Hyper-V only able to ping remote (laptop) using IPV4, fails with IPV6
I have a desktop setup to remotely manage Hyper-V and it is working fine.
I am trying to setup remote management from my laptop.
The server is failing to ping the laptop using IPV6.
The desktop can ping both the server an the laptop using names and IPV6 option -6
The laptop can ping the desktop and the Hyper-V server using name and IPV6 option -6
Hyper-V server can ping the desktop, but not the laptop using IPV6 option -6
Everything works fine with IPV4 .
I have checked and rechecked the Hyper-V server Host table and it has what appears to be correct issues for both the desktop and the laptop.
Any other thoughts on what to check?
Thanks!
Ross
Hi Ross,
It seems that this is not a Hyper-v issue .
Please try to use
net work monitor to check the procedure of ping to find some clue .
Best Regards
Elton Ji
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.
Similar Messages
-
My apple TV displays an apple screen, and blinking white LED, only LED responds to remote inputs. I reset with remote ...same result....Any ideas?
If they are the instructions I think you might have seen, they are for the Apple TV 2.
Unfortunately I think your Apple TV may have failed.
You might try removing ALL the cables for a while and trying again, but I think you may be out of luck. -
Hi All,
We had a cluster, 4 physical servers / 14 SAP Instances / HP-UX - Oracle 10G / 46C -> Upgrading to ECC 6 EHP 3.
Basically we have a general RFC problem in the system. You can reproduce it simply in transaction sm51: In most of the instances whenever you try to change to an instance that has the same instance number than the one you are logged on at this moment, you will come back to this instance, e.g.:
you are logged on at host1_SID_01, start sm51 and try to change to the instances:
host2_SID_01,
host3_SID_01 or
host4_SID_01
(or you try to display the system log or other). You will see (System - Status) that you don't change to these instances but will stay on host1_SID_01.
We found the SAP Note 662895 - Remote login using SM51 Fails. In this note they refer to the error: "Transaction termination 14 025".
We look at the SM21 it reports the following error: *Transaction termination 00 152 ( ) *
I would appreciate some tips about this problem.
Best Regards,
Erick ILarrazaHi Martin,
Thanks a lot for your reply.
Yes, the parameter is set.
ParameterName SAPLOCALHOSTFULL
Short description(Engl) missing
Appl. area General system
ParameterTyp Host name
Changes allowed Change permitted
Valid for oper. system All operating systems
DynamicallySwitchable (Not Checked)
Same on all servers (Not Checked)
Dflt value host1
ProfileVal host1
Current value host1
Where host1 is the host where you did login. It don't care about the SAP instance:
host1_SID_01, host1_SID_02, host1_SID_03, host1_SID_04. All this give the value host1.
Best Regards,
Erick Ilarraza -
VPN clients not able to ping Remote PCs & Servers : ASA 5520
VPN is connected successfully. But not able to ping any remote ip or fqdn from client pc. But able to ping ASA 5520 firewalls inside interface. Also some clients able to access, some clients not able to access. I new to these firewalls. I tried most of ways from internet, please any one can help asap.
Remote ip section : 192.168.1.0/24
VPN IP Pool : 192.168.5.0/24
Running Config :
ip address 192.168.1.2 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
shutdown
no nameif
no security-level
no ip address
management-only
passwd z40TgSyhcLKQc3n1 encrypted
boot system disk0:/asa722-k8.bin
ftp mode passive
clock timezone GST 4
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 213.42.20.20
domain-name default.domain.invalid
access-list outtoin extended permit tcp any host 83.111.113.114 eq 3389
access-list outtoin extended permit tcp any host 83.111.113.113 eq https
access-list outtoin extended permit tcp any host 83.111.113.114 eq smtp
access-list outtoin extended permit tcp any host 83.111.113.114 eq https
access-list outtoin extended permit tcp any host 83.111.113.114 eq www
access-list outtoin extended permit tcp any host 83.111.113.115 eq https
access-list outtoin extended permit tcp any host 94.56.148.98 eq 3389
access-list outtoin extended permit tcp any host 83.111.113.117 eq ssh
access-list fualavpn_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list outside_nat0_outbound extended permit ip 192.168.5.0 255.255.255.0
92.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 1
2.168.5.0 255.255.255.0
access-list inet_in extended permit icmp any any time-exceeded
access-list inet_in extended permit icmp any any unreachable
access-list inet_in extended permit icmp any any echo-reply
access-list inet_in extended permit icmp any any echo
pager lines 24
logging enable
logging asdm informational
logging from-address [email protected]
logging recipient-address [email protected] level errors
logging recipient-address [email protected] level emergencies
logging recipient-address [email protected] level errors
mtu outside 1500
mtu inside 1500
ip local pool fualapool 192.168.5.10-192.168.5.50 mask 255.255.255.0
ip local pool VPNPool 192.168.5.51-192.168.5.150 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound outside
nat (inside) 1 192.168.1.0 255.255.255.0
static (inside,outside) 94.56.148.98 192.168.1.11 netmask 255.255.255.255
static (inside,outside) 83.111.113.114 192.168.1.111 netmask 255.255.255.255
access-group inet_in in interface outside
route outside 0.0.0.0 0.0.0.0 83.111.113.116 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 10
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools none
client-firewall none
client-access-rule none
webvpn
functions url-entry
html-content-filter none
homepage none
keep-alive-ignore 4
http-comp gzip
filter none
url-list none
customization value DfltCustomization
port-forward none
port-forward-name value Application Access
sso-server none
deny-message value Login was successful, but because certain criteria have no
been met or due to some specific group policy, you do not have permission to u
e any of the VPN features. Contact your IT administrator for more information
svc none
svc keep-installer installed
svc keepalive none
svc rekey time none
svc rekey method none
svc dpd-interval client none
svc dpd-interval gateway none
svc compression deflate
group-policy fualavpn internal
group-policy fualavpn attributes
dns-server value 192.168.1.111 192.168.1.100
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value fualavpn_splitTunnelAcl
username test password I7ZgrgChfw4FV2AW encrypted privilege 0
username Mohamed password Vqmmt8cR/.Qu7LhU encrypted privilege 0
username Moghazi password GMr7xgdqmGEQ2SVR encrypted privilege 0
username Moghazi attributes
password-storage enable
username fualauaq password E6CgvoOpTKphiM2U encrypted privilege 0
username fualauaq attributes
password-storage enable
username fuala password IFtijSYb7LAOV/IW encrypted privilege 15
username Basher password Djf15nXIJXmayfjY encrypted privilege 0
username Basher attributes
password-storage enable
username fualafac password VGC/7cKXW1A6eyXS encrypted privilege 0
username fualafac attributes
password-storage enable
username fualaab password ONTH8opuP4RKgRXD encrypted privilege 0
username fualaab attributes
password-storage enable
username fualaadh2 password mNEgLxzPBeF4SyDb encrypted privilege 0
username fualaadh2 attributes
password-storage enable
username fualaain2 password LSKk6slwsVn4pxqr encrypted privilege 0
username fualaain2 attributes
password-storage enable
username fualafj2 password lE4Wu7.5s7VXwCqv encrypted privilege 0
username fualafj2 attributes
password-storage enable
username fualakf2 password 38oMUuwKyShs4Iid encrypted privilege 0
username fualakf2 attributes
password-storage enable
username fualaklb password .3AMGUZ1NWU1zzIp encrypted privilege 0
username fualaklb attributes
password-storage enable
username fualastr password RDXSdBgMaJxNLnaH encrypted privilege 0
username fualastr attributes
password-storage enable
username fualauaq2 password HnjodvZocYhDKrED encrypted privilege 0
username fualauaq2 attributes
password-storage enable
username fualastore password wWDVHfUu9pdM9jGj encrypted privilege 0
username fualastore attributes
password-storage enable
username fualadhd password GK8k1MkMlIDluqF4 encrypted privilege 0
username fualadhd attributes
password-storage enable
username fualaabi password eYL0j16kscNhhci4 encrypted privilege 0
username fualaabi attributes
password-storage enable
username fualaadh password GTs/9BVCAU0TRUQE encrypted privilege 0
username fualaadh attributes
password-storage enable
username fualajuh password b9QGJ1GHhR88reM1 encrypted privilege 0
username fualajuh attributes
password-storage enable
username fualadah password JwVlqQNIellNgxnZ encrypted privilege 0
username fualadah attributes
password-storage enable
username fualarak password UE41e9hpvcMeChqx encrypted privilege 0
username fualarak attributes
password-storage enable
username fualasnk password ZwZ7fVglexrCWFUH encrypted privilege 0
username fualasnk attributes
password-storage enable
username rais password HrvvrIw5tEuam/M8 encrypted privilege 0
username rais attributes
password-storage enable
username fualafuj password yY2jRMPqmNGS.3zb encrypted privilege 0
username fualafuj attributes
password-storage enable
username fualamaz password U1YUfQzFYrsatEzC encrypted privilege 0
username fualamaz attributes
password-storage enable
username fualashj password gN4AXk/oGBTEkelQ encrypted privilege 0
username fualashj attributes
password-storage enable
username fualabdz password tg.pB7RXJx2CWKWi encrypted privilege 0
username fualabdz attributes
password-storage enable
username fualamam password uwLjc0cV7LENI17Y encrypted privilege 0
username fualamam attributes
password-storage enable
username fualaajm password u3yLk0Pz0U1n.Q0c encrypted privilege 0
username fualaajm attributes
password-storage enable
username fualagrm password mUt3A60gLJ8N5HVr encrypted privilege 0
username fualagrm attributes
password-storage enable
username fualakfn password ceTa6jmvnzOFNSgF encrypted privilege 0
username fualakfn attributes
password-storage enable
username Fualaain password Yyhr.dlc6/J7WvF0 encrypted privilege 0
username Fualaain attributes
password-storage enable
username fualaban password RCJKLGTrh7VM2EBW encrypted privilege 0
username John password D9xGV1o/ONPM9YNW encrypted privilege 15
username John attributes
password-storage disable
username wrkshopuaq password cFKpS5e6Whp0A7TZ encrypted privilege 0
username wrkshopuaq attributes
password-storage enable
username Talha password 3VoAABwXxVonLmWi encrypted privilege 0
username Houssam password Cj/uHUqsj36xUv/R encrypted privilege 0
username Faraj password w2qYfE3DkYvS/oPq encrypted privilege 0
username Faraj attributes
password-storage enable
username gowth password HQhALLeiQXuIzptCnTv1rA== nt-encrypted privilege 15
username Hameed password 0Kr0N1VRmLuWdoDE encrypted privilege 0
username Hameed attributes
password-storage enable
username Hassan password Uy4ASuiNyEd70LCw encrypted privilege 0
username cisco password IPVBkPI1GLlHurPD encrypted privilege 15
username Karim password 5iOtm58EKMyvruZA encrypted privilege 0
username Shakir password BESX2bAvlbqbDha/ encrypted privilege 0
username Riad password iB.miiOF7qMESlCL encrypted privilege 0
username Azeem password 0zAqiCG8dmLyRQ8f encrypted privilege 15
username Azeem attributes
password-storage disable
username Osama password xu66er.7duIVaP79 encrypted privilege 0
username Osama attributes
password-storage enable
username Mahmoud password bonjr0B19aOQSpud encrypted privilege 0
username alpha password x8WO0aiHL3pVFy2E encrypted privilege 15
username Wissam password SctmeK/qKVNLh/Vv encrypted privilege 0
username Wissam attributes
password-storage enable
username Nabil password m4fMvkTgVwK/O3Ms encrypted privilege 0
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 outside
http 192.168.1.4 255.255.255.255 inside
http 192.168.1.100 255.255.255.255 inside
http 192.168.1.111 255.255.255.255 inside
http 192.168.1.200 255.255.255.255 inside
http 83.111.113.117 255.255.255.255 outside
http 192.168.1.17 255.255.255.255 inside
http 192.168.1.16 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group fualavpn type ipsec-ra
tunnel-group fualavpn type ipsec-ra
tunnel-group fualavpn general-attributes
address-pool fualapool
address-pool VPNPool
default-group-policy fualavpn
tunnel-group fualavpn ipsec-attributes
pre-shared-key *
tunnel-group fualavpn ppp-attributes
authentication pap
authentication ms-chap-v2
authentication eap-proxy
telnet 0.0.0.0 0.0.0.0 outside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
management-access inside
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
inspect icmp error
service-policy global_policy global
prompt hostname context
Cryptochecksum:38e41e83465d37f69542355df734db35
: endHi,
What about translating the traffic on the local ASA (Active unit) for traffic received from the VPN tunnel to the internal interface IP address? You can try something like nat (outside,inside) source dynamic obj-VpnRemoteTraffic interface destination static StandbyIP StandbyIP
Regards, -
Hyper-V Only able to run one VM at a time
Hi all,
I have Hyper-V set up with about 3 VM's on Server 2012, but i can only seem to run one VM at a time.
The server has the following:
32GB Ram
1TB HD with 425GB free
When i have one of them started and running, it works just fine.
As soon as i try to run a 2nd VM, i get the following error:
"'PC1' failed to start.
Microsoft Synthetic Mouse (Instance ID 58F75A6D-D949-4320-99E1-A2a2576D581c): Failed to Power on with Error 'The name limit for the local computer network adapter card was exceeded."
I have tried to do the following:
Disable all networking on each guest VM
Removed DVD Drive
Increase MAC range
Set static MAC
Changed boot order to put the CD to the bottom
Disable the integration services from each VM
Each VM has different netBIOS name
Each VM has a different VHD and OS
When starting the 2nd VM, it gets to about 10% and then shows the above error message.
Is there anything anyone can suggest?
ThanksHi Skaliam,
What is your VM's OS ?
Best Regards
Elton Ji
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Start SQL Server Service in Remote Server using Command Prompt with Single User Mode
Hi Folks,
I am able to STOP/START the Remote SQL Server Service using the following Command.
sc \\RemoteServerName START ServiceName
How to Start the Remote SQL Server Service using Single User Mode.
sc \\RemoteServerName START ServiceName -m
NarendranHello,
sqlservr.exe -m
or
sqlservr.exe -m -s
(for named instances)
For more information:
http://technet.microsoft.com/en-US/library/ms180965(v=SQL.105).aspx
Configure Windows Firewall or security software properly.
Hope this helps.
Regards,
Alberto Morillo
SQLCoffee.com -
Not able to connect to wifi using iPhone 4 with OS5, sees the network but won't connect.
Recently upgraded my iPhone 4 to the OS5 and I keep having sporadic issues with connecting to my home wifi, it sees the network but never connects. I turned of Location Services and Cellular Data for that had worked sometimes, but now it just keeps spining and never connects. I tried to reset network settings, reset my wifi router and reset my phone and nothing, it will connect at my church for example and other places but not at home. I have MAC addressing security set on my router and I verified my iPhone MAC address is authorized. Any other suggestions?
Try restarting your router first, turn it off for a minute then back on. then go to settings on your phone, then wifi, tap on the blue arrow to the right of your wifi 's name, then tap forget this network. Then go to the home screen, Then hold the home and off button down until the apple symbol comes up. Then go back into wifi and try to connect.
-
Hi:
I have PS FMS 9.0 and PS HRMS 9.0 IBs (both PT 8.49.18) configured for SSO and messaging. I am able to ping remote node - PSFT_EP from HRMS environment but unable to ping remote node - PSFT_HR from FMS environment. I have performed the steps mentioned in the following thread:
Re: PeopleSoft Integration Broker from FSCM9 [PT8.48] to CRM9 [PT8.49]
But still I get the following message in app server log file:
PeopleSoft Token authentication failed: token has expired: VP1@JavaClient
Any suggestions?
Thanks,
Sameer.Is your gateway configured on SSL?
If its the default value on both the sides is same you could try the following:
1> Ensure the time zone diff (*IF ANY*) b/w the web n App server of the HR & FMS is catered for.
2> Try increasing the log fence to 5 on both the sides and ping the nodes to capture the Auth Token value. -
E1500 router only local access from Vista laptop
I upgraded my old Linksys wrt54g to the E1500. All the XP os are connected via cable and wireless connection, but the Vista laptop i get local access only connection error. This laptop used to connect on the older router using wep but with E1500 wpa-2 it cannot connect. I am unable to ping the router from the laptop wireless. Connecting ethernet cable it works fine and logging in as a guest works does too. Any suggestions on what could be wrong?
Disable the security on the router and Vista compter and try to connect with no security. If successful go back and enable security and try again.
-
Remote login in SM51 Fails / ECC 6.0 / HP-UX / Oracle 10
Hi All,
We had a cluster, 4 physical servers / 14 SAP Instances / HP-UX - Oracle 10G / ECC 6 EHP 3.
Basically we have a general RFC problem in the system. You can reproduce it simply in transaction sm51: In most of the instances whenever you try to change to an instance that has the same instance number than the one you are logged on at this moment, you will come back to this instance, e.g.:
you are logged on at host1_SID_01, start sm51 and try to change to the instances:
host2_SID_01,
host3_SID_01 or
host4_SID_01
(or you try to display the system log or other). You will see (System - Status) that you don't change to these instances but will stay on host1_SID_01.
We found the SAP Note 662895 - Remote login using SM51 Fails. In this note they refer to the error: "Transaction termination 14 025".
Now we have this error (we upgraded from SAP 46C with another error in sm21).
The problem is that we really donu2019t understand exactly what they want to do in the SAP Note 662895:
Summary
Symptom
Remote login in SM51 by double-clicking R/3 instances fails
Solution
You can use transaction SM51 to log in to another application server using RFC, without entering a password. Server "A"
Server "A" Server "B"
<--Remote logon via RFC <--
GUI
sm51
Double-click on the server B entry --->
If host name "B" was entered on server "A" as the gw/alternative_hostnames profile parameter, the local SAP gateway from server "A" is used when you log on to server "B". This results in the syslog message "Transaction termination 14 025".
The same error occurs if you try to open a new external mode on server "A".
Who is the origin server? Host A? Host B? In fact sometimes you can go from A to B and vice versa. So changing the gw/alternative_hostnames parameter doesn't appear to be a solution.
I would appreciate some tips about this Note / Problem.
Best Regards,
Erick IlarrazaHello, thanks a lot for your replyes.
Abhijeet Siras, the command /etc/ping <host> works prefectly.
Sergo,
Exactly we have 3 host each one with 4 dialog instances. 1 host with 2 dialog instances and one host with the central instance.
Not all instances have this problem, only the following combination:
Origin Destination
host4_SID_01 - > host1_SID_01
host2_SID_03 - > host3_SID_03
host1_SID_01 --> host3_SID_01
host1_SID_02 --> host3_SID_02
host1_SID_03 --> host3_SID_03
host1_SID_04 --> host3_SID_04
host2_SID_01 --> host3_SID_01
host2_SID_02 --> host3_SID_02
host2_SID_03 --> host3_SID_03
host2_SID_04 --> host1_SID_04
host2_SID_04 --> host3_SID_04
host3_SID_04 --> host1_SID_04
host4_SID_01 --> host1_SID_01
host4_SID_02 --> host1_SID_02
host4_SID_02 --> host2_SID_02
host4_SID_02 --> host3_SID_02
The problem is between *_NUMBER to *_NUMBER!
For example from Dialog Instance 3 running on host 2 to Dialog Instance 3 running on host 3
For example host4_SID_01 means the Dialog Instance 1 running on host 4.
Best Regards,
Erick Ilarraza -
If DVD Movies, Audio CD's and even burning CD and DVD's are not supported, what is the point of DVD & CD Sharing then? Wouldn't it just be better to remote in or use a thumb drive if it's only able to be used for data transfer?
Or am I missing the bigger picture?As long as you have a Superdrive or an external burner/drive, burning, watching, installing, etc. from CD or DVD will work just fine. And so will sharing.
-
All Browsers not able to open any Website while able to Ping all Websites but after restart server web sites are able to open for 5 to 10 minutes only.
Please Suggest me a solution.Hi, we miss some information;
- do you use a proxy ?
- can you provide an ipconfig /all please
- do you use any firewall product that could block the computer on port 80
Regards, Philippe
Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
Answer an interesting question ? Create a
wiki article about it! -
Local Mac Pro (the brain) & Remote Laptop (the extension) combination to work
Hi, I have a 17" MacBook Pro that is becoming obsolete. Unfortunately Apple does not sell any longer these. I have been thinking about buying the new Mac Pro t(with OS X 10.9) o use in combination with my old MacBook Pro remotely (when I am not in the same place/local network). The idea is if I am working in a Coffee shop with my 17" MBP and I need to use CPU/GPU intensive apps I will connect to the Mac Pro. After much search I have come to the following info (take a look, it is a looooong doc but you might find it useful) but I would also recommend expert advice (and no, a 15" MBP is not an option. Too small). Thanks.
OPTION A: BACK TO MY MAC (app in MAC OS)
=========
Back to My Mac is one of Apple’s iCloud services. Technically it uses adhoc ipsec vpn tunnels and gives you an DNS name for each mac set up, effectively bypassing the current internal name resolution issue. e.g. server.12345678.members.btmm.icloud.com Services that you run e.g. web and ssh will accessible.
Use OS X Help for information about how to set up and use Back to My Mac:
From the Finder, click the Help menu.
When the Help Center appears, type "Use Back to My Mac" in the search window.
Choose the Help article titled "Use Back to My Mac."
On the remote Mac select Wake on Demand to save energy (the device goes to sleep when it is not in use)
(troubleshooting: http://support.apple.com/kb/HT4907 - see also notes below)
(security tips: http://support.apple.com/kb/HT4908)
(configuration: http://www.macworld.co.uk/how-to/mac-software/how-set-back-my-mac-mac-os-x-maver icks-3495116/)
BTTM only works between OSX computers and a single account. VPN lets you connect most devices and other OSs and many users to single resources. BTMM is essentially a dynamic DNS service. It does not enable sharing or management services at all, and only facilitates the connection to the machine. You will still need to enable various services on your own, and BTMM will not bypass any security features of the system. You can only connect to BTTM from a Mac which is logged into the same iCloud account. For example, if you try to use that BTMM hostname on your ipad, it won't work.
You can also use File Transfer apps like Transmit. Under Transmit, Bonjour setting, all of Macs are listed as SFTP connections, with the BTTM number followed by .members.bttm.icloud.com. This connection appears to be much faster than BTTM through file sharing or screen sharing and shows all files on that Mac, including normally invisible ones. This does require entering my account name and password.
OPTION B: MAC OS SERVER & VNC
=========
This can be done with built-in Apple software. You need to buy it in the Apple Store.
- Firstly you should for security reasons have a VPN server running at your office, this could be on your Mac server. The remote users would then first connect to the VPN server this would then allow them to access the server securely even remotely
- Then your remote users must have Macs (this method is only supported by Mac clients)
- The remote Macs would use Screen Sharing to connect to the Mac server, since Lion it has been possible for multiple Mac clients to connect to different user accounts at the same time and see a different 'screen' and run different applications
Note: If you use screen sharing to connect with an account that is not already logged in it will offer the choice of 'Share Display' or 'Log In' the former is like the old-style remote control, the later is like a Terminal Services system. If you connect with an account that is already logged in it will just take you to that accounts session.
Note: Some applications are not written in a way that would be friendly to running the same copy more than once, also some software licensing woulld mean you would still need to buy multiple copies. If an application checks over the network for the same copy running to enforce licensing you would have a problem. A volume license often helps with that.
Unfortunately if you're expecting Wake on Demand to work over a VPN, it doesn't. (see below - note on IP)
Good video to configure OS Server in Mavericks: http://www.youtube.com/watch?v=xVfEicYfMTE
By the way, if you are just interesting in running your server from a Mac Mini instead of a Mac Pro, you can find more information here http://blog.macminicolo.net/post/72706369716/an-hdmi-adapter-for-a-headless-mac- mini
OPTION C: RDP APPS
=========
If you want to use Windows laptops remotely then the above will not work, in which case you will need to buy either Aqua Connect or iRAPP.
See http://www.aquaconnect.net and http://www.coderebel.com/products/irapp-terminal-server
The above support using Microsoft Remote Desktop Client to connect and hence are compatible with Windows clients built-in RDC software.
Both iRAPP and Aqua Connect support standard Microsoft RDP protocol clients and both also have their own proprietary client. RDP is not VNC.
Saying that I did get the impression both were slower than an equivalent Windows Terminal Server and RDC client, at the time (this was a couple of years ago) I got the impression that things like forcing just 256 colours did not work properly and I also go the impression other RDP optimisations were lacking and this would be at the server end since the client is the same standard Microsoft client.
See http://www.coderebel.com/support/faq/How-do-I-make-it-faster which recommends using an RDP client instead of their own proprietary Windows only client (which might be based on VNC). The AquaConnect client does not appear to be based on VNC since it supports audio.
See http://www.aquaconnect.net/aap
In particular "Aqua Accelerated Protocol provides a 2-1 data savings over VNC (including audio, which VNC does not support). These savings become even more significant when compared to Microsoft's Remote Desktop Protocol. Compared to Microsoft's protocol, AAP provides a 10-1 data savings over RDP. All of this translates into a remote session that feels and acts like a local desktop and OS."
By the way I agree RDP is faster than VNC, I also like the fact RDP supports audio (VNC does not). I have suggested to Apple they switch their Screen Sharing from VNC to RDP as this follows the same reasoning as their switching preference from AFP to now SMB2. Maybe others should send Apple the same suggestion.
Most products use VNC to remote and I've never been able to get good performance from VNC. So I run iRAPP by Code Rebel on my iMac. It is a small RDP server. I then connect via iTeleport which I have on my MBP, iPad, and iPhone. Works very well, but it also quite expensive.
OTHER OPTIONS:
==============
- Apple Remote Desktop can connect over the internet, but you would have to setup port forwarding and have some sort of name or IP that stays the same. Depending on you internet connection, something like dyndns.com could help. ARD does use the standard VNC port (5900) for the screen sharing parts. There is another port in the 3000 range for the other parts. (see http://en.wikipedia.org/wiki/Apple_Remote_Desktop). You may need to set a free associating IP address like DynDNS and set Port forwarding in your router. Video on how to configure it and basic use: http://www.youtube.com/watch?v=TArMYl1RsUE
- Apple Screen Sharing (http://en.wikipedia.org/wiki/Screen_Sharing) You can drive the cursor and send mouse clicks to the remote computer, and type into its applications. It can be enabled via: System preferences > Sharing > Screen Sharing
- From iOS device, an app like Airlogin can be used (http://www.avatron.com/apps/air-login/) but this app does not have Wake On Lan and it is subscription based (i.e. annual subscription of around 15$)
- Other non official Apple apps that can be used but again without Wake on Lan functionality: Teamviewer, Logme In,...
- For use of Terminal via BTMM you can read: http://reviews.cnet.com/8301-13727_7-57596207-263/how-to-connect-via-ssh-using-i clouds-back-to-my-mac-service/
NOTE ON IP:
===========
In order to control another Mac you'll need to go to 'Apple Menu -> System Preferences...' on the Mac you want to control and enable 'Remote Management'.
In the 'Allow access for' section of 'Remote Mangement' you can leave the default selection of 'All Users', which will allow any account on the controlled Mac to be used to login for remote management or you can select 'Only these users' and define specific accounts that can be used.
Click 'Options...' to define what remote management actions are allowed. You'll probably only need to select 'Observe' and 'Control'.
If you're both on the same network then you can do a Command + K from the controller Mac and type vnc://mygirlfriendsmac or vnc://ipaddress to connect to the Mac you want to control.
Regarding the issue with controlling a Mac on a different network, this is where things can get complicated since there are a lot of variables depending on what network the Mac you want to control is on. This is one possible solution:
First, you'll need to know if port 5900 is open on the network the Mac to be controlled is on. A lot of firewalls block this port. (You can do a VNC tunnel on port 80, but that's probably beyond the scope of this question.)
If port 5900 is open then you'll need to know the publicly accessible IP address of the Mac to be controlled. One way to do this is to use http://DynDNS.com.
This is how DynDNS works:
You can signup for a free account that allows you to create a DNS entry that you define (ie- mygirlfriendsmac.dyndns-ip.com). You'll then need to install the DynDNS app on the Mac you want to control. This app will send the public IP address to DynDNS every few minutes so that you'll be able to do a Command-K on your Mac and connect to the DNS entry you defined (mygirlfriendsmac.dyndns-ip.com) and you can be assured it will be mapped to the current IP address of the Mac you want to control.
BACK TO MY MAC TROUBLESHOOTING:
=================================
If Back to My Mac is not working as expected, try the troubleshooting steps below, if they apply.
1 Update all your Macs to OS X Lion v10.7.3 or later (OS X Lion v10.7.4 or later is recommended).
2 Choose System Preferences from the Apple () menu. Open iCloud System Preferences and check that Back to My Mac is enabled. See if any diagnostic messages are provided under the Back to My Mac section to assist you with troubleshooting and resolving any connection issue.
3 Toggle Back To My Mac off and back on by deselecting and then reselecting Back To My Mac in iCloud System Preferences.
4 Make sure the computer you are trying to connect to is not sleeping and is set to Wake on Demand. For more information about Wake on Demand, see this article: http://support.apple.com/kb/HT3774.
5 If you are using an AirPort base station, make sure your firmware is up-to-date (open AirPort Utility 6.0 or later).
6 Check your network for a multiple NAT setup and reconfigure your network as needed.
7 Make sure NAT-PMP or UPnP (http://support.apple.com/kb/HT1552) is enabled (if you are using an AirPort Extreme Gigabit Ethernet base station, click here for information about AirPort Extreme Gigabit Ethernet and NAT PMP).
8 Ensure TCP port 5354 and UDP ports 4500 and 5353 are open on your firewall. To learn more about ports used by Apple products, click http://support.apple.com/kb/TS1629.
Also:
When BTMM stopped working i also noticed that i was having issues connecting with my apple id to machines even if they were on the same local network. I found a way to resolve this and consequently BTMM has started working again for all of my machines. I think this has something to do with how the apple id is assigned to your user account but let me go through the steps i took for this:
1) Open 'System Preferences'
2) Click on 'Users & Groups'
3) Unlock the padlock in the bottom left corner to make changes
4) Select your user account from the list on the left
5) Right click on account and select 'Advanced Options'
6) In the 'Aliases' box at the bottom you SHOULD have two records (your apple id and another beginning with com.apple.idms.appleid) remove these both and click Ok.
7) In the right hand window on your user account click on 'Change' next to the apple id box.
8) Delete the apple id associated with the account and click 'Done'.
9) Now click 'Set' next to the apple id label (where it just said Change a minute ago)
10) Enter your apple id and password and click ok.
11) After a few minutes the machine should be available again for remote connection and desktop sharing via BTMM. You can always perform a reboot just to be sure.
This should take a few seconds to set and once you have then you can verify this has been set correctly by right-clicking on your user account and selecting 'Advanced Options' to see if it has put the two records in the 'Aliases' box at the bottom. Needless to say you need an active internet connection for this as it fetches your associated record from your account and aliases it for you.
FYI: Back to My Mac status messages explained here http://support.apple.com/kb/TS4104
For Local Networked MACs operating with BTMM:
If you have noticed that the iMac (for example) was automatically authenticating to the Mini using iCloud/Apple ID, not my local username (being both computers are on the same local area network connected via an ethernet switch). The solution is to disable Back to My Mac on the iMac, delete some of my login credentials from KeyChain and rebooted my iMac. This forced me to re-authenticate to the Mini for local network access. I used my local username/password account and the problem with finder operations and hanging was solved.ok so i experimented a little with the hardware and here what i have to the moment:
1. i thought that the usb kb could be the case for mac os to crash so i disconnected the cable from the KVM and plugged normal apple kb to the mac.
2. however when i tried switching back to mac, the machine crashed again.
from what i noticed for the last few days 'working' with this kvm switch was the screen resolution changing while i was switching. meaning the screen flickered for couple of times prior to showing 1280x1024 that was set up in the system. during flickering the resoution became 1024x768. i 've seen it pretty clearly, just it was for half of a second.
also when powering up both machines, they were starting with 1024x768 and not 1280x1024 as was set up. i had to manually change the screen resolution on both machines (pc and mac) every time after successful start up.
so by far my understanding is that kvm switch forces monitor for 1024x768 during switches and on start up. it also causes the OSes (win2K and MacOSX) to lose 1280x1024 and accept 1024x768 as if the monitor was changed and couldn't operate at a higher resolution.
having said that i uploaded this info to kvm mfg (ATEN) and couple more mac forums so that this info may help someone else when ordering a kvm for mac. at the same time i am still open for any thoughts, advices and crazy ideas to get round this bug.
alex -
S2S between Cisco ASA 5505 and Sonicwall TZ-170 but not able to ping across
Hi,
I am helping out a friend of mine with his Site-to-Site VPN between his companies Cisco ASA another company's SonicWall TZ-170. I have checked the screenshots proivded by the other end and tried to match with ours. The Tunnel shows but we are not able to Ping resources on the other end. The other side insists that the problem is on our end but I am not sure where the issue resides. Please take a look at our config and let me know if there is anything that I have missed. I am pretty sure I didn't but extra eyes may be of need here.
Our LAN is 10.200.x.x /16 and theirs is 192.168.9.0 /24
ASA Version 8.2(2)
terminal width 300
hostname company-asa
domain-name Company.com
no names
name 10.1.0.0 sacramento-network
name 10.3.0.0 irvine-network
name 10.2.0.0 portland-network
name x.x.x.x MailLive
name 192.168.9.0 revit-vpn-remote-subnet
dns-guard
interface Ethernet0/0
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.128
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.200.200.1 255.255.0.0
interface Ethernet0/2
nameif dmz
security-level 50
ip address 172.22.22.1 255.255.255.0
interface Ethernet0/3
description Internal Wireless
shutdown
nameif Wireless
security-level 100
ip address 10.201.201.1 255.255.255.0
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
boot system disk0:/asa822-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup outside
dns server-group DefaultDNS
domain-name company.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network local_net_group
network-object 10.1.0.0 255.255.0.0
network-object 10.2.0.0 255.255.0.0
network-object 10.200.0.0 255.255.0.0
network-object 10.3.0.0 255.255.0.0
network-object 10.4.0.0 255.255.0.0
network-object 10.5.0.0 255.255.0.0
network-object 10.6.0.0 255.255.0.0
network-object 10.7.0.0 255.255.0.0
network-object 192.168.200.0 255.255.255.0
object-group network NACIO123
network-object 1.1.1.1 255.255.255.224
object-group service MAIL_HTTPS_BORDERWARE tcp
port-object eq smtp
port-object eq https
port-object eq 10101
object-group service SYSLOG_SNMP_NETFLOW udp
port-object eq syslog
port-object eq snmp
port-object eq 2055
object-group service HTTP_HTTPS tcp
port-object eq www
port-object eq https
object-group network OUTSIDECO_SERVERS
network-object host x.x.x.34
network-object host x.x.x.201
network-object host x.x.x.63
object-group network NO-LOG
network-object host 10.200.200.13
network-object host 10.200.200.25
network-object host 10.200.200.32
object-group service iPhoneSync-Services-TCP tcp
port-object eq 993
port-object eq 990
port-object eq 998
port-object eq 5678
port-object eq 5721
port-object eq 26675
object-group service termserv tcp
description terminal services
port-object eq 3389
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service DTI tcp
description DCS CONTROL PROTOCOL
port-object eq 3333
object-group service H.245 tcp
description h.245 signaling
port-object range 1024 4999
object-group service RAS udp
port-object eq 1719
port-object range 1718 1720
object-group service XML tcp
port-object range 3336 3341
object-group service mpi tcp
port-object eq 2010
object-group service mvp_control tcp
port-object eq 2946
object-group service rpc tcp-udp
port-object eq 1809
object-group service tcp8080 tcp
port-object eq 8080
object-group service tcp8011 tcp
port-object eq 8011
object-group service rtp_rtcp_udp udp
port-object range 1024 65535
object-group service ecs_xml tcp-udp
port-object eq 3271
object-group service rtp20000 udp
description 10000-65535
port-object range 20000 25000
port-object range 10000 65535
object-group service tcp5222 tcp
port-object range 5222 5269
object-group service tcp7070 tcp
port-object eq 7070
object-group network videoco
network-object host x.x.x.144
network-object host x.x.x.145
object-group service video tcp
port-object range 1718 h323
object-group service XML2 tcp-udp
port-object range 3336 3345
object-group service tcp_tls tcp
port-object eq 5061
object-group service Autodesk tcp
port-object eq 2080
port-object range 27000 27009
access-list outside_policy remark ====== Begin Mail From Postini Network ======
access-list outside_policy extended permit tcp x.x.x.x 255.255.240.0 host x.x.x.x eq smtp
access-list outside_policy extended permit tcp x.x.x.x 255.255.255.240 host x.x.x.x eq smtp
access-list outside_policy extended permit tcp x.x.x.0 255.255.240.0 host x.x.x.x eq smtp
access-list outside_policy remark ****** End Mail From Postini Network ******
access-list outside_policy remark ====== Begin Inbound Web Mail Access ======
access-list outside_policy extended permit tcp any host x.x.x.x object-group HTTP_HTTPS
access-list outside_policy remark ****** End Inbound Web Mail Access ******
access-list outside_policy remark ====== Begin iPhone Sync Rules to Mail Server ======
access-list outside_policy extended permit tcp any host x.x.x.x object-group iPhoneSync-Services-TCP
access-list outside_policy remark ****** End iPhone Sync Rules to Mail Server ******
access-list outside_policy remark ====== Begin MARS Monitoring ======
access-list outside_policy extended permit udp x.x.x.x 255.255.255.128 host x.x.x.x object-group SYSLOG_SNMP_NETFLOW
access-list outside_policy extended permit icmp x.x.x.x 255.255.255.128 host x.x.x.x
access-list outside_policy remark ****** End MARS Monitoring ******
access-list outside_policy extended permit tcp object-group NACIO123 host x.x.x.141 eq ssh
access-list outside_policy extended permit tcp any host x.x.x.x eq www
access-list outside_policy extended permit tcp any host x.x.x.x eq https
access-list outside_policy extended permit tcp any host x.x.x.x eq h323
access-list outside_policy extended permit tcp any host x.x.x.x range 60000 60001
access-list outside_policy extended permit udp any host x.x.x.x range 60000 60007
access-list outside_policy remark radvision 5110 port 80 both
access-list outside_policy extended permit object-group TCPUDP any object-group videoco eq www
access-list outside_policy remark radvision
access-list outside_policy extended permit tcp any object-group videoco object-group termserv
access-list outside_policy remark radvision 5110 port21 out
access-list outside_policy extended permit tcp any object-group videoco eq ftp
access-list outside_policy remark rad5110 port22 both
access-list outside_policy extended permit tcp any object-group videoco eq ssh
access-list outside_policy remark rad 5110 port161 udp both
access-list outside_policy extended permit udp any object-group videoco eq snmp
access-list outside_policy remark rad5110 port443 both
access-list outside_policy extended permit tcp any object-group videoco eq https
access-list outside_policy remark rad5110 port 1024-4999 both
access-list outside_policy extended permit tcp any object-group videoco object-group H.245
access-list outside_policy remark rad5110 port 1719 udp both
access-list outside_policy extended permit udp any object-group videoco object-group RAS
access-list outside_policy remark rad5110 port 1720 both
access-list outside_policy extended permit tcp any any eq h323
access-list outside_policy remark RAD 5110 port 3333 tcp both
access-list outside_policy extended permit tcp any object-group videoco object-group DTI
access-list outside_policy remark rad5110 port 3336-3341 both
access-list outside_policy extended permit object-group TCPUDP any object-group videoco object-group XML2
access-list outside_policy remark port 5060 tcp/udp
access-list outside_policy extended permit object-group TCPUDP any object-group videoco eq sip
access-list outside_policy remark rad 5110port 1809 rpc both
access-list outside_policy extended permit object-group TCPUDP any object-group videoco object-group rpc
access-list outside_policy remark rad 5110 port 2010 both
access-list outside_policy extended permit tcp any object-group videoco object-group mpi
access-list outside_policy remark rad 5110 port 2946 both
access-list outside_policy extended permit tcp any object-group videoco object-group mvp_control
access-list outside_policy extended permit tcp any object-group videoco object-group tcp8080
access-list outside_policy extended permit tcp any object-group videoco object-group tcp8011
access-list outside_policy remark 1024-65535
access-list outside_policy extended permit udp any object-group videoco object-group rtp_rtcp_udp
access-list outside_policy extended permit object-group TCPUDP any object-group videoco object-group ecs_xml
access-list outside_policy extended permit udp any object-group videoco object-group rtp20000
access-list outside_policy extended permit tcp any object-group videoco eq telnet
access-list outside_policy remark port 53 dns
access-list outside_policy extended permit object-group TCPUDP any object-group videoco eq domain
access-list outside_policy remark 7070
access-list outside_policy extended permit tcp any object-group videoco object-group tcp7070
access-list outside_policy remark 5222-5269 tcp
access-list outside_policy extended permit tcp any object-group videoco range 5222 5269
access-list outside_policy extended permit tcp any object-group videoco object-group video
access-list outside_policy extended permit tcp any object-group videoco object-group tcp_tls
access-list outside_policy remark ====== Begin Autodesk Activation access ======
access-list outside_policy extended permit tcp any any object-group Autodesk
access-list outside_policy remark ****** End Autodesk Activation access ******
access-list outside_policy extended permit tcp x.x.x.x 255.255.255.248 host x.x.x.x eq smtp
access-list outside_policy remark ****** End Autodesk Activation access ******
access-list inside_policy extended deny tcp host 10.200.200.25 10.1.0.0 255.255.0.0 eq 2967 log disable
access-list inside_policy extended deny tcp host 10.200.200.25 10.3.0.0 255.255.0.0 eq 2967 log disable
access-list inside_policy extended deny tcp host 10.200.200.25 10.2.0.0 255.255.0.0 eq 2967 log disable
access-list inside_policy extended deny tcp host 10.200.200.25 10.4.0.0 255.255.0.0 eq 2967 log disable
access-list inside_policy extended deny tcp host 10.200.200.25 10.5.0.0 255.255.0.0 eq 2967 log disable
access-list inside_policy extended deny udp object-group NO-LOG any eq 2967 log disable
access-list inside_policy extended deny tcp object-group NO-LOG any eq 2967 log disable
access-list inside_policy remark ====== Begin Outbound Mail Server Rules ======
access-list inside_policy extended permit udp host 10.200.200.222 any eq 5679
access-list inside_policy extended permit tcp host 10.200.200.222 any eq smtp
access-list inside_policy remark ****** End Outbound Mail Server Rules ******
access-list inside_policy extended permit ip object-group local_net_group any
access-list inside_policy extended permit icmp object-group local_net_group any
access-list OUTSIDECO_VPN extended permit ip host x.x.x.x object-group OUTSIDECO_SERVERS
access-list company-split-tunnel standard permit 10.1.0.0 255.255.0.0
access-list company-split-tunnel standard permit 10.2.0.0 255.255.0.0
access-list company-split-tunnel standard permit 10.3.0.0 255.255.0.0
access-list company-split-tunnel standard permit 10.4.0.0 255.255.0.0
access-list company-split-tunnel standard permit 10.200.0.0 255.255.0.0
access-list company-split-tunnel standard permit 10.5.0.0 255.255.0.0
access-list company-split-tunnel standard permit 10.6.0.0 255.255.0.0
access-list company-split-tunnel standard permit 10.7.0.0 255.255.0.0
access-list company-split-tunnel standard permit 172.22.22.0 255.255.255.0
access-list company-split-tunnel remark Video
access-list company-split-tunnel standard permit 192.168.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 10.1.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 10.2.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 10.3.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 10.200.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 10.4.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 10.5.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 10.6.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 10.7.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 172.22.22.0 255.255.255.0
access-list SSL_SPLIT remark Video
access-list SSL_SPLIT standard permit 192.168.0.0 255.255.0.0
access-list NONAT_SSL extended permit ip object-group local_net_group 172.20.20.0 255.255.255.0
access-list NONAT_SSL extended permit ip 10.200.0.0 255.255.0.0 192.168.9.0 255.255.255.0
access-list tom extended permit tcp host x.x.x.x any eq smtp
access-list tom extended permit tcp host 10.200.200.222 any eq smtp
access-list tom extended permit tcp any host x.x.x.x
access-list aaron extended permit tcp any any eq 2967
access-list capauth extended permit ip host 10.200.200.1 host 10.200.200.220
access-list capauth extended permit ip host 10.200.200.220 host 10.200.200.1
access-list DMZ extended permit icmp any any
access-list dmz_access_in extended permit tcp any eq 51024 any eq 3336
access-list dmz_access_in extended permit icmp any any
access-list dmz_access_in extended permit tcp any any eq ftp
access-list dmz_access_in extended permit tcp any any eq https
access-list dmz_access_in remark rad5110 port 162 out
access-list dmz_access_in extended permit udp any any eq snmptrap
access-list dmz_access_in remark port 23 out
access-list dmz_access_in extended permit tcp any any eq telnet
access-list dmz_access_in remark port 53 dns out
access-list dmz_access_in extended permit object-group TCPUDP any any eq domain
access-list dmz_access_in extended permit object-group TCPUDP any any eq www
access-list dmz_access_in extended permit tcp any any eq h323
access-list dmz_access_in extended permit tcp any any object-group XML
access-list dmz_access_in extended permit udp any any object-group RAS
access-list dmz_access_in extended permit tcp any any range 1718 h323
access-list dmz_access_in extended permit tcp any any object-group H.245
access-list dmz_access_in extended permit object-group TCPUDP any any eq sip
access-list dmz_access_in extended permit udp any any object-group rtp_rtcp_udp
access-list dmz_access_in extended permit object-group TCPUDP any any object-group XML2
access-list dmz_access_in extended permit ip object-group local_net_group any
access-list dmz_access_in remark port 5061
access-list dmz_access_in extended permit tcp any any object-group tcp_tls
access-list outside_cryptomap extended permit ip 10.200.0.0 255.255.0.0 192.168.9.0 255.255.255.0
pager lines 24
logging enable
logging buffered warnings
logging trap informational
logging history informational
logging asdm warnings
logging host outside x.x.x.x
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu Wireless 1500
mtu management 1500
ip local pool SSL_VPN_POOL 172.20.20.1-172.20.20.75 mask 255.255.255.0
ip verify reverse-path interface outside
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NONAT_SSL
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) x.x.x.12 10.200.200.15 netmask 255.255.255.255
static (inside,outside) x.x.x.15 10.5.0.11 netmask 255.255.255.255
static (inside,outside) x.x.x.13 10.200.200.240 netmask 255.255.255.255
static (inside,outside) x.x.x.16 10.200.200.222 netmask 255.255.255.255
static (inside,outside) x.x.x.14 10.200.200.155 netmask 255.255.255.255
static (inside,dmz) 10.200.200.0 10.200.200.0 netmask 255.255.255.0
static (inside,dmz) 10.4.0.0 10.4.0.0 netmask 255.255.0.0
static (dmz,outside) x.x.x.18 172.22.22.15 netmask 255.255.255.255
static (dmz,outside) x.x.x.19 172.22.22.16 netmask 255.255.255.255
static (inside,dmz) 10.3.0.0 10.3.0.0 netmask 255.255.0.0
static (inside,dmz) 10.2.0.0 10.2.0.0 netmask 255.255.0.0
static (inside,dmz) 10.1.0.0 10.1.0.0 netmask 255.255.0.0
static (inside,dmz) 10.6.0.0 10.6.0.0 netmask 255.255.0.0
static (inside,dmz) 10.7.0.0 10.7.0.0 netmask 255.255.0.0
static (inside,dmz) 10.5.0.0 10.5.0.0 netmask 255.255.0.0
access-group outside_policy in interface outside
access-group inside_policy in interface inside
access-group dmz_access_in in interface dmz
route outside 0.0.0.0 0.0.0.0 x.x.x.12 1
route inside 10.1.0.0 255.255.0.0 10.200.200.254 1
route inside 10.2.0.0 255.255.0.0 10.200.200.254 1
route inside 10.3.0.0 255.255.0.0 10.200.200.254 1
route inside 10.4.0.0 255.255.0.0 10.200.200.254 1
route inside 10.5.0.0 255.255.0.0 10.200.200.254 1
route inside 10.6.0.0 255.255.0.0 10.200.200.254 1
route inside 10.7.0.0 255.255.0.0 10.200.200.150 1
route inside x.x.x.0 255.255.255.0 10.200.200.2 1
route inside x.x.x.0 255.255.255.0 10.200.200.2 1
route inside 192.168.1.0 255.255.255.0 10.200.200.254 1
route inside 192.168.2.0 255.255.255.0 10.200.200.254 1
route inside 192.168.3.0 255.255.255.0 10.200.200.254 1
route inside 192.168.4.0 255.255.255.0 10.200.200.254 1
route inside 192.168.5.0 255.255.255.0 10.200.200.254 1
route inside 192.168.6.0 255.255.255.0 10.200.200.254 1
route inside 192.168.7.0 255.255.255.0 10.200.200.254 1
route inside 192.168.200.0 255.255.255.0 10.200.200.254 1
route inside 192.168.201.0 255.255.255.0 10.200.200.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 2:00:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server COMPANY-NT-AUTH protocol nt
aaa-server COMPANY-NT-AUTH (inside) host 10.200.200.220
nt-auth-domain-controller DC
aaa authentication ssh console LOCAL
aaa authorization command LOCAL
http server enable
http 10.200.200.0 255.255.255.0 inside
http 10.200.0.0 255.255.0.0 inside
http 10.3.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set AES256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set asa2transform esp-3des esp-sha-hmac
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set transform-set 3DES-SHA
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto map OUTSIDE_MAP 5 match address outside_cryptomap
crypto map OUTSIDE_MAP 5 set pfs
crypto map OUTSIDE_MAP 5 set peer x.x.x.53
crypto map OUTSIDE_MAP 5 set transform-set 3DES-SHA
crypto map OUTSIDE_MAP 5 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP 10 match address OUTSIDECO_VPN
crypto map OUTSIDE_MAP 10 set peer x.x.x.25
crypto map OUTSIDE_MAP 10 set transform-set AES256-SHA
crypto map OUTSIDE_MAP 10 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP 10 set security-association lifetime kilobytes 4608000
crypto map OUTSIDE_MAP 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map OUTSIDE_MAP interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 20
console timeout 0
dhcpd dns 10.200.200.220 10.200.200.225
dhcpd wins 10.200.200.220 10.200.200.225
dhcpd lease 18000
dhcpd domain company.com
dhcpd dns 10.200.200.220 10.200.200.225 interface Wireless
dhcpd wins 10.200.200.220 10.200.200.225 interface Wireless
dhcpd lease 18000 interface Wireless
dhcpd domain company.com interface Wireless
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 192.5.41.40 source outside prefer
ssl trust-point vpn.company.com outside
webvpn
enable outside
anyconnect-essentials
svc image disk0:/anyconnect-win-2.5.0217-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.5.2017-k9.pkg 2
svc enable
tunnel-group-list enable
group-policy SSL_Client_Policy internal
group-policy SSL_Client_Policy attributes
wins-server value 10.200.200.220
dns-server value 10.200.200.220
vpn-tunnel-protocol IPSec svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SSL_SPLIT
default-domain value company.com
webvpn
sso-server none
auto-signon allow uri * auth-type all
group-policy no-split-test internal
group-policy no-split-test attributes
banner value Welcome to company and Associates
banner value Welcome to company and Associates
dns-server value 10.200.200.220
vpn-tunnel-protocol IPSec
ipsec-udp enable
split-tunnel-policy tunnelall
default-domain value company.com
group-policy DfltGrpPolicy attributes
dns-server value 10.200.200.220
default-domain value company.com
group-policy company internal
group-policy company attributes
banner value Welcome to company and Associates
banner value Welcome to company and Associates
dns-server value 10.200.200.220
vpn-tunnel-protocol IPSec
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SSL_SPLIT
default-domain value company.com
username ciscoadmin password xxxxxxxxxxx encrypted privilege 15
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool SSL_VPN_POOL
authentication-server-group COMPANY-NT-AUTH
default-group-policy SSL_Client_Policy
tunnel-group DefaultWEBVPNGroup webvpn-attributes
group-alias company_SSL_VPN enable
tunnel-group company_group type remote-access
tunnel-group company_group general-attributes
address-pool SSL_VPN_POOL
authentication-server-group COMPANY-NT-AUTH LOCAL
default-group-policy company
tunnel-group company_group ipsec-attributes
pre-shared-key *****
tunnel-group x.x.x.53 type ipsec-l2l
tunnel-group x.x.x.53 ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect tftp
inspect esmtp
inspect ftp
inspect icmp
inspect ip-options
inspect netbios
inspect rsh
inspect skinny
inspect sqlnet
inspect sunrpc
inspect xdmcp
inspect mgcp
inspect h323 h225
inspect h323 ras
inspect sip
service-policy global_policy global
privilege cmd level 5 mode exec command ping
privilege cmd level 6 mode exec command write
privilege show level 5 mode exec command running-config
privilege show level 5 mode exec command version
privilege show level 5 mode exec command conn
privilege show level 5 mode exec command memory
privilege show level 5 mode exec command cpu
privilege show level 5 mode exec command xlate
privilege show level 5 mode exec command traffic
privilege show level 5 mode exec command interface
privilege show level 5 mode exec command clock
privilege show level 5 mode exec command ip
privilege show level 5 mode exec command failover
privilege show level 5 mode exec command arp
privilege show level 5 mode exec command route
privilege show level 5 mode exec command blocks
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:a0689b4c837c79a51e7a0cfed591dec9
: end
COMPANY-asa#Hi Sian,
Yes on their end the PFS is enabled for DH Group 2.
Here is the information that you requested:
company-asa# sh crypto isakmp sa
Active SA: 3
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 3
1 IKE Peer: x.x.x.87
Type : user Role : responder
Rekey : no State : AM_ACTIVE
2 IKE Peer: x.x.x.53
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
3 IKE Peer: x.x.x.25
Type : user Role : initiator
Rekey : no State : MM_WAIT_MSG4
company-asa# sh crypto ipsec sa
interface: outside
Crypto map tag: OUTSIDE_MAP, seq num: 5, local addr: x.x.x.13
access-list outside_cryptomap extended permit ip 10.200.0.0 255.255.0.0 192.168.9.0 255.255.255.0
local ident (addr/mask/prot/port): (10.200.0.0/255.255.0.0/0/0)
remote ident (addr/mask/prot/port): (192.168.9.0/255.255.255.0/0/0)
current_peer: x.x.x.53
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 10744, #pkts decrypt: 10744, #pkts verify: 10744
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: x.x.x.13, remote crypto endpt.: x.x.x.53
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 500EC8BF
current inbound spi : 8DAE3436
inbound esp sas:
spi: 0x8DAE3436 (2377004086)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 32768, crypto-map: OUTSIDE_MAP
sa timing: remaining key lifetime (kB/sec): (3914946/24388)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x500EC8BF (1343146175)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 32768, crypto-map: OUTSIDE_MAP
sa timing: remaining key lifetime (kB/sec): (3915000/24388)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: outside_dyn_map, seq num: 20, local addr: x.x.x.13
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (172.20.20.8/255.255.255.255/0/0)
current_peer: x.x.x.87, username: ewebb
dynamic allocated peer ip: 172.20.20.8
#pkts encaps: 16434, #pkts encrypt: 16464, #pkts digest: 16464
#pkts decaps: 19889, #pkts decrypt: 19889, #pkts verify: 19889
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 16434, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 30, #pre-frag failures: 0, #fragments created: 60
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 60
#send errors: 0, #recv errors: 0
local crypto endpt.: x.x.x.13/4500, remote crypto endpt.: x.x.x.87/2252
path mtu 1500, ipsec overhead 66, media mtu 1500
current outbound spi: 2D712C9F
current inbound spi : 0EDB79C8
inbound esp sas:
spi: 0x0EDB79C8 (249264584)
transform: esp-3des esp-sha-hmac no compression
in use settings ={RA, Tunnel, NAT-T-Encaps, }
slot: 0, conn_id: 65536, crypto-map: outside_dyn_map
sa timing: remaining key lifetime (sec): 18262
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x2D712C9F (762391711)
transform: esp-3des esp-sha-hmac no compression
in use settings ={RA, Tunnel, NAT-T-Encaps, }
slot: 0, conn_id: 65536, crypto-map: outside_dyn_map
sa timing: remaining key lifetime (sec): 18261
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001 -
I have had Firefox for a few years and have been very satisfied with all of it's features and qualities. I work a great deal from home and have always enjoyed the convenience of being able to work off of 3 or 4 Firefox screens at one time. By pulling up one screen over the other and then go back and forth (as I still am able to do with Internet Explorer), saves a lot of time and NEEDLESS effort.
Since your latest update the other day, I am now only able to get that 1 screen and no matter how many times I click on the Firefox Icon on my icon screen, no other Firefox screens will come up. I am stuck with that 1 screen...
PLEASE HELP!!!! I have also lost my Yahoo search tool bar due to your upgrade, as well as several others which I cannot seem to retrieve.
Thank you so Very much in advance for addressing and correcting this error.Since I upgraded to Firefox 19 from 18.0.2, on my Windows XP (SP3) laptop, I, too, can no longer open a new window. File-->New Window does nothing; also can no longer tear off a tab and open it in a new window (it stays where it is). Also, if I right-click on a tab and select Move to New Window, nothing happens. All of these worked fine in FF 18.0.2. All of these work fine with FF 19 on Windows 7. Only an issue on my XP laptop.
After trying to open a new window, and not seeing the new window come up (and yes, I waited a long time), I decided to close my current window, which had multiple tabs open. Instead of just closing, it pops up the message reminding me that I'm about to close all those tabs. If I say close, and then go into the Task Manager, the Firefox application has disappeared (as expected), but the firefox (and plug-in container) processes are still running. So I have to manually kill the Firefox process to get it to quit. it's as if it thinks there is another Window open (the one I tried to open but never appeared). This happens every single time! I've restarted my laptop, and that does not resolve the problem.
Is there a way to downgrade back to v 18.0.2 until this is fixed?
Maybe you are looking for
-
The iWeb '08 nightmare has begun! My ENTIRE site does not show up in iWeb!
*Remember the whole iWeb 1.0.1 fiasco?* I think we are all gonna have to live through that again with iWeb '08. During the first fiasco, it took Apple more than 2 months to issue a fix, lets hope it doesn't take them as long this sime. *So my problem
-
Ipod Touch 1st generation: blank white screen - I tried holding both buttons and connecting it to the computer, restoring it, and still nothing. What else can I do? I did not drop it in water.
-
Deleted PO Approval Notification Accidently, now cant approve Draft. (2007)
My Customer accidently deleted an approval notification. The PO displayes in the Document Drafts report, but when the user drills down into the draft to add it, they get a message: "An authorization for this document has allready been sent. Document
-
Unreadable format when reading from iphone 4
Hi Ive just purchased a new Imac i5 1Tb (I have 750G free space)...8GRam OSX 10.7.5 ( I was told not to update to 10.8 from mac shop saying its not ready wait for a couple of releases) Iphoto version 9.4.1. I ran the update from (10.X not sure what
-
Is there any syscall with more accurate than the ddi_get_lbolt() in the kernel?
Hi, I used with the ddi_get_lbolt() to evaluate the performance of my some section code of driver in the kernel, but the return tick of ddi_get_lbolt() is the 10 milliseconds too long to evaluate. It seemed no change when I used with the drv_usectohz