I cannot access a site I use often as a403 error occurs. How do I resolve
I cannot access a site I use often as a 403 error occurs. How do I resolve?
You need to contact the website and tell them to upgrade their security protocols. Especially the following:
* The site uses SSLv3, meaning it's vulnerable to the well known POODLE attack. https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
* The site uses RC4, which is insecure.
* The site does not support TLS 1.2, which is recommended.
You can see a full list of all the problems with the website at https://www.ssllabs.com/ssltest/analyze.html?d=secure.crbonline.gov.uk
It very soon will not work in Google Chrome either, so it's in the website's best interest to update ASAP (besides protecting their users from having all their data and information stolen)
Similar Messages
-
Cannot access Adobe Folio Builder using Indesign (CS6) on Windows 7, error message is 'An error has occured while trying to sign in to the Folio Builder Panel' [IMS_ERROR_FAILURE]
Yes, I can open the DPS portal via the Folio Builder panel within InDesign. Although I have created Folios locally within InDesign CS6, the DPS portal is empty and everthing greyed out with just the text "There are no folios to display. Create folios with the folio builder in InDesign".
If I try to sign in within the Folio Builder panel in InDesign, I get the error message [IMS_ERROR_FAILURE] . In addition I am also not able to access the "Help" menu from within InDesign although I am connected to the internet.
To complicate it even further, I am working in the UK whereas all internet control (firewall) and licences are handeled by head office in Germany. I am not sure if this is a firwewall issue or not but if the IT department in Germany could get support from Adobe to understand the access requirements, this may help.
Hopefully using the forum someone out there will know the answer. -
User name and password are stored correctly in preferences, but the fields remain blank whenever I try to login to a site I use often. No prompt "Do you want firefox to remember..." Do get a popup "do you want to update password?" but it makes no difference whether I check yes or not.
No such problem with several other sites whose passwords are stored.You must have the "Remember passwords" feature enabled for the browser to remember them. In Firefox 2.0 and above, make sure Tools -> Options -> Security / Passwords -> "Remember passwords for sites" is checked.
Additionally, you may have once told the browser to never save the passwords for the site. In Firefox 2.0 and above, check the list under Tools -> Options -> Security / Passwords -> Exceptions. Also make sure you are not private browsing while saving password.
Cheers -
please help. my address bar has vanished. i have no idea how to retrieve it, so can only access bookmarked sites when using firefox.
Make sure that you do not run Firefox in Full Screen mode with all toolbars hidden.
* Press F11 to toggle full screen mode (Firefox/File > Full Screen)
If the menu bar is hidden then press the F10 key or hold down the Alt key, that should make the menu bar appear.
Make sure that toolbars like the "Navigation Toolbar" and the "Bookmarks Toolbar" are visible: "View > Toolbars"
* If items are missing then open the Customize window via "View > Toolbars > Customize" or via "Firefox > Options > Toolbar Layout" (Linux, Windows)
* If a missing item is in the toolbar palette then drag it back from the Customize window on the toolbar
* If you do not see an item on a toolbar and in the toolbar palette then click the "Restore Default Set" button to restore the default toolbar set up.
See also:
* http://kb.mozillazine.org/Toolbar_customization -
I have a new Apple TV which is working fine except that I cannot access .mov files which are in my iTunes Library. How can I get to these? I can run them on my computer and select Apple TV on the screen, but the Apple TV goes to a black screen
Mov is a container format, you'd need to look at the codec used by the movie file inside the container to know whether it will work with the Apple TV or not.
-
I have iPad new 3rd gen with OS 7.0.4. I cannot open SEARCH window by using maneuvers noted in manual. how can I open SEARCH?
Swipe down from the middle of the home screen - not from the top of the screen - move down a little bit and swipe down. The Spotlight Search field should appear at the top.
-
Cannot install itunes, I keep getting this message:An error occured during the installation of assembly 'Microsoft .VC80.CRT .type="win32" ,version="8.0.50727.6195".publicKeyToken="1fc8b3b9a1e18e3b".processorArchitectu re="x86"'. Please refer to Help and
Repair your Apple Application Support.
Control Panel > Programs n Features > highlight AAS, click CHANGE the REPAIR -
Hi,
I tried to download Itunes update 11.1.4 to my windows xp desktop computer. Somehow, It was not succesful. Now , I cannot open Itunes. It gives error message of R6034-runtime error. How can I resolve it?Click here and follow the instructions.
(99025) -
I cannot sign in FaceTime , it keeps on saying an error occurred during activation, please sign in again
Hey!
I too was facing the same problem but have found a solution for it. The problem is most likely because of the 'Date & Time' setting. Change to setting to 'Set Automatically' and then try reconnecting to facetime/imessage.
Hope this helps you as it did to me. -
when attempting to connect to the itunes store, the status message says "accessing itunes store..." but never connects. how do i resolve this?
Close your iTunes,
Go to command Prompt -
(Win 7/Vista) - START/ALL PROGRAMS/ACCESSORIES, right mouse click "Command Prompt", choose "Run as Administrator".
(Win XP SP2 n above) - START/ALL PROGRAMS/ACCESSORIES/Command Prompt
In the "Command Prompt" screen, type in
netsh winsock reset
Hit "ENTER" key
Restart your computer.
If you do get a prompt after restart windows to remap LSP, just click NO.
Now launch your iTunes and see if it is working now.
If you are still having these type of problems after trying the winsock reset, refer to this article to identify which software in your system is inserting LSP:
iTunes 10.5 for Windows: May see performance issues and blank iTunes Store
http://support.apple.com/kb/TS4123?viewlocale=en_US -
Cannot attach files to email. get message "An internal error occurred when attempting to attach... " Have tried attaching docs and jpg. Same result , files don't attach. When click on try again and then "switch" the file does attach.
Cannot attach files to email. get message "An internal error occurred when attempting to attach... " Have tried attaching docs and jpg. Same result , files don't attach. When click on try again and then "switch" the file does attach.
-
[resolved] Cannot access particular site
I cannot access http://www.philosophypages.com. I tested using the "is it down or is it me?" site and apparently, it is "just me". I can ping the site fine. But if I try to view the page in firefox, it hangs forever. I don't see any complaints in the error/warning/info console, though. If I try to access it with lynx, eventually it just times out and says it could not make the connection.
I've accessed the same site just fine before. I can access other sites just fine now.
Can anybody suggest ways to track the issue down?
$ traceroute www.philosophypages.com
traceroute to www.philosophypages.com (207.155.252.12), 30 hops max, 60 byte packets
1 xx.x.x.x (x.x.x.x) 3.122 ms 7.112 ms 7.123 ms
2 xx.xxx.xxx.x (xx.xxx.xxx.x) 13.841 ms 13.950 ms 21.623 ms
3 xxxx-xxxx-xx-xxx-xxx.network.virginmedia.net (xx.xxx.xxx.xxx) 21.651 ms 21.716 ms 21.794 ms
4 xxxx-xx-xx-xxx-x.network.virginmedia.net (xx.xxx.xxx.xxx) 27.572 ms 27.639 ms 27.630 ms
5 xe-7-0-0.edge3.London2.Level3.net (195.50.91.129) 31.243 ms 31.287 ms 35.437 ms
6 ae-0-11.edge4.London2.Level3.net (4.69.200.126) 36.044 ms 22.750 ms 21.694 ms
7 ae-3-3.ebr1.London1.Level3.net (4.69.141.189) 22.314 ms 30.534 ms 30.419 ms
8 ae-57-112.csw1.London1.Level3.net (4.69.153.118) 30.589 ms ae-58-113.csw1.London1.Level3.net (4.69.153.122) 32.039 ms ae-59-114.csw1.London1.Level3.net (4.69.153.126) 31.964 ms
9 ae-1-51.edge4.London1.Level3.net (4.69.139.74) 31.659 ms 31.744 ms 32.072 ms
10 XO-level3-1x10G.London.Level3.net (4.68.70.134) 32.256 ms 32.341 ms 32.122 ms
11 vb1042.rar3.nyc-ny.us.xo.net (207.88.13.202) 107.633 ms 111.691 ms 107.710 ms
12 te-3-0-0.rar3.washington-dc.us.xo.net (207.88.12.74) 169.505 ms 167.730 ms 172.305 ms
13 te-11-0-0.rar3.sanjose-ca.us.xo.net (207.88.12.69) 173.591 ms 173.456 ms 173.677 ms
14 ae0d0.mcr1.fremont-ca.us.xo.net (216.156.0.138) 167.153 ms 165.860 ms 167.242 ms
15 ae1d0.mcr2.fremont-ca.us.xo.net (216.156.1.70) 166.037 ms 171.930 ms 171.810 ms
16 209.116.66.138 (209.116.66.138) 171.997 ms 164.010 ms 162.785 ms
17 206.251.128.138.ptr.us.xo.net (206.251.128.138) 162.577 ms 170.301 ms 170.335 ms
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Last edited by cfr (2013-02-23 22:57:57)Works okay here.
1 ewaller (192.168.1.1) 0.848 ms 1.473 ms 1.435 ms
2 netblock-<redacted>.dslextreme.com (<redacted>) 10.585 ms 11.753 ms 12.152 ms
3 lax1_cr1_gig_10_0_120.dslextreme.com (66.218.48.145) 13.750 ms 14.603 ms 16.036 ms
4 ge-6-5.car4.LosAngeles1.Level3.net (4.71.128.1) 18.441 ms 18.798 ms 19.272 ms
5 xo-level3-xe.losangeles9.level3.net (4.53.228.10) 21.344 ms 23.157 ms 24.477 ms
6 207.88.14.209.ptr.us.xo.net (207.88.14.209) 41.759 ms 35.728 ms 32.297 ms
7 ae0d0.mcr1.fremont-ca.us.xo.net (216.156.0.138) 33.857 ms 22.385 ms 20.789 ms
8 ae1d0.mcr2.fremont-ca.us.xo.net (216.156.1.70) 22.237 ms 23.305 ms 23.283 ms
9 209.116.66.138 (209.116.66.138) 24.918 ms 25.905 ms 27.264 ms
10 206.251.128.138.ptr.us.xo.net (206.251.128.138) 28.415 ms 29.845 ms 30.189 ms
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
It must be all those xx's in your IP
From the site:
Philosophy Pages
. . . from Garth Kemerling
This site offers helpful information for students of the Western philosophical tradition. The elements you will find on this site include:
The Dictionary of Philosophical Terms and Names.
A survey of the History of Western Philosophy.
A Timeline for the intellectual figures discussed here.
Detailed discussion of several major Philosophers
Summary treatment of the elementary principles of Logic
A generic Study Guide for students of philosophy.
Links to other philosophy Sites on the Internet.
Edit: We both found our way to 206.251.128.138.ptr.us.xo.net .
Last edited by ewaller (2013-01-25 04:42:27) -
Cannot access web site hosted on Azure VM
I have created Windows Server 2012R2 VM and after creating VM I have installed IIS and hosted my site and found it is working fine inside the VM.
Then I have added HTTP end point to my VM from azure portal. After creating http end point I cannot access my web site using MyHostName.cloudapp.net.
Can you help me why http end point is not working?
Then I have crated VM with template and there I have defined HTTP endpoint before creating VM.
Finally I found that if I create end point before creating VM then it works fine and if I create endpoint after creating VM then it doesn’t work.
Can you kindly help me to solve this issue (so that end point works properly after creating VM)?
Hasibul Haque,MCC2011,MCPD hasibulhaque.comHi,
You can check the port you bind for the website in IIS and make sure you have created endpoint with the correct port. You can also install Telnet client on your local computer and run "telnet xxx.cloudapp.net public_port_in_endpoint" at the command
prompt to see it works.
Have you enable SSL on the website hosted on Azure VM? If yes, please also create an endpoint with port 443 and open that port in Windows Firewall on the VM.
Best regards,
Susie
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
I am using SharePoint Foundation 2013 , i have backed up the site using powershell with the following command:
-backup-spsite -identity http://dmsserver/sites/demo/ -path C:\SPSiteBackup.bak
After backup finished, i can't access the site, the message "Sorry, this site hasn't been shared with you" appears, even the site administrator collection is configured coorectly, with the Administrator account.
Whats the problem?
Please Advice.Hi husseinsa,
According to your description, my understanding is that you could not access the site after backing up the site collection in SharePoint 2013 Foundation.
Could you access other sites at the same site collection?
Let’s do a troubleshooting for this issue:
Please delete the IE cache: IE options->General->Delete, select all checkboxes, and click Delete.
Go to CA->Application Management->Manage web applications, select the web application which hosts the problematic site .
Click Permisson Policy, make sure there are not any deny policies for site collection administrator and site collection auditor.
Back to the web application list page, click User Policy, check whether there are any user policies for denying permissions.
Change the site collection administrator or add a secondary site collection administrator in CA, then use the new site collection administrator to log in the site, compare the result.
Open IIS, expand the server, and click application pools.
Find the problematic web application pool, make the identity of the pool is correct, then do an IISRESET, compare the result.
If this issue still exists, please check the log file to find more information about this issue. The path of the log file is
: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS.
Or you can use Event Viewer(Start->Run->event viewer) to find the log.
I hope this helps.
Thanks,
Wendy
Wendy Li
TechNet Community Support -
VPN Clients cannot access remote site
Hey there,
I am pretty new in configuring Cisco devices and now I need some help.
I have 2 site here:
site A
Cisco 891
external IP: 195.xxx.yyy.zzz
VPN Gateway for Remote users
local IP: VLAN10 10.133.10.0 /23
site B
Cisco 891
external IP: 62.xxx.yyy.zzz
local IP VLAN10 10.133.34.0 /23
Those two sites are linked together with a Site-to-Site VPN. Accessing files or ressources from one site to the other is working fine while connected to the local LAN.
I configured VPN connection with Radius auth. VPN clients can connect to Site A, get an IP adress from VPN Pool (172.16.100.2-100) and can access files and servers on site A. But for some reason they cannot access ressources on site B. I already added the site B network to the ACL and when connecting with VPN it shows secured routes to 10.133.10.0 and 10.133.34.0 in the statistics. Same thing for other VPN Tunnels to ERP system.
What is missing here to make it possible to reach remote sites when connected through VPN? I had a look at the logs but could not find anything important.
Here is the config of site A
Building configuration...
Current configuration : 24257 bytes
version 15.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname Englerstrasse
boot-start-marker
boot config usbflash0:CVO-BOOT.CFG
boot-end-marker
aaa new-model
aaa group server radius Radius-AD
server 10.133.10.5 auth-port 1812 acct-port 1813
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_2 group Radius-AD local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa session-id common
clock timezone Berlin 1 0
clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
crypto pki trustpoint TP-self-signed-27361994
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-27361994
revocation-check none
rsakeypair TP-self-signed-27361994
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name [email protected]
revocation-check crl
crypto pki certificate chain TP-self-signed-27361994
certificate self-signed 01
30820227 30820190 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373336 31393934 301E170D 31323038 32373038 30343238
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D323733 36313939
3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B709
64CE1874 BF812A9F 0B761522 892373B9 10F0BB52 6263DCDB F9877AA3 7BD34E53
BCFDA45C 2A991777 4DDC7E6B 1FCEE36C B6E35679 C4A18771 9C0F871F 38310234
2D89A4FF 37B616D8 362B3103 A8A319F2 10A72DC7 490A04AC 7955DF68 32EF9615
9E1A3B31 2A1AB243 B3ED3E35 F4AAD029 CDB1F941 5E794300 5C5EF8AE 5C890203
010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304
18301680 14D0F5E7 D3A9311D 1675AA8F 38F064FC 4D04465E F5301D06 03551D0E
04160414 D0F5E7D3 A9311D16 75AA8F38 F064FC4D 04465EF5 300D0609 2A864886
F70D0101 05050003 818100AB 2CD4363A E5ADBFB0 943A38CB AC820801 117B52CC
20216093 79D1F777 2B3C0062 4301CF73 094B9CA5 805F585E 04CF3301 9B839DEB
14A334A2 F5A5316F C65EEF21 0B0DF3B5 F4322440 F28B984B E769876D 6EF94895
C3D5048A A4E2A180 12DF6652 176942F8 58187D7B D37B1F1A 4DDD7AE9 5189F9AF
AF3EF676 26AD3F31 D368F5
quit
crypto pki certificate chain test_trustpoint_config_created_for_sdm
no ip source-route
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip inspect log drop-pkt
ip inspect name CCP_MEDIUM appfw CCP_MEDIUM
ip inspect name CCP_MEDIUM ftp
ip inspect name CCP_MEDIUM h323
ip inspect name CCP_MEDIUM sip
ip inspect name CCP_MEDIUM https
ip inspect name CCP_MEDIUM icmp
ip inspect name CCP_MEDIUM netshow
ip inspect name CCP_MEDIUM rcmd
ip inspect name CCP_MEDIUM realaudio
ip inspect name CCP_MEDIUM rtsp
ip inspect name CCP_MEDIUM sqlnet
ip inspect name CCP_MEDIUM streamworks
ip inspect name CCP_MEDIUM tftp
ip inspect name CCP_MEDIUM udp
ip inspect name CCP_MEDIUM vdolive
ip inspect name CCP_MEDIUM imap reset
ip inspect name CCP_MEDIUM smtp
ip cef
no ipv6 cef
appfw policy-name CCP_MEDIUM
application im aol
service default action allow alarm
service text-chat action allow alarm
server permit name login.oscar.aol.com
server permit name toc.oscar.aol.com
server permit name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action allow alarm
service text-chat action allow alarm
server permit name messenger.hotmail.com
server permit name gateway.messenger.hotmail.com
server permit name webmessenger.msn.com
audit-trail on
application http
strict-http action allow alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action allow alarm
application im yahoo
service default action allow alarm
service text-chat action allow alarm
server permit name scs.msg.yahoo.com
server permit name scsa.msg.yahoo.com
server permit name scsb.msg.yahoo.com
server permit name scsc.msg.yahoo.com
server permit name scsd.msg.yahoo.com
server permit name cs16.msg.dcn.yahoo.com
server permit name cs19.msg.dcn.yahoo.com
server permit name cs42.msg.dcn.yahoo.com
server permit name cs53.msg.dcn.yahoo.com
server permit name cs54.msg.dcn.yahoo.com
server permit name ads1.vip.scd.yahoo.com
server permit name radio1.launch.vip.dal.yahoo.com
server permit name in1.msg.vip.re2.yahoo.com
server permit name data1.my.vip.sc5.yahoo.com
server permit name address1.pim.vip.mud.yahoo.com
server permit name edit.messenger.yahoo.com
server permit name messenger.yahoo.com
server permit name http.pager.yahoo.com
server permit name privacy.yahoo.com
server permit name csa.yahoo.com
server permit name csb.yahoo.com
server permit name csc.yahoo.com
audit-trail on
parameter-map type inspect global
log dropped-packets enable
multilink bundle-name authenticated
redundancy
ip tcp synwait-time 10
class-map match-any CCP-Transactional-1
match dscp af21
match dscp af22
match dscp af23
class-map match-any CCP-Voice-1
match dscp ef
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any CCP-Routing-1
match dscp cs6
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any CCP-Signaling-1
match dscp cs3
match dscp af31
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any CCP-Management-1
match dscp cs2
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
policy-map sdm-qos-test-123
class class-default
policy-map sdmappfwp2p_CCP_MEDIUM
class sdm_p2p_edonkey
class sdm_p2p_gnutella
class sdm_p2p_kazaa
class sdm_p2p_bittorrent
policy-map CCP-QoS-Policy-1
class sdm_p2p_edonkey
class sdm_p2p_gnutella
class sdm_p2p_kazaa
class sdm_p2p_bittorrent
class CCP-Voice-1
priority percent 33
class CCP-Signaling-1
bandwidth percent 5
class CCP-Routing-1
bandwidth percent 5
class CCP-Management-1
bandwidth percent 5
class CCP-Transactional-1
bandwidth percent 5
class class-default
fair-queue
random-detect
crypto ctcp port 10000
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key REMOVED address 62.20.xxx.yyy
crypto isakmp key REMOVED address 195.243.xxx.yyy
crypto isakmp key REMOVED address 195.243.xxx.yyy
crypto isakmp key REMOVED address 83.140.xxx.yyy
crypto isakmp client configuration group VPN_local
key REMOVED
dns 10.133.10.5 10.133.10.7
wins 10.133.10.7
domain domain.de
pool SDM_POOL_2
acl 115
crypto isakmp profile ciscocp-ike-profile-1
match identity group VPN_local
client authentication list ciscocp_vpn_xauth_ml_2
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA4 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA11 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA5 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA1 esp-des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA11
set isakmp-profile ciscocp-ike-profile-1
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to62.20.xxx.xxx
set peer 62.20.xxx.xxx
set transform-set ESP-3DES-SHA
match address 105
crypto map SDM_CMAP_1 2 ipsec-isakmp
description Tunnel to195.243.xxx.xxx
set peer 195.243.xxx.xxx
set transform-set ESP-3DES-SHA4
match address 107
crypto map SDM_CMAP_1 3 ipsec-isakmp
description Tunnel to83.140.xxx.xxx
set peer 83.140.xxx.xxx
set transform-set ESP-DES-SHA1
match address 118
interface Loopback2
ip address 192.168.10.1 255.255.254.0
interface Null0
no ip unreachables
interface FastEthernet0
switchport mode trunk
no ip address
spanning-tree portfast
interface FastEthernet1
no ip address
spanning-tree portfast
interface FastEthernet2
no ip address
spanning-tree portfast
interface FastEthernet3
no ip address
spanning-tree portfast
interface FastEthernet4
description Internal LAN
switchport access vlan 10
switchport trunk native vlan 10
no ip address
spanning-tree portfast
interface FastEthernet5
no ip address
spanning-tree portfast
interface FastEthernet6
no ip address
spanning-tree portfast
interface FastEthernet7
no ip address
spanning-tree portfast
interface FastEthernet8
description $FW_OUTSIDE$$ETH-WAN$
ip address 62.153.xxx.xxx 255.255.255.248
ip access-group 113 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect CCP_MEDIUM out
no ip virtual-reassembly in
ip verify unicast reverse-path
duplex auto
speed auto
crypto map SDM_CMAP_1
service-policy input sdmappfwp2p_CCP_MEDIUM
service-policy output CCP-QoS-Policy-1
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet8
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface GigabitEthernet0
no ip address
shutdown
duplex auto
speed auto
interface Vlan1
no ip address
interface Vlan10
description $FW_INSIDE$
ip address 10.133.10.1 255.255.254.0
ip access-group 112 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
ip local pool SDM_POOL_1 192.168.10.101 192.168.10.200
ip local pool VPN_Pool 192.168.20.2 192.168.20.100
ip local pool SDM_POOL_2 172.16.100.2 172.16.100.100
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip forward-protocol nd
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet8 overload
ip route 0.0.0.0 0.0.0.0 62.153.xxx.xxx
ip access-list extended VPN1
remark VPN_Haberstrasse
remark CCP_ACL Category=4
permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
ip radius source-interface Vlan10
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 23 remark CCP_ACL Category=17
access-list 23 permit 195.243.xxx.xxx
access-list 23 permit 10.133.10.0 0.0.1.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 10.133.10.0 0.0.1.255 any
access-list 101 remark CCP_ACL Category=16
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any
access-list 102 remark auto generated by CCP firewall configuration
access-list 102 remark CCP_ACL Category=1
access-list 102 deny ip 10.10.10.0 0.0.0.7 any
access-list 102 permit icmp any host 62.153.xxx.xxx echo-reply
access-list 102 permit icmp any host 62.153.xxx.xxx time-exceeded
access-list 102 permit icmp any host 62.153.xxx.xxx unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
access-list 103 remark auto generated by CCP firewall configuration
access-list 103 remark CCP_ACL Category=1
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 103 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 103 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 103 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 103 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 103 permit udp any host 62.153.xxx.xxx eq non500-isakmp
access-list 103 permit udp any host 62.153.xxx.xxx eq isakmp
access-list 103 permit esp any host 62.153.xxx.xxx
access-list 103 permit ahp any host 62.153.xxx.xxx
access-list 103 permit udp host 194.25.0.60 eq domain any
access-list 103 permit udp host 194.25.0.68 eq domain any
access-list 103 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
access-list 103 deny ip 10.10.10.0 0.0.0.7 any
access-list 103 permit icmp any host 62.153.xxx.xxx echo-reply
access-list 103 permit icmp any host 62.153.xxx.xxx time-exceeded
access-list 103 permit icmp any host 62.153.xxx.xxx unreachable
access-list 103 deny ip 10.0.0.0 0.255.255.255 any
access-list 103 deny ip 172.16.0.0 0.15.255.255 any
access-list 103 deny ip 192.168.0.0 0.0.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip host 0.0.0.0 any
access-list 103 deny ip any any log
access-list 104 remark CCP_ACL Category=4
access-list 104 permit ip 10.133.10.0 0.0.1.255 any
access-list 105 remark CCP_ACL Category=4
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
access-list 106 remark CCP_ACL Category=2
access-list 106 remark IPSec Rule
access-list 106 deny ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
access-list 106 permit ip 10.10.10.0 0.0.0.7 any
access-list 106 permit ip 10.133.10.0 0.0.1.255 any
access-list 107 remark CCP_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 107 remark IPSec Rule
access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 108 remark Auto generated by SDM Management Access feature
access-list 108 remark CCP_ACL Category=1
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq telnet
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 22
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq www
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 443
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq cmd
access-list 108 deny tcp any host 10.133.10.1 eq telnet
access-list 108 deny tcp any host 10.133.10.1 eq 22
access-list 108 deny tcp any host 10.133.10.1 eq www
access-list 108 deny tcp any host 10.133.10.1 eq 443
access-list 108 deny tcp any host 10.133.10.1 eq cmd
access-list 108 deny udp any host 10.133.10.1 eq snmp
access-list 108 permit ip any any
access-list 109 remark CCP_ACL Category=1
access-list 109 permit ip 10.133.10.0 0.0.1.255 any
access-list 109 permit ip 10.10.10.0 0.0.0.7 any
access-list 109 permit ip 192.168.10.0 0.0.1.255 any
access-list 110 remark CCP_ACL Category=1
access-list 110 permit ip host 195.243.xxx.xxx any
access-list 110 permit ip host 84.44.xxx.xxx any
access-list 110 permit ip 10.133.10.0 0.0.1.255 any
access-list 110 permit ip 10.10.10.0 0.0.0.7 any
access-list 110 permit ip 192.168.10.0 0.0.1.255 any
access-list 111 remark CCP_ACL Category=4
access-list 111 permit ip 10.133.10.0 0.0.1.255 any
access-list 112 remark CCP_ACL Category=1
access-list 112 permit udp host 10.133.10.5 eq 1812 any
access-list 112 permit udp host 10.133.10.5 eq 1813 any
access-list 112 permit udp any host 10.133.10.1 eq non500-isakmp
access-list 112 permit udp any host 10.133.10.1 eq isakmp
access-list 112 permit esp any host 10.133.10.1
access-list 112 permit ahp any host 10.133.10.1
access-list 112 permit udp host 10.133.10.5 eq 1645 host 10.133.10.1
access-list 112 permit udp host 10.133.10.5 eq 1646 host 10.133.10.1
access-list 112 remark auto generated by CCP firewall configuration
access-list 112 permit udp host 10.133.10.5 eq 1812 host 10.133.10.1
access-list 112 permit udp host 10.133.10.5 eq 1813 host 10.133.10.1
access-list 112 permit udp host 10.133.10.7 eq domain any
access-list 112 permit udp host 10.133.10.5 eq domain any
access-list 112 deny ip 62.153.xxx.xxx 0.0.0.7 any
access-list 112 deny ip 10.10.10.0 0.0.0.7 any
access-list 112 deny ip host 255.255.255.255 any
access-list 112 deny ip 127.0.0.0 0.255.255.255 any
access-list 112 permit ip any any
access-list 113 remark CCP_ACL Category=1
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.60.16.0 0.0.0.255 192.168.10.0 0.0.1.255
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.60.16.0 0.0.0.255 10.133.10.0 0.0.1.255
access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq non500-isakmp
access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq isakmp
access-list 113 permit esp host 83.140.100.4 host 62.153.xxx.xxx
access-list 113 permit ahp host 83.140.100.4 host 62.153.xxx.xxx
access-list 113 permit ip host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit ip host 84.44.xxx.xxx host 62.153.xxx.xxx
access-list 113 remark auto generated by CCP firewall configuration
access-list 113 permit udp host 194.25.0.60 eq domain any
access-list 113 permit udp host 194.25.0.68 eq domain any
access-list 113 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
access-list 113 permit udp host 194.25.0.60 eq domain host 62.153.xxx.xxx
access-list 113 permit udp any host 62.153.xxx.xxx eq non500-isakmp
access-list 113 permit udp any host 62.153.xxx.xxx eq isakmp
access-list 113 permit esp any host 62.153.xxx.xxx
access-list 113 permit ahp any host 62.153.xxx.xxx
access-list 113 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 113 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 113 remark IPSec Rule
access-list 113 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 113 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
access-list 113 remark Pop3
access-list 113 permit tcp host 82.127.xxx.xxx eq 8080 host 62.153.xxx.xxx
access-list 113 remark Pop3
access-list 113 permit tcp any eq pop3 host 62.153.xxx.xxx
access-list 113 remark SMTP
access-list 113 permit tcp any eq 465 host 62.153.xxx.xxx
access-list 113 remark IMAP
access-list 113 permit tcp any eq 587 host 62.153.xxx.xxx
access-list 113 deny ip 10.133.10.0 0.0.1.255 any
access-list 113 deny ip 10.10.10.0 0.0.0.7 any
access-list 113 permit icmp any host 62.153.xxx.xxx echo-reply
access-list 113 permit icmp any host 62.153.xxx.xxx time-exceeded
access-list 113 permit icmp any host 62.153.xxx.xxx unreachable
access-list 113 deny ip 10.0.0.0 0.255.255.255 any
access-list 113 deny ip 172.16.0.0 0.15.255.255 any
access-list 113 deny ip 192.168.0.0 0.0.255.255 any
access-list 113 deny ip 127.0.0.0 0.255.255.255 any
access-list 113 deny ip host 255.255.255.255 any
access-list 113 deny ip host 0.0.0.0 any
access-list 113 deny ip any any log
access-list 114 remark auto generated by CCP firewall configuration
access-list 114 remark CCP_ACL Category=1
access-list 114 deny ip 10.133.10.0 0.0.1.255 any
access-list 114 deny ip 10.10.10.0 0.0.0.7 any
access-list 114 permit icmp any any echo-reply
access-list 114 permit icmp any any time-exceeded
access-list 114 permit icmp any any unreachable
access-list 114 deny ip 10.0.0.0 0.255.255.255 any
access-list 114 deny ip 172.16.0.0 0.15.255.255 any
access-list 114 deny ip 192.168.0.0 0.0.255.255 any
access-list 114 deny ip 127.0.0.0 0.255.255.255 any
access-list 114 deny ip host 255.255.255.255 any
access-list 114 deny ip host 0.0.0.0 any
access-list 114 deny ip any any log
access-list 115 remark VPN_Sub
access-list 115 remark CCP_ACL Category=5
access-list 115 permit ip 10.133.10.0 0.0.1.255 172.16.0.0 0.0.255.255
access-list 115 permit ip 10.133.34.0 0.0.1.255 172.16.0.0 0.0.255.255
access-list 115 permit ip 10.133.20.0 0.0.0.255 any
access-list 116 remark CCP_ACL Category=4
access-list 116 remark IPSec Rule
access-list 116 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 117 remark CCP_ACL Category=4
access-list 117 remark IPSec Rule
access-list 117 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 118 remark CCP_ACL Category=4
access-list 118 remark IPSec Rule
access-list 118 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 118 remark IPSec Rule
access-list 118 permit ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 106
control-plane
mgcp profile default
line con 0
transport output telnet
line 1
modem InOut
speed 115200
flowcontrol hardware
line aux 0
transport output telnet
line vty 0 4
session-timeout 45
access-class 110 in
transport input telnet ssh
line vty 5 15
access-class 109 in
transport input telnet ssh
scheduler interval 500
endThe crypto ACL for the site to site vpn should also include the vpn client pool, otherwise, traffic from the vpn client does not match the interesting traffic for the site to site vpn.
On Site A:
should include "access-list 107 permit ip 172.16.100.0 0.0.0.255 10.133.34.0 0.0.1.255"
You should also remove the following line as the pool is incorrect:
access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
On Site B:
should include: permit ip 10.133.34.0 0.0.1.255 172.16.100.0 0.0.0.255"
NAT exemption on site B should also be configured with deny on the above ACL.
Maybe you are looking for
-
Problems with flah player i found a clue to solve
Well, for everybody that is not being able to install flash player(including me) on internet explorer here is my history : I'm having problems to install flash player on internet explorer since adobe bought the company, i read a lot of posts from all
-
(iPhone4) 30 pin female connector to micro USB male connector adapter
Is there such a thing as a (iPhone4) 30 pin female connector to micro USB male connector adapter, which can transfer audio / music? My car audio system has a 30 pin male connector for my iPhone4. Would like to use my Android phone as well.
-
I understand that SAP does not support GRC AC 10 on NW 7.3 but on NW 7.02. However, I'd like to know if it is possible to install AC 10 on NW 7.3. Technically and in support, what issues can we come across while implementing on NW 7.3 ?
-
What is the WPS button, and where do I find it??????
A guest set up their computer and printer to mine today as a guest. My wireless printer now will not work for me. In trying to reinstall the printer, I came across the message,... press and hold the WPS button for 5 seconds......I cannot find th
-
Can I set my home pages to open as App Tabs?
I always have a set of my favorite, every day sites as App Tabs, which are also my home pages. I usually let Firefox just restore my previous session, but sometimes I just need a clean restart - just my App Tabs/home pages. But clicking Home opens th