Hot to set up remote access to a DMM

Similar Messages

• Set up Remote Access for Mac Mini

  I recently bought a Mac Mini and set it up at home. It is running on Mac OS X 10.8.3, and runs on Server 2.2.1 and Airport Utilities 6.2. I would like to be able to access the Mac Mini server from outside my home. Does anyone know the procedure of setting up remote access (through SSH or VPN) without creating an internet domain name? Thanks!
  I'm quite new to many of the Apple products, so it would be good if the answers are clearer and more detailed. Thanks!

  As Barney-15E says, Back-to-My-Mac is the best option.
  After that, try TeamViewer.com
  ssh can be done, but there are setup details with respect to your home router to allow port 22 from the Internet side to your Mac mini <http://portforward.com>.  And then you will need a dynamic DNS name from someone like No-IP.com or DynDNS.org so you can find your home router.  Once you have that setup, you should make sure you use a good strong password, as you have now exposed a known port to the internet <http://xkcd.com/936/> and <https://www.grc.com/haystack.htm>.  Don't forget to enable System Preferences -> Sharing -> Remote Login.  So now you can ssh, but what do you want to do with that?  You can create ssh tunnels for VNC screen sharing and AFP file sharing.
  ssh -L 22590:localhost:5900 -L 22548:localhost:548 [email protected]
  Now you have logged in and you have 2 tunnels.  How to use them.
  Finder -> Go -> Connect to server -> vnc://localhost:22590
  Finder -> Go -> Connect to server -> afp://localhost:22548
  Back-to-My-Mac and/or TeamViewer.com are easier

• How does one set up remote access via the internet to access files stored on the Time Capsule using airport utility 6.1

  I was just wondering if anyone can provide me with instructions please on how to set up remote access via the internet to the time capsule when away from home?
  I am running OS X Mountain Lion operating system and have Airport Utility 6.1.
  Many thanks to you all for your help.

  I think the instructions should be all in BTMM with iCloud.
  Instructions are all there.
  http://support.apple.com/kb/ht3486

• How to set up remote access on wvc80n without using TZO

  Just purchased the WVC80N, but how do you set it up for remote access without using TZO?  I can not get TZO to work w/ my Uverse 2wire 3800-hgv-b router.  Please help as the uverse customer support has not been helpful with port forwarding either.

  Hi, I'm a newbie at this, so pls be patient with my terminology...  I want to install 2 or 3 of these cameras in my mother's home, and I will have AT&T DSL service (one dynamic IP address) there with only a modem/wireless router.  I want to access the cameras from my laptop or from my Blackberry Tour when I am traveling.  Also want to allow access for my other relatives.  I do not have another home computer to serve as a WHS, and my laptop is obviously not connected to the internet all of the time.  Can I use the DDNS setup with DynDNS to provide access?  The instructions that I read seemed to imply that I needed a WHS in order to forward ports, etc.  Thanks in advance for your help.. Garry

• Need help setting up remote access please

  I have a new server 2012 network with a server built specifically for remote access
  I need to set up simple remote access to LAN pc's, published apps, and to manage domain remotely
  this is only a test setup and I want some security but first want teh basics setup then I can lock down
  I ran the wizards and believe most things are done correctly when I added the roles, and firewall is allowing access to that server.
  when I try to connect from external I get the remote server's default IIS web page, no remote access options
  is there a simple checklist to test services internally and test the web page access internally?
  I am not sure what information you may need so please ask for any details that will be helpful
  Remote Gateway, licensing, web access and certificates have all been configured using the wizards
  David Sheetz MCP

  Hi David,
  Thank you for posting in Windows Server Forum.
  Initially to remote access the application through RD Web we need to use https://servername/rdweb. Also please check the following setting.
  In IIS: IIS Sites --> Default --> RDWeb --> Pages --> Application Settings --> DefaultTSGateway:
  Set that to your RD Gateway access URL.
  Then restart IIS.
  Your RemoteApps will then be able to find the proper gateway inbound.
  When you created your collection bring up its properties and make sure the URL is specified in RD Gateway settings too. This generates the correct settings in the RDP files.
  In addition, please checkthis article for information. Also please see whether you
  have configured RD RAP and RD CAP properly and try to uncheck the option “Bypass RD Gateway for local address” under deployment properties and verify the result.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Setting up remote access for support

  Need to set up remote support for my Dad's iMac. He has an airport express connected to an optonline cable modem. I have an airport connected to a charter cable modem.
  Both systems are running Mavericks. I have the latest remote access app.
  I tried this a year ago and could connect to him when I was on his local network but not when I was at home. Since then everything has been updated. I will be visiting him in a few week and could do any set up on his system.
  I read the admin guide but it's still to confusing to me. I am able to set up and connect to computers on my local network ok.
  Will ARA be able to do this? Do I need any further software? logmeon, etc?
  Any tips on creating a client installer to use when I am there? I will be using his user account.
  Do any changes need to be made to the routers to get through them?
  Could use some help here. Thanks

  https://discussions.apple.com/thread/5294202?tstart=0
  Something you should be aware of is the frequency of IP address change at your father's location. Providers of residential broadband services lease an IP address for a certain duration which you have no control over and is purely arbitrary. You may be familiar with these changes?
  The point is sometimes these addresses change regularly (4 hours to every few days) and sometimes they stay the same for a longer period of time such as a year or more.
  Because of the nature of this change you may find you can remote assist your father one day but not the next. The situation is easily rectified with a simple phonecall to your father. He can tell you what IP address he's using by launching his browser and clicking this link:
  http://myipaddress.com
  He gives you his new IP address and you should be able to make a successful connection again.
  Be aware IP addresses handed out by ISPs are known as routable. IP addresses handed out by Firewalls/Routers/Gateway devices such as Apple's Airport Express Base Station etc are not routable. Assuming you've not changed anything in the devices they will always be one of these three ranges: 192.168.1.x; 10.x.x.x and 172.16.16.x. You don't use any of these last three group of addresses to make the connection over the public external (internet) network but you do use them when on the same private internal network.

• How can I set up remote access on my iPad?

  How can Iset up remote access on my iPad?

  Thank you for responding, James.  I just figured it out.  I used Safari  to connect to my office server system by using the http://mail server address/remote.  It works just like any computer.

• How do I set up remote access to my HD thats hooked to New Airport Extreme

  Hi Everyone,
  I want to have remote access to my hard drive which is hooked up to the USB Port on the back of the Airport Extreme. I have tried many different configurations and watched youtube videos to help me, to no avail. Apparently there are many ways to do this, but no luck!
  Thanks for your help and if you have screen shots even more helpful.
  I know I can't be the only one with this question and Apple doesn't make it easy since I called them and they want me to sign up for Mobile Me for $99/yr,
  Thanks in Advance,
  Robert

  I should mention that its the only router I have which is hard wired via cable to modem.

• Trouble setting up remote access vpn

  26-Jul-2013 09:41 (in response to ciscomoderator)
  Re: Ask the Expert: Understanding MPLS L3VPN: concepts, terminology, control and data plane call flow
  Keddian Gilbert
  Hi
  Concerning the nature of my problemes, am trying to setup a remote access vpn to my 3620 series router; however
  am not able to use the command prompt because of my limited knowledge of the necessary commands. to configure a remote VPN conniction.
  I checked out several instructions on the internet but all of them used GROUP PROFILE and the TUNNEL command in their config
  which my router does not support. All I want is the specific configuration for this version IOS seeing  it differs in configuration.
  I cant use SDM. My router does not have enough memory to accept it.
  Here is an out put of a SHOW VER  command
  digix-lan>sh ver
  Cisco Internetwork Operating System Software
  IOS (tm) 3600 Software (C3620-JK9S-M), Version 12.2(29), RELEASE SOFTWARE (fc3)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2005 by cisco Systems, Inc.
  Compiled Wed 11-May-05 12:54 by kellmill
  Image text-base: 0x60008930, data-base: 0x61598000
  ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
  ROM: 3600 Software (C3620-JK9S-M), Version 12.2(29), RELEASE SOFTWARE (fc3)
  digix-lan uptime is 2 days, 1 hour, 42 minutes
  System returned to ROM by power-on
  System image file is "flash:c3620-jk9s-mz.122-29.bin"
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco 3620 (R4700) processor (revision 0x81) with 60416K/5120K bytes of memory.
  Processor board ID 10707060
  R4700 CPU at 80Mhz, Implementation 33, Rev 1.0
  Bridging software.
  X.25 software, Version 3.0.0.
  SuperLAT software (copyright 1990 by Meridian Technology Corp).
  TN3270 Emulation software.
  4 Ethernet/IEEE 802.3 interface(s)
  DRAM configuration is 32 bits wide with parity disabled.
  29K bytes of non-volatile configuration memory.
  16384K bytes of processor board System flash (Read/Write)
  Configuration register is 0x2102
  I really need this help sir! THANK YOU much
  FROM:  KEDDIAN GILBERT

  For SSLVPN and HTTPS in general it's best to have a certificates with from one of the big PKI providers.
  For IPsec however it is not required. You can have both ASA and user certificates provided by an internal CA (windows CA, openCA, ejbca, etc...)
  There is a basic configuration example:
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml
  It might not be EXACTLY what you're looking for but should get you started.

• Setting up remote access from PC to Mac using DynDNS

  Hi Guys,
  I'm hoping someone can help out, I'm quite desperate here.
  I am about to head overseas for three weeks, and need to leave my Mac running, so that I can log into it remotely using a PC. My Mac, is a MacBook Pro, and the PC I will be using is an Asus EEE PC. I will need to do simple things like grab files, open PDFs and run a few applications from time to time on the Mac.
  I have a billion 7404VGP router that my Mac will be plugged into, using an ADSL connection. I have a dynamic IP address so I have setup a DynDNS account.
  I have read countless tutorials, and posted to a few different sites, but I can not get any consistency in responses or guidance on how to set this up properly. It's killing me.
  Am I correct in understanding that VNC is the best method to do this? I'm being told that I also need to open all sorts of ports on the router. Some say I need to 'SSH', others say I need to 'VPN'. I'm quite technically literate but I'm lost in all the protocols and variations people are saying I need to use.
  So far, I have setup the following:
  *On the Mac:*
  - Enabled 'Screen Sharing' in OS X System Preferences > Screen Sharing
  - Specified a password for 'VNC viewers may control the screen' within Screen Sharing settings
  - Setup a DynDNS account, and created a custom name (ie myname.dyndns.org)
  *On the Billion Router*
  - Setup the DynDNS configuration so that when the IP address changes it tells the server
  - Under Virtual Server, I have added a port forwarding entry as follows:
  Schedule: Always On
  Application: DynDNS
  Protocol: TCP
  External Port: 80 to 80
  Redirect Port 80 to 80
  Internal IP Address: This is where I think I need guidance. I have to select the IP associated with my MAC address, so the IP is 192.168.1.4.
  This is as far as I have gotten. I have installed a VNC viewer on the PC, and tried to login using the IP address that shows up in my DynDNS account, but nothing is working.
  What am I doing wrong? Can somebody kindly explain (or direct me to), a straight english step by step process of how I can get this going? Any guidance is appreciate it.
  Thanks so much.

  I am about to head overseas for three weeks, and need to leave my Mac running, so that I can log into it remotely using a PC. My Mac, is a MacBook Pro, and the PC I will be using is an Asus EEE PC. I will need to do simple things like grab files, open PDFs and run a few applications from time to time on the Mac.
  The grabbing of files is going to complicate things a little bit, as now you want 2 things, not just one.
  I have a billion 7404VGP router that my Mac will be plugged into, using an ADSL connection. I have a dynamic IP address so I have setup a DynDNS account.
  I have read countless tutorials, and posted to a few different sites, but I can not get any consistency in responses or guidance on how to set this up properly. It's killing me.
  Am I correct in understanding that VNC is the best method to do this? I'm being told that I also need to open all sorts of ports on the router. Some say I need to 'SSH', others say I need to 'VPN'. I'm quite technically literate but I'm lost in all the protocols and variations people are saying I need to use.
  VNC is a way to control the Mac remotely. But grabbing files will require something else, which is most likely why you got some suggestions for ssh, and/or VPN.
  I'm going to suggest TeamViewer Screen Sharing and File Transfer utility (free for personal use).
  <http://teamviewer.com/index.aspx>
  The advantage of TeamView is that you can both control the screen and you can grab files all in one package.
  Just make sure you fully test your setup before leaving.
  However, if you want to pursue VNC, I'll add comments below.
  So far, I have setup the following:
  *On the Mac:*
  - Enabled 'Screen Sharing' in OS X System Preferences > Screen Sharing
  - Specified a password for 'VNC viewers may control the screen' within Screen Sharing settings
  This should be a strong password.
  - Setup a DynDNS account, and created a custom name (ie myname.dyndns.org)
  So far so good
  *On the Billion Router*
  - Setup the DynDNS configuration so that when the IP address changes it tells the server
  - Under Virtual Server, I have added a port forwarding entry as follows:
  Schedule: Always On
  Application: DynDNS
  Protocol: TCP
  External Port: 80 to 80
  Redirect Port 80 to 80
  Internal IP Address: This is where I think I need guidance. I have to select the IP associated with my MAC address, so the IP is 192.168.1.4.
  The port numbers are wrong. Port 80 is for a web server. VNC uses port 5900.
  Did you have to manually enter that IP address when you setup the port forwarding? Or does the router have some way of locking into your Mac?
  I ask, because of your Mac's IP address is assigned via DHCP, then it is possible the router could change the address it gives to the Mac on a power failure restart, but the port forwarding might be locked into 192.168.1.4.
  So if the router needs to have a stable IP address for port forwarding, then you might want to configure the Mac with a fixed IP address (preferably one outside of the routers DHCP assignment range), then use that fixed IP address with port forwarding (always test any configuration change such as this).
  Oh yea, you are configuring your Mac to automatically reboot when power is restored (System Preferences -> Energy Saver -> Options -> Restart automatically after power failure
  This is as far as I have gotten. I have installed a VNC viewer on the PC, and tried to login using the IP address that shows up in my DynDNS account, but nothing is working.
  As mentioned, you need to forward port 5900 for VNC.
  What am I doing wrong? Can somebody kindly explain (or direct me to), a straight english step by step process of how I can get this going? Any guidance is appreciate it.
  Port forwarding port 5900 should do the trick.
  However, at this point you only have screen sharing. You can do stuff to your Mac, but you can not transfer files via this connection.
  This is where suggestions for ssh come in (or you could go back to my TeamViewer idea ).
  Ssh can offer remote terminal login (PuTTY is a very good Windows Terminal emulator). Ssh can also offer scp (ssh cp) and sftp (ssh ftp) services, both of which can be used to transfer files to and from the Mac securely over the internet.
  The easiest PC/Mac file transfer while traveling, would be to find a good Windows sftp GUI application. There are a bunch of them for the Mac so there must be 4 or 5 times as many Windows GUI sftp clients. A Google "windows sftp gui client" search should come up with a few.
  OK, getting ssh working.
  Enable System Preferences -> Sharing -> Remote Login.
  Now on your router, Port Foward port 22, the ssh port.
  Now you should be able to fire up a Windows sftp GUI client, and access your Mac via your DynDNS.org name. The username and password will be your Mac's account short name and password. If you do not know your short name, you can find this via System Preferences -> Accounts
  Summary:
  o Forward port 5900 for VNC
  o Forward port 22 for ssh
  o Enable Remote Login on the Mac
  o You have already enabled Screen Sharing, and specified a VNC password (goodness).
  o Configure the Mac so it will reboot in case of a power failure.
  o Make sure the router will still be able to port foward 5900 and 22 after a power failure, either because it locks into the Mac, or because you have given the Mac a fixed IP address.
  Now test the heck out of this, from a coffee shop or a friends house.
  Even if you configure VNC and ssh, I would suggest also trying TeamView so you have a "Plan B".

• How do I set up remote access so I can access my work iMac from home

  I'm sorry, I'm sure I should be able to find the answer to this but so far I can't. I have a G5 Imac at work. I also have one at home. (same model computer) and a G4 powerbook and the new macbook (with the intel processor). Here's my problem. I want to be able to leave my work computer turned on when I go home and access files that are on it from home, or remotely from the macbook wherever I am. Problem is, I have no idea how to set it up to be able to do that. Do I need special software?
  Thanks and I apologize if this is covered someplace else. I couldn't find the answer.
  George

  That is possible. First make sure that this is OK (and allowed) with your IT/computer support at work.
  (a) Configuring the work computer...
  Is there a router between the work iMac and the internet? If so, the first step is to configure the work iMac to use a static/manual IP address. The next step is to map/forward the appropriate ports through the router to the IP address used by the work iMac.
  On the work iMac, open the Sharing preference pane and enable Personal File Sharing.
  (b) Accessing the work computer remotely...
  You must know the public IP address given by the ISP to your work location. If your ISP gives you an IP address via DHCP this address could periodically change. If your ISP gives you a static/manual IP address the address won't change.
  Start/access the file sharing method you want to use and configure it using the IP address from the work computer.
  KB 106461, Mac OS X: About File Sharing

• Setting up remote access

  Hello all,
  I have a question regarding remote desktop access. We are in an office of 250 people and all use windows machines. We recently purchased a mini mac so that we can test issues on it.
  I would like to setup remote desktop access so that co-workers can access the mac from their windows pcs but avoid having them in there at the same time.
  Under sharing, i was able to enable remote desktop, but the problem is that if one person is logged in, another person can log in to the same session.
  We would love to allow multiple connections at the same time but not in the same session.
  Any idea?
  Thanks
  Dee

  We would love to allow multiple connections at the same time but not in the same session.
  Sorry, but that's not possible. Mac OS X is not a full multi-user system, so you can only have one person connected remotely to a Mac at any one time since it just takes over the user session. The only way to have multiple simultaneous users in a Mac OS X system is when you use X11 or command-line UNIX applications. There's no facility in Mac OS X comparable to Windows Terminal Services.

• How to set up remote access to my old Powerbook?

  Hello.
  I would like to access some files from my old Powerbook from my new Macbook, as I always forget files I wind up needing later (I just recently bought the Macbook) , and don;t want to load everythign which was on my Powerbbok onto my new computer. Any suggestions?
  Thanks

  Start up the powerbook and immediately hold down the T key, until you see the Firewire logo moving on the screen. This will place your powerbook in "Target Disk Mode". Using a firewire cable plug the powerbook into the Macbook, the powerbooks disk will then mount on the Macbooks desktop and you can copy any files you want across.
  Hope this helps.

• Remote Access VPN Clients Cannot Access inside LAN

  I have been asked to set up remote access VPN on an ASA 5505 that I previously had no invlovement with.  I have set it up the VPN using the wizard, they way I normally do, but the clients have no access to anything in the inside subnet, not even the inside interface IP address of the ASA.  Thay can ping each other.  The remote access policy below that I am working on is labeled VPNPHONE, address pool 172.16.20.1-10.  I do not need split tunneling to be enabled.  The active WAN interface is the one labeled outside_cable.
  : Saved
  ASA Version 8.2(1)
  hostname ASA5505
  domain-name default.domain.invalid
  enable password eelnBRz68aYSzHyz encrypted
  passwd eelnBRz68aYSzHyz encrypted
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.100.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  pppoe client vpdn group dataDSL
  ip address 76.244.75.57 255.255.255.255 pppoe
  interface Vlan3
  nameif dmz
  security-level 50
  ip address 192.168.9.1 255.255.255.0
  interface Vlan10
  nameif outside_cable
  security-level 0
  ip address 50.84.96.178 255.255.255.240
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  switchport access vlan 10
  interface Ethernet0/2
  switchport access vlan 3
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  ftp mode passive
  clock timezone CST -6
  clock summer-time CDT recurring
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  same-security-traffic permit intra-interface
  object-group service Netbios udp
  port-object eq 139
  port-object eq 445
  port-object eq netbios-ns
  object-group service Netbios_TCP tcp
  port-object eq 445
  port-object eq netbios-ssn
  object-group network DM_INLINE_NETWORK_1
  network-object host 192.168.100.177
  network-object host 192.168.100.249
  object-group service Web_Services tcp
  port-object eq ftp
  port-object eq ftp-data
  port-object eq www
  port-object eq https
  object-group network DM_INLINE_NETWORK_10
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_11
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_2
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_3
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_4
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_5
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_6
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_7
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_8
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network DM_INLINE_NETWORK_9
  network-object host 192.168.9.10
  network-object host 192.168.9.4
  object-group network VPN
  network-object 192.168.255.0 255.255.255.0
  access-list outside_access_in extended permit icmp any host 76.244.75.61
  access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp
  access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp-data
  access-list outside_access_in extended permit tcp any host 76.244.75.62 eq www
  access-list outside_access_in extended permit tcp any host 76.244.75.62 eq https
  access-list outside_access_in extended permit tcp any host 76.244.75.59 eq www
  access-list outside_access_in extended permit tcp any host 76.244.75.59 eq https
  access-list outside_access_in extended permit tcp any host 76.244.75.60 eq www
  access-list outside_access_in extended permit tcp any host 76.244.75.60 eq https
  access-list outside_access_in extended permit tcp any host 76.244.75.58 eq www
  access-list outside_access_in extended permit tcp any host 76.244.75.58 eq https
  access-list dmz_access_in remark Quickbooks
  access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_6 host 192.168.100.5 eq 56719
  access-list dmz_access_in remark Quickbooks range
  access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_7 host 192.168.100.5 range 55333 55337
  access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_8 host 192.168.100.5 eq 1434
  access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_9 host 192.168.100.5 eq 49398
  access-list dmz_access_in remark QB
  access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_10 host 192.168.100.5 eq 8019
  access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_2 host 192.168.100.5 eq 2638
  access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_11 host 192.168.100.5 object-group Netbios
  access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_3 host 192.168.100.5 object-group Netbios_TCP
  access-list dmz_access_in extended deny ip host 192.168.9.4 host 192.168.100.5 inactive
  access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_4 any
  access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_5 any
  access-list dmz_access_in remark Printer
  access-list dmz_access_in extended permit ip 192.168.9.0 255.255.255.0 object-group DM_INLINE_NETWORK_1
  access-list dmz_access_in extended permit tcp 192.168.9.0 255.255.255.0 any object-group Web_Services
  access-list dmz_access_in extended permit udp 192.168.9.0 255.255.255.0 any eq domain
  access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.255.0 255.255.255.0 echo-reply
  access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.100.0 255.255.255.0 echo-reply log disable
  access-list dmz_access_in remark QB probably does not need any udp
  access-list dmz_access_in extended permit udp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
  access-list dmz_access_in remark QB included in other rule range
  access-list dmz_access_in extended permit tcp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
  access-list dmz_access_in remark May be required for Quickbooks
  access-list dmz_access_in extended permit icmp host 192.168.9.4 host 192.168.100.5
  access-list CAD_capture extended permit ip host 192.168.9.4 host 192.168.100.5
  access-list CAD_capture extended permit ip host 192.168.100.5 host 192.168.9.4
  access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.240
  access-list inside_nat0_outbound extended permit ip any 172.16.10.0 255.255.255.240
  access-list inside_nat0_outbound extended permit ip any 172.16.20.0 255.255.255.240
  access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
  access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.9.0 255.255.255.0
  access-list dmz_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
  access-list outside_cable_access_in extended permit icmp any host 50.84.96.182
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp-data
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq www
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq https
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq www
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq https
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq www
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq https
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq www
  access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq https
  access-list Local_LAN_Access standard permit host 0.0.0.0
  access-list vpnusers_spitTunnelACL extended permit ip 192.168.100.0 255.255.255.0 any
  access-list nonat-in extended permit ip 192.168.100.0 255.255.255.0 172.16.20.0 255.255.255.0
  pager lines 24
  logging enable
  logging buffered informational
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  mtu dmz 1500 
  mtu outside_cable 1500
  ip local pool VPN_IP_range 192.168.255.1-192.168.255.10 mask 255.255.255.0
  ip local pool VPN_Phone 172.16.20.1-172.16.20.10 mask 255.255.255.0
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  nat-control
  global (outside) 10 interface
  global (outside_cable) 10 interface
  nat (inside) 0 access-list nonat-in
  nat (inside) 10 0.0.0.0 0.0.0.0
  nat (dmz) 0 access-list dmz_nat0_outbound
  nat (dmz) 10 0.0.0.0 0.0.0.0
  static (inside,outside) 76.244.75.62 192.168.100.25 netmask 255.255.255.255 dns
  static (dmz,outside) 76.244.75.61 192.168.9.123 netmask 255.255.255.255 dns
  static (dmz,outside) 76.244.75.59 192.168.9.124 netmask 255.255.255.255 dns
  static (dmz,outside) 76.244.75.58 192.168.9.4 netmask 255.255.255.255 dns
  static (inside,dmz) 192.168.100.0 192.168.100.0 netmask 255.255.255.0
  static (dmz,outside) 76.244.75.60 192.168.9.10 netmask 255.255.255.255 dns
  static (inside,outside_cable) 50.84.96.183 192.168.100.25 netmask 255.255.255.255 dns
  static (dmz,outside_cable) 50.84.96.182 192.168.9.123 netmask 255.255.255.255 dns
  static (dmz,outside_cable) 50.84.96.180 192.168.9.124 netmask 255.255.255.255 dns
  static (dmz,outside_cable) 50.84.96.179 192.168.9.4 netmask 255.255.255.255 dns
  static (dmz,outside_cable) 50.84.96.181 192.168.9.10 netmask 255.255.255.255 dns
  access-group outside_access_in in interface outside
  access-group dmz_access_in in interface dmz
  access-group outside_cable_access_in in interface outside_cable
  route outside_cable 0.0.0.0 0.0.0.0 50.84.96.177 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  http 192.168.100.0 255.255.255.0 inside
  http 204.107.173.0 255.255.255.0 outside
  http 204.107.173.0 255.255.255.0 outside_cable
  http 0.0.0.0 0.0.0.0 outside_cable
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_cable_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_cable_map interface outside_cable
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map inside_map interface inside
  crypto isakmp enable inside
  crypto isakmp enable outside
  crypto isakmp enable outside_cable
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 30
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 86400
  telnet 192.168.100.0 255.255.255.0 inside
  telnet timeout 5
  ssh 192.168.100.0 255.255.255.0 inside
  ssh 204.107.173.0 255.255.255.0 outside
  ssh 204.107.173.0 255.255.255.0 outside_cable
  ssh 0.0.0.0 0.0.0.0 outside_cable
  ssh timeout 15
  console timeout 0
  vpdn group dataDSL request dialout pppoe
  vpdn group dataDSL localname [email protected]
  vpdn group dataDSL ppp authentication pap
  vpdn username [email protected] password *********
  dhcpd address 192.168.100.30-192.168.100.99 inside
  dhcpd dns 192.168.100.5 68.94.156.1 interface inside
  threat-detection basic-threat
  threat-detection statistics port
  threat-detection statistics protocol
  threat-detection statistics access-list
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  webvpn
  group-policy DefaultRAGroup internal
  group-policy DefaultRAGroup attributes
  dns-server value 192.168.100.5
  vpn-tunnel-protocol IPSec l2tp-ipsec
  group-policy cad_supplies_RAVPN internal
  group-policy cad_supplies_RAVPN attributes
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value cad_supplies_RAVPN_splitTunnelAcl
  group-policy VPNPHONE internal
  group-policy VPNPHONE attributes
  dns-server value 192.168.100.5
  vpn-tunnel-protocol IPSec
  split-tunnel-policy excludespecified
  split-tunnel-network-list value Local_LAN_Access
  client-firewall none
  client-access-rule none
  username swinc password BlhBNWfh7XoeHcQC encrypted
  username swinc attributes
  vpn-group-policy cad_supplies_RAVPN
  username meredithp password L3lRjzwb7TnwOyZ1 encrypted
  username meredithp attributes
  vpn-group-policy cad_supplies_RAVPN
  service-type remote-access
  username ipphone1 password LOjpmeIOshVdCSOU encrypted privilege 0
  username ipphone1 attributes
  vpn-group-policy VPNPHONE
  username ipphone2 password LOjpmeIOshVdCSOU encrypted privilege 0
  username ipphone2 attributes
  vpn-group-policy VPNPHONE
  username ipphone3 password LOjpmeIOshVdCSOU encrypted privilege 0
  username ipphone3 attributes
  vpn-group-policy VPNPHONE
  username oethera password WKJxJq7L6wmktFNt encrypted
  username oethera attributes
  vpn-group-policy cad_supplies_RAVPN
  service-type remote-access
  username markh password nqH+bk6vj0fR83ai0SAxkg== nt-encrypted
  username markh attributes
  vpn-group-policy cad_supplies_RAVPN
  tunnel-group DefaultRAGroup general-attributes
  default-group-policy DefaultRAGroup
  tunnel-group DefaultRAGroup ipsec-attributes
  pre-shared-key *
  tunnel-group DefaultRAGroup ppp-attributes
  authentication ms-chap-v2
  tunnel-group cad_supplies_RAVPN type remote-access
  tunnel-group cad_supplies_RAVPN general-attributes
  address-pool VPN_IP_range
  default-group-policy cad_supplies_RAVPN
  tunnel-group cad_supplies_RAVPN ipsec-attributes
  pre-shared-key *
  tunnel-group VPNPHONE type remote-access
  tunnel-group VPNPHONE general-attributes
  address-pool VPN_Phone
  default-group-policy VPNPHONE
  tunnel-group VPNPHONE ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 1500
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:8b25ecc61861a2baa6d2556a3679cc7c
  : end

  Hi,
  You have your "group-policy" set so that you have excluding some networks from being tunneled.
  In this access-list named Local_LAN_Access you specify "0.0.0.0"
  Doesnt this mean you are excluding all networks from being tunneled? In other words no traffic goes to your tunnel.
  This access-list should only contain your local LAN network from where you are connecting with the VPN Client. If you dont need to access anything on your local LAN while having the VPN on, you don't even need this setting on. You could just tunnel all traffic instead of excluding some networks.
  - Jouni

• Remote access via ftp

  Hi.
  I am trying to set up remote access to my mac so I can upload files to it remotely from a PC. I want the simplest free solution as I simply want occasional access to back up files from my work PC to my home mac. I have got 90% of the way, but fallen at the final hurdle.
  I am using OSX Leopard 10.5.8 and a Linksys WRT54G wireless router
  I am trying to access my imac via ftp as this appears to be the simplest route. So far I have done the following:
  (a) Followed the advice in "Mac OSX Missing Manual" and portforwarding.com: i.e. ...
  (b) Set up a static IP address on my mac through system preferences. This is working as I can access the internet fine.
  (c) Turned off "Block anonymous internet requests" in the router settings
  (d) Set up port forwarding of port 21 using the static IP address I have set up
  (e) In system preferences, turned on file sharing using ftp
  (f) Tested access using Safari - typed in my local static IP address as specified in the file sharing ftp box in the sharing section of system preferences. I logged in with my main account log in info. This worked - I immediately got a finder window pop up with my folders visible. The ftp server was also mounted on my desktop.
  (g) Tested access using Safari via my public IP address. This was much slower. I eventually got the login box, but when I entered the same main account login info I eventually got an error message saying password / username were incorrect. They weren't, as I have tried this several times. (I don't have access to a PC on another network to test that way.)
  Very grateful for any help.
  Thanks

  I am not sure which type of FTP Apple uses but this will give you the differences the in firewall policy for active and passive. http://slacksite.com/other/ftp.html you will need to set the firewall accordingly.
  You may also have problems with the firewall in use at work, it depends on how its been locked down.
  It depends on how much time you have to spend on the problem. There are free remote control applications that include file transfer, have a look at this site http://www.teamviewer.com/download/index.aspx , there is a free version available but I have not used this software. There are other similar products some free, some cost.
  If you cannot get any answers to your question at least there are other esiaer options open to you.
  regards