Hot to set up remote access to a DMM
Hi all,
I'm trying to configure a remote access to a digital media manager via wan.
The problem is that when I try to redirect the nat of the local ip:port of the DMM is unable to open the web admin because of the FQDN.
Only the hostname is admited so, how can I admin my DMM when I'm not in my local network?
I get access via dmp.sumkio.local:8080 in my local network, but how can I do it from outside?
I have a Cisco UC520 like my border router.
Can I NAT a static route to a hostname?
I have a VPN created, but I want to give access to some clients to manage some of their services, so I can't give them access to all my network.
Thanks
Hi Pablo,
I'm afraid it's not possible to use DMM behind NAT. When you try to access, it needs to be able resolve its own FQDN to the configured IP address.
I wish I could give you a better answer
Daniel
Similar Messages
-
Set up Remote Access for Mac Mini
I recently bought a Mac Mini and set it up at home. It is running on Mac OS X 10.8.3, and runs on Server 2.2.1 and Airport Utilities 6.2. I would like to be able to access the Mac Mini server from outside my home. Does anyone know the procedure of setting up remote access (through SSH or VPN) without creating an internet domain name? Thanks!
I'm quite new to many of the Apple products, so it would be good if the answers are clearer and more detailed. Thanks!As Barney-15E says, Back-to-My-Mac is the best option.
After that, try TeamViewer.com
ssh can be done, but there are setup details with respect to your home router to allow port 22 from the Internet side to your Mac mini <http://portforward.com>. And then you will need a dynamic DNS name from someone like No-IP.com or DynDNS.org so you can find your home router. Once you have that setup, you should make sure you use a good strong password, as you have now exposed a known port to the internet <http://xkcd.com/936/> and <https://www.grc.com/haystack.htm>. Don't forget to enable System Preferences -> Sharing -> Remote Login. So now you can ssh, but what do you want to do with that? You can create ssh tunnels for VNC screen sharing and AFP file sharing.
ssh -L 22590:localhost:5900 -L 22548:localhost:548 [email protected]
Now you have logged in and you have 2 tunnels. How to use them.
Finder -> Go -> Connect to server -> vnc://localhost:22590
Finder -> Go -> Connect to server -> afp://localhost:22548
Back-to-My-Mac and/or TeamViewer.com are easier -
I was just wondering if anyone can provide me with instructions please on how to set up remote access via the internet to the time capsule when away from home?
I am running OS X Mountain Lion operating system and have Airport Utility 6.1.
Many thanks to you all for your help.I think the instructions should be all in BTMM with iCloud.
Instructions are all there.
http://support.apple.com/kb/ht3486 -
How to set up remote access on wvc80n without using TZO
Just purchased the WVC80N, but how do you set it up for remote access without using TZO? I can not get TZO to work w/ my Uverse 2wire 3800-hgv-b router. Please help as the uverse customer support has not been helpful with port forwarding either.
Hi, I'm a newbie at this, so pls be patient with my terminology... I want to install 2 or 3 of these cameras in my mother's home, and I will have AT&T DSL service (one dynamic IP address) there with only a modem/wireless router. I want to access the cameras from my laptop or from my Blackberry Tour when I am traveling. Also want to allow access for my other relatives. I do not have another home computer to serve as a WHS, and my laptop is obviously not connected to the internet all of the time. Can I use the DDNS setup with DynDNS to provide access? The instructions that I read seemed to imply that I needed a WHS in order to forward ports, etc. Thanks in advance for your help.. Garry
-
Need help setting up remote access please
I have a new server 2012 network with a server built specifically for remote access
I need to set up simple remote access to LAN pc's, published apps, and to manage domain remotely
this is only a test setup and I want some security but first want teh basics setup then I can lock down
I ran the wizards and believe most things are done correctly when I added the roles, and firewall is allowing access to that server.
when I try to connect from external I get the remote server's default IIS web page, no remote access options
is there a simple checklist to test services internally and test the web page access internally?
I am not sure what information you may need so please ask for any details that will be helpful
Remote Gateway, licensing, web access and certificates have all been configured using the wizards
David Sheetz MCPHi David,
Thank you for posting in Windows Server Forum.
Initially to remote access the application through RD Web we need to use https://servername/rdweb. Also please check the following setting.
In IIS: IIS Sites --> Default --> RDWeb --> Pages --> Application Settings --> DefaultTSGateway:
Set that to your RD Gateway access URL.
Then restart IIS.
Your RemoteApps will then be able to find the proper gateway inbound.
When you created your collection bring up its properties and make sure the URL is specified in RD Gateway settings too. This generates the correct settings in the RDP files.
In addition, please checkthis article for information. Also please see whether you
have configured RD RAP and RD CAP properly and try to uncheck the option “Bypass RD Gateway for local address” under deployment properties and verify the result.
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Setting up remote access for support
Need to set up remote support for my Dad's iMac. He has an airport express connected to an optonline cable modem. I have an airport connected to a charter cable modem.
Both systems are running Mavericks. I have the latest remote access app.
I tried this a year ago and could connect to him when I was on his local network but not when I was at home. Since then everything has been updated. I will be visiting him in a few week and could do any set up on his system.
I read the admin guide but it's still to confusing to me. I am able to set up and connect to computers on my local network ok.
Will ARA be able to do this? Do I need any further software? logmeon, etc?
Any tips on creating a client installer to use when I am there? I will be using his user account.
Do any changes need to be made to the routers to get through them?
Could use some help here. Thankshttps://discussions.apple.com/thread/5294202?tstart=0
Something you should be aware of is the frequency of IP address change at your father's location. Providers of residential broadband services lease an IP address for a certain duration which you have no control over and is purely arbitrary. You may be familiar with these changes?
The point is sometimes these addresses change regularly (4 hours to every few days) and sometimes they stay the same for a longer period of time such as a year or more.
Because of the nature of this change you may find you can remote assist your father one day but not the next. The situation is easily rectified with a simple phonecall to your father. He can tell you what IP address he's using by launching his browser and clicking this link:
http://myipaddress.com
He gives you his new IP address and you should be able to make a successful connection again.
Be aware IP addresses handed out by ISPs are known as routable. IP addresses handed out by Firewalls/Routers/Gateway devices such as Apple's Airport Express Base Station etc are not routable. Assuming you've not changed anything in the devices they will always be one of these three ranges: 192.168.1.x; 10.x.x.x and 172.16.16.x. You don't use any of these last three group of addresses to make the connection over the public external (internet) network but you do use them when on the same private internal network. -
How can I set up remote access on my iPad?
How can Iset up remote access on my iPad?
Thank you for responding, James. I just figured it out. I used Safari to connect to my office server system by using the http://mail server address/remote. It works just like any computer.
-
How do I set up remote access to my HD thats hooked to New Airport Extreme
Hi Everyone,
I want to have remote access to my hard drive which is hooked up to the USB Port on the back of the Airport Extreme. I have tried many different configurations and watched youtube videos to help me, to no avail. Apparently there are many ways to do this, but no luck!
Thanks for your help and if you have screen shots even more helpful.
I know I can't be the only one with this question and Apple doesn't make it easy since I called them and they want me to sign up for Mobile Me for $99/yr,
Thanks in Advance,
RobertI should mention that its the only router I have which is hard wired via cable to modem.
-
Trouble setting up remote access vpn
26-Jul-2013 09:41 (in response to ciscomoderator)
Re: Ask the Expert: Understanding MPLS L3VPN: concepts, terminology, control and data plane call flow
Keddian Gilbert
Hi
Concerning the nature of my problemes, am trying to setup a remote access vpn to my 3620 series router; however
am not able to use the command prompt because of my limited knowledge of the necessary commands. to configure a remote VPN conniction.
I checked out several instructions on the internet but all of them used GROUP PROFILE and the TUNNEL command in their config
which my router does not support. All I want is the specific configuration for this version IOS seeing it differs in configuration.
I cant use SDM. My router does not have enough memory to accept it.
Here is an out put of a SHOW VER command
digix-lan>sh ver
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-JK9S-M), Version 12.2(29), RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 11-May-05 12:54 by kellmill
Image text-base: 0x60008930, data-base: 0x61598000
ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
ROM: 3600 Software (C3620-JK9S-M), Version 12.2(29), RELEASE SOFTWARE (fc3)
digix-lan uptime is 2 days, 1 hour, 42 minutes
System returned to ROM by power-on
System image file is "flash:c3620-jk9s-mz.122-29.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco 3620 (R4700) processor (revision 0x81) with 60416K/5120K bytes of memory.
Processor board ID 10707060
R4700 CPU at 80Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
4 Ethernet/IEEE 802.3 interface(s)
DRAM configuration is 32 bits wide with parity disabled.
29K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
I really need this help sir! THANK YOU much
FROM: KEDDIAN GILBERTFor SSLVPN and HTTPS in general it's best to have a certificates with from one of the big PKI providers.
For IPsec however it is not required. You can have both ASA and user certificates provided by an internal CA (windows CA, openCA, ejbca, etc...)
There is a basic configuration example:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml
It might not be EXACTLY what you're looking for but should get you started. -
Setting up remote access from PC to Mac using DynDNS
Hi Guys,
I'm hoping someone can help out, I'm quite desperate here.
I am about to head overseas for three weeks, and need to leave my Mac running, so that I can log into it remotely using a PC. My Mac, is a MacBook Pro, and the PC I will be using is an Asus EEE PC. I will need to do simple things like grab files, open PDFs and run a few applications from time to time on the Mac.
I have a billion 7404VGP router that my Mac will be plugged into, using an ADSL connection. I have a dynamic IP address so I have setup a DynDNS account.
I have read countless tutorials, and posted to a few different sites, but I can not get any consistency in responses or guidance on how to set this up properly. It's killing me.
Am I correct in understanding that VNC is the best method to do this? I'm being told that I also need to open all sorts of ports on the router. Some say I need to 'SSH', others say I need to 'VPN'. I'm quite technically literate but I'm lost in all the protocols and variations people are saying I need to use.
So far, I have setup the following:
*On the Mac:*
- Enabled 'Screen Sharing' in OS X System Preferences > Screen Sharing
- Specified a password for 'VNC viewers may control the screen' within Screen Sharing settings
- Setup a DynDNS account, and created a custom name (ie myname.dyndns.org)
*On the Billion Router*
- Setup the DynDNS configuration so that when the IP address changes it tells the server
- Under Virtual Server, I have added a port forwarding entry as follows:
Schedule: Always On
Application: DynDNS
Protocol: TCP
External Port: 80 to 80
Redirect Port 80 to 80
Internal IP Address: This is where I think I need guidance. I have to select the IP associated with my MAC address, so the IP is 192.168.1.4.
This is as far as I have gotten. I have installed a VNC viewer on the PC, and tried to login using the IP address that shows up in my DynDNS account, but nothing is working.
What am I doing wrong? Can somebody kindly explain (or direct me to), a straight english step by step process of how I can get this going? Any guidance is appreciate it.
Thanks so much.I am about to head overseas for three weeks, and need to leave my Mac running, so that I can log into it remotely using a PC. My Mac, is a MacBook Pro, and the PC I will be using is an Asus EEE PC. I will need to do simple things like grab files, open PDFs and run a few applications from time to time on the Mac.
The grabbing of files is going to complicate things a little bit, as now you want 2 things, not just one.
I have a billion 7404VGP router that my Mac will be plugged into, using an ADSL connection. I have a dynamic IP address so I have setup a DynDNS account.
I have read countless tutorials, and posted to a few different sites, but I can not get any consistency in responses or guidance on how to set this up properly. It's killing me.
Am I correct in understanding that VNC is the best method to do this? I'm being told that I also need to open all sorts of ports on the router. Some say I need to 'SSH', others say I need to 'VPN'. I'm quite technically literate but I'm lost in all the protocols and variations people are saying I need to use.
VNC is a way to control the Mac remotely. But grabbing files will require something else, which is most likely why you got some suggestions for ssh, and/or VPN.
I'm going to suggest TeamViewer Screen Sharing and File Transfer utility (free for personal use).
<http://teamviewer.com/index.aspx>
The advantage of TeamView is that you can both control the screen and you can grab files all in one package.
Just make sure you fully test your setup before leaving.
However, if you want to pursue VNC, I'll add comments below.
So far, I have setup the following:
*On the Mac:*
- Enabled 'Screen Sharing' in OS X System Preferences > Screen Sharing
- Specified a password for 'VNC viewers may control the screen' within Screen Sharing settings
This should be a strong password.
- Setup a DynDNS account, and created a custom name (ie myname.dyndns.org)
So far so good
*On the Billion Router*
- Setup the DynDNS configuration so that when the IP address changes it tells the server
- Under Virtual Server, I have added a port forwarding entry as follows:
Schedule: Always On
Application: DynDNS
Protocol: TCP
External Port: 80 to 80
Redirect Port 80 to 80
Internal IP Address: This is where I think I need guidance. I have to select the IP associated with my MAC address, so the IP is 192.168.1.4.
The port numbers are wrong. Port 80 is for a web server. VNC uses port 5900.
Did you have to manually enter that IP address when you setup the port forwarding? Or does the router have some way of locking into your Mac?
I ask, because of your Mac's IP address is assigned via DHCP, then it is possible the router could change the address it gives to the Mac on a power failure restart, but the port forwarding might be locked into 192.168.1.4.
So if the router needs to have a stable IP address for port forwarding, then you might want to configure the Mac with a fixed IP address (preferably one outside of the routers DHCP assignment range), then use that fixed IP address with port forwarding (always test any configuration change such as this).
Oh yea, you are configuring your Mac to automatically reboot when power is restored (System Preferences -> Energy Saver -> Options -> Restart automatically after power failure
This is as far as I have gotten. I have installed a VNC viewer on the PC, and tried to login using the IP address that shows up in my DynDNS account, but nothing is working.
As mentioned, you need to forward port 5900 for VNC.
What am I doing wrong? Can somebody kindly explain (or direct me to), a straight english step by step process of how I can get this going? Any guidance is appreciate it.
Port forwarding port 5900 should do the trick.
However, at this point you only have screen sharing. You can do stuff to your Mac, but you can not transfer files via this connection.
This is where suggestions for ssh come in (or you could go back to my TeamViewer idea ).
Ssh can offer remote terminal login (PuTTY is a very good Windows Terminal emulator). Ssh can also offer scp (ssh cp) and sftp (ssh ftp) services, both of which can be used to transfer files to and from the Mac securely over the internet.
The easiest PC/Mac file transfer while traveling, would be to find a good Windows sftp GUI application. There are a bunch of them for the Mac so there must be 4 or 5 times as many Windows GUI sftp clients. A Google "windows sftp gui client" search should come up with a few.
OK, getting ssh working.
Enable System Preferences -> Sharing -> Remote Login.
Now on your router, Port Foward port 22, the ssh port.
Now you should be able to fire up a Windows sftp GUI client, and access your Mac via your DynDNS.org name. The username and password will be your Mac's account short name and password. If you do not know your short name, you can find this via System Preferences -> Accounts
Summary:
o Forward port 5900 for VNC
o Forward port 22 for ssh
o Enable Remote Login on the Mac
o You have already enabled Screen Sharing, and specified a VNC password (goodness).
o Configure the Mac so it will reboot in case of a power failure.
o Make sure the router will still be able to port foward 5900 and 22 after a power failure, either because it locks into the Mac, or because you have given the Mac a fixed IP address.
Now test the heck out of this, from a coffee shop or a friends house.
Even if you configure VNC and ssh, I would suggest also trying TeamView so you have a "Plan B". -
How do I set up remote access so I can access my work iMac from home
I'm sorry, I'm sure I should be able to find the answer to this but so far I can't. I have a G5 Imac at work. I also have one at home. (same model computer) and a G4 powerbook and the new macbook (with the intel processor). Here's my problem. I want to be able to leave my work computer turned on when I go home and access files that are on it from home, or remotely from the macbook wherever I am. Problem is, I have no idea how to set it up to be able to do that. Do I need special software?
Thanks and I apologize if this is covered someplace else. I couldn't find the answer.
GeorgeThat is possible. First make sure that this is OK (and allowed) with your IT/computer support at work.
(a) Configuring the work computer...
Is there a router between the work iMac and the internet? If so, the first step is to configure the work iMac to use a static/manual IP address. The next step is to map/forward the appropriate ports through the router to the IP address used by the work iMac.
On the work iMac, open the Sharing preference pane and enable Personal File Sharing.
(b) Accessing the work computer remotely...
You must know the public IP address given by the ISP to your work location. If your ISP gives you an IP address via DHCP this address could periodically change. If your ISP gives you a static/manual IP address the address won't change.
Start/access the file sharing method you want to use and configure it using the IP address from the work computer.
KB 106461, Mac OS X: About File Sharing -
Hello all,
I have a question regarding remote desktop access. We are in an office of 250 people and all use windows machines. We recently purchased a mini mac so that we can test issues on it.
I would like to setup remote desktop access so that co-workers can access the mac from their windows pcs but avoid having them in there at the same time.
Under sharing, i was able to enable remote desktop, but the problem is that if one person is logged in, another person can log in to the same session.
We would love to allow multiple connections at the same time but not in the same session.
Any idea?
Thanks
DeeWe would love to allow multiple connections at the same time but not in the same session.
Sorry, but that's not possible. Mac OS X is not a full multi-user system, so you can only have one person connected remotely to a Mac at any one time since it just takes over the user session. The only way to have multiple simultaneous users in a Mac OS X system is when you use X11 or command-line UNIX applications. There's no facility in Mac OS X comparable to Windows Terminal Services. -
How to set up remote access to my old Powerbook?
Hello.
I would like to access some files from my old Powerbook from my new Macbook, as I always forget files I wind up needing later (I just recently bought the Macbook) , and don;t want to load everythign which was on my Powerbbok onto my new computer. Any suggestions?
ThanksStart up the powerbook and immediately hold down the T key, until you see the Firewire logo moving on the screen. This will place your powerbook in "Target Disk Mode". Using a firewire cable plug the powerbook into the Macbook, the powerbooks disk will then mount on the Macbooks desktop and you can copy any files you want across.
Hope this helps. -
Remote Access VPN Clients Cannot Access inside LAN
I have been asked to set up remote access VPN on an ASA 5505 that I previously had no invlovement with. I have set it up the VPN using the wizard, they way I normally do, but the clients have no access to anything in the inside subnet, not even the inside interface IP address of the ASA. Thay can ping each other. The remote access policy below that I am working on is labeled VPNPHONE, address pool 172.16.20.1-10. I do not need split tunneling to be enabled. The active WAN interface is the one labeled outside_cable.
: Saved
ASA Version 8.2(1)
hostname ASA5505
domain-name default.domain.invalid
enable password eelnBRz68aYSzHyz encrypted
passwd eelnBRz68aYSzHyz encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group dataDSL
ip address 76.244.75.57 255.255.255.255 pppoe
interface Vlan3
nameif dmz
security-level 50
ip address 192.168.9.1 255.255.255.0
interface Vlan10
nameif outside_cable
security-level 0
ip address 50.84.96.178 255.255.255.240
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 10
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit intra-interface
object-group service Netbios udp
port-object eq 139
port-object eq 445
port-object eq netbios-ns
object-group service Netbios_TCP tcp
port-object eq 445
port-object eq netbios-ssn
object-group network DM_INLINE_NETWORK_1
network-object host 192.168.100.177
network-object host 192.168.100.249
object-group service Web_Services tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq https
object-group network DM_INLINE_NETWORK_10
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_11
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_2
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_3
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_4
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_5
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_6
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_7
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_8
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_9
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network VPN
network-object 192.168.255.0 255.255.255.0
access-list outside_access_in extended permit icmp any host 76.244.75.61
access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp
access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp-data
access-list outside_access_in extended permit tcp any host 76.244.75.62 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.62 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.59 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.59 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.60 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.60 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.58 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.58 eq https
access-list dmz_access_in remark Quickbooks
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_6 host 192.168.100.5 eq 56719
access-list dmz_access_in remark Quickbooks range
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_7 host 192.168.100.5 range 55333 55337
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_8 host 192.168.100.5 eq 1434
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_9 host 192.168.100.5 eq 49398
access-list dmz_access_in remark QB
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_10 host 192.168.100.5 eq 8019
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_2 host 192.168.100.5 eq 2638
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_11 host 192.168.100.5 object-group Netbios
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_3 host 192.168.100.5 object-group Netbios_TCP
access-list dmz_access_in extended deny ip host 192.168.9.4 host 192.168.100.5 inactive
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_4 any
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_5 any
access-list dmz_access_in remark Printer
access-list dmz_access_in extended permit ip 192.168.9.0 255.255.255.0 object-group DM_INLINE_NETWORK_1
access-list dmz_access_in extended permit tcp 192.168.9.0 255.255.255.0 any object-group Web_Services
access-list dmz_access_in extended permit udp 192.168.9.0 255.255.255.0 any eq domain
access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.255.0 255.255.255.0 echo-reply
access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.100.0 255.255.255.0 echo-reply log disable
access-list dmz_access_in remark QB probably does not need any udp
access-list dmz_access_in extended permit udp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
access-list dmz_access_in remark QB included in other rule range
access-list dmz_access_in extended permit tcp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
access-list dmz_access_in remark May be required for Quickbooks
access-list dmz_access_in extended permit icmp host 192.168.9.4 host 192.168.100.5
access-list CAD_capture extended permit ip host 192.168.9.4 host 192.168.100.5
access-list CAD_capture extended permit ip host 192.168.100.5 host 192.168.9.4
access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 172.16.10.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 172.16.20.0 255.255.255.240
access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.9.0 255.255.255.0
access-list dmz_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
access-list outside_cable_access_in extended permit icmp any host 50.84.96.182
access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp
access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp-data
access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq https
access-list Local_LAN_Access standard permit host 0.0.0.0
access-list vpnusers_spitTunnelACL extended permit ip 192.168.100.0 255.255.255.0 any
access-list nonat-in extended permit ip 192.168.100.0 255.255.255.0 172.16.20.0 255.255.255.0
pager lines 24
logging enable
logging buffered informational
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu outside_cable 1500
ip local pool VPN_IP_range 192.168.255.1-192.168.255.10 mask 255.255.255.0
ip local pool VPN_Phone 172.16.20.1-172.16.20.10 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat-control
global (outside) 10 interface
global (outside_cable) 10 interface
nat (inside) 0 access-list nonat-in
nat (inside) 10 0.0.0.0 0.0.0.0
nat (dmz) 0 access-list dmz_nat0_outbound
nat (dmz) 10 0.0.0.0 0.0.0.0
static (inside,outside) 76.244.75.62 192.168.100.25 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.61 192.168.9.123 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.59 192.168.9.124 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.58 192.168.9.4 netmask 255.255.255.255 dns
static (inside,dmz) 192.168.100.0 192.168.100.0 netmask 255.255.255.0
static (dmz,outside) 76.244.75.60 192.168.9.10 netmask 255.255.255.255 dns
static (inside,outside_cable) 50.84.96.183 192.168.100.25 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.182 192.168.9.123 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.180 192.168.9.124 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.179 192.168.9.4 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.181 192.168.9.10 netmask 255.255.255.255 dns
access-group outside_access_in in interface outside
access-group dmz_access_in in interface dmz
access-group outside_cable_access_in in interface outside_cable
route outside_cable 0.0.0.0 0.0.0.0 50.84.96.177 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.100.0 255.255.255.0 inside
http 204.107.173.0 255.255.255.0 outside
http 204.107.173.0 255.255.255.0 outside_cable
http 0.0.0.0 0.0.0.0 outside_cable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_cable_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_cable_map interface outside_cable
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp enable outside_cable
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 192.168.100.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.100.0 255.255.255.0 inside
ssh 204.107.173.0 255.255.255.0 outside
ssh 204.107.173.0 255.255.255.0 outside_cable
ssh 0.0.0.0 0.0.0.0 outside_cable
ssh timeout 15
console timeout 0
vpdn group dataDSL request dialout pppoe
vpdn group dataDSL localname [email protected]
vpdn group dataDSL ppp authentication pap
vpdn username [email protected] password *********
dhcpd address 192.168.100.30-192.168.100.99 inside
dhcpd dns 192.168.100.5 68.94.156.1 interface inside
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.100.5
vpn-tunnel-protocol IPSec l2tp-ipsec
group-policy cad_supplies_RAVPN internal
group-policy cad_supplies_RAVPN attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value cad_supplies_RAVPN_splitTunnelAcl
group-policy VPNPHONE internal
group-policy VPNPHONE attributes
dns-server value 192.168.100.5
vpn-tunnel-protocol IPSec
split-tunnel-policy excludespecified
split-tunnel-network-list value Local_LAN_Access
client-firewall none
client-access-rule none
username swinc password BlhBNWfh7XoeHcQC encrypted
username swinc attributes
vpn-group-policy cad_supplies_RAVPN
username meredithp password L3lRjzwb7TnwOyZ1 encrypted
username meredithp attributes
vpn-group-policy cad_supplies_RAVPN
service-type remote-access
username ipphone1 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone1 attributes
vpn-group-policy VPNPHONE
username ipphone2 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone2 attributes
vpn-group-policy VPNPHONE
username ipphone3 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone3 attributes
vpn-group-policy VPNPHONE
username oethera password WKJxJq7L6wmktFNt encrypted
username oethera attributes
vpn-group-policy cad_supplies_RAVPN
service-type remote-access
username markh password nqH+bk6vj0fR83ai0SAxkg== nt-encrypted
username markh attributes
vpn-group-policy cad_supplies_RAVPN
tunnel-group DefaultRAGroup general-attributes
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group cad_supplies_RAVPN type remote-access
tunnel-group cad_supplies_RAVPN general-attributes
address-pool VPN_IP_range
default-group-policy cad_supplies_RAVPN
tunnel-group cad_supplies_RAVPN ipsec-attributes
pre-shared-key *
tunnel-group VPNPHONE type remote-access
tunnel-group VPNPHONE general-attributes
address-pool VPN_Phone
default-group-policy VPNPHONE
tunnel-group VPNPHONE ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 1500
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:8b25ecc61861a2baa6d2556a3679cc7c
: endHi,
You have your "group-policy" set so that you have excluding some networks from being tunneled.
In this access-list named Local_LAN_Access you specify "0.0.0.0"
Doesnt this mean you are excluding all networks from being tunneled? In other words no traffic goes to your tunnel.
This access-list should only contain your local LAN network from where you are connecting with the VPN Client. If you dont need to access anything on your local LAN while having the VPN on, you don't even need this setting on. You could just tunnel all traffic instead of excluding some networks.
- Jouni -
Hi.
I am trying to set up remote access to my mac so I can upload files to it remotely from a PC. I want the simplest free solution as I simply want occasional access to back up files from my work PC to my home mac. I have got 90% of the way, but fallen at the final hurdle.
I am using OSX Leopard 10.5.8 and a Linksys WRT54G wireless router
I am trying to access my imac via ftp as this appears to be the simplest route. So far I have done the following:
(a) Followed the advice in "Mac OSX Missing Manual" and portforwarding.com: i.e. ...
(b) Set up a static IP address on my mac through system preferences. This is working as I can access the internet fine.
(c) Turned off "Block anonymous internet requests" in the router settings
(d) Set up port forwarding of port 21 using the static IP address I have set up
(e) In system preferences, turned on file sharing using ftp
(f) Tested access using Safari - typed in my local static IP address as specified in the file sharing ftp box in the sharing section of system preferences. I logged in with my main account log in info. This worked - I immediately got a finder window pop up with my folders visible. The ftp server was also mounted on my desktop.
(g) Tested access using Safari via my public IP address. This was much slower. I eventually got the login box, but when I entered the same main account login info I eventually got an error message saying password / username were incorrect. They weren't, as I have tried this several times. (I don't have access to a PC on another network to test that way.)
Very grateful for any help.
ThanksI am not sure which type of FTP Apple uses but this will give you the differences the in firewall policy for active and passive. http://slacksite.com/other/ftp.html you will need to set the firewall accordingly.
You may also have problems with the firewall in use at work, it depends on how its been locked down.
It depends on how much time you have to spend on the problem. There are free remote control applications that include file transfer, have a look at this site http://www.teamviewer.com/download/index.aspx , there is a free version available but I have not used this software. There are other similar products some free, some cost.
If you cannot get any answers to your question at least there are other esiaer options open to you.
regards
Maybe you are looking for
-
High CPU usage and program slowing down
Hi. I have helped write a program in AS3 that uses classes. We have 2 frames in our movieclip that consists of an ant moving. We have a class of ants and can create 15 instances of them and the program runs fine with the ants walking around looking f
-
IPhoto won't open and makes my macbook pro log me out!
The other day I used my camera's memory card to add new photos onto my iPhoto. I had never done this before; usually I plug my camera into my computer via a usb cord. The import seemed to go well and I was able to look at the photos I had added. B
-
IDES for Web Dynpro course - NET310
Hi, I want to use IDES system for the standard Web Dynpro course NET310. We have IDES ECC 6.0. But when i start working on the exercises of NET310 course. There is no package for NET310 object. So i'm unable to do the exercises of NET310 course on ID
-
Accès réseau société par VPN via une Livebox
Bonjour Je rencontre un problème que je vais essayer de vous exposer le plus clairement possible. Je m'occupe en intérim de l'informatique d'une société. Je viens de fournir à 2 membres de cette société 2 portables de marque DELL. Ce sont des p
-
Error 1009 appears whenever am trying to download an app from apps store
Please help