Go Daddy - Traffic Blazer
Hi.
I am using Go Daddy's Traffic Blazer to try to optimize my site for search engines. From my keywords it generates a 'keyword metatags' code and I am supposed to copy that into a no-viewable section of my iweb site. is this possible? I feel like Im missing something here. Please help.
Thank you.
Seth Shapiro
www.dieselfilmsinc.com
Just to add to that, it creates an html page like this:
<title>www.dieselfilmsinc.com</title>
<meta name="description" content="Diesel Films is a full service production company, specializing in taking projects from conception through completion. From network opens and commercials to corporate video presentations, we handle it all. We are located in sunny Santa Monica, CA.">
<meta name="keywords" content="Los Angeles, Film, Production, Video,">
Similar Messages
-
Ran traffic blazer and was told I have no internal hyperlinks? unspiderable
I just ran Traffic Blazer on my site and was told it has no internal or external hyperlinks (which it does) and that there is a robot.txt file that disallows spidering. How do I fix this so I am searchable?
This is not entirely true.
Search engine optimization refers to changing your website so that it has the best possible chance to rank high in search engines for your targeted keywords. Nobody knows the internals of a search engine so it is impossible to guarantee top rankings. HOWEVER, you can still make your website search engine friendly and this is VERY important especially for iWeb sites that are not made to be search engine friendly.
In fact, Google provides a PDF Beginners SEO Guide to help people learn how they can better optimize their sites for search engines. You can get it at this link and our tools let you do almost everything they recommend;
http://googlewebmastercentral.blogspot.com/2008/11/googles-seo-starter-guide.htm l
There are sites that are search engine friendly and those that are not. You want to make sure your site is search engine friendly and the links that I provided will help you do this. We provide SEO tools specifically made for iWeb that are completely free to use because we want iWeb users to have a chance of ranking high. Basically we have tried to take the advice provided by Google and apply it easily to iWeb sites.
Search engines are open about how they rank pages to an extent. HOWEVER their algorithms are made in such a way that it is almost impossible to manipulate them easily. For example, Google will recommend you have lots of high quality links. The problem is that getting high quality links is not easy.
That's why you may think SEO is "voodoo". Its certainly NOT "voodoo" as all search engines, even Google, recommend you do it and even provide the resources for you to do so.
If you have any questions feel free to visit the above website I posted and send me an email. I will be happy to help. -
Anyone use Traffic Blazer?
I am thinking of using Traffic Blazer to improve my website in search engine results. Has anyone used this before? I am sure there are other ways to do it but I dont really have the know-how so I just need something that works really simply.
Thanks
RyanBefore you commit yourself read this...
http://www.google.com/support/webmasters/bin/answer.py?answer=35291
Its not just a question of pushing your site up the rankings. You have to look at your site design and content in relation to how the spiders crawl through it......
http://www.google.com/support/webmasters/bin/answer.py?answer=35769 -
Links not found by traffic blazer
Hi,
I am trying to use godaddy's "traffic blazer" to get more hits on my site. The automated site analyzer is not finding my internal or external links. When I called their support I was told that I probably placed the links incorrectly. All I did was copy and paste into the "hyperlink" area in "inspector" or in the case of internal link, used the drop down menu in inspector to find the appropriate page to link to. What am I doing wrong? The links work on the site but the support guy at godaddy said I may to to correct this to be accepted by the search engines.
<Edited by Moderator>Just a wild guess on my part, but the links on your www.spavienna.com site are only accessible through image maps, rather than direct plain old anchor tags. Perhaps traffic blazer doesn't understand how to navigate those maps? Perhaps it finds them confusing? What happens if you simply include plain old links to the sub pages? Does it manage to crawl the site then?
-
Spiderability problem related to iWeb/Google/Go Daddy
I've read through a similar thread already, but I'm not sure how relevant it was.
First, here's my site (Go Daddy domain forwarded to .mac domain) www.riyvideo.com
Anyway, my site's links function fine in iWeb and on different browsers. However, Go Daddy's Traffic Blazer program is telling me that my site is not spiderable by Google because all seven of my internal links on the home page are broken. Traffic Blazer's report lists the seven broken links (in html), and indeed, when I click on each one listed, it takes me to .mac's "Page not Found" page on the Internet
Go Daddy support has been virtually worthless. The best they've come up with is that it's a code issue, which it may be, but I'm totally illiterate in html.
Bottom line: I want to maximize my Google accesibility, but I don't know how to repair or replace these broken links.
Thanks in advance for your input.I'm curious. I'm not familiar with GoDaddy's traffic blazer product. But what links does it say are broken? Are they real links? I have seen some spidering anomalies that lead to endless loops and result in nonfunctional and incorrect URLs.
Example...Suppose you have a site that has 4 pages called One, Two, Three, and Four. In iWeb, you have the navigation menu turned on for each page. These are the only links. So the only links that should be needed for your site are as follows...
http://web.mac.com/username/iWeb/sitename/One.html
http://web.mac.com/username/iWeb/sitename/Two.html
http://web.mac.com/username/iWeb/sitename/Three.html
http://web.mac.com/username/iWeb/sitename/Four.html
But the spidering process can also pick up the incorrect navigation links on any given page. For example, for the page "Two", the following are incorrect links...
http://web.mac.com/username/iWeb/sitename/Two/One.html
http://web.mac.com/username/iWeb/sitename/Two/Three.html
http://web.mac.com/username/iWeb/sitename/Two/Four.html
I think these are the "internal" links that the spidering process is picking up incorrectly. This may be a result of how iWeb codes the links as 'href="../sitename/One.html". But in any case, these links can be disregarded. Just make sure that they are getting the real links. -
Cannot create title tag, meta tags for iWeb site, per Google requirements.
I created simple website in iWeb to meet art show deadline
www.barbaraturnertigrett.com
but when I tried to submit to search engines (via GoDaddy "Traffic Blazer" product), several issues or errors noted...no title tag, meta tags, keywords, too little text, etc. Was told by Apple, there is no fix at this time...no way to access to actual HTML code, to add title tag or meta tags, etc...since iWeb is merely a consumer, not professional enterprise, product. Researching further, I even tried to submit to Google directly, not via GoDaddy "Traffic Blazer", but could not "verify" my url site (because meta tag missing and/or could not upload entire html file, as required. I'd produced client websites in past on Adobe GoLive and was learning Dreamweaver, when someone alerted me to simplicity of iWeb. It is clean and simple, but wish I'd anticipated these other issues. Is there a solution to this with iWeb or should I finish learning Dreamweaver and start over? Thanks for any advice you can share.Both these last postings were helpful. THANKS. I could not open home.html file with "text edit", but when using Taco HTML Edit, it would open...so I dusted off (novice) HTML skills and entered the appropriate title tag and meta tag, per Google's requirements. Then, went to my GoDaddy hosting control center and (I think) I uploaded new file with new tags. Seems to be major lag time with any changes, so not sure my site is now successfully "verified", on Google. Hope I did not mess anything up, in the process. There seems to be various lag times before any changes take effect (right??).
So now...I'm very glad to find out about iMap and will buy it and watch the tutorial video, as instructed...since I am unsure if last 'fix'...fixed the problem, etc...and always eager to learn more. This is my first Apple discussion post, and certainly impressed/grateful for expert help. THX again. -
Godaddy meta text copy/paste to iweb html
How do I copy, rather paste the meta texts from the godaddy.com traffic blazer onto my iweb/html.... ? I will be doing it on my new macbook...
<head>
<title>Your Page Title Goes Here</title>
<META name="description" content="Your Page Summary Goes Here"><META name="keywords" content="Your Meta-Tag Keywords Go Here Separated By Commas">
</head>
Try the above format when copying and pasting your meta-tag information. Just paste it before the </head> tag. Keep in mind that you will have to do this everytime iWeb or you make changes to your web pages. You might want to learn how to use something like MassReplaceIt to help you automate the process. Good luck! -
Using OHS to redirect traffic based on intranet or internet URL
Hello,
we have a requirement where we have to launch our application on internet. Application is working fine on local intranet URL or internet URL but not working on both at same time.we have application developed with ADF and other fusion components.
This is the topology we are using here :-
SPS(secured proxy server to configure internet URL) --> OHS -> Managed server(1,2,3,4)
We have to setup a URL redirect rule at OHS level where
---> if the incoming traffic is from intranet URL application work based on intranet URL's BUT
-->if the traffic is coming from internet URL, OHS internally take care of URL redirect and work for external users too..
Summery is, application should work for both internet and intranet URL, but pls note both the URL are different
like
intranet- https:\\abcd.intranet.xxx.com\abs\login
internet - https:\\abcd.xxx.com\abs\login
could someone pls help me on this and provide your valuable suggestion on how we can achieve this at OHS level...Thanks AMN,
I was able to successfully get the redirect to work with the following Javascript code.
In the folder: C:\OracleBI\oc4j_bi\j2ee\home\default-web-app
I created the following OBIEE.html file
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en,us">
<HEAD>
<TITLE>Test OBIEE Redirect Page<TITLE>
</HEAD>
<BODY>
<script type="text/javascript">
var agent = (navigator.userAgent).toLowerCase();
var weburl = './analytics/';
var moburl = './analyticsMobile/';
var reg_exp = /(ipod|iphone|android|opera mini|blackberry|palm os|palm|hiptop|avantgo|plucker|xiino|blazer|elaine|windows ce; ppc;|windows ce; smartphone;|windows ce; iemobile|up.browser|up.link|mmp|symbian|smartphone|midp|wap|vodafone|o2|pocket|kindle|mobile|pda|psp|treo)/;
if( reg_exp.test(agent) ) {
window.location = moburl;
else {
window.location = weburl;
</script>
</BODY></HTML>
The javascript gets the USER agent and does a regular expression match to see if its any popular handheld device. If so, it redirects them to the mobile address. Otherwise the user is directed to the standard site.
All I need to do is pass around the URL:
http://localhost:9704/OBIEE.html
And users will be dynamically sent to the correct location.
Thanks!
-Joe -
Unable to capture traffic with Ethanalyzer on N5K-5548
Version - 5.0(2)N2(1)
My understanding is that we need
1) Access-List defined, with statistics configured to get matched traffic onto control plane
2) Access-List applied to an interface, via command "ip port access-group mycap in"
3) ethanalyzer command, ex; "ethanalyzer local interface mgmt capture-filter "net 1.1.1.0/24" (also tried interfaces inbound-hi & inbound-low)
I see matches on the access-list, but not seeing anything captured.
What am I missing?
ip access-list mycap
statistics per-entry
10 permit ip any 1.1.1.0/24
20 permit ip 1.1.1.0/24 any
30 permit ip any anyjust fyi.. on a similar sidenote we are going to enchance the capability of capture filter to collect the necessary statistics via the following enhancement
CSCsz99277 - ethanalyzer capture filter broken
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsz99277 -
How can I permit all traffic from inside-dmz-outside on asa5505
Scenario :
Servers are in DMZ, Internal LAN Users should access ports Specified (5000 & 2048). Router 2801 is facing Leased line; from there it’s connected to firewall.
Router LAN IP: 83.111.X.X - 255.255.255.X
ASA Version 7.2(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.X.X 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 83.111.X.X 255.255.255.240
interface Vlan3
nameif dmz
security-level 100
ip address 192.168.100.1 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
switchport access vlan 3
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 83.111.x.x
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd enable inside
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:5663409d6ba3ad0bcd163e691f032f76
: endHi Ben,
Thank you for the response. I followed the link and tried reading everything you posted on AEs but I'm afraid that I didn't understand it all. It seems that each AE example had a single input and a single output (e.g. a double). Is this the case?
What I have is a couple of front panel clusters containing (approximately) 18 control doubles, 8 indicator doubles, 5 boolean radio button constructs and 26 boolean control discretes. I clusterized it to make it readable. In addition I'll eventually have a cluster of task references for hardware handles.
All I want to do is update the front panel values like I would do in a C, VB or any other language. I've tried referencing the cluster and using the reference from inside the loops. I've tied using local variables. Neither works. I'm experimenting with globals but it seems that I have to construct the front panel in the gloabal and then I wouldn't know how to repoduce that on the front panel of the main VI. Sometimes it seems that more time is spent getting around Labview constructs than benefitting from them.
I hope the 'Add Attachment' function actuals puts a copy of the VI here and not a link to it.
Thanks again for the suggestion,
Frank
Attachments:
Front Panel Reference.vi 33 KB -
How can I eliminate delays in one NIC when there is traffic on second NIC
Using LabVIEW TCP/IP VIs, my LV application is accessing a database though a LAN, and through a second NIC, it is controlling an instrument. The instrument is connected directly to the computer NIC with a cross-over cable. I have made a permanent route for the IP address of the instrument in the IP route table. The LAN and the instrument have different subnet numbers. Using a packet sniffer, I don't see any traffic meant for the LAN going to the NIC connected to the instrument. The OS of the computer is Windows XP and the NICs are PCI cards.
The message traffic to the instrument suffers from intermittent delays when there is traffic going to the LAN.
How can I eliminate the delays? What could be the cause of the delays? Thanks in advance for your recommendations and suggestions.Hi LabBard,
Could you tell us a little more about the device that you are connected to? What you could try is to have a VI accessing the LAN, and a separate VI communicating with the instrument, and see how things play out.
Let us know how it goes!
Rasheel -
Possible to segment traffic between 2 interfaces? And other questions...
I would like to set my G5 up as a server utilizing a second connection and to keep traffic seperated between this server connection and my regular internet connection (would be wireless). I'm pretty sure this alone is fairly straightforward and can be accomplished by setting up the new interface and moving it down to the bottom of the connection list with wireless at the top. That should keep all non-specific traffic from flowing out the ethernet/server connection - I think.
If the above works the way I stated then I would also want to firewall ONLY the ethernet/server connection (the wireless has it's own hardware firewall). AND - this is the tricky part - I also want to add a fake interface that has a fake IP and bind that to the "real" ethernet/server connection. The reason for that is because I need a static IP to bind the service to. I know if the connection list thing works to flow the traffic that if I had an external router on the server connection, this wouldn't be needed. I'd already have a fake IP to bind to and I wouldn't have to run the firewall on the Mac. But I don't and I'd rather not have to buy one.
So can this be done through the network/sharing preferance panes? If so, are there any "gotchas" I should be aware of? If not, is there any software tool out there that would make setting this up easier/faster? I'm not opposed to doing it all via command line, but I'm a bit rusty with my linux/unix admin knowledge. Plus I'm not 100% certain how to set all that up command line wise without screwing up OS X!
Thanks.I'm not sure I fully understand what you are attempting to accomplish. Lets see if I have the general idea.
You have a single G5, that you want to use as both your desktop machine and also to provided specific services, such as web, email, etc.
You have some type of hardware firewall/security appliance.
You have some type of wireless access point.
You don't seem to have any type of router or switch in your configuration.
You want all of your server based traffic to be sent and received on it's own Ethernet port. You want your personal Internet traffic to be sent and received on your wireless connection.
So my questions are:
Where is the server traffic going to, coming from? Who is accessing the server, is it users on the Internet, or just computers on your own LAN (which you didn't mention).
If your server is to allow data from or send to the Internet, then you need to have a way to route the traffic there. Do you have more then one method to access the Internet, or will all traffic, both personal and server being going though the same Internet access pipe?
If it is all going through the same pipe, and you only have the single computer, I don't understand why you wish to segment the traffic.
If on the other hand you have multiple computers on your LAN. then segmenting traffic may make sense. This would allow access to your server and keep your LAN well secure.
Anyway, to get to specifics, you'll need to use the terminal app to bind specific services to specific IP's and ports on your Mac. You will also need to manually configure the firewall to be able to select specific connection ports and bindings. However, while I think it can be done, I'm not sure it makes a great deal of sense.
I would be more inclined to suggest a router or switch that can provide VLAN support, or a router that provides true DMZ support, would be a good way to go.
Anyway, a little more info would be helpful.
Oh and if I have this totally worng in what I think your doing.. My mistake.
Tom N. -
Multiple gateways for different Traffic on ASA 5510 firewall
Hello,
My network atthe moment is set up as:
WAN, with three sites
Site 1
Site 2
Site 3
Site 1 is behind a non-Cisco firewall, which is connected to the internet via a Frame Relay link (using a Cisco 1721 router). We host a number of servers on the Internal network and DMZ's.
All sites connect to the WAN using Cisco routers or switches.
All internet traffic (IN and OUT) for all sites goes via the non-Cisco firewall.
I am interested in the ASA 5510 with six interfaces.
Using the ASA 5510 is it possible to set up two (2) internet connections, one via the Frame Relay and a second internet connection via an ADSL connection?
Then, is it possible to direct the outward-bound traffic via specific gateways based upon either:
(a) the type of traffic, say HTTP from users behind the firewall; or
(b) the IP addresses of the host (i.e. users' PC versus the servers)
Any assistance is welcome.
Kind regards,
IT@Cyes you can do this with policy routing on the internet router in front of the firewall assuming that you are connecting both ISPs to that router. Also, remember that you can do vlans on the ASA. This may cut down on the # of interfaces that you use in your config.
http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_guide_chapter09186a0080636f89.html
HTH, pls rate! -
Unable to pass traffic for new vpn connection
Scenario:
I have three sites all connected ( full mesh) with IPsec/GRE tunnels and these work fine. I attempted to add a satellite office to one our sites. The sat device is a 3rd party device and is behind a rotuer/fw device. The IPSec tunnel (non-gre) appears to come up but no traffic passes.
When I ping 192.168.3.1 from the sat device (monitored using tcpdump), it cause the tunnel to come up but I don't see the Cisco side replying back.
The 192.168.180.0/24 network is at the Sat office and the 192.168.3.0/24 network is at the main office.
If I initiate a ping from the Cisco side, it doesn't prompt the tunnel to come up. ???? Any ideas?
Cisco config
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key secret address x.x.x.x
crypto isakmp key secret address x.x.x.x
crypto isakmp key secret address 7.7.7.7
crypto isakmp keepalive 10 5 periodic
crypto ipsec security-association lifetime seconds 86400
crypto ipsec security-association replay window-size 1024
crypto ipsec transform-set vpn_set esp-3des esp-md5-hmac
crypto ipsec transform-set f5_set esp-3des esp-sha-hmac
crypto map vpnmap 31 ipsec-isakmp
set peer x.x.x.x
set transform-set vpn_set
match address 131
crypto map vpnmap 32 ipsec-isakmp
set peer x.x.x.x
set transform-set vpn_set
match address 132
crypto map vpnmap 33 ipsec-isakmp
set peer 7.7.7.7
set transform-set f5_set
match address 133
interface Tunnel31
bandwidth 1200000
ip address 172.16.31.34 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 5.5.5.5
tunnel destination x.x.x.x
interface Tunnel32
bandwidth 1200000
ip address 172.16.31.57 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 5.5.5.5
tunnel destination x.x.x.x
interface FastEthernet0/1
bandwidth 51200
ip address 50.50.50.1
ip access-group 101 in
ip flow ingress
ip flow egress
ip nat outside
ip inspect ISP2-cbac out
ip virtual-reassembly
duplex auto
speed auto
crypto map vpnmap
ip nat inside source route-map nonat interface FastEthernet0/1 overload
partial acl
access-list 101 permit udp host 7.7.7.7 any eq isakmp
access-list 101 permit udp host 7.7.7.7 eq isakmp any
access-list 101 permit esp host 7.7.7.7 any
route-map nonat permit 41
match ip address 175
access-list 133 permit ip 192.168.3.0 0.0.0.255 192.168.180.0 0.0.0.255
access-list 175 deny ip 192.168.3.0 0.0.0.255 192.168.60.0 0.0.0.255
access-list 175 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 175 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 175 deny ip 192.168.3.0 0.0.0.255 192.168.180.0 0.0.0.255
access-list 175 permit ip 192.168.3.0 0.0.0.255 any
ip route 0.0.0.0 0.0.0.0 50.50.50.x
ip route 10.1.0.0 255.255.0.0 Tunnel32
ip route 172.18.1.0 255.255.255.0 192.168.3.254
ip route 172.18.2.0 255.255.255.0 192.168.3.254
ip route 172.18.3.2 255.255.255.255 Service-Engine0/0
ip route 192.168.1.0 255.255.255.0 Tunnel31
ip route 192.168.2.0 255.255.255.0 Tunnel32
ip route 192.168.10.0 255.255.255.0 192.168.3.254
sh cry isa sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
50.50.50.1 7.7.7.7 QM_IDLE 1003 ACTIVE
sh crypto isa sa
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.3.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.180.0/255.255.255.0/0/0)
current_peer 7.7.7.7 port 35381
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 50.50.50.1, remote crypto endpt.: 7.7.7.7
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/1
current outbound spi: 0xFF024E3E(4278341182)
PFS (Y/N): Y, DH group: group2
inbound esp sas:
spi: 0x8E538667(2387838567)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2007, flow_id: FPGA:7, sibling_flags 80000046, crypto map: vpnmap
sa timing: remaining key lifetime (k/sec): (4493323/82118)
IV size: 8 bytes
replay detection support: Y replay window size: 1024
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xFF024E3E(4278341182)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2008, flow_id: FPGA:8, sibling_flags 80000046, crypto map: vpnmap
sa timing: remaining key lifetime (k/sec): (4493323/82118)
IV size: 8 bytes
replay detection support: Y replay window size: 1024
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
DEBUG
#show debug
Cryptographic Subsystem:
Crypto ISAKMP debugging is on
Crypto ISAKMP Error debugging is on
Crypto IPSEC debugging is on
Crypto IPSEC Error debugging is on
#sh log | inc 7.7.7.7
000202: *Aug 12 02:20:16.006: ISAKMP:(1003): sending packet to 7.7.7.7 my_port 500 peer_port 35381
(R) QM_IDLE
000207: *Aug 12 02:20:16.046: ISAKMP (1003): received packet from 7.7.7.7 dport 500 sport 35381
Global (R) QM_IDLE
000211: *Aug 12 02:20:16.046: ISAKMP:(1003): DPD/R_U_THERE_ACK received from peer 7.7.7.7,
sequence 0x1C6F72FD
000287: *Aug 12 02:20:25.962: ISAKMP:(1003): sending packet to 7.7.7.7 my_port 500 peer_port 35381
(R) QM_IDLE
000292: *Aug 12 02:20:25.998: ISAKMP (1003): received packet from 7.7.7.7 dport 500 sport 35381
Global (R) QM_IDLE
000296: *Aug 12 02:20:25.998: ISAKMP:(1003): DPD/R_U_THERE_ACK received from peer 7.7.7.7,
sequence 0x1C6F72FE
000389: *Aug 12 02:20:35.542: ISAKMP:(1003): sending packet to 7.7.7.7 my_port 500 peer_port 35381
(R) QM_IDLE
000394: *Aug 12 02:20:35.578: ISAKMP (1003): received packet from 7.7.7.7 dport 500 sport 35381
Global (R) QM_IDLE
000398: *Aug 12 02:20:35.582: ISAKMP:(1003): DPD/R_U_THERE_ACK received from peer 7.7.7.7,
sequence 0x1C6F72FF
000402: *Aug 12 02:20:36.582: ISAKMP (1003): received packet from 7.7.7.7 dport 500 sport 35381
Global (R) QM_IDLE
000409: *Aug 12 02:20:36.586: ISAKMP:(1003):DPD/R_U_THERE received from peer 7.7.7.7, sequence
0x5FF
000413: *Aug 12 02:20:36.586: ISAKMP:(1003): sending packet to 7.7.7.7 my_port 500 peer_port 35381
(R) QM_IDLE
#sh log | inc 7.7.7.7
000847: *Aug 12 02:21:24.163: ISAKMP:(1003): sending packet to 7.7.7.7 my_port 500 peer_port 35381
(R) QM_IDLE
000852: *Aug 12 02:21:24.203: ISAKMP (1003): received packet from 7.7.7.7 dport 500 sport 35381
Global (R) QM_IDLE
3rd party device:
# racoonctl -l show-sa isakmp
Destination Cookies ST S V E Created Phase2
50.50.50.1.500 e1866e9ee2830764:575a7489971701ad 9 I 10 M 2013-08-11 20:04:57 1
[root@ltm1:Active:Disconnected] log # racoonctl -l show-sa isakmp
Destination Cookies ST S V E Created Phase2
50.50.50.1.500 e1866e9ee2830764:575a7489971701ad 9 I 10 M 2013-08-11 20:04:57 1
# racoonctl -l show-sa ipsec
192.168.180.5 50.50.50.1
esp mode=tunnel spi=2387838567(0x8e538667) reqid=62829(0x0000f56d)
E: 3des-cbc 74583bf5 4fe29310 07603be7 d52516d6 7269c35f 51b24a52
A: hmac-sha1 c0d2254c ea2ec11a 6a22bf41 dad35582 00d91a30
seq=0x00000000 replay=64 flags=0x00000000 state=mature
created: Aug 11 20:04:59 2013 current: Aug 11 21:18:57 2013
diff: 4438(s) hard: 5184000(s) soft: 4147200(s)
last: Aug 11 21:18:56 2013 hard: 0(s) soft: 0(s)
current: 421660(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 3635 hard: 0 soft: 0
sadb_seq=1 pid=8526 refcnt=0
50.50.50.1 192.168.180.5
esp mode=tunnel spi=4278341182(0xff024e3e) reqid=62828(0x0000f56c)
E: 3des-cbc 3bc26d98 0a230000 54c64896 e1a68815 6c696a15 f6779541
A: hmac-sha1 96de21a0 b5f52539 0616acfa b5a09994 03306e92
seq=0x00000000 replay=64 flags=0x00000000 state=mature
created: Aug 11 20:04:59 2013 current: Aug 11 21:18:57 2013
diff: 4438(s) hard: 5184000(s) soft: 4147200(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=8526 refcnt=0Scenario:
I have three sites all connected ( full mesh) with IPsec/GRE tunnels and these work fine. I attempted to add a satellite office to one our sites. The sat device is a 3rd party device and is behind a rotuer/fw device. The IPSec tunnel (non-gre) appears to come up but no traffic passes.
When I ping 192.168.3.1 from the sat device (monitored using tcpdump), it cause the tunnel to come up but I don't see the Cisco side replying back.
The 192.168.180.0/24 network is at the Sat office and the 192.168.3.0/24 network is at the main office.
If I initiate a ping from the Cisco side, it doesn't prompt the tunnel to come up. ???? Any ideas?
Cisco config
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key secret address x.x.x.x
crypto isakmp key secret address x.x.x.x
crypto isakmp key secret address 7.7.7.7
crypto isakmp keepalive 10 5 periodic
crypto ipsec security-association lifetime seconds 86400
crypto ipsec security-association replay window-size 1024
crypto ipsec transform-set vpn_set esp-3des esp-md5-hmac
crypto ipsec transform-set f5_set esp-3des esp-sha-hmac
crypto map vpnmap 31 ipsec-isakmp
set peer x.x.x.x
set transform-set vpn_set
match address 131
crypto map vpnmap 32 ipsec-isakmp
set peer x.x.x.x
set transform-set vpn_set
match address 132
crypto map vpnmap 33 ipsec-isakmp
set peer 7.7.7.7
set transform-set f5_set
match address 133
interface Tunnel31
bandwidth 1200000
ip address 172.16.31.34 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 5.5.5.5
tunnel destination x.x.x.x
interface Tunnel32
bandwidth 1200000
ip address 172.16.31.57 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 5.5.5.5
tunnel destination x.x.x.x
interface FastEthernet0/1
bandwidth 51200
ip address 50.50.50.1
ip access-group 101 in
ip flow ingress
ip flow egress
ip nat outside
ip inspect ISP2-cbac out
ip virtual-reassembly
duplex auto
speed auto
crypto map vpnmap
ip nat inside source route-map nonat interface FastEthernet0/1 overload
partial acl
access-list 101 permit udp host 7.7.7.7 any eq isakmp
access-list 101 permit udp host 7.7.7.7 eq isakmp any
access-list 101 permit esp host 7.7.7.7 any
route-map nonat permit 41
match ip address 175
access-list 133 permit ip 192.168.3.0 0.0.0.255 192.168.180.0 0.0.0.255
access-list 175 deny ip 192.168.3.0 0.0.0.255 192.168.60.0 0.0.0.255
access-list 175 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 175 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 175 deny ip 192.168.3.0 0.0.0.255 192.168.180.0 0.0.0.255
access-list 175 permit ip 192.168.3.0 0.0.0.255 any
ip route 0.0.0.0 0.0.0.0 50.50.50.x
ip route 10.1.0.0 255.255.0.0 Tunnel32
ip route 172.18.1.0 255.255.255.0 192.168.3.254
ip route 172.18.2.0 255.255.255.0 192.168.3.254
ip route 172.18.3.2 255.255.255.255 Service-Engine0/0
ip route 192.168.1.0 255.255.255.0 Tunnel31
ip route 192.168.2.0 255.255.255.0 Tunnel32
ip route 192.168.10.0 255.255.255.0 192.168.3.254
sh cry isa sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
50.50.50.1 7.7.7.7 QM_IDLE 1003 ACTIVE
sh crypto isa sa
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.3.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.180.0/255.255.255.0/0/0)
current_peer 7.7.7.7 port 35381
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 50.50.50.1, remote crypto endpt.: 7.7.7.7
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/1
current outbound spi: 0xFF024E3E(4278341182)
PFS (Y/N): Y, DH group: group2
inbound esp sas:
spi: 0x8E538667(2387838567)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2007, flow_id: FPGA:7, sibling_flags 80000046, crypto map: vpnmap
sa timing: remaining key lifetime (k/sec): (4493323/82118)
IV size: 8 bytes
replay detection support: Y replay window size: 1024
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xFF024E3E(4278341182)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2008, flow_id: FPGA:8, sibling_flags 80000046, crypto map: vpnmap
sa timing: remaining key lifetime (k/sec): (4493323/82118)
IV size: 8 bytes
replay detection support: Y replay window size: 1024
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
DEBUG
#show debug
Cryptographic Subsystem:
Crypto ISAKMP debugging is on
Crypto ISAKMP Error debugging is on
Crypto IPSEC debugging is on
Crypto IPSEC Error debugging is on
#sh log | inc 7.7.7.7
000202: *Aug 12 02:20:16.006: ISAKMP:(1003): sending packet to 7.7.7.7 my_port 500 peer_port 35381
(R) QM_IDLE
000207: *Aug 12 02:20:16.046: ISAKMP (1003): received packet from 7.7.7.7 dport 500 sport 35381
Global (R) QM_IDLE
000211: *Aug 12 02:20:16.046: ISAKMP:(1003): DPD/R_U_THERE_ACK received from peer 7.7.7.7,
sequence 0x1C6F72FD
000287: *Aug 12 02:20:25.962: ISAKMP:(1003): sending packet to 7.7.7.7 my_port 500 peer_port 35381
(R) QM_IDLE
000292: *Aug 12 02:20:25.998: ISAKMP (1003): received packet from 7.7.7.7 dport 500 sport 35381
Global (R) QM_IDLE
000296: *Aug 12 02:20:25.998: ISAKMP:(1003): DPD/R_U_THERE_ACK received from peer 7.7.7.7,
sequence 0x1C6F72FE
000389: *Aug 12 02:20:35.542: ISAKMP:(1003): sending packet to 7.7.7.7 my_port 500 peer_port 35381
(R) QM_IDLE
000394: *Aug 12 02:20:35.578: ISAKMP (1003): received packet from 7.7.7.7 dport 500 sport 35381
Global (R) QM_IDLE
000398: *Aug 12 02:20:35.582: ISAKMP:(1003): DPD/R_U_THERE_ACK received from peer 7.7.7.7,
sequence 0x1C6F72FF
000402: *Aug 12 02:20:36.582: ISAKMP (1003): received packet from 7.7.7.7 dport 500 sport 35381
Global (R) QM_IDLE
000409: *Aug 12 02:20:36.586: ISAKMP:(1003):DPD/R_U_THERE received from peer 7.7.7.7, sequence
0x5FF
000413: *Aug 12 02:20:36.586: ISAKMP:(1003): sending packet to 7.7.7.7 my_port 500 peer_port 35381
(R) QM_IDLE
#sh log | inc 7.7.7.7
000847: *Aug 12 02:21:24.163: ISAKMP:(1003): sending packet to 7.7.7.7 my_port 500 peer_port 35381
(R) QM_IDLE
000852: *Aug 12 02:21:24.203: ISAKMP (1003): received packet from 7.7.7.7 dport 500 sport 35381
Global (R) QM_IDLE
3rd party device:
# racoonctl -l show-sa isakmp
Destination Cookies ST S V E Created Phase2
50.50.50.1.500 e1866e9ee2830764:575a7489971701ad 9 I 10 M 2013-08-11 20:04:57 1
[root@ltm1:Active:Disconnected] log # racoonctl -l show-sa isakmp
Destination Cookies ST S V E Created Phase2
50.50.50.1.500 e1866e9ee2830764:575a7489971701ad 9 I 10 M 2013-08-11 20:04:57 1
# racoonctl -l show-sa ipsec
192.168.180.5 50.50.50.1
esp mode=tunnel spi=2387838567(0x8e538667) reqid=62829(0x0000f56d)
E: 3des-cbc 74583bf5 4fe29310 07603be7 d52516d6 7269c35f 51b24a52
A: hmac-sha1 c0d2254c ea2ec11a 6a22bf41 dad35582 00d91a30
seq=0x00000000 replay=64 flags=0x00000000 state=mature
created: Aug 11 20:04:59 2013 current: Aug 11 21:18:57 2013
diff: 4438(s) hard: 5184000(s) soft: 4147200(s)
last: Aug 11 21:18:56 2013 hard: 0(s) soft: 0(s)
current: 421660(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 3635 hard: 0 soft: 0
sadb_seq=1 pid=8526 refcnt=0
50.50.50.1 192.168.180.5
esp mode=tunnel spi=4278341182(0xff024e3e) reqid=62828(0x0000f56c)
E: 3des-cbc 3bc26d98 0a230000 54c64896 e1a68815 6c696a15 f6779541
A: hmac-sha1 96de21a0 b5f52539 0616acfa b5a09994 03306e92
seq=0x00000000 replay=64 flags=0x00000000 state=mature
created: Aug 11 20:04:59 2013 current: Aug 11 21:18:57 2013
diff: 4438(s) hard: 5184000(s) soft: 4147200(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=8526 refcnt=0 -
Unable to allow traffic from remote office - Cisco RV220W
Hi there,
I have just bought the RV220W Cisco router firewall because my DLINK-1600 got broken and now I am unable to allow access to the machines located behind this router from the machines located at a remote office. Any help would be much appreciated!!
This is the situation:
1. Two remote offices A and B connected by a VPN tunnel (this connection is managed by an external provider and it is properly functioning)
2. IP range A office: 192.168.236.0/24
3. IP range B office: 192.168.237.0/24
4. Office A: CISCO RV220W router/firewall (the one that I´ve just bought as the old dlink has broken). This RV220W is connected to a cisco router (managed by provider) that is the one with the VPN tunnel to the other office. The CISCO router does not do NAT. On the other end (Office B) there is another CISCO router managed by the provider.
5. Everything was working smoothly until our old router/firewall got broken and that is when I bought the rv220w. I have set up the CISCO RV220W at office A and the machines can ping the machines located at office B and can browse the internet, i.e., the traffic going out is OK and in that sense everything works smoothly.
6. The problem is that the machines located at office B cannot access the machines located behind the CISCO RV220W and I know it is a problem of the firewall as if I capture traffic coming from office B, I can see that it is dropped by the CISCO RV220W.
7. I have tried to enable an access rule in the firewall to allow traffic from office B (see picture below) but it does not seem to work. In the field, Send to Local Server (DNAT IP) I have entered the WAN IP of my router (you cannot leave it blank) … this rule does not work at all. I think that is not properly configured but I don´t know how to do it.
8. As you see, the problem is that I don´t know how to set up a rule to allow specific traffic coming from the WAN (traffic from remote office – 192.168.237.0/24) to the LAN at office A - 192.168.236.0/24.
In the old router/firewall I just had to create a rule specifying the source interface (WAN) and network (Office B) and the destination interdace (LANOfficeA) and network (Office A). It does not seem that here I can do the same. i mean, you always have to point to a server ip inside the LAN??
I know it has to be a very easy thing to do but at this moment I am completely stuck. If anyone can give me some advice would be great.
Thanks a lot for your help in advanced!
EvaHi Eva, the default inbound policy cannot be changed. It will block all inbound traffic. To my knowledge there is not a way around this. Access rules are the only way to 'poke' a hole through the firewall but as you note, it is for a specific host. Values such as .0 and .255 do not work.
-Tom
Please mark answered for helpful posts
Maybe you are looking for
-
Unable to find database up in OEM 10g
Dear ones i installed oracle 10g realease 2 and every thing was working fine. but now unable to find it up when i open the oracle enterprise manager . when i connect through sqlplus i find the database is up and running as i can connect through diffe
-
I am using ecc 6.00 when i am using fbl3n for a GL line item disply in vendor column is not showing anything. it is not getting updated. Please tell me how to do it
-
Hi, We are sourcing our data from SAP BW in OBIEE 11g. We have a requirement to use writeback functionality of OBIEE 11g to write back to the SAB BW cubes. As far as I know, OBIEE does not support writeback to multidimensional database. Does anyone h
-
Alpha channel showing black background
Hello... I'm importing a logo from Photoshop that is on a transparent alpha channel. It looks fine in Photoshop... no background (other than the checkerboard). When I bring it into Final Cut there is a black box around the logo image. I have tried re
-
ME22N - How to scroll down the purchase order items
Hi, I have to make a function with call transaction (ME22N) and when I use the SHDB transaction to build the script, I can´t find the scroll down command for the items list. I have to use because we will have many items to edit / exclude / finalize i