel the networks - they are not listed in Windows 'route print'. I change filtering to inherit or NONE and reconnect VPN and the tunneled networks show up again. I change filtering to a simple testing ACL/ACE and reconnect and they are gone again. Can I have split tunneling and filtering working simultaneously? Any help would be appreciated.

  I'm not aware of any method named tokenize and there isn't one listing in
  the alphabetic list of methods in the J2SE API. Perhaps you were thinking
  of java.util.StringTokenizer, whose API contains this note:
  StringTokenizer is a legacy class that is retained for compatibility reasons
  although its use is discouraged in new code. It is recommended that anyone
  seeking this functionality use the split method of String or the java.util.regex
  package instead.

• VM with remote access VPN without split tunneling

  Hello experts,
  I have customers who require to use VM in their laptop. These users also require to VPN to Corporate network  to do their job. However when they do remote VPN to corporate Network (ASA VPN concentrator) from their VM host machine, they loose their access to their VM guest machines. This problem was not happening when they used cisco VPN client which has gone end of life and support as of end of July 31, 2012. In Cisco VPN client (IKEV1) if we set the protocol to udp they had no problem to keep their connectivity to VM machines while connected to corporate with remote access VPN. However this feature does not work in new Cisco VPN client which is called AnyConnect. ( NOTE: I am using IPSEC IKEV2. NO SSL at this time).
  My Question to Experts:
  1. Was the ability to maintain connection to VM guest machines, while connected to VPN without enabling split tunneling a security flaw in the old cisco VPN client?
  2. Is there a way to maintain connectivy to VM machines installed in a computer and still connect to remote access VPN concentrator through host machine? (My question is about AnyConnect client only using IPSEC IKEV2 and I do not want to enable split tunneling)
  Thanks for your help,
  Razi                

  Did you figure this out?

• Script for internet connect with dial up modem, check email & log off

  I am looking for a script to connect to the internet (with dial up) external apple modem, then check email and then log off and disconnect. I don't want any other applications opening internet connect? A would use this script file with ical and could have my email checked and open up in the morning before I leave for work....being that we have dial up the entire process of connecting to the internet and checking email is time consuming. Any help is greatly appreciated. thks

  You need some additional logic in there - as written, the script will launch mail, then immediately disconnect the internet connection.
  At the very least you need to add a delay before disconnecting to allow for Mail to download awaiting messages.
  Since you cannot predict how long a delay you'll need, a better approach would be to query Mail.app and wait until it's idle, like:
  tell application "Mail"
    launch -- doesn't need to be frontmost
    check for new mail -- get all mail
    repeat until (get background activity count) = 0
      delay 2 -- wait 2 seconds before checking again
    end repeat
  end tell
  In this way the script forces a check of new mail (don't assume that Mail.app is set to auto-check, especially for dialup users who often compose mail offline and may have automatic checking disabled), and it hangs around until Mail.app has finished downloading all the messages.

• Can you help? Two dialer interfaces with IP SLA for default route failover - issues

  I have an issue with a Cisco 2821, it has an ADSL2+ HWIC  whose ATM interfaces is linked to dialer 1 and a Gi0/1 interface with a pppoe client which is linked to dialer 2.  Both dialer interfaces are up with their respective IP addresses.  If the ADSL on dialer 1 fails i want the IP SLA to kick and and replace the default route for dialer 1 with one for dialer 2.
  This config works if you manually shut down the dialer 1 interface, it injects the default route for dialer 2 and then when you unshut the interface, the default route for dialer 1 comes back.  The problem i have is if you take out the cable for the ATM interface and take it down, it does not take the route out the routing table and the default route for dialer2,  which works if you just shut down dialer 1 does not appear.
  whats the difference between shutting down dialer1 and it fails over the default route and taking the cable out then it does not?
  Here is my config, i'm sure its something simple i'm doing wrong, can anyone help???
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Router
  boot-start-marker
  boot-end-marker
  logging message-counter syslog
  enable secret 5 $1$qOOJ$HV5AH6US/YZMuCGPYp3pP.
  no aaa new-model
  dot11 syslog
  ip source-route
  ip cef
  ip dhcp excluded-address 192.168.0.1
  ip dhcp pool pool1
     network 192.168.0.0 255.255.255.0
     default-router 192.168.0.1
     dns-server 188.92.232.50 188.92.232.100
  no ip domain lookup
  no ipv6 cef
  multilink bundle-name authenticated
  voice-card 0
   no dspfarm
  archive
   log config
    hidekeys
  track 1 ip sla 1 reachability
  interface GigabitEthernet0/0
   description Gi0/30 Local LAN
   ip address 192.168.0.1 255.255.255.0
   ip verify unicast reverse-path
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip flow ingress
   ip nat inside
   ip virtual-reassembly
   no ip mroute-cache
   duplex auto
   speed auto
   snmp trap ip verify drop-rate
   no mop enabled
  interface GigabitEthernet0/1
   no ip address
   duplex auto
   speed auto
   pppoe enable group global
   pppoe-client dial-pool-number 2
  interface ATM0/2/0
   description ATM0_DSL
   no ip address
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip flow ingress
   logging event atm pvc state
   logging event subif-link-status
   no atm ilmi-keepalive
   dsl operating-mode auto
   dsl enable-training-log
   pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
  interface Dialer1
   ip address negotiated
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip mtu 1492
   ip nat outside
   ip virtual-reassembly
   encapsulation ppp
   dialer pool 1
   keepalive 1 3
   no cdp enable
   ppp lcp predictive
   ppp authentication pap chap callin
   ppp chap hostname ********@ccsleeds.net
   ppp chap password 0 ********
   ppp pap sent-username *******@ccsleeds.net password 0 ********
  interface Dialer2
   ip address negotiated
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip mtu 1492
   encapsulation ppp
   dialer pool 2
   keepalive 1 3
   no cdp enable
   ppp lcp predictive
   ppp authentication pap chap callin
   ppp chap hostname **********@adsllogin.co.uk
   ppp chap password 0 *********
   ppp pap sent-username *********@adsllogin.co.uk password 0 ***********
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip route 0.0.0.0 0.0.0.0 Dialer2 10
  no ip http server
  no ip http secure-server
  ip nat inside source list 1 interface Dialer1 overload
  ip sla 1
  icmp-echo 8.8.8.8 source-interface di1
  timeout 1000
  threshold 100
  frequency 3
  ip sla schedule 1 life forever start-time now
  access-list 1 permit 192.168.0.0 0.0.0.255
  control-plane
  gatekeeper
   shutdown
  line con 0
  line aux 0
  line vty 0 4
   password test
   login
  scheduler allocate 20000 1000
  end

  Sure that EEM can shut/unshut interface...you have "event track" in EEM for monitoring track events...for example:
  event manager applet test
  event track 1 state down
  action 1.0 command "enable"
  action 1.1 command "conf t"
  action 1.2 command "interfac dialer 1"
  action 1.3 command "shut"
  action 1.4 syslog "Dialer 1 down!!!"
  action 1.5 end
  This would be an example from head :)
  You would need another EEM similar to this one for unshutting interface with "event track 1 state up" for bringing interface up again.
  Again as I said you would need to test this before putting in production and you would maybe need to tweak this a little bit acording to your needs...
  BR,
  Dragan

• Still after update to 5.0.1 same problem with the 4S with dial out, connecting to internet, echo in reception. It is the second phone.

  Still after update to 5.0.1 same problem with the 4S with dial out, connecting to internet, echo in reception. It is the second phone.

  Try deleting the account(s) you're having problems with, resetting your phone (hold on/off and home buttons simultaneously 10-15 seconds until Apple logo appears, release buttons and wait for it to restart), then add back your mail accounts.  I've read that this has worked for some.

• Why can't I use split screen with my Microsoft and internet??

  I don't understand why I could use the split screen with Microsoft Windows open before, and cannot now. It just sudden'y stopped working. No matter What I try it won't allow me to view both the internet and what I am typing in Microsoft windows. Am I doing
  something wrong?
  I have Windows 8, and a ASUS computer with Core i 5 from intel.

  Hi,
  This is the forum to discuss questions and feedback for Microsoft Office, I'll move your question to the Windows 8 forum
  http://social.technet.microsoft.com/Forums/en-US/home?forum=w8itprogeneral&filter=alltypes&sort=lastpostdesc
  The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
  George Zhao
  TechNet Community Support