Issue with firewall

Similar Messages

• VRF issue with Firewall in transparent Mode.

  Hi Guys,
  I have 7609 Router and 6513 L3 Switch connected Through ASA 5545.
  I am running Multiple VRF between router and Switch and BGP routing Protocol. When they are connected directly to each other everything is normal, however, when I have connected them via ASA 5545 then everything fails. I am using ASA in transparent Mode.
  My question is: Do ASA require different setting in case of VRF? If yes, then please give me sample config.

  I have taken following output from Firewall will this be any help?
  sh interface ouTSIDE
  Interface GigabitEthernet0/1 "OUTSIDE", is up, line protocol is up
    Hardware is i82574L rev00, BW 1000 Mbps, DLY 10 usec
          Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
          Input flow control is unsupported, output flow control is off
          MAC address 7c69.f68f.df78, MTU 1500
          IP address 175.4.8.35, subnet mask 255.255.255.248
          8435 packets input, 680680 bytes, 0 no buffer
          Received 8135 broadcasts, 0 runts, 0 giants
          0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
          0 pause input, 0 resume input
          8138 L2 decode drops
          0 packets output, 0 bytes, 0 underruns
          0 pause output, 0 resume output
          0 output errors, 0 collisions, 1 interface resets
          0 late collisions, 0 deferred
          0 input reset drops, 0 output reset drops
          input queue (blocks free curr/low): hardware (476/461)
          output queue (blocks free curr/low): hardware (511/511)
    Traffic Statistics for "OUTSIDE":
          297 packets input, 118503 bytes
          0 packets output, 0 bytes
          297 packets dropped
        1 minute input rate 0 pkts/sec,  13 bytes/sec
        1 minute output rate 0 pkts/sec,  0 bytes/sec
        1 minute drop rate, 0 pkts/sec
        5 minute input rate 0 pkts/sec,  6 bytes/sec
        5 minute output rate 0 pkts/sec,  0 bytes/sec
        5 minute drop rate, 0 pkts/sec
  ciscoasa# show asp drop
  Frame drop:
    FP L2 rule drop (l2_acl)                                                   297
  ASA Version 9.0(1)
  firewall transparent
  ciscoasa# show module all
  Mod Card Type                                    Model              Serial No.
    0 ASA 5545-X with SW, 8 GE Data, 1 GE Mgmt     ASA5545           
  ips ASA 5545-X IPS Security Services Processor   ASA5545-IPS       
  Mod MAC Address Range                 Hw Version   Fw Version   Sw Version
    0 7c69.f68f.df77 to 7c69.f68f.df80  1.0          2.1(9)8      9.0(1)
  ips 7c69.f68f.df75 to 7c69.f68f.df75  N/A          N/A          7.1(4)E4
  Mod SSM Application Name           Status           SSM Application Version
  ips IPS                            Up               7.1(4)E4
  Mod Status             Data Plane Status     Compatibility
    0 Up Sys             Not Applicable
  ips Up                 Up
  Mod License Name   License Status  Time Remaining
  ips IPS Module     Enabled         perpetual
  ciscoasa#
  I have create Ehtertype ACL and permit any traffic.
  cdp traffic has passed through but I am still not able to ping :(

• CSA issue with firewall rule

  I created a rule in CSA 6.0 that, by default, blocks any application on any machine being connected as a server.  On a DC we made an exception for the server to be connected on UDP 53 for DNS.  However, we are seeing the following messages below.  The port ranges from, so far, 30,000-65,000.  It seems odd that dns.exe would be accepting a connection as a server on all of those ports.  Has anyone seen this before or had this happen to them or is this normal?  Also, it is running OpenDNS.
  Thanks,
  Jay
  Audit: The process 'C:\WINDOWS\system32\dns.exe' (as user NT AUTHORITY\SYSTEM) attempted to accept a connection as a server on UDP port 61660 from 208.67.220.220 using interface Wired\HP NC7761 Gigabit Server Adapter. The operation would have been denied.

  You are behind a hardware/appliance firewall right ? if so, that port should not be open, which tells me that this is an accept of a udp reply from opendns on a request the server made, and not an actual request from opendns to your server, cause all dns traffic works on port 53 tcp/udp as destination port.

• Problems with Firewall settings

  Hello,
  I'm having some odd issues with Firewall. Clicking on "Security", causes me to get the pinwheel. It eventually loads, but it's very slow. I also have issues when I turn on the Firewall, I allow connections for screen sharing, but Back to My Mac shows Orange and that it may have issues. I also have issues with DVD sharing when I have also allowed CD/DVD sharing in the options. Everything revolved around Security/Firewall. Is there anything I can do to diagnose these issues? I have a Time Capsule as my router.
  Thanks.
  I did look and Console and I do see this error sometimes when I click on the Security preferences tab:
  2/4/10 3:24:17 PM System Preferences[91476] Could not connect the action resetLocationWarningsSheetOk: to target of class AppleSecurity_Pref
  2/4/10 3:24:17 PM System Preferences[91476] Could not connect the action resetLocationWarningsSheetCancel: to target of class AppleSecurity_Pref
  Message was edited by: theBigD23

  I have a Time Capsule. I don't think that has anything turned on. I have the default settings. I know of other uses with Time Capsule with the exact same problem.

• My itunes account shuts down for no reason.  It wont recognize my iphone and there is an issue with network connectivity and itunes.  I have already  reinstalled itunes and did a syste restore on my computer, firewall checked and virus scan done.  Ideas??

  My itunes account on windows xp shuts down for no reason.  If even try to delete something from my library it shuts down.   It wont recognize my iphone and there is an issue with network connectivity and I can't connect to the store.  I have already  reinstalled itunes and did a system restore on my computer, firewall has been checked, itunes is ok on firewall and virus scan done.  Ideas??

  Same problem. I can see the itunes store so not a problem with windows firewall. The account is active on my iphone so i know i am not locked out. I can connect the PC to my iphone so i know itunes is working ok. It is just logging into itunes on this pc which doesn't work. Only thing I can think of is that the email address I use for my apple id has been offline for a while and is working again now, I'm wondering whether this has been the case for others who are having this issue?

• Tacacs+ access issue with ASA firewall after integrating with RSA SecureID

  Hi,
  In my earlier post,  I raised the same question but let me rephrased it again. I have configured TACACS+ in cisco ASA firewall and able to access . But when I integrated it with RSA secure ID , I am not able to enter in enable mode. It is not accepting enable password nor RSA passcode. I have created enable_15 in ASA , ACS and RSA server but no luck.
  Did any one face similar issue with ASA access ?
  Rgds
  Siddhesh

  Hi Siddesh,
  In order to help you here, I need to know few things:
  1.] Show run | in aaa
  2.] When you enter enable password on ASA CLI, what error do you see on ACS > Monitoring and reports > AAA protocols > tacacs authentication > "look for the error message"
  3.] Turn on the debugs on ASA "debug tacacs" and "debug aaa authentication" before you duplicate the problem.
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• Firewall Issue with 1.5 and 2Wire 2701HG-B router/modem

  I've set up holes in my router's firewall so that I can reach my G5 via ssh/ftp/http. And I am able to reach the G5 from computers outside the firewall by connecting to the router's IP address. But if I try to connect to that same IP address -- ssh/ftp/http -- from either of the two computers that are behind the firewall, including the G5, the connection fails.
  This setup worked prior to upgrading to 10.5 last week but I'm not sure if this is an issue with my 10.5 (DNS?) or and issue with the 2Wire router/modem. I called 2Wire but they didn't have any suggestions.
  Message was edited by: Nemozob
  Message was edited by: Nemozob
  Message was edited by: Nemozob

  Check this thread:
  http://discussions.apple.com/thread.jspa?messageID=7130199#7130199

• RV042 Firewall issues with windows 8

  Hello,
  I recently bought my daughter a refurshed dell 17" laptop which has Windows 8 home edition on it. She also has another smaller laptop with windows 7 on it, an X-box-360 and a PS3 all connected to this RV042 Business router.
  I do not have access to the firmware version of the RV042. I believe it was updated in 2011 or early 2012.
  We found out that with the RV042 firewall set to ON, she is UNABLE to hit her college website with the new win 8 computer
  She CAN go to the college web site with the smaller win 7 computer when the firewall is off or on.
  The college website is https://
  The win 8 computer will allow google searches, but when you click on any of the links, it will not load.
  With the win 8 computer, facebook will not load, MSN and Hotmail will not load.
  Disable firewall, and most (if not all) items that did not work, magically DO work when the RV042 firewall is disabled for the win 8 laptop.
  Anyone else having issues with with win 8 home edition and the RV042 firewall enabled? Is there a "simple" cure for this, other than slicking the laptop and putting win 7 on it?

  We've have already tried compatibility mode, lowering the security setting to minimum.
  Dell technical support has given up, they are supposedly sending my daughter a brand spanking new wireless router at no cost to close the ticket. It's a sweet laptop that I got for a steal (17" viewable touch screen, 1TB drive, 6 GB RAM, i5 chip) and I don't want to return it becuase i will not find another for $435.00.
  I have two newer cisco VPN style routers here, and the laptop in question runs absolutely fine here on the highest settings and without me altering my network at all. Don't have a clue what the issue is with the RV042, the laptop and Win8.
  If I find a solution I will let everyone know.

• Issues with Windows firewall and Airport Extreme

  Hi all,
  I'm having some issues with my Airport Extreme and Windows Vista firewall. I've got the most current versions of all the airport express software and firmware. My iTunes can see the remote speakers, and I can access the airport extreme using the apple-supplied admin software, so I know that they are working and on the network.
  However, when I try to stream music through iTunes, the speakers won't connect. (yes, I have the "stream-music" option checked) However, when I disable windows firewall, they work fine. Therefore, the issue seems to be with a specific port that is not open through windows firewall. When I checked the exceptions for windows firewall, all the associated apple software is listed as exceptions. I think that there is one more port open that I do not have.
  Any thoughts?
  thanks.

  AirPlay/AirTunes is based on the ROAP protocol. I would suggest trying the following ports:
  Add TCP 443 for SSL
  Add TCP/UDP 554 for RTSP
  Add TCP 3689 for DAAP
  Add TCP 5000, 6000, and 6001 for ROAP
  Add TCP 5297 for Bonjour
  Add TCP/UDP 5298 for Bonjour
  Add UDP 5353 for Airport discovery
  Add TCP/UDP 7070 for RTSP
  Add TCP 8000-8999 for iTunes radio streams
  Add TCP 42000-42999 for iTunes radio streams

• Issues with logging in to CC and missing features

  My team is using CC on corporate environment PCs, Win 7 64bit. Some of the problems we have seen are:
  When we buy a new adobe license for a new user our IT department has to install the Creative Cloud desktop manager and software on their PC. They do this by using an admin windows account and the new adobe login. Everything works fine for them, they are able to log in to CC and install the software, When the user logs in with their windows account and try to log in to CC with the same adobe id then they get the common issue with the sync button just turning and never logs them in. In some cases this is fixed by deleting the OOBE folder from the admin local profile allowing the other user to log in to CC but most times the IT has to resolve to rebuilding the PC and starting again.
  We also hotdesk in my team.I found that when i work on my laptop or another desktop pc in the team everything is fine but if i have to use a different PC for the day i log in but don't have all the features (I can get the home feed, fonts, etc, but not the app installers)
  Another member of my team works fine on that same PC but on a different PC she doesn't have all features. She gets the app installers, but not some of the other features.
  It all seems to be a bit random as to who can access what.
  Our corporate firewall is open to most Adobe servers, unless there is something we have missed. PCs have Adobe Air 3.1.0.4880.
  These issues have been happening for months now and IT have spend hours to resolve.
  Anyone else has issues using Creative Cloud in a corporate environment and are there any suggestions we can use please?

  There isn't any capability for the OpenBootProm prompt
  (the OK prompt you might see on your screen)
  to ask you for a username or a password.
  The OBP is a firmware level of the SPARC platform, not an OS nor a mini-OS.
  If you have consoled in through the SF280R's RSC card, it might have its own password prompt, but the OBP itself can't do that. Additionally, the RSC doesn't show you the OK prompt either (certainly not to the extent that the more sophisticated LOM, ALOM, ILOM or System Controllers of other system designs might have.).
  You made mention that you eventually see a cursor that is sitting at a prompt that shows:
  Happy@solaris11 $If that is what you see, then I think you're already logged into the OS. That would seem to be a C-shell prompt, with you logged into a fully booted system named "solaris11" as username "Happy".
  Consequently, I'll be asking that your post be moved out of the Servers'General hardware forum, and into the General Solaris 11 forum. You don't seem to have a hardware issue, but perhaps just an issue with being unfamiliar with Solaris. (You didn't describe your experience level in the initial post.)

• WAP4410N issues with Macbooks/Apple computers

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin-top:0in;
  mso-para-margin-right:0in;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0in;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  History:
  I have 4 WAP4410N Access Points setup in a sorority house, one for each floor. The access points they had before were D-Link 2.4GHz POE APs. The reason for changing the access points was a lack of wireless coverage in the house. About 2 weeks ago I had a complaint that ALL apple computer users were only able to get to a webpage and if they tried to click a link they would get nothing, so they would have to disconnect and then reconnect to the SSID in order to get to another page. I contacted Cisco SB support and asked if they were aware of any issues with apple. The tech said yes and that I should update to 2.0.2.1 firmware, I was currently running 2.0.1.0. The tech also said that after upgrading the firmware reset the access point and reconfigure it, so I did this. I updated the firmware on all 4 APs and had one of the girls click a few links thinking that it was fixed since it worked. Well I have heard tonight that there still is an issue. I am having complaints for ALL apple computer users that after viewing 3 -5 pages/links they have to disconnect and reconnect to the SSID, then after so many more pages they have to do it all over again.
  Question:
  I noticed that there is another firmware update released for the WAP4410N, will this firmware (2.0.3.3) fix the issue I am having?
       If so, should I upgrade the firmware and reset the AP's again and reconfigure them, or can I just update them and not re-configure them?
       If not, should I change some of my settings? Any other suggestions?
  Config:
  Here is a brief of the config on the AP’s: (If my memory is correct)
  Host Name: AP1, 2, 3, 4
  Device Name: WAP4410N_AP1, 2, 3, 4
  IP Settings: Static IP
  IP Address: 192.168.1.2, 3, 4, 5
  IPV6: Disabled
  Force Lan Port Speed 100M: Disabled
  Discovery (By Bonjour): Enabled
  802.1X Supplicant: Disabled
  Wireless Network Mode: B/G/N-Mixed
  Wireless Channel: 1, 4, 8, 11
  Wireless Isolation(between SSID) Disabled
  Security Mode: WPA-Personal
  WPA Algorithm: AES
  Key Renewal: 3600
  Serial #: SER141903**
  Serial #: SER141900**
  Serial #: SER141903**
  Serial #: SER141903**
  Other equipment in the setup:
  ASA 5505 firewall
  Cisco Small Business SD208P Switch with PoE
  Thanks for the help.
  Regards,
  Travis

  Did you try the firmware upgrade and reconfiguring the wap4410ns travis?  As a rule of thumb, I always factory reset and reconfigure the device just incase there is any glitches.
  Also are you running all the access points through the unmanaged switch?  If so, try to take it out of the mix and plug directly into the ASA.  Try to eliminate all extra pieces in the mix so you can better understand where the failure is.  Your connecting wirelessly and able to browse, your getting intermittent connectivity.  Also approximately how many users are connecting to the access points at one time?  Try to isolate one wap4410n and a mac and test browsing with it and see what happens.

• New HH3 - Issues with Kodak Printer and iPhone 3GS

  Hello,
  Here is the background:
  Previously had a D-Link DSL-G624M router and everything connected wirelessly. This included 2 laptops, Kodak ESP 5250 Printer and iPhone 3GS. Router broadcasting on channel 6 (locked).
  Since upgrading to Infinity replaced the D-Link with a HH3. Laptops connect fine but have issues with other wireless devices.
  iPhone: Seems to lose internet (not necessarily wireless connection though) intermittently. The phone remains connected to the HH3 and can be seen in the DHCP table and Home Network screens. The iPhone also reports that it is connected to the HH3. However, when attempting to access the internet using either Safari or apps it doesn't work. This can be fixed by forgetting the network and re-joining or turning Airplane Mode on and then off.
  Kodak ESP5250 Printer: This connects fine to the HH3 and remains in the DHCP table and Home Network with the correct IP Address. Laptop A is able to connect and print successfully. However, after putting the laptop into sleep mode and re-waking it it is unable to Print. The Printer is still connected to the HH3 and laptop claims it is 'Ready' but unable to print. The only way i have found to fix this is to re-install the entire Printer software!! However, Laptop B does not have this problem and can be put into Sleep mode, Hibernate or restart and the printer remain connected. I do not think it is a firewall issue as able to connect until re-waking from sleep.
  You're probably thinking the same as me that this sounds like hardware issues and not the HH3. Maybe coincidence that it started happening after changing to HH3. Maybe something wrong with the iPhone or Laptop A and/or Printer?!? Tried setting a manual channel on the HH3 as suggested by other posts but this had no effect. (Used inSSIDer to determine best channel). Also increased the IP Address lease time from 1 Day to 21 Days - but again no difference.
  Current situation: Connected the D-Link router to the HH3 using Ethernet cable. Disabled DHCP and DNS on the D-Link router and kept SSID different. Now connected all devices to the D-Link router and nothing to the HH3 and everything is working as it did previously. The iPhone remains stable and the Kodak printer remains connected to both Laptops after re-waking from Sleep Mode.
  I haven't yet contacted BT but i'm leaning towards it being a dodgy HH3. Anyone have any suggestions??
  Thanks,
  Martyn...

  For starters, there's nothing wrong with your Iphone or Kodak prn. The issue is the HH3
  I had a very similar issue connecting iMac, iPad, Macbook Pro, iPhone, Thinkpad and Canon prn via wireless to the HH3... Lots of disconnections, devices that couldn't log in, very low wireless speeds, printer not recognized, etc,etc
  I went mad, pretty much did the same things as you did: inSSIDer, changing channels, re-installing whole softw drv !, reorientating HH3 position, manually assigning IPs and channels... nothing would seem to work!
  Then I connected a Netgear router to HH3 via ethernet cable -like you did- and suddenly everything seemed to go back to normal. Here's what I found out after much head knocking:
  1) The issue is the HH3, not that it's faulty but simply put it can't deal with lots of wireless traffic. The minute you connect several devices it gets clogged up
  2) HH3 seem not to recognize WiFI printers that have a 'static' IP (not sure why)...  this was a nightmare
  3) if you have many devices connected, HH3 doesn't  seem to 'like' Apple devices or wifi Airport powered (not sure why). After sleep mode these device can't pick up IP over the air, and you need to manually renew DHCP leases. There are several reports about this in Apple forums.
  So here's what I did:
  1) I ditched the HH3
  2) I connected the Openreach router to a dual-band Netgear wndr3400 **cable** router (PPPoE connection)
  3) I re-installed the prn drv in USB mode and then added wifi printer in wifi mode while usb connected
  4) I created two-split WIFI networks; one in the channel 6/2.4Ghz frequency and another in the channels 44-48/5Ghz freq to which I assigned most devices (It seems BT Infinity wifi works best in 5Ghz channels)
  Results: all devices recognised & connected via WiFI, no disconnections, steady WIFI speed almost as fast as ethernet cable, wifi prn prints fine from all devices... No more WIFI connnectivity issues.
  I hope this helps, good luck
  (note: my current issue is that my profile dropped from 34/8 to 21/2 during testing phase)

• Routing issue with ASA and UC540 phone system - at ASA???

  Having an issue with routing from the PC at .242 to the CUE server at 10.1.10.1. The CUE server is built into the UC540 phone system. It is an internal piece of software that is used for voicemail and management. The UC540 is not only a call router, it is also an IOS router. It has it's own WAN connection as does the ASA.
  Here are some facts:
  1. Can ping the UC540's internal CUE server from the PC ( ping to 10.1.10.1 )
  2. Can ping the UC540's VLAN 1 address from the PC ( ping to 10.1.10.1 )
  3. The ASA is the default gateway for the PC.
  4. I have a route inserted at the asa that is:
                 route 10.1.10.1 255.255.255.0 10.19.250.254 1
  5. I have a nat statement that prevents NAT from occuring but I don't think this is necessary as the 10.1.10.0/24 network isn't otherwise defined on the      ASA.
  6. I cannot pull up a web page when I point the browser on the PC to the 10.1.10.1 address
  7. I CAN pull up a web page on the PC when I create a static route on the PC iteslf :
                 route add 10.1.10.1 mask 255.255.255.0 10.19.250.254
       Is is only with this route that I am able to get to the web GUI on the phone system.
  8. The phone system has a loopback interface at 10.1.10.2 that serves as the gateway for the internal CUE server, the internal CUE server is at      10.1.10.1
  9. The switch is a 2960 and has a trunk port to the phone system to allow for the voice vlan which is at 10.1.1.0/24, no issues with this vlan and phones      are connecting to the system fine.
  Since I can get the GUI to come up when I set a static route on the PC, then I would assume that the routing in the phone system with it's internal server is fine as it wouldn't work otherwise. Since I can successfully ping the CUE server from the PC, that would lead me to believe that the ASA's routing is setup correctly..... TCP traffic doesn't seem to get to/from the CUE server.
  Here are the routing tables:
  ASA:
  Gateway of last resort is xxx.xxx.xxx.xxx to network 0.0.0.0
  C    xxx.xxx.xxx.xxx 255.255.255.252 is directly connected, outside
  S    172.16.100.100 255.255.255.255 [1/0] via 38.97.193.65, outside
  S    10.1.10.0 255.255.255.252 [1/0] via 10.19.250.254, inside
  C    10.19.250.0 255.255.254.0 is directly connected, inside
  S*   0.0.0.0 0.0.0.0 [1/0] via xx.xx.xx.xx, outside
  The UC540 phone system's router side:
  Gateway of last resort is xx.xx.xx.xx to network 0.0.0.0
  S*    0.0.0.0/0 [1/0] via xx.xx.xx.xx
        10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
  C        10.1.1.0/24 is directly connected, BVI100
  L        10.1.1.1/32 is directly connected, BVI100
  C        10.1.10.0/30 is directly connected, Loopback0
  S        10.1.10.1/32 is directly connected, Integrated-Service-Engine0/0
  L        10.1.10.2/32 is directly connected, Loopback0
  C        10.19.250.0/23 is directly connected, BVI1
  L        10.19.250.254/32 is directly connected, BVI1
        XX.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
  C       XX.XX.XX.XX/29 is directly connected, FastEthernet0/0
  L        XX.XX.XX.XX/32 is directly connected, FastEthernet0/0
        172.16.0.0/24 is subnetted, 1 subnets
  S        172.16.100.0 [1/0] via 10.19.250.1
  The UC540's internal CUE server:
  Main Routing Table:
             DEST            GATE            MASK                     IFACE
        10.1.10.0            0.0.0.0           255.255.255.252       eth0
          0.0.0.0             10.1.10.2         0.0.0.0                    eth0
  Any help appreciated!!!
  Thanks!

  Hello,
  Where you able to solve this problem? It does sound like an issue with TCP state checking on the ASA. The Firewall needs to see both sides of the traffic but the return traffic is going from your UC540 direct to the PC. The firewall essentially kills the traffic.
  I would recommend disabling TCP state checking on the ASA and see if it works. Otherwise, you will need to stub route the UC540 as a separate VLAN off the ASA which needs to route through the ASA to reach the PC.
  Here is a info page on the TCP State Bypass:
  http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/111986-asa-tcp-bypass-00.html
  Please let me know how it works out.

• Routing Issue with 3550

  I am having a routing issue with a 3550 switch. I have 5 vlans and I need one of the vlans to access a different router based on destination IP rather than our edge router. I have entered a static route on the 3550 that points to the secondary router whenever a certain network is tried to be accessed. My problem is I can't seem to get the traffic to flow correctly. When I trace route an address on the Internet the path shows as expected, the 3550 then my firewall then my edge router. When I trace an address that is on the other side of the secondary router I get the 3550 as the first hop, then nothing. I can ping the address so I know the path is up. What could be the issue? Thanks in advance.

  Hello,
  in addition to Mahmood´s post, what do you have defined as the next hop for the default route to the secondary router ? If you use an interface on the 3550 as the next hop, make sure that whatever is connected is in the same subnet, otherwise use the IP address of the next hop. So, let´s say your remote network is 192.168.1.0, and the secondary router is connected to FastEthernet0/1, your default route should look like this if the secondary router is in the same subnet (in this example, the IP address of the secondary router would be 172.16.1.2):
  interface FastEthernet0/1
  no switchport
  ip address 172.16.1.1 255.255.255.252
  ip route 192.168.1.0 0.0.0.255 FastEthernet0/0
  Otherwise, try:
  ip route 192.168.1.0 0.0.0.255 172.16.1.2
  where 172.16.1.2 would be the address of the secondary router.
  Does that make sense ?
  Regards,
  GNT

• Issues with itunes error -50, determining gapless playback, missing speaker options, home sharing not working

  In the last few weeks I have been experiencing multiple issues with my iTunes.
  I believe it began when my itunes library corrupted and I had to start again.
  By starting again I mean I went to previous itunes libraries and used the most recent backup.
  After I noticed a large number of unknown error (-50) messages I thought I better copy the backup I was using from the previous libraries folder over to the itunes folder (in case the error related to failed attempts to back up the library).
  This problem in itself wasn't too bad as I am able to close and relaunch iTunes and carry on however I have noticed some less desirable side effects - the loss of home sharing. I am unable to pick speakers to broadcast to (I have 2 airport express units plugged in and working and an Apple TV2) and I am unable to access the iTunes library on Apple TV.
  I've done some basic troubleshooting: creating rules to allow the home sharing ports, temporarily disabling antivirus/firewall, uninstalling antivirus/firewall, setting up rules on the router for homesharing ports, uninstalling iTunes, rebooting, reinstalling iTunes and retrying, disabling home sharing and reenabling, disabling peerblock, deauthorising itunes and reauthorising and rebooting both the pc and Apple TV, checking sharing settings under preferences and verifying both the entire library is shared and that the status of home sharing is on but no devices connected, created a new library and reimporting my media and the problem still exists.
  I noticed that occasionally when I switch between libraries, deauthorise and reauthorise I do get access to home sharing and Apple Tv gets full access to the library BUT iTunes quickly becomes unresponsive and when I close and relaunch Apple TV can no longer see my library or iTunes.
  I have checked the network I am running on is marked as a home network, I have tried connecting the Apple TV via LAN instead of WiFi but this makes no difference. What I do find interesting is that I have iTunes running on another pc and on a virtual machine and as soon as I run either their libraries appear on Apple TV so there must be something about the installation on my pc and nothing wrong with the Apple TV, airport express, router etc.
  With that in mind I retried an uninstall and this time deleted as many tmp files as I could see in the iTunes library folder, rebooted and reinstalled. I also checked the permission levels on the iTunes application folder and the iTunes library folder (located on an additional internal drive), I then tried running iTunes as an administrator (which my user account is already set as) but all the problems are still evident.
  The determining gapless playback has no effect on how I use iTunes but it clearly does not need to run for every single recently added track any time I make a minute change to other library entries. I tried looking up one of the files it was determining gapless playback for but it wasn't corrupt or read only so I don't see why it needs to retry continually.
  I'm running Windows 7 64bit with all latest updates installed and iTunes 64bit 10.6.3.25, all apple devices are running the latest version of firmware and I'm running out of ideas. I did try running CCleaner to clear up and registry issues if there were any and I ran Appcleaner to remove any iTunes cache that may have been left between installs. I'm running out of ideas - what am I missing here?

  I have found the problem was in part caused by Windows firewall.
  Exactly how Windows firewall can cause the problem when I wasn't even using it I don't know.
  What I do know is that when I checked 'allow a program through the firewall' I found 4 rules set for iTunes, one of which was public network access.
  I deleted the superfluous rules and the Home Sharing problems are solved.
  All that needs sorting now is the 'determining gapless playback'.