Getting 413 errors on a 5505 firewall.
I am very new to Cisco 5505 firewalls and have been trying to troubleshoot a VPN connectivity issue over the past few days. Recently the AT&T router was tested and nothing is being blocked from it. Since I do not know much about the firewall, I am unsure if there is an issue with the config or if the problem lies elsewhere. When I initially log in into the firewall I noticed that the DMZ interface shows Line down, Link down. The other interfaces, inside and outside, both show up, up. I am not sure if the DMZ should show down, down or not. I was not the tech that set this firewall up so checking the config really does not tell me much as I am unfamiliar with what I am looking at. The config has been posted below. Any help would be greatly appreciated!!
: Saved
ASA Version 8.2(5)
hostname xxxfw01
domain-name xxxxxx.lcl
enable password zgDyB1JJR5jIt22C encrypted
passwd 5nswNE6Ndj.ogXD4 encrypted
names
name 192.168.1.30 ideacom-adtran-router
name 12.179.58.67 outside-voip
name 10.0.4.0 inside-secondary
name 10.0.0.0 inside-primary
name 12.179.58.68 outside-secondary1
name 12.179.58.69 outside-secondary2
name 12.179.58.70 outside-secondary3
name 192.9.200.0 inside-old
name 12.179.58.71 outside-secondary4
name 12.179.58.72 outside-secondary5
name 12.179.58.73 outside-secondary6
name 12.179.58.74 outside-secondary7
name 12.179.58.75 outside-secondary8
name 12.179.58.126 outside-web-server
name 12.179.58.76 ouside-secondary9
name 12.179.58.77 outside-secondary10
name 12.179.58.78 outside-secondary11
name 12.179.58.79 outside-secondary12
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 2
interface Ethernet0/6
switchport access vlan 2
interface Ethernet0/7
switchport access vlan 3
interface Vlan1
nameif inside
security-level 100
ip address 10.0.1.11 255.255.255.0
ospf cost 10
interface Vlan2
nameif outside
security-level 0
ip address 12.179.58.66 255.255.255.192
ospf cost 10
interface Vlan3
no forward interface Vlan1
nameif dmz
security-level 50
ip address 192.168.1.10 255.255.255.0
ospf cost 10
pim accept-register list PIM_ACCPTREG_ACL
banner motd ATTENTION:
banner motd You are about to log into a private network. Unauthorized access is strictly prohibited.
banner motd Any attempts to do so will result in prosecution to the fullest extent of the law.
banner asdm ATTENTION:
banner asdm You are about to log into a private network. Unauthorized access is strictly prohibited.
banner asdm Any attempts to do so will result in prosecution to the fullest extent of the law.
boot system disk0:/asa825-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.0.2.106
name-server 10.0.2.57
domain-name xxxxxxx.lcl
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network outside-ideacom-voip
network-object host 204.14.39.36
network-object host 204.16.49.4
network-object host 204.16.53.4
network-object host 204.16.57.4
object-group service ideacom-tcp-voip tcp
port-object range h323 1728
port-object range sip 5061
object-group service ideacom-udp-voip udp
port-object range 1024 65535
object-group network outside-secondary-range
network-object host outside-secondary1
network-object host outside-secondary2
network-object host outside-secondary3
network-object host outside-secondary4
object-group icmp-type DM_INLINE_ICMP_1
icmp-object echo
icmp-object echo-reply
access-list PIM_ACCPTREG_ACL extended permit ip 12.179.58.64 255.255.255.192 10.0.1.0 255.255.255.0 inactive
access-list inside_nat_outbound extended permit ip inside-secondary 255.255.255.0 any
access-list outside_access_in extended permit tcp object-group outside-ideacom-voip host ideacom-adtran-router object-group ideacom-tcp-voip inactive
access-list outside_access_in extended permit udp object-group outside-ideacom-voip host ideacom-adtran-router object-group ideacom-udp-voip inactive
access-list outside_access_in extended permit icmp any any object-group DM_INLINE_ICMP_1
access-list xxxxxxx-VPN_splitTunnelAcl standard permit inside-primary 255.255.0.0
access-list inside_nat0_outbound extended permit ip inside-primary 255.255.0.0 10.1.1.0 255.255.255.0
access-list DefaultRAGroup_splitTunnelAcl standard permit inside-primary 255.255.0.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool VPN-Pool 10.1.1.1-10.1.1.253 mask 255.255.255.0
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
global (outside) 2 outside-secondary1-outside-secondary12 netmask 255.0.0.0
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 2 access-list inside_nat_outbound norandomseq
nat (inside) 1 inside-primary 255.255.0.0
static (dmz,outside) outside-voip ideacom-adtran-router netmask 255.255.255.255 norandomseq
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 12.179.58.65 1
route inside inside-primary 255.255.0.0 10.0.1.10 1
timeout xlate 0:20:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host 10.0.2.106
key *****
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
http server enable
http inside-primary 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps entity config-change
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-128-SHA ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set TRANS_ESP_3DES_SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto map dmz_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map dmz_map interface dmz
crypto ca server
shutdown
crypto isakmp enable outside
crypto isakmp enable dmz
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh inside-primary 255.255.0.0 inside
ssh timeout 5
ssh version 2
console timeout 10
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 76.169.237.141 source outside
ntp server 69.31.13.15 source outside
ntp server 66.187.224.4 source outside
ntp server 10.0.2.106 source inside prefer
ntp server 75.13.24.211 source outside
ntp server 216.70.13.134 source outside
ntp server 66.102.105.230 source outside
ntp server 207.5.137.134 source outside
ntp server 66.93.39.87 source outside
ntp server 63.111.165.21 source outside
ntp server 67.52.51.34 source outside
ntp server 72.25.103.52 source outside
ntp server 72.3.133.147 source outside
ntp server 72.1.138.113 source outside
ntp server 68.227.90.101 source outside
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 10.0.2.106 10.0.2.56
vpn-tunnel-protocol l2tp-ipsec
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain value xxxxxxx.lcl
group-policy DfltGrpPolicy attributes
group-lock value DefaultWEBVPNGroup
group-policy xxxxxxx-VPN internal
group-policy xxxxxxx-VPN attributes
dns-server value 10.0.2.106 10.0.2.56
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value xxxxxxx-VPN_splitTunnelAcl
default-domain value hlgroup.lcl
username hlgvpn password GAfBJJMk5EnKUdM+KyBXfQ== nt-encrypted
username hlgvpn attributes
vpn-group-policy DefaultRAGroup
username admin password tU0js1787OyO3ldQ encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool VPN-Pool
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
authentication ms-chap-v2
tunnel-group xxxxxxx-VPN type remote-access
tunnel-group xxxxxxx-VPN general-attributes
address-pool VPN-Pool
authentication-server-group RADIUS
default-group-policy xxxxxxx-VPN
password-management
tunnel-group xxxxxxx-VPN ipsec-attributes
pre-shared-key *****
tunnel-group xxxxxxx-VPN ppp-attributes
no authentication chap
no authentication ms-chap-v1
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect netbios
inspect tftp
inspect icmp
inspect icmp error
inspect ctiqbe
inspect dcerpc
inspect dns
inspect ils
inspect ipsec-pass-thru
inspect mgcp
inspect pptp
inspect snmp
inspect waas
inspect sip
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:ca21fc44d2f9d0485564fb474bceeb51
: end
asdm image disk0:/asdm-631.bin
asdm location ideacom-adtran-router 255.255.255.255 inside
asdm location outside-voip 255.255.255.255 inside
asdm location outside-secondary1 255.255.255.255 inside
asdm location inside-secondary 255.255.255.0 inside
asdm location inside-primary 255.255.0.0 inside
asdm location outside-secondary2 255.255.255.255 inside
asdm location outside-secondary3 255.255.255.255 inside
asdm location outside-secondary4 255.255.255.255 inside
asdm location outside-secondary5 255.255.255.255 inside
asdm location outside-secondary6 255.255.255.255 inside
asdm location outside-secondary7 255.255.255.255 inside
asdm location outside-secondary8 255.255.255.255 inside
asdm location outside-web-server 255.255.255.255 inside
asdm location ouside-secondary9 255.255.255.255 inside
asdm location outside-secondary10 255.255.255.255 inside
asdm location outside-secondary11 255.255.255.255 inside
asdm location outside-secondary12 255.255.255.255 inside
no asdm history enable
Has this VPN setup ever worked prior to you taking over? If so, do you know of any changes that have been don't to the firewall configuration that could possibly have caused the issue?
Another thing to check out is why the DMZ interface is enabled for VPN.
I suggest making the following change and then test to see if the VPN comes up
no crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
If that solves the problem, next I would check your company's security policy to see if they require a Diffie Hellman group to be used during phase 2 of the VPN setup.
Please remember to select a correct answer and rate helpful posts
Similar Messages
-
My adobe cloud desktop app seems to have stopped working. I keep getting a error message saying Unable to reach adobe servers, please check firewall settings.
The creative cloud icon on the top menu bar is greyed out, and not updates show.
I have spoke to our internal IT and my settings are the same as my colleagues who's is working fine, can anybody help with this ongoing problem?Grafix121 please ask your I.T. department to review the Adobe Creative Cloud Security FAQ for IT section of Creative Suite Enterprise Deployment | Adobe Developer Connection for information on how to configure your network to allow connections to the Adobe servers.
-
My first generation AppleTV will not sync with iTunes anymore. I get an error message that says: "The Apple TV is not responding Check that any firewall software running on this comptuter has been set to allow communication on port 3689" firewall is turned off.. Any ideas?
Thanks Rudegar,
I only synch and do not stream off of my 1st Gen AppleTV
I will try with ethernet but will be a pain in the butt if i can not fix it with wifi for long term fix
I may end up trying to do a named IP address vs DHCP for this appleTV (not sure if i can do both and do not want to remove DHCP as i have a bunch of sensors and other devices that I prefer to dynamically add to the network via DHCP vs. assign each one
Will keep working on other fix options (factory reset, etc.)
Thanks again -
I cannot downlaod a previously purchsed version of photoshope elements on a new computer...I get an error 413...header length to large...what do I do?
That's a browser error. Nothing to do with Adobe software.
Clear your browser cache and cookies. Or use a different browser. -
why am I getting this error message when I try to open a PDF file? Adobe Reader could not open 'SBA 413.pdf' because it is either not a supported file type or because the file has been damaged (for example, it was sent as an email attachment and wasn't correctly decoded).
It's difficult for anyone to say how to fix it. Try getting a new copy of it. Did you download it from a web site, as an email attachment, or something else?
I donwloaded that form from the SBA web site and it worked fine for me. It is an XFA form created in LiveCycle Designer, but those should work fine with the desktop versions of Adobe Reader. So try downloading it: http://www.sba.gov/sites/default/files/SBA%20413_0.pdf -
i keep getting this error message when I try to download Photoshop Elements -413 Header Length too Large
Any suggestions gratefully receivedclear your adobe.com cookies or use a different browser.
-
Why am I getting http error code 413 when I try to upload a photo?
I am trying to upload a picture from my computer to the www.NWF.org web site. I have done this 19 times before, but suddenly I'm getting "http error code: 413" and my picture won't upload. I've tried closing Firefox, updating all my plug-ins, and rebooting the computer, none of which has helped. When I Google this error, I don't understand what I'm reading.
Hello tschuss!
I'm so sorry to hear that your update has not successfully completed! I can certainly help to point you in the right direction. Click the link to access the Software Upgrade Assistant, which will provide instructions for how to complete the update if it has failed. http://www.verizonwireless.com/support/knowledge-base-80200/
MichelleH_VZW
Follow us on Twitter @VZWSupport
If my response answered your question please click the "Correct Answer" button under my response. This ensures others can benefit from our conversation. Thanks in advance for your help with this!! -
Hi,
When trying to download 4.3.3 for iphone 4 with firewall off and antivirus off i keep on getting the error code 3259 - sometimes it times out after a few seconds other times it will be half an hour - can anyone help?
ThanksBefore beginning the download, try temporarily disabling the antivirus, anti-adware, anti-spyware, and any other anti-whatever that is required and is running with that secure OS.
-
everytime i try to open creative cloud installer i get a error code 22 i have tried turning off my firewall and no success. what is the best way forward?
is that the case-sensitive drive error? Error "Case-sensitive drives not supported" or similar install error | Mac OS
-
I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
I need to allow the following IP addresses to have RDP access to my server:
66.237.238.193-66.237.238.222
69.195.249.177-69.195.249.190
69.65.80.240-69.65.80.249
My external WAN server info is - 99.89.69.333
The internal IP address of my server is - 192.168.6.2
The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
THE FOLLOWING IS MY CONFIGURATION FILE
Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
Also the bolded lines are the modifications I made but that arent working.
ASA Version 7.2(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password DowJbZ7jrm5Nkm5B encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.6.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 99.89.69.233 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group network EMRMC
network-object 10.1.2.0 255.255.255.0
network-object 192.168.10.0 255.255.255.0
network-object 192.168.11.0 255.255.255.0
network-object 172.16.0.0 255.255.0.0
network-object 192.168.9.0 255.255.255.0
object-group service RDP tcp
description RDP
port-object eq 3389
object-group service GMED tcp
description GMED
port-object eq 3390
object-group service MarsAccess tcp
description MarsAccess
port-object range pcanywhere-data 5632
object-group service MarsFTP tcp
description MarsFTP
port-object range ftp-data ftp
object-group service MarsSupportAppls tcp
description MarsSupportAppls
port-object eq 1972
object-group service MarsUpdatePort tcp
description MarsUpdatePort
port-object eq 7835
object-group service NM1503 tcp
description NM1503
port-object eq 1503
object-group service NM1720 tcp
description NM1720
port-object eq h323
object-group service NM1731 tcp
description NM1731
port-object eq 1731
object-group service NM389 tcp
description NM389
port-object eq ldap
object-group service NM522 tcp
description NM522
port-object eq 522
object-group service SSL tcp
description SSL
port-object eq https
object-group service rdp tcp
port-object eq 3389
access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.6.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 68.156.148.5
crypto map outside_map 1 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
tunnel-group 68.156.148.5 type ipsec-l2l
tunnel-group 68.156.148.5 ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
: end
ciscoasa(config-network)#Unclear what did not work. In your original post you include said some commands were added but don't work:
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
and later you state you add another command that gets an error:
static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface. Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive? Static PAT usually makes sense when you need to change the TCP port number. In your example, you are not changing the TCP port 3389. -
Having problems with Bridge shutting down after saving photo in PS Cs5,,,,,,,,, Also when i attempt to update either PS or bridge get an error message in Adobe application manger "Error loading updater workflow"
Sorry for the late reply. My email firewall has become a little over zealous & sent a lot of my emails straight to my junk email folder, so I have only just now discovered your reply in my junk mail folder.
The only "don't open files exceeding xxx megabytes" instruction I can find in my Prefs, is in the Bridge Prefs for Thumbnails, & mine is set at 1000mb. The biggest files I handle are bigger than 200mb so I should be able to open a few, not just one.
However, this doesn't explain why I can open a psd format file of 180mb, close it, but then can't open a RAW format file of only 26mb immediately after.
I can open the RAW file only if I restart my computer - very annoying!
However, thanks for the advice about the video card & memory.
So, I'm still stuck as to what the issue is. -
I keep getting an error message when trying to log on to FaceTime and iMessage on my iPad mini with wifi...Could not sign in. Please check your network connection and try again. Help!
Using FaceTime http://support.apple.com/kb/ht4319
Troubleshooting FaceTime http://support.apple.com/kb/TS3367
The Complete Guide to FaceTime + iMessage: Setup, Use, and Troubleshooting
http://tinyurl.com/a7odey8
Troubleshooting FaceTime and iMessage activation
http://support.apple.com/kb/TS4268
Using FaceTime and iMessage behind a firewall
http://support.apple.com/kb/HT4245
iOS: About Messages
http://support.apple.com/kb/HT3529
Set up iMessage
http://www.apple.com/ca/ios/messages/
Troubleshooting Messages
http://support.apple.com/kb/TS2755
Setting Up Multiple iOS Devices for iMessage and Facetime
http://macmost.com/setting-up-multiple-ios-devices-for-messages-and-facetime.htm l
FaceTime and iMessage not accepting Apple ID password
http://www.ilounge.com/index.php/articles/comments/facetime-and-imessage-not-acc epting-apple-id-password/
Unable to use FaceTime and iMessage with my apple ID
https://discussions.apple.com/thread/4649373?tstart=90
For non-Apple devices, check out the TextFree app https://itunes.apple.com/us/app/text-free-textfree-sms-real/id399355755?mt=8
Cheers, Tom -
Cisco ASA 5505 Firewall Not Allowing Incoming Traffic
Hello,
I am wondering if there is a very friendly cisco guru out there who can help me out. I am trying to switch out a cisco pix 501 firewall with a cisco ASA 5505 firewall. I am not very familiar with all of the commands for the firewalls and have always relied on a standard command line script that I use when building a new one. Unfortunately, my script is not working with the 5505. Can someone please let me know what I am doing wrong with the following script? I've masked public IP info with xxx.xxx.xxx and I run it right after restoring the firewall to the factory defaults. I am able to get out to the internet if I browse directly from one of the servers, but cannot access a web page when trying to browse to it from an outside network.
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any unreachable
ip address outside xxx.xxx.xxx.94 255.255.255.224
ip address inside 192.168.1.1 255.255.255.0
global (outside) 1 xxx.xxx.xxx.106-xxx.xxx.xxx.116
global (outside) 1 xxx.xxx.xxx.95
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0 0 xxx.xxx.xxx.93
access-group 100 in interface outside
nat (inside) 1 192.168.1.0 255.255.255.0
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.93 1 DHCP static
static (inside,outside) xxx.xxx.xxx.95 192.168.1.95 netmask 255.255.255.255 0 0
access-list 100 permit tcp any host xxx.xxx.xxx.95 eq www
static (inside,outside) xxx.xxx.xxx.96 192.168.1.96 netmask 255.255.255.255 0 0
access-list 100 permit tcp any host xxx.xxx.xxx.96 eq wwwHey Craig,
Based on your commands I think you were using 6.3 version on PIX and now you must be moving to ASA ver 8.2.x.
On 8.4 for interface defining use below mentioned example :
int eth0/0
ip add x.x.x.x y.y.y.y
nameif outside
no shut
int eth0/1
ip add x.x.x.x y.y.y.y
nameif inside
no shut
nat (inside) 1 192.168.1.0 255.255.255.0
global (outside) 1 xxx.xxx.xxx.106-xxx.xxx.xxx.116
global (outside) 1 xxx.xxx.xxx.95
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any unreachable
static (inside,outside) xxx.xxx.xxx.95 192.168.1.95 netmask 255.255.255.255 0 0
access-list 100 permit tcp any host xxx.xxx.xxx.95 eq www
static (inside,outside) xxx.xxx.xxx.96 192.168.1.96 netmask 255.255.255.255 0 0
access-list 100 permit tcp any host xxx.xxx.xxx.96 eq www
route outside 0 0 xxx.xxx.xxx.93
access-group 100 in interface outside
You can use two global statements as first statement would be used a dynamic NAT and second as PAT.
If you're still not able to reach.Paste your entire config and version that you are using on ASA. -
DMZ issues in ASA 5505 Firewall
hi , i have asa 5505 firewall with ASA5505-UL-BUN-K9 license i have problem with DMZ. I am not able to create dmz. please suggest me what i need to do in order to be able to configure dmz. should i need to upgrade the license. please suggest.
Hi,
Is the currently licensed firewall something that you have had for sometime or is it a new purchase?
Just wondering as it would seem unreasonable to just have bought something and then having to get a new license. Just wondering if you can somehow avoid spending extra money if this is a new purchase that wasnt what you were actually looking for.
You can check this link for the differnent options the ASA5505 has
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html
You can also check this link for all the available licensed options on the ASA5505
http://www.cisco.com/en/US/docs/security/asa/asa91/license/license_management/license.html#wp2124788
This link contains also information on the ASA models
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80285492.pdf
So essentially you would get 20 Vlan interfaces instead of 3 and also support for Trunking which would let you use a single physical link for several Vlans (if you wanted that is)
Hope this helps
- Jouni -
I cannot connect to the I tunes store after recently downloading I tunes 11.1 I just get the error code 0x80092013 so not sure what to do. I have tried deleting and then reinstalling I tunes with no luck. I tried to flush my DNS but that did not work, I tried the diagnostics in I tunes and it told me my connections were fine but said the "secure link to I tunes store failed" Looking for an answer thanks!
Okay I was able to connect back to the I tunes store in I tunes 11.1 taking care of the error 0x80092013. I did this in XP going to the firewall controls, selecting the exception tab. I tunes was already in the exceptions tab but I deleted it anyway, then I added I tunes back using the Add Program button then browsing to the I tunes.exe location in the C drive then selected that as the program. I tunes showed back up in the exceptions once again. I then shut down the computer and restarted it and I then had a connection with I tunes. So the I tunes in the exceptions tab in the firewall was not working I just replaced it with a fresh one.
Maybe you are looking for
-
How to use one pageflow to cater for multiple display?
Hi, I trying to use one pageflow to display different kind of contents because the logic behind the retrieval is similar except that different parameter(string) us passed in for different content retrieval. How do i achieve the above? thanks in advan
-
Multiple apple devices using one library
I have two i-pod classics with 30 GB capacity. I love them, and they still work well. I have purchased them probably 5 years ago. I have one at home and one at work. I sync them to the same i-tunes library. I have upgraded my computer 5 times since I
-
User account on external hard disc frequently gets corrupted - reasons?
Dear all, I have recently written a question regarding a problem with my user account; in this question I have described that I have my data for my user account on an external hard disc (USB2 hard disc), and that all data in this account seemed to be
-
E72 - does not sync contacts cretaed on phone to s...
When I initialised my E72 for syncing with outlook, I included the syncing of contacts. All my Outlook contacts synced to the phone but I am having trouble making new contacts created on the phone sync back to my outlook the other way. I never had t
-
ICloud inaccesable? 10/16/2012 @ 11:00 CST
I can sign on to iCloud but when I click on iWork, Calendar, or any other apps I get the message: "There was a problem loading the application" I am using my MapBook Pro on a public library network. I have tried both Safari and Firefox. Anyone else