Internet connexion problem for remote site in Site to site VPN asa 5505
Hi all
I'm configuring a site to site Ipsec VPN in 2 sites using ASA 5505 V 8.2, The VPN is working fine i can ping machine in the 2 sides but the problem is the remote site dont' have internet.
The architecture is, we 2 site Site1 is the main site and Site2 is secondary site there will be Site3, ...
The internet connection is based in Site1 and site2 and site 3 will have internet connection through Site1. Site1, Site2 and Site 3 is interconnected by Ipsec VPN.
Here is my ASA 5505 Configuration :
SITE 1:
ASA Version 8.2(5)
hostname test-malabo
domain-name test.mg
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd ta.qizy4R//ChqQH encrypted
names
interface Ethernet0/0
description "Sortie Internet"
switchport access vlan 2
interface Ethernet0/1
description "Interconnexion"
switchport access vlan 171
interface Ethernet0/2
description "management"
switchport access vlan 10
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 41.79.49.42 255.255.255.192
interface Vlan10
nameif mgmt
security-level 0
ip address 10.12.1.100 255.255.0.0
interface Vlan171
nameif interco
security-level 0
ip address 10.22.19.254 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name test.mg
object-group network LAN-MALABO
description LAN DE MALABO
network-object 192.168.1.0 255.255.255.0
object-group network LAN-BATA
description LAN DE BATA
network-object 192.168.2.0 255.255.255.0
object-group network LAN-LUBA
description LAN DE LUBA
network-object 192.168.3.0 255.255.255.0
access-list interco_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
mtu mgmt 1500
mtu interco 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
icmp permit any interco
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (interco) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 41.79.49.1 1
route interco 192.168.3.0 255.255.255.0 10.22.19.5 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map interco_map0 1 match address interco_1_cryptomap
crypto map interco_map0 1 set pfs group1
crypto map interco_map0 1 set peer 10.22.19.5
crypto map interco_map0 1 set transform-set ESP-3DES-SHA
crypto map interco_map0 interface interco
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto isakmp enable interco
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet 10.12.0.0 255.255.0.0 mgmt
telnet timeout 30
ssh 192.168.1.0 255.255.255.0 inside
ssh 10.12.0.0 255.255.0.0 mgmt
ssh timeout 30
console timeout 0
management-access interco
dhcpd option 3 ip 192.168.1.1
dhcpd address 192.168.1.100-192.168.1.254 inside
dhcpd dns 41.79.48.66 8.8.8.8 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 15
tunnel-group 10.22.19.5 type ipsec-l2l
tunnel-group 10.22.19.5 ipsec-attributes
pre-shared-key *****
isakmp keepalive threshold 60 retry 5
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect snmp
inspect icmp
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:5aa0d27f15e49ea597c8097cfdb755b8
: end
SITE2:
ASA Version 8.2(5)
hostname test-luba
domain-name test.eg
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
description "Sortie Interco-Internet"
switchport access vlan 2
interface Ethernet0/1
description "management"
switchport access vlan 10
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.3.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 10.22.19.5 255.255.255.0
interface Vlan10
nameif mgmt
security-level 0
ip address 10.12.1.101 255.255.0.0
ftp mode passive
dns server-group DefaultDNS
domain-name test.eg
object-group network LAN-MALABO
description LAN DE MALABO
network-object 192.168.1.0 255.255.255.0
object-group network LAN-BATA
description LAN DE BATA
network-object 192.168.2.0 255.255.255.0
object-group network LAN-LUBA
description LAN DE LUBA
network-object 192.168.3.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
mtu mgmt 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list inside_nat0_outbound
route outside 0.0.0.0 0.0.0.0 10.22.19.254 1
route outside 192.168.1.0 255.255.255.0 10.22.19.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map0 1 match address outside_1_cryptomap
crypto map outside_map0 1 set pfs group1
crypto map outside_map0 1 set peer 10.22.19.254
crypto map outside_map0 1 set transform-set ESP-3DES-SHA
crypto map outside_map0 interface outside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 10.12.0.0 255.255.0.0 mgmt
telnet timeout 30
ssh 192.168.3.0 255.255.255.0 inside
ssh 10.12.0.0 255.255.0.0 mgmt
ssh timeout 30
console timeout 0
management-access outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 15
tunnel-group 10.22.19.254 type ipsec-l2l
tunnel-group 10.22.19.254 ipsec-attributes
pre-shared-key *****
isakmp keepalive threshold 60 retry 5
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:185bd689118ba24f9a0ef2f7e80494f6
Can anybody help why my remote site can't connect to Internet.
REgards,
Raitsarevo
Hi Carv,
Thanks for your reply. i have done finally
i used no crypto ipsec nat-transparency udp-encapsulation in my end router only.
and in remote access VPN i have enabled UDP for client configuration. the most imprtant is i have given IP add of same LAN pool to VPN user,
Regards,
Satya.M
Similar Messages
-
How to set up NAT for two servers using same port with ASDM ASA 5505
Hi there,
We have a new installation of a ASA 5505 and are trying to get some NAT issues straightened out. Here is the scenario: On our internal network, we have two servers running Filemaker Server, a relational database server that clients connect with using port 5003. Our goal is to be able to allow users from the outside to access either of these servers as needed. I know how to set up a simple static NAT rule and matching Access rule in ASDM which would be fine for a case in which only one server using a given port is running on a network, but for simple static rules I seem to be blocked from entering a different translated port number from the orginal port number, which becomes a problem when two servers we need to access from the outside are running software using the same port number.
What is the simplest way to address this need? I am guessing that I need to set up a scenario like this, where port 5004 (or any arbitrarily choosen unused port, can be used to access the second server:
Outside user enters FQDN:5004 and this translates to Database server # 1 as 192.168.1.40:5003
and
Outside user enters FQDN:5003 and this translates to Database server # 1 as 192.168.1.38:5003
If so, what is the easist way to get this done? Or is there a better what to handle this scenario?
Thanks in advance,
JamesI would create two objects and use object NAT
object network Obj_5004
host 192.168.1.40
object network Obj_5004
nat (inside,outside) static service tcp 5003 5004
object network Obj_5003
host 192.168.1.38
object network Obj_5003
nat (inside,outside) static service tcp 5003 5003
Of course you will need to open your outside interface for tcp ports 5003 and 5004 to make this happen -
Creative Internet Camera Live for Remote Monitoring
I can not get the DDNS domain name feature to install. I get a message that says user name already being used. I have tried numerous versions of names and get the same message. Also, at one point in the install process I get a message that the DDNS site is not responding and try again.
You can access your camera from the internet by the address of your internet connection. Usually, this is the outside interface on the router connected to your cable modem, or the address of your dsl modem. This should show as the remote IP address on the Home display for your camera. (If it doesn't, something is wrong!)
Then, provided you have done the dmz thing for your camera, you can go to someplace outside and you should be able to reach your camera by that ip address. For example:
http://66.42.3.97/ And you should get a prompt to login to your camera...
Took me a few tries but I got both the ip address and the creativeddns to work.
cath -
Shared Review problem for remote review SME
One of my SMEs works offsite via a VPN connection. When she tries to participate in the shared review process from the PDF location on the network drive, she has display problems (all the text is highlighted in black) and she can't "connect" to see other's comments. The PDF displays fine if she downloads it to her hard drive she can see shared comments but of course is then unable interact with the shared process.
She's developed an elaborate and time consuming work around, but I need a solution for her problem. She's using the current version of Reader and I'm generating PDFs using Acrobat 9 Pro Extended.
This is not an issue for any of my other offsite SMEs.
Thoughts?What are the instructions for Acrobat Pro v11.0.10?
There is no option to save as "Archive copy" only "PDF-X/A" but that returns an error that it can't be saved.
All instances of Shared Review sessions have been removed from the the "Tracker..." dialog, but I am still getting server pings. By all rights, there should be no more pings to any server. When I am actually in my network where the server is visible, Adobe is connecting without my permission.
How can I get the server pings to completely stop in Acrobat Pro v11.0.10? -
S2S VPN - ASA 5505 to ASA 5540 - Routing Problems
I'm a software developer (no doubt the issue) trying to setup my remote office (5505) to the main office (5540). No problem getting the S2S VPN up, but I definitely have problems with the routing. Using tracert, it shows it going into the remote network for a couple of hops, but then timing out. Packet tracer shows everything is fine. Using my client VPN credentials to the remote network, same on the return path...does a few hops, then gets lost. I've stripped down the config to the basics and ensured it isn't security settings on both ends, but still doesn't work. I've spent A LOT of hours trying to get this to work, so thanks for any assistance!
Current running config:
ASA Version 8.2(5)
hostname asa15
enable password XXXXX encrypted
passwd XXXXX encrypted
names
name 10.0.0.0 remote-network
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 172.16.5.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
ftp mode passive
access-list outside_1_cryptomap extended permit ip 172.16.5.0 255.255.255.0 remote-network 255.0.0.0
access-list inside_nat0_outbound extended permit ip 172.16.5.0 255.255.255.0 remote-network 255.0.0.0
access-list inside_access_in extended permit ip 172.16.5.0 255.255.255.0 remote-network 255.0.0.0
access-list inside_nat0_outbound_1 extended permit ip 172.16.5.0 255.255.255.0 remote-network 255.0.0.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm location remote-network 255.0.0.0 inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound_1
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 99.X.X.7 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 172.16.5.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec security-association lifetime seconds 3600
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 99.X.X.7
crypto map outside_map 1 set transform-set ESP-AES-128-SHA
crypto map outside_map 1 set reverse-route
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 28800
vpn-addr-assign local reuse-delay 5
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 172.16.5.100-172.16.5.130 inside
dhcpd auto_config outside interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
tunnel-group 99.X.X.7 type ipsec-l2l
tunnel-group 99.X.X.7 ipsec-attributes
pre-shared-key XXXXX
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
: endjust out of curiosity, why do you have
route outside 0.0.0.0 0.0.0.0 99.X.X.7 1
You already set your default route through DHCP setroute under the interface. this could be the issue.
If your VPN config is ok and you are seeing encaps/decaps, it is likely a routing issue.
Does the remote device have the correct default gateway?
May be a Natting issue if you have a one-way tunnel (usually send but no receive)...
Patrick -
How to create accounts for remote users in 1841
Hi,
I was wondering how can i create accounts for remote users to be able to vpn please ? I have setup the vpn server successfully.
Regard,Hello.
I believe that you can try this:
Router# configure terminal
Router (config)# password encryption aes
Router (config)# crypto ipsec client ezvpn ezvpn1
Router (config-crypto-ezvpn)# username server_1 password 0 blue
if you are using easy vpn.
from: http://cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b7d.html -
Dear All,
I have a problem with the configuration of the ACL of my ASA 5505 router.
However, the syntax seems okay
access-list 121 extended deny icmp 192.168.0.0 255.255.255.0 any
Thanks for your helpHi,
Its hard to say when I cant see your whole configuration.
Have you attached the ACL to an interface on the ASA?
access-group 102 in interface
Only then the ACL will have some effect on the traffic. Though remember to allow other traffic in the SAME ACL. Otherwise you will block all traffic from behind the interface to which you attach this ACL.
However this ACL wont block ICMP between the hosts on the same network naturally.
- Jouni -
Hi, every time i try downloading ios5 it reaches 100% and then the connection times out and nothing happens after that; though the internet connection is fine as i can access other sites etc. what could be the problem?i tried using 2 different modems. Where can i download the ios5 from as my itunes is on my desktop which uses windows xp. Please help
Download iOS 5.1
iOS 5.1 (build 9B176) is compatible with iPad 1, iPad 2, iPhone 3GS, iPhone 4, iPhone 4S, iPod touch 3rd & 4th gen, and iPad 3. Additional builds are available for Apple TV 2 and Apple TV 3. The below download links are all direct downloads of iOS 5.1 from Apple.
iPad 1
iPad 2 Wi-Fi
iPad 2 GSM (AT&T)
iPad 2 CDMA (Verizon)
iPad 2,4
iPhone 3GS
iPhone 4 GSM (AT&T)
iPhone 4 CDMA (Verizon)
iPhone 4S
iPod touch 3G
iPod touch 4G
iPad 3 Wi-Fi
iPad 3 GSM
iPad 3 CDMA
Apple TV 2 (9B179b1)
Apple TV 3 (9B179b1)
Source: http://osxdaily.com/2012/03/07/ios-5-1-download/ -
Routing Issue for Remote Access Clients over Site to Site VPN tunnels
I have a customer that told me that Cisco has an issue when a customer has a topology of let's say 3 sites that have site to site tunnels built and a Remote Access client connects to site A and needs resources at Site B but the PIX won't route to that site. Has this been fixed in the ASA?
Patrick, that was indeed true for a long time.
But now it is fixed in PIX and ASA version 7.x.
Please refer to this document for details:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml -
direct2d acceleration on FF4 causes really bad font rendering problems for my site.
Text goes on to of each other and behind pictures making it impossible to read for some parts. Disabling HW acceleration fixes the problem. Is there a script that I could use to disable it automatically for my site?In fact updating my graphics was the cause of the problem. With the old drivers there were no problems. It depends on the system. So far I've tested on 6 Windows PC's. on 2 of them it worked fine. My site should be 100% W3C compliant. It works fine on 3.6, Chrome, IE and Opera
-
Can we implement site catalyst for Remote desktop app like MS dynamics NAV?
Can we implement site catalyst for Remote desktop app like MS dynamics NAV?
please throw some insightHi,
Thank you for posting in Windows Server Forum.
Does this happens for this particular application?
For a test you can publish Notepad\WordPad as RemoteApp and check whether facing same issue. Please check the result and let us know. If it’s working normally then might seems there is some configuration issue with MS Dynamics App.
Does this happens for all user or specific users?
Which version of RDP Client you are using for client system?
Try to install RDP 8.1 for better feature.
Update for RemoteApp and Desktop Connections feature is available for Windows
http://support.microsoft.com/kb/2830477
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support -
IPv6 deployment problem for multiple site
Dear Expert,
I have a question about the deployment of IPv6 on two different site and the requirement is that client may need to auto switchover to another site while one of the ASR1002 is failure. I have using two different prefix on two sites with IPv6 stateless autoconfig like above diagram. Different prefix used for each site due to each site should use there own IPv6 prefix for Firewall Stateful(Default gateway point to local site firewall only). Client will retrieved two IPv6 addresses at the same time and it seems workable on Vista PC and Mac(Mac haven't select the High DRP one but work fine) and I haven’t try for other mobile device (have WiFi device for vlan100). Is it a valid solution? Any other solution for multiple site deploy IPv6 with Firewall no NAT enabled?
Thank you very much!
Regards,
KawaiiOne option would be to tweak the OS prefix policy table to prefer v4 to v6. On Linux this is in /etc/gai.conf; on windows you'd run "netsh interface ipv6 set prefixpolicies ...". The side effect would be that you'd only do v6 with the v6-only sites, not with the dual-stack sites.
-
I've been paying for Adobe Premiere pro for the past three month and today, despite the fact that i have paid already for the upcoming month, i cannot access it because of an "intenet connexion problem". But I'm connected and I have the right ID. What should I do?
Lanakivee
Try this it worked for me Pat Willener gave it to me off the site :
I have not read all you wrote, so I may have missed some points. As I understand it, you installed FP 10 on IE7, but it won't play any Flash content?
Try this
download the FP uninstaller from http://www.adobe.com/go/tn_14157
close all browser windows, then run the uninstaller
download the offline ActivX installer for Internet Explorer from http://fpdownload.macromedia.com/get/flashplayer/current/install_flash_player_ax.exe
close all browser windows, then run the installer -
Move Internet facing site and remove Exchange site
Background:
I am running Exchange 2010 in native mode
I have multiple AD sites connected via WAN
I have two sites each with an Exchange CAS, HT, Mailbox server and internet connections
I have one Edge server in the DMZ at the internet facing site A
All mail currently flows in/out through site A via connectors
OWA is currently hosted on the CAS/HT server at site A
I have installed a new Edge server in the DMZ of site B and cloned the configuration.
I am planning the move of the internet facing site to the new site where the other Exchange CAS/HT server resides.
Once the mail flow is occurring correctly in/out site B, I need to move all mailboxes to site B and shut down the Exchange server at site A.
Questions:
When I create the Edge Subscription at the new site, it offers to create a new send connector. The CAS/HT server at site B already has a send connector to site A. Will the new send connector cause mail flow problems if it is pointing to
the new Edge server that is not yet updated on public DNS? I am trying to do this in stages and I am not ready to change mail flow to site B internet.
What needs to happen to move OWA to the Exchange server at site B?
Once site B is handling OWA, all mail flow, and all mailboxes have been moved to that site, can I simply shut down the site A Exchange server?
Thanks for any input on how best to plan this move. If there is any documentation for this specific scenario, I work well from instructions but have not seen anything on the internet.1. Sending can happen from both sites, regardless of where your MX records point. In fact, you don't need an MX record to send email - just to receive. So the new send connector in Site B won't cause issues with mail flow - messages will
go out B and come in A until you rehome your MX record.
2. In order to move OWA to Site B, your external records for your OWA site need to point to the external IP address that will connect to the Site B CAS (and hopefully, you have it behind a firewall of some sort).
3. Not quite - you need to move your OAB generation to the new site, and make sure that all CAS virtual directories in the new site are configured to handle the connections that currently go to Site A. See the following for what you need to do
to decommission your Site A Exchange servers - but where it says "Exchange 2013", think "Site A Exchange servers":
http://technet.microsoft.com/en-us/library/ee332361(v=exchg.141).aspx -
<blockquote>Locked by Moderator.
Please continue the discussion in this thread: [tiki-view_forum_thread.php?locale=en-US&comments_parentId=688606&forumId=1]
Thanks - c</blockquote>
== Issue
==
I have another kind of problem with Firefox
== Description
==
zzxc: When I click on a link in my email it doesn't go to the page. It is a blank page. It will work in internet explorer. When I sign in at certain sites, it doesn't redirect. Why is that?
I am still having the same problem. I did what you said to do, but it didn't help. I cleared all of firefox's cache and still doesn't work.
== Firefox version
==
most recent
== Operating system
==
Windows 7
== Plugins installed
==
just windows,itunes, flashI have not found a way for the email hypertext to go to the FaceBook App, but I no longer click on the hypertext as I know whatever information or posting it is directing me to in FaceBook will show up when I open my FaceBook App. I also have noticed that many pop-ups on the Browser don't actually know if you already have the software they are promoting.
Maybe you are looking for
-
I have a case where the user makes a contract with a vendor for 2 yrs, and pays him on a quarterly basis. I can create a standard PO for the entire amount at the beginning. Then, as and when bills are paid to the vendor, create PO matching invoices a
-
how can i query in oracle 9i using sqlplus to get the fields in each table
-
Create new photo album on ipad2
Is there a way to add new photo albums using the ipad2?
-
BAPI to create Material master record
Hi All, I need to create a new material master record using a reference Mterial number. Please let me know, if there is any BAPI to achieve this.
-
Installing Mac OS version 10.0.4 for a Power Mac G4
Wondering if anyone can help me, I spent all day trying to reinstall the Mac OS version 10.0.4 software that came with the computer in the first place. Decided we needed to restore our Power Mac G4 to its original state. I know, its 8 years old! LOL.