Ip forwarding and weak host difference?
Hi, this is a somewhat hypothetical question about 2008 R2, but here goes... in situations where the NIC that can route the reply packet isn't the one that the packet arrived on, we know that the packet is dropped. Reading posts and blogs, I see that ip
forwarding is suggested. That makes sense. I also see weak host suggested. That also makes sense. Some posts rather breezily suggest either as if they're the same (which they're not)! This http://workinghardinit.wordpress.com/2010/07/23/reflections-on-getting-windows-network-load-balancing-to-work-part-2/ intriguingly
says that using weak hosts is "more atomic" but doesn't explain further. That got me thinking: in situations where either will work, which is best? Is there a best practice? Or, is one more scalable, future proofed, granular etc?
"If you enable the forwarding only, then the mode can possibly be the weak host mode but not the strong host mode.
But if you enable the weak host mode only, then the mode can possibly be the weak host mode but not the strong host mode."
They say the same thing - so does this mean that forwarding and weak host are actually the same? (I suspect that there
is a typo there!)
"Besides, "weak host mode" is the concept to "IP layer" while the "forwarding" is the concept to A"router".
I get that weak host is an IP concept and forwarding is all about routing, but that really only explains it conceptually (as in "one is
to do with routing but the other is to do with IP"). What I'm trying to get to the bottom of is: what
in practice is the difference?
I'm OK if someone says "actually there's no difference at all - two commands written by two different developers that were intended to be different but turned out to do exactly the same thing in practice". ;)
Similar Messages
-
Difference between forward and redirect
difference between forward and send redirect
+ a Redirect will change the URL in the browser, whereas a forward will not.
+ a Redirect can be any URL, whereas a forward has to be directed to a resource within the container,
+ a Redirect MUST be an absolute URL (though the Servlet functions will do this for you).
+ a Redirect, being a new request, triggers filters, whereas a forward does not. -
Difference Between Port Forwarding and Port Triggering.
Hi guys,
I'm lost! The differences between port forwarding and port triggering is driving me nuts! It all seems very subtle to me. Can anyone explain to me (in a very simple way) what exactly are their differences. Thanks in advance!!Port Forwarding
The big difference between this and port triggering is that forwarding is fixed.. you forward a port and it is always forwarded.. IE available to connection.. basically the forwarded port is excluded from the fire walling abilities of the router. Second it is static and applies to one machine only. Whereas you could set port triggering to the router and thereafter any machine on the LAN can trigger it unless its already in use.. port forwarding must be specified for each individual machine.
Port forwarding requires you to give each PC on the network its own unique static IP address.. Although there is ssh port forwarding that can be set dynamically. Most users only have the option of static ip port forwarding.
The real downside of port forwarding is that it can be very tricky to set up... You may have to allow a series of ports on a machine and have to do that for each machine you want to allow through. Also routers often have limited abilities and may not allow you the ability to forward a port or select the service you require.
Port Triggering
This is a way of Dynamically assigning a service to a port WHEN it is required by an outgoing service. The port is initially not allowed so nothing can get in and you are protected by your network.
A good example of this is when using Yahoo! voice .. the voice works fine for a few minutes after you connect to Yahoo! then Yahoo! sends some kind of packet that requires a response from your PC... The packet is allowed in through your router no prob but the outgoing reply is not authorized to open a port on the router and is thus blocked.
'ope this helps -
Set Forwarder mail between hosting company and MS online exchange
Hello,
This is Dharam from Ahmedabad, I can be contacted on 9638208855 ([email protected]).
I wants to use ms online exchange for some of users in my company. I have 10 users having mail ids with hosting company and 2 users are having exchange plan with other company by forwarding mails to particular link on 123together.com
Yesterday, i have signup for free 365 account for 1 month, as i am expected to buy only mail exchange plan for 5 users but after getting my requirements.
I have set the forwarder to mail id i am able to receive through the [email protected] on all application of mail such as on desktop, mobile, owa etc... but while i am replying to those users its using id [email protected]
which can be used by [email protected] which my domain and forwarded to online exchange services.
As my boss is having exchange plan with 123together.com i have observed that they are using forwarder and same thing but receiving and sending mail from [email protected] on all the application of mail, they didn't even asked for domain setup.
So i want to clear some my confusion before to proceed for the paid services, that can i able to serve this service for some users and some can be able to use the existing one without exchange on the hosting company by forwarding some users to online exchange.
I hope to hear more from you.
Dharam Kappadiya.
9638208855Hi Matthew,
Thanks for the reply,
My concern is i don't want to transfer my whole domain to MS Online Exchange just wants to create Account and wants to set forwarder to my [email protected] from MS to etc... and from hosting company i have to set forwarder for [email protected]
to usera@.... whatever the id has been created.
So is it possible to do this because while setting up an account users its asking for DNS MX Record and TXT, which is for the whole domain users and i don't wants to do than.
So Please guide me before i can go somewhere else. -
Opening and closing balance difference is showing from 2010 to 2011 F.year
Dear All,
Opening and closing balance difference is showing for Main Cash(Cash in h)
End of fiscal year 2010 closing Balance 85,451,909.70
Opening Balance 2011 is showing as 85,450,909.70
Rs 1000 difference is coming.
Please suggest if any Note is there?Hi,
Somes after year end for audit / management adjustment entries postings done with previous year.
Execute N no of times Balance carry forward T.Code: FAGLGVTR until you get your closing balances & opening balances are the same. it is not harm to execute again & again.
up to 4.7EE for balance transfer you can use T.Code:F.16 from ECC 5 / 6 use tcode for balance transfer FAGLGVTR
Regards,
Viswa
Edited by: viswanatha s on Nov 4, 2011 12:54 PM -
G/L roll forward and Asset Roll forward
HI
Can some body explain me a G/L roll forward and Asset Roll forward I am new this topic is there roll forwards please explain me in detail in which situation we are using this roll forward.
Thanks In advance,
Regards,
Lakshmi narayanaHi,
Please refer to the following activities for 2007 Year End Closing. This document will consist of steps for Verification and Processing Activities for R/3 system activities.
The areas of SAP which will be affected are:
General Ledger
Accounts Payable
Asset
CO
Verification Steps:
Assets:
1. Check all incomplete Assets in the system for 2007
2. Settle all AUCs
3. Do all system adjustments for Assets
4. Make sure all Depreciation is posted
FI:
1. Make sure all payment runs are complete
2. Open new period for new year
3. Do all GL/AP Adjustments
4. Post all Park documents
Process Steps:
Asset:
1. ABST2; Reconciliation Program. List of differences between FI-AA/GL
2. AFRW; Asset Fiscal Year
3. AJRW; Asset Fiscal Year Change. This closes the FY
AP/AR:
1. F.07: Customer/Vendor Balance Carry forward
GL:
1. FAGLGVTR or F.16: GL balance Carry Forward
2. OB52: Close all periods for 2007. Will only open period 1-1, 2008
CO:
1. OKP1; Lock Actual & Plan
2. 2KES
Hope this helps,please assign points.
Thanks,
Rau -
Love the iPhone but we have noticed in our business that it simply doesn't support all the ActiveSync protocols. The most notable one is Smart-Forward and Smart-Reply.
The net result of this is (1) we risk losing formatting when forwarding emails (particularly "embedded" or attached emails, which get mixed in to the main email body on forward); (2) large attachments need to be forwarded in full locally on the handset rather than on the server side (as with BlackBerrys and other devices), resulting in huge data bills when roaming, long sending times and also difficulty when in spotty reception areas; and (3) header information is not maintained as with Outlook.
We have been submitting feedback to Apple from the outset, with no resolution in sight or acknowledgement that this is even a problem. It also does not appear to be fixed in the forthcoming iOS 4.1.
Does anyone know of a workaround to get Smart-Forward or Smart-Reply working on a iOS device? Everyone in our company has been forced back to their BlackBerrys for the time being as IT have said the iPhones are too unreliable for business email and that Apple are doing nothing to rectify the issue. It's a shame as we like the devices for everything save for their rubbish business email support.
ThanksYou are not alone. - The missing of SmartReply/SmartForward is the biggest disadvantage of iOS for business users.
All mobile devices with ActiveSync use the SmartReply protocol, so the mail never really leaves Exchange and mails are replied/forwarded in seconds. The devices only send their answer texts to the server and the server compiles the reply. Apple left out this protocol and uses the standard SendMail protocol. This means: to forward an attachment you have to download it to the iPhone/iPad and upload it again. Since mobile devices are used mobile it becomes nearly impossible to forward a bigger attachment. Worst, the iPhone only allows 9 MB to download. So forwarding a file bigger than 9 MB is just not possible.
We as a record company need to forward big attachments (MP3s, TIFs…) from our mobile devices all the time and none of the other mobile OS’s is as easy to use as the iPhone OS. We have tried Android, WebOS, etc. But when it is getting hectic and you have to rely on the hard- & software to do its job the iPhone is the only accepted device (except BB and WM that have no entertainment factor which is important too because this let the employee stay connected to the team even in the free time.
The reply behavior of the iPhone Mail.app is unfortunately similar to most of the IMAP mailers:
The source code of a HTML mail is modified when replying and codes which Outlook has put there for reason are deleted or transformed so that the original mail comes back with a different layout.
You can test it by yourself, if you have Outlook (2007/2010). Send yourself a HTML e-mail with two lines and reply it once from iPhone and once from Outlook, OWA or any ActiveSync device except iPhone OS. Then compare the source codes. You'll see the difference. The most obvious effect is the double line space in Outlook now. You sure know that the HTML code for "new line" is "br". But when you hit Enter in Outlook it generates a special Office paragraph "o:p" instead of a standard line break "br".
As long as all users communicate with Outlook it doesn't matter, because "o:p" are shown as "new line". But as soon as the conversation leaves Outlook/OWA/ActiveSync (e.g. iPhone) and comes back "o:p" has become "p" which means that all lines are now double spaced.
SmartReply would solve all this. Forwarding a 50 MB is done in no time and all Office codes are being kept.
Our workaround so far: We have set up our own Exchange server and installed the Exchange add-on “OWA for PDA” (http://www.leederbyshire.com/OWA-PDA.asp). We redesigned it to be iPhone friendly, use HTML and some other things. We now have a fast and reliable webmailer for the iPhone’s Safari which also allows access to (really) everything that is supported by the Ex210 Outlook Web Access. 99% of all features like flagging of emails are possible with the add-on.
We are currently working on an offline Web App based on jQTouch, so that the webmailer becomes similar to the (well designed) Mail.app in iOS and stores as many information as possible for offline access.
We are currently looking for partners to return some of the cost of developing all this. So if you or anyone is interested in a cooperation please contact me.
Sebastian -
Asymmetric NAT rules matched for forward and reverse flows - NAT Issue
Having a problem with a VPN site trying to communicate to a subnet off my ASA 5505. The network is simple, VPN IPSEC remote site is 192.168.6.0/24 and I can ping and access hosts on 192.168.10.0/24 (called InfraNet). I am now trying to allow communications between 192.168.6.0/24 (called FD_net) to 192.168.9.0/24 (called Inside)
The Error:
5 Nov 12 2012 13:52:50 192.168.9.19 Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src outside:192.168.6.11 dst inside:192.168.9.19 (type 8, code 0) denied due to NAT reverse path failure
I understand this is a NAT issue; but I not seeing the error and could use a second set of eyes. Here's my current running configuration.
: Saved
ASA Version 8.3(2)
hostname fw1
domain-name xxxxxxxx.xxx
enable password <removed>
passwd <removed>
names
interface Vlan1
description Town Internal Network
nameif inside
security-level 100
ip address 192.168.9.1 255.255.255.0
interface Vlan2
description Public Internet
nameif outside
security-level 0
ip address 173.xxx.xxx.xxx 255.255.255.248
interface Vlan3
description DMZ (CaTV)
nameif dmz
security-level 50
ip address 192.168.2.1 255.255.255.0
interface Vlan10
description Infrastructure Network
nameif InfraNet
security-level 100
ip address 192.168.10.1 255.255.255.0
interface Vlan13
description Guest Wireless
nameif Wireless-Guest
security-level 25
ip address 192.168.1.1 255.255.255.0
interface Vlan23
nameif StateNet
security-level 75
ip address 10.63.198.2 255.255.255.0
interface Vlan33
description Police Subnet
shutdown
nameif PDNet
security-level 90
ip address 192.168.0.1 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport trunk allowed vlan 1,5,10,13
switchport trunk native vlan 1
switchport mode trunk
speed 100
duplex full
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
interface Ethernet0/4
switchport trunk allowed vlan 1,10,13
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/5
switchport access vlan 23
interface Ethernet0/6
shutdown
interface Ethernet0/7
switchport trunk allowed vlan 1
switchport trunk native vlan 1
switchport mode trunk
shutdown
banner exec Access Restricted to Personnel Only
banner login Access Restricted to Personnel Only
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name xxxxxxx.xxx
same-security-traffic permit inter-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object service IMAPoverSSL
service tcp destination eq 993
description IMAP over SSL
object service POPoverSSL
service tcp destination eq 995
description POP3 over SSL
object service SMTPwTLS
service tcp destination eq 465
description SMTP with TLS
object network obj-192.168.9.20
host 192.168.9.20
object network obj-claggett-https
host 192.168.9.20
object network obj-claggett-imap4
host 192.168.9.20
object network obj-claggett-pop3
host 192.168.9.20
object network obj-claggett-smtp
host 192.168.9.20
object network obj-claggett-imapoverssl
host 192.168.9.20
object network obj-claggett-popoverssl
host 192.168.9.20
object network obj-claggett-smtpwTLS
host 192.168.9.20
object network obj-192.168.9.120
host 192.168.9.120
object network obj-192.168.9.119
host 192.168.9.119
object network obj-192.168.9.121
host 192.168.9.121
object network obj-wirelessnet
subnet 192.168.1.0 255.255.255.0
object network WirelessClients
subnet 192.168.1.0 255.255.255.0
object network obj-dmznetwork
subnet 192.168.2.0 255.255.255.0
object network FD_Firewall
host 74.94.142.229
object network FD_Net
subnet 192.168.6.0 255.255.255.0
object network NETWORK_OBJ_192.168.10.0_24
subnet 192.168.10.0 255.255.255.0
object network obj-TownHallNet
subnet 192.168.9.0 255.255.255.0
object network obj_InfraNet
subnet 192.168.10.0 255.255.255.0
object-group service EmailServices
description Normal Email/Exchange Services
service-object object IMAPoverSSL
service-object object POPoverSSL
service-object object SMTPwTLS
service-object tcp destination eq https
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group service DM_INLINE_SERVICE_1
service-object object IMAPoverSSL
service-object object POPoverSSL
service-object object SMTPwTLS
service-object tcp destination eq pop3
service-object tcp destination eq https
service-object tcp destination eq smtp
object-group service DM_INLINE_SERVICE_2
service-object object IMAPoverSSL
service-object object POPoverSSL
service-object object SMTPwTLS
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group network obj_clerkpc
description Clerk's PCs
network-object object obj-192.168.9.119
network-object object obj-192.168.9.120
network-object object obj-192.168.9.121
object-group network TownHall_Nets
network-object 192.168.10.0 255.255.255.0
network-object object obj-TownHallNet
object-group network DM_INLINE_NETWORK_1
network-object 192.168.10.0 255.255.255.0
network-object 192.168.9.0 255.255.255.0
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any interface outside
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any host 192.168.9.20
access-list StateNet_access_in extended permit ip object-group obj_clerkpc any
access-list outside_2_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 object FD_Net
pager lines 24
logging enable
logging asdm debugging
logging mail errors
logging from-address hostmaster@xxxxxxxxx
logging recipient-address john@xxxxxxxxx level errors
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu Wireless-Guest 1500
mtu StateNet 1500
mtu InfraNet 1500
mtu PDNet 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-635.bin
no asdm history enable
arp timeout 14400
nat (InfraNet,outside) source static TownHall_Nets TownHall_Nets destination static FD_Net FD_Net
nat (inside,outside) source static TownHall_Nets TownHall_Nets destination static FD_Net FD_Net
object network obj_any
nat (inside,outside) static interface
object network obj-claggett-https
nat (inside,outside) static interface service tcp https https
object network obj-claggett-imap4
nat (inside,outside) static interface service tcp imap4 imap4
object network obj-claggett-pop3
nat (inside,outside) static interface service tcp pop3 pop3
object network obj-claggett-smtp
nat (inside,outside) static interface service tcp smtp smtp
object network obj-claggett-imapoverssl
nat (inside,outside) static interface service tcp 993 993
object network obj-claggett-popoverssl
nat (inside,outside) static interface service tcp 995 995
object network obj-claggett-smtpwTLS
nat (inside,outside) static interface service tcp 465 465
object network obj-192.168.9.120
nat (inside,StateNet) static 10.63.198.12
object network obj-192.168.9.119
nat (any,StateNet) static 10.63.198.10
object network obj-192.168.9.121
nat (any,StateNet) static 10.63.198.11
object network obj-wirelessnet
nat (Wireless-Guest,outside) static interface
object network obj-dmznetwork
nat (any,outside) static interface
object network obj_InfraNet
nat (InfraNet,outside) static interface
access-group outside_access_in in interface outside
access-group StateNet_access_in in interface StateNet
route outside 0.0.0.0 0.0.0.0 173.166.117.190 1
route StateNet 10.0.0.0 255.0.0.0 10.63.198.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable 5443
http 192.168.9.0 255.255.255.0 inside
http 74.xxx.xxx.xxx 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs
crypto map outside_map 2 set peer 173.xxx.xxx.xxx
crypto map outside_map 2 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.9.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.9.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd dns 208.67.222.222 208.67.220.220
dhcpd lease 10800
dhcpd auto_config outside
dhcpd address 192.168.2.100-192.168.2.254 dmz
dhcpd dns 8.8.8.8 8.8.4.4 interface dmz
dhcpd enable dmz
dhcpd address 192.168.1.100-192.168.1.254 Wireless-Guest
dhcpd enable Wireless-Guest
threat-detection basic-threat
threat-detection statistics host number-of-rate 2
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 63.240.161.99 source outside prefer
ntp server 207.171.30.106 source outside prefer
ntp server 70.86.250.6 source outside prefer
webvpn
group-policy FDIPSECTunnel internal
group-policy FDIPSECTunnel attributes
vpn-idle-timeout none
vpn-tunnel-protocol IPSec l2tp-ipsec
username support password <removed> privilege 15
tunnel-group 173.xxx.xxx.xxx type ipsec-l2l
tunnel-group 173.xxx.xxx.xxx general-attributes
default-group-policy FDIPSECTunnel
tunnel-group 173.xxx.xxx.xxx ipsec-attributes
pre-shared-key *****
smtp-server 192.168.9.20
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:e4dc3cef0de15123f11439822880a2c7
: end
Any ideas would be appreciated.
JohnI don't see any inspection-commands in your config. Is there a reason for not using any of them?
If your problem is only with ICMP, then you should enable at least icmp-inspection. You can do that easiely with the legacy command " fixup protocol icmp"
Sent from Cisco Technical Support iPad App -
Hi,
I have an ASA5510 running version 8.2(5). I have set up a new network on interface Ethernet0/1.777 of the fwl. The firewall works perfectly with remote access VPNs but has now given me the error with the new network that has been set up:
%ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside:10.159.159.3/49204 dst tru777:10.1.34.19/3389 denied due to NAT reverse path failure
The difference between the other networks and the new one that I have set up is that this is the first one using a private addressing scheme. I understand that NAT is not allowing something along the way but I cant figure out what needs to change in order to get it to work. My config is as follows:
interface Ethernet0/1.777
description TRU 777
vlan 777
nameif tru777
security-level 50
ip address 10.1.34.17 255.255.255.240 standby 10.1.34.18
access-list acl_tru777 remark * ALLOW ALL OUTBOUND *
access-list acl_tru777 extended permit ip any any
access-list RA-VPN extended permit ip 10.1.34.16 255.255.255.240 10.159.159.0 255.255.255.0
access-list acl_no-nat extended permit ip 10.1.34.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list acl_no-nat extended permit ip 10.1.34.0 255.255.255.0 172.16.0.0 255.240.0.0
access-list acl_no-nat extended permit ip 10.1.34.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list acl_ra-lock-tru777 extended permit ip 10.1.34.16 255.255.255.240 10.159.159.0 255.255.255.0
access-list acl_ra-lock-tru777 extended permit ip 10.159.159.0 255.255.255.0 10.1.34.16 255.255.255.240
ip local pool ra-pool 10.159.159.0-10.159.159.254 mask 255.255.255.0
nat (tru777) 4 access-list acl_no-nat
nat (tru777) 2 10.1.34.16 255.255.255.240
global (outside) 2 x.x.x.x
crypto isakmp nat-traversal 20
I think that is everything you should need, if not please just ask.
Thank you very much in advance,
ChrisHi Julio,
Here you go:
FWL01# sh nameif
Interface Name Security
Ethernet0/0 outside 0
Ethernet0/1 CLIENTS 50
Ethernet0/1.314 tru01 50
Ethernet0/1.313 dmz01 50
Ethernet0/1.316 tru02 50
Ethernet0/1.776 dmz776 50
Ethernet0/1.777 tru777 50
Management0/0 management 100
FWL01# sh run nat
nat (tru02) 1 192.168.3.0 255.255.255.240
nat (tru777) 4 access-list acl_no-nat
nat (tru777) 2 10.1.34.16 255.255.255.240
FWL01# sh run glob
global (outside) 1 interface
global (outside) 2 x.x.x.x
Thanks,
Chris -
Hi There,
Safari, iTunes, software update iCal not connecting. Firefox is fine.
I have found some archieved discussions about this, but none that went into detail about how to fix problem using proxies - I don't really understand what they are/ do.
I went into the Proxies screen, Only one box was checked, "Use Passive FTP Mode (PASV)" I unchecked it, and made no difference. There was also some stuff written in the "Bypass proxy settings for these hosts and domains" I deleated that and nothing different happened. Have also tried some other DNS numbers, nothing worked yet.
Any suggestions?I still have no idea what was wrong with Safari last week, but I opened it today, and its all working! Hurrah!
Woohoo! I'm a great fan of things fixing themselves. Fingers crossed in New Zealand for no further problems. -
Port Forwarding and Loopback with HomeHub 3B
There have been a number of threads discussing port forwarding and loopback, so I thought it might be useful to summarise my experiences. I have two HomeHub 3Bs on separate lines, one is a standard broadband line, the other is on an Infinity connection. My experience is limited to these two specific devices :-)
Port Forwarding does work but it is "temperamental" and "arcane" in the way you need to set it up. Although I have had it running perfectly, I have also had experiences where the router has refused to "accept" my changes. Tentatively, I put this down to the fact that I was running a Seagate GoFlex network drive on the network and this piece of equipment (definitely a Do Not Buy) was acting aggressively and screwing up the DDNS allocations. But ... YMMV
One definite probllem with Port Forwarding is if you attempt to specify a range of addresses. I have failed to get this to work on both my hubs. In my case I was trying to forward (say) 8021-8022 to 21-22, and the router insisted on forwarding both 8021 and 8022 to port 21. The cure is to set up each port as a separate rule within the same user-defined application.
On Loopback, I know various people have said it doesnt work, but it has always worked fine for me, at both the locations where I have a HomeHub 3B. I use a DDNS service and I can test that my port forwarding is working by opening a Command Prompt window on my PC and typing telnet mydomain.dyndns.web.com 21 or whatever. That command contacts my DDNS host to ascertain my IP address and then (attempts to) connect to port 21.
If port 21 is closed on your router (i.e. you have no port forwarding in place) you will see the message attempting to connect to mydomain.dyndns.web.com... and, after a while that will time out, with Could not open connection to the host, on port 21: Connect failed. If you do have your port forwarding set up correctly then your application will respond in some appropriate mannerr. However, you do need to understand what youre doing, because the response of an application that is expecting HTTP data is simply to do nothing! You will probably get a blank screen. If you type GET / HTTP/1.1 [note spaces] (which is not echoed to your screen, so be careful not to mistype it) you will receive a page of HTTP response data and HTML data. Thus proving that your port forwarding is working.
If you do not have any port forwarding set up at all, you can still test the loopback function by attempting to connect to port 161. This port is open on the BT routers and telnetting to it will result in a blank screen (as opposed to the attempting to connect message).
In summary: loopback works on the Home Hub 3B. Port forwarding also works to a degree but it is temperamental and does have some quirks, like not properly accepting ranges of ports. On this last point, at least, it would be helpful to get an acknowledgement from BT that this is a known fault.There have been a number of threads discussing port forwarding and loopback, so I thought it might be useful to summarise my experiences. I have two HomeHub 3Bs on separate lines, one is a standard broadband line, the other is on an Infinity connection. My experience is limited to these two specific devices :-)
Port Forwarding does work but it is "temperamental" and "arcane" in the way you need to set it up. Although I have had it running perfectly, I have also had experiences where the router has refused to "accept" my changes. Tentatively, I put this down to the fact that I was running a Seagate GoFlex network drive on the network and this piece of equipment (definitely a Do Not Buy) was acting aggressively and screwing up the DDNS allocations. But ... YMMV
One definite probllem with Port Forwarding is if you attempt to specify a range of addresses. I have failed to get this to work on both my hubs. In my case I was trying to forward (say) 8021-8022 to 21-22, and the router insisted on forwarding both 8021 and 8022 to port 21. The cure is to set up each port as a separate rule within the same user-defined application.
On Loopback, I know various people have said it doesnt work, but it has always worked fine for me, at both the locations where I have a HomeHub 3B. I use a DDNS service and I can test that my port forwarding is working by opening a Command Prompt window on my PC and typing telnet mydomain.dyndns.web.com 21 or whatever. That command contacts my DDNS host to ascertain my IP address and then (attempts to) connect to port 21.
If port 21 is closed on your router (i.e. you have no port forwarding in place) you will see the message attempting to connect to mydomain.dyndns.web.com... and, after a while that will time out, with Could not open connection to the host, on port 21: Connect failed. If you do have your port forwarding set up correctly then your application will respond in some appropriate mannerr. However, you do need to understand what youre doing, because the response of an application that is expecting HTTP data is simply to do nothing! You will probably get a blank screen. If you type GET / HTTP/1.1 [note spaces] (which is not echoed to your screen, so be careful not to mistype it) you will receive a page of HTTP response data and HTML data. Thus proving that your port forwarding is working.
If you do not have any port forwarding set up at all, you can still test the loopback function by attempting to connect to port 161. This port is open on the BT routers and telnetting to it will result in a blank screen (as opposed to the attempting to connect message).
In summary: loopback works on the Home Hub 3B. Port forwarding also works to a degree but it is temperamental and does have some quirks, like not properly accepting ranges of ports. On this last point, at least, it would be helpful to get an acknowledgement from BT that this is a known fault. -
Disable SSL v2 and weak cipers on a RV325 for PCI compliance
How do you disable SSL v2 and weak cipers on a RV325 to become PCI compliant?
Hello
per Cisco RVS4000 product site information this router is already end of life since January 30, 2010. Last date of support is also already missed - April 30, 2013. This means that according Cisco policy no further updates to existing firmware will be done - neither security-related fixes. And I am afraid that this is fact with which you have to deal.
regarding RV320 - it seems that there is no any possibility to restrict SSL/TLS protocol/version by your own in current version. Francis - I would recommend you to open service request to Cisco SMB Support if you still have valid support contract. I hope there is good chance to get it fixed as this security related inability.
lastly - for all products (including RVS4000) - I would suggest to keep management interface of router separated most as possible - i.e. restrict access to management interface only to single subnet/host(s) only (via Firewall feature). With having administration/management subnet and certain client(s) which is a part of this subnet can help to avoid eavesdropping your connection to router. Of course disabling remote management is the best thing you can do in any case (including avoid of possible firmware bugs, loggin attempts and so on). -
Asymmetric NAT rules matched for forward and reverse flows
Hi! I don't know why this comes up in the logs when I have configured my vpn like so:
crypto dynamic-map L2L_MAP 50 set reverse-route
crypto dynamic-map OUTSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 40 set pfs
crypto dynamic-map OUTSIDE_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 60 set pfs
crypto dynamic-map OUTSIDE_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime seconds 288000
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime kilobytes 4608000
crypto dynamic-map INSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 20 match address IDP_VPN
crypto map L2L_MAP 20 set peer x.x.x.x
crypto map L2L_MAP 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 40 match address cp_l2l_map_40
crypto map L2L_MAP 40 set peer x.x.x.x
crypto map L2L_MAP 40 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 60 match address bwi_l2l
crypto map L2L_MAP 60 set peer x.x.x.x
crypto map L2L_MAP 60 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 80 match address outside_80_cryptomap
crypto map L2L_MAP 80 set peer x.x.x.x
crypto map L2L_MAP 80 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 65535 ipsec-isakmp dynamic OUTSIDE_dyn_map
crypto map L2L_MAP interface outside
crypto map INSIDE_map 65535 ipsec-isakmp dynamic INSIDE_dyn_map
crypto map INSIDE_map interface inside
I am able to connect successfully via vpn client. Its just that i cant reach the internal servers... Any ideas?
i get this error:
Oct 18 2012 00:52:37: %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for udp src outside:10.10.13.221/137 dst inside:10.10.13.255/137 deniedI put in the important configs:
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.0 standby x.x.x.x
ospf cost 10
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.10.13.5 255.255.255.0 standby 10.10.13.6
ospf cost 10
interface GigabitEthernet0/2
nameif dmz
security-level 50
no ip address
ospf cost 10
interface GigabitEthernet0/2.720
vlan 720
nameif dmz-vsp
security-level 50
ip address 172.24.0.1 255.255.255.0 standby 172.24.0.2
ospf cost 10
interface GigabitEthernet0/2.724
vlan 724
nameif dmz-dbz
security-level 75
ip address 172.24.4.1 255.255.255.0 standby 172.24.4.2
ospf cost 10
interface GigabitEthernet0/2.725
vlan 725
nameif dmz-smtp
security-level 50
ip address 172.24.5.1 255.255.255.0 standby 172.24.5.2
ospf cost 10
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.10.10.50
domain-name xxxx.local
access-list nonatacl extended permit ip 10.10.0.0 255.255.0.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 172.16.0.0 255.255.0.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 192.168.2.0 255.255.255.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 192.168.3.0 255.255.255.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.0.0 255.255.0.0 10.40.14.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.13.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.10.0 255.255.255.0 10.10.13.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.13.0 255.255.255.0 192.168.6.0 255.255.255.0
access-list nonatacl extended permit ip 192.168.6.0 255.255.255.0 10.10.13.0 255.255.255.0
ip local pool inshse-vpn-pool2 192.168.6.220-192.168.6.230 mask 255.255.255.0
global (outside) 201 192.168.16.1-192.168.16.250
global (outside) 202 10.201.5.145-10.201.5.158
global (outside) 4 10.10.13.180-10.10.13.189 netmask 255.0.0.0
global (outside) 101 interface
global (outside) 1 x.x.x.x netmask 255.0.0.0
global (inside) 204 10.10.13.70-10.10.13.79 netmask 255.0.0.0
nat (inside) 0 access-list nonatacl
nat (inside) 201 access-list NAT_TO_IDP
nat (inside) 202 access-list inside2-vsp_nat_outbound
nat (inside) 101 0.0.0.0 0.0.0.0
nat (dmz-vsp) 202 access-list dmz-vsp_nat_outbound
nat (dmz-vsp) 101 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route inside 10.0.0.0 255.240.0.0 10.10.13.1 1
route inside 10.40.1.0 255.255.255.0 10.10.13.1 1
route inside 10.40.2.0 255.255.255.0 10.10.13.1 1
route inside 10.40.3.0 255.255.255.0 10.10.13.1 1
route inside 10.40.4.0 255.255.255.0 10.10.13.1 1
route inside 10.40.13.0 255.255.255.0 10.10.13.1 1
route inside 10.40.254.0 255.255.255.0 10.10.13.1 1
route inside 172.16.0.0 255.255.0.0 10.10.13.1 1
route inside 192.168.2.0 255.255.255.0 10.10.13.1 1
dynamic-access-policy-record DfltAccessPolicy
aaa-server VPN_Auth protocol radius
aaa-server VPN_Auth (inside) host 10.10.2.20
timeout 5
key *****
no mschapv2-capable
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map L2L_MAP 50 set reverse-route
crypto dynamic-map OUTSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 40 set pfs
crypto dynamic-map OUTSIDE_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 60 set pfs
crypto dynamic-map OUTSIDE_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime seconds 288000
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime kilobytes 4608000
crypto dynamic-map INSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 20 match address IDP_VPN
crypto map L2L_MAP 20 set peer x.x.x.x
crypto map L2L_MAP 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 40 match address cp_l2l_map_40
crypto map L2L_MAP 40 set peer x.x.x.x
crypto map L2L_MAP 40 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 60 match address nonatacl
crypto map L2L_MAP 60 set peer x.x.x.x
crypto map L2L_MAP 60 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 80 match address outside_80_cryptomap
crypto map L2L_MAP 80 set peer x.x.x.x
crypto map L2L_MAP 80 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 65535 ipsec-isakmp dynamic OUTSIDE_dyn_map
crypto map L2L_MAP interface outside
crypto map INSIDE_map 65535 ipsec-isakmp dynamic INSIDE_dyn_map
crypto map INSIDE_map interface inside
crypto isakmp enable outside
crypto isakmp enable inside
crypto isakmp enable dmz
crypto isakmp enable dmz-vsp
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
group-policy ihasavpn2_gp internal
group-policy ihasavpn2_gp attributes
dns-server value 10.10.10.52
vpn-tunnel-protocol IPSec
default-domain value xxxx.local
tunnel-group ihasavpn2 type remote-access
tunnel-group ihasavpn2 general-attributes
address-pool inshse-vpn-pool2
authentication-server-group VPN_Auth
authentication-server-group (inside) VPN_Auth
default-group-policy ihasavpn2_gp
tunnel-group ihasavpn2 ipsec-attributes
pre-shared-key *****
tunnel-group ihasavpn2 ppp-attributes
authentication ms-chap-v2 -
Urgent - "Vendor balances carried forward and line items report."
Hello,
Is there any report which will give me the vendor balance carried forward and the line items during that period.
==============================================
Format-
eg: statement taken from 1.8.2006 to 30.9.2006 is required as
Bal b/f 25000 cr.
3.8.2006 Purchase Inv XXX 3000 cr.
5.9.2006 Payment Chq XX 26000 dr.
Bal c/f 2000 cr.
==============================================
Please advise on this.....
Regards,
Jthanks for the response, but i have already tried those transactions.
FK10N will give me the periodic bal statements and NOT line items display which will also have balance carried forward.
F.41 and F.43 again gives the periodic and line items...but i want the vendor balances to be in the format given above..
like say, account statement.
Please advise............
Regards,
J -
How do you use forward and back button on mouse and use "zoom" in web browser.
Ok so apparently this forum is ruled with an iron fist or something my very honest and truthful problems with these issues seem to have been instantly deleted in my last discussion?
I'll try this once more.
1) How do you use the forward and back button on a mouse without having to buy a product like Steer Mouse? There must be a way to do this without having to buy a program given it's such a useful feature that 99% of users need. I don't want to spend hours researching something that should already work. Any advice?
2) How do you zoom in for web browsers like Chrome without it globally zooming in everything on the monitor (even background applications). I don't want to zoom in background applications. I want to be able to zoom in the web browser and still maintain all the features like the side bar, not just a little magnifying glass type thing.
I'm currently zooming in with the CTRL-Middle Mouse button, but I can't find a way to use this feature so it's useful to browse the web it seems to not scale the browser correctly but rather is a global zoom. Any solution for this?Thanks so much!
Like I said I am new to Apple products so it's still unclear to me which programs I do or don't need as I'm setting up and configuring all my software and devices.
The Logitech Control Center appears to work perfectly for what I was trying to do!
I accidently clicked "This helped me" instead of "This Solved My Question", sorry about that this was a solve!
Maybe you are looking for
-
Bursting Program Ends in Error with nothing in the Log file
Hi All I have a RDF which calls a bursting program in After report trigger, the problem i'm facing is that the bursting program is completing successfully for a set of parameters and when again the program is run for the same set of parameters the bu
-
Word 2013 - Error inserting an HTML file in a word document
Hello, Here is an issue i'm having: Open a blank doc in Word 2013 Click Insert - Object - Create from file. Then select an html file, click insert and ok. i'm always getting the below error message: I can reproduce this issue on multiple machines. Of
-
I just got my Mac two days ago and I cannot search for movies on my external hard drive. I tried to add and remove through System Preferences-Spotlight-Privacy then add/remove but I still can't search it.
-
Application crashes when I click and drag object. Any time I am in an adobe program on my new computer (OS X Yosemite 10.10.1, 15 inch macbook pro 2.5gHz) say Illustrator for example, it will be fine until I inevitably need to click and drag somethin
-
ADF - CheckList with Hash Map through radio button on the Tree Table
CheckList with RadioButton or Check List... Anybody have some example related with ADF??