LMS 4.0 Remote Access Issue

My issues is that I cannot remotely access my LMS 4.0 installation. On the server itself, the UI comes up immediately (via https) in a browser. If I browse to the server using http (from the server itself), it redirects to https and comes right up also.I'm using a 3rd party (Thawte) certificate which seems to be installed properly - certificate info is retrievable from the browser address bar.
When browsing to it from a desktop, the attempted connection times out.
My normal method is to point to the server's FQDN (it resolves fine via nslookup of ping servername) but I have also tried using the server's IP in the URL, still no success. I captured the traffic from my desktop at the server using Wireshark. I see the incoming https traffic (syn, syn, syn - never an outgoing ack).
Suggestions?
addendum:
The system is listening on port 443. Partial output for "netstat -a" follows:
Active Connections
Proto Local Address          Foreign Address        State
TCP    0.0.0.0:22             CiscoWorks:0           LISTENING
TCP    0.0.0.0:135            CiscoWorks:0           LISTENING
TCP    0.0.0.0:443            CiscoWorks:0           LISTENING

This sounds like a host-based firewall preventing the SYNs from making it up the stack. Disable all IPS functions on the server (e.g. Windows Firewall), then see if you can access the server from remote.

Similar Messages

[SOLVED] Cups 2.0 remote access issues

After CUPS recent upgrade to 2.0 both my cups server and client stopped working. In particular, I cannot even get to the administration pages from remote access.
I can get to CUPS's home page, but I get an error as soon as I try to access any other page. The error I get in the browser (firefox) is
Unable to connect
Firefox can't establish a connection to the server at ....
Following wiki instructions, in my cupsd.conf file I have replaced the standard
Listen localhost:631
with the ip range for the local network
Listen 192.168.0.0/24:631
and I have added
<Location />
Order allow,deny
Allow from @LOCAL
</Location>
# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
Allow from @LOCAL
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
Order allow,deny
Allow From @LOCAL
</Location>
DefaultEncription Never
Unfortunately, nothing has changed. I still get the same error in the browser and I cannot access the admin pages (or any page other than the home page).
Help is greatly appreciated.
Stefano
Last edited by stefano (2014-11-08 15:27:03)

clfarron4 wrote:
Guzzista wrote:
Same here, I discovered my file sshd.service disappeared on the server. I get the error
# systemctl start cupsd
Failed to start cupsd.service: Unit cupsd.service failed to load: No such file or directory.
Don't know how to solve for now
Unless it's a custom service file your relying on, the service has been re-named.
Unfortunately, that's not where my problem lies. I was aware of the renaming issue and had acted accordingly.
Still looking for solutions.
S.

Remote access issues in Windows 8.1

I regularly carry out maintenance work on PCs connected to an SBS 2011 server using RWA followed by picking the required PC at the right hand side and logging in. If I use a Windows 7 workstation on my home network I get perfect RDP connections every
time. On the same home network using a Windows 8.1 machine, I can log into RWA, and the OWA facility works fine, but if I select a desktop from the list at the right, the login dialogue appears but does not work - the screen flashes rapidly after the
log in button is clicked then the login dialogue returns and I do not get a connection.
I am discussing the purchase of a set of six Microsoft Surface Pros for staff members who need to be away from the office, but must be able to control their office desktop machines remotely - with Windows 8.1 on board the Surface Pros will not work.
What am I missing?

Hi Ed,
Sorry for my interrupting.
Based on your description, I understand that
Connect to Computer feature of RWA didn’t ran as normal when user log on Windows 8.1 client computer.
Since Remote Desktop Gateway (RDP Gateway) is the technology used on the backend to accomplish the
Connect to Computer functionality in SBS 2011 Standard. RD Gateway allows TS clients to establish secure connections over SSL (443) using RPC Proxy, also known as RDP over HTTPS. So, just a confirmation, would you please open Event Viewer in the Windows
8.1 and SBS 2011 and check if find relevant events.
à
How do I report this?
Please check following website if can help you.
https://connect.microsoft.com/
If anything I misunderstand or any update, please don’t hesitate to let us know.
Hope this helps.
Best regards,
Justin Gu

Routing Issue for Remote Access Clients over Site to Site VPN tunnels

I have a customer that told me that Cisco has an issue when a customer has a topology of let's say 3 sites that have site to site tunnels built and a Remote Access client connects to site A and needs resources at Site B but the PIX won't route to that site. Has this been fixed in the ASA?

Patrick, that was indeed true for a long time.
But now it is fixed in PIX and ASA version 7.x.
Please refer to this document for details:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml

Remote access Vpn issue

Dear All,
I have configured remote access vpn without using split tunnel.Everything is working fine.I can access all the inside network which is allowed in acl.
I am facing strange issue now. I have created a pool for remote access vpn with a range 192.168.5.8/29.I can access my internal subnets 10.10.0.0/16.
I have below acess-list for acl-in.
access-list acl-in extended permit ip object-group vpnclients 192.168.5.8 255.255.255.248
object-group network vpnclients
network-object host 10.110.100.26
network-object host 10.106.100.15
network-object host 10.10.10.6
network-object host 10.10.20.82
network-object host 10.110.100.48
network-object host 10.10.20.53
network-object host 10.10.20.54
network-object host 10.60.100.1
network-object host 10.10.10.75
network-object host 10.10.20.100
network-object host 10.10.130.136
network-object host 10.106.100.16
network-object host 10.106.100.9
network-object host 10.170.100.1
network-object host 10.170.100.2
network-object host 10.170.100.21
network-object host 10.101.100.20
network-object host 10.170.100.25
So whichever IPs i have called in vpnclient group is able to access via RA vpn.Issue is when i try to access internal network of 192.168.198.0/24, i am able to access it without adding in vpnclient group. Even for 192.168.197.0/24,192.168.197.0/24 the same. But for 10.10.0.0/16 we can access only after adding in vpnclient group. Any one has face this issue before. Is this because of same network i mean 192.168.0.0 something like that.There is no other staement in acl-in for 192.168.0.0
Regards
-Danesh Ahammad

Hi,
If i read correctly you made the RA vpn "without" split tunnel, correct? if that is the case, all of the traffic will traverse the vpn connection (tunnel all) , the access-list "acl-in" is of no use to it.
try converting it to use split tunnel, i am sure that way you can not access resources that are not mentioned in the list.
~Harry

Remote access vpn issues

Hi all, I have been having issues with my remote access vpn, I can connect but cannot ping anywhere, I have enabled ipsec over nat-t, but still does not work, I noticed that when I did an ipconfig on my machine, I get the ip address assigned by my asa, 10.120.50.2 /32
but the default gateway is showing as 10.112.50.3, is this correct, I thought it should be the same as the interface address ?

Hi Carl,
Can you make sure you have the following in your config:
isakmp nat-traversal
Can you also ensure your internal network has routing in place to cover your VPN client pool.

Remote access VPN issues using Pix 501

We have taken over a network where there was little to no documentation. I have a remote access VPN terminated on a Pix 501 that is having a connectivity issue. I can connect using Cisco VPN Client. There is a server on the inside network that is used for mail etc. It has an IP of 192.168.0.4. I cannot ping it from my VPN session but from the Pix itself, I can ping it. There are different source IP's as the IP pool for the VPN session is 172.16.x.x and the inside network is 192.168.x.x. I can ping other hosts on the same inside network that are in the ARP table of the Pix. I have attached the configuration of the Pix 501. After researching, I cannot figure out what the issue is. I was assuming it was the route inside 172.16.x.x was set incorrectly but I can ping some hosts on the 192.168.x.x network. Thanks

Aru,
Hi. Thanks for responding. I did try and remove that route inside command and I still could not ping the server. I also tried removing those static translations and did a clear xlate but still no luck. This one has me puzzled. Especially since I can ping other hosts on that network and also ping the server but only from the Pix. The source on the Pix would be different 192.168.0.x than when I am connected using the VPN 172.16.1.x. That is the biggest difference. If it was routing, I would assume I could not ping any host on the 192.168.0.x network from the VPN session. I did remove that route inside as all of the other config examples did not have a specific route statement for the local pool even though it is not on the inside network. I have limited knowledge of their network as we just were told to manage it. Thanks again.

Remote access VPN on PIX525 issues.

Hi I was wondering if anybody had any ideas about my remote access VPN. Its configured on a Cisco PIX525 running ver 6.3(5) (old I know!) and I am running Cisco VPN client ver 5.06.0160 on the client end. Ok so here's the thing. The client connects ok, and it gets an IP address no problem. But I cannot ping anything on the remote LAN. So the client is coming across the internet, the VPN adapter has a 192.168.1.1 address assigned by the PIX and I am trying to ping the 192.168.0.4 address assigned to a switch on the inside of the firewall but with no joy. I've attached the config, any help is gratefully appreciated!
Many thanks
Richard.
show run
: Saved
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
interface ethernet2 auto shutdown
interface ethernet3 auto shutdown
interface ethernet4 auto shutdown
interface ethernet5 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security4
nameif ethernet3 intf3 security6
nameif ethernet4 intf4 security8
nameif ethernet5 intf5 security10
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname Coeliac-firewall
domain-name sungard.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol icmp error
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
mtu intf2 1500
mtu intf3 1500
mtu intf4 1500
mtu intf5 1500
ip address outside 213.212.66.36 255.255.255.248
ip address inside 192.168.0.1 255.255.255.0
no ip address intf2
no ip address intf3
no ip address intf4
no ip address intf5
ip audit info action alarm
ip audit attack action alarm
ip local pool MYPOOL 192.168.1.1-192.168.1.254
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no failover ip address intf2
no failover ip address intf3
no failover ip address intf4
no failover ip address intf5
pdm history enable
arp timeout 14400
nat (inside) 0 access-list 101
router ospf 1
network 192.168.0.0 255.255.255.0 area 0
network 192.168.1.0 255.255.255.0 area 0
log-adj-changes
route outside 0.0.0.0 0.0.0.0 213.212.66.33 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap client configuration address initiate
crypto map mymap client configuration address respond
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp identity address
isakmp client configuration address-pool local MYPOOL outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup coeliacvpn address-pool MYPOOL
vpngroup coeliacvpn dns-server 62.73.136.246
vpngroup coeliacvpn wins-server 62.73.136.246
vpngroup coeliacvpn default-domain password
vpngroup coeliacvpn split-tunnel 101
vpngroup coeliacvpn idle-time 1800
vpngroup coeliacvpn password ********
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe auto
vpdn group 1 client configuration address local MYPOOL
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local
vpdn username user password *********
vpdn enable outside
terminal width 80
Cryptochecksum:b18e9c6df0917108ff35f720f0230073
: end

Managed to solve the issue. Needed a isakmp nat-traversal 20 to get it to work.

Cisco ASA 5505 Remote Access IP/Sec VPN Connectivity Issues

We have a Cisco ASA that we use just for Remote Access VPN. It uses UDP and was working fine for about 2 months. Recently clients have had intermittent issues when connecting from home. The following message is display by the Cisco VPN Client :
"Secure VPN connection terminated locally by the Client. Reason 412: The remote peer is no longer responding"
Upon looking at a client side packet capture, I notice that no response is being given back to the client for the udp packets sent to the ASA on udp 500. If I login to the ASA from the LAN and send a single ping FROM the ASA, then the client can connect without issue. I don't understand the significance of the needed outbound ping since ping is not used by the client to test if the ASA is alive.
Once again this is a remote access udp ip/sec VPN. I set most of it up with the VPN wizard and then backed up the config. The issue started happening at least a month after setup (maybe two) and I restored to the saved config just in-case, but the issue remains.
Any insight would be greatly appreciated.
I'm using IOS 831 and have tried 821 and 823 as one thread that I found recommended downgraded to 821.
Thanks much,
Justin

Javier,
I logged into the ASA last time the VPN went down. I issued the following commands:
debug crypto isakmp 190
debug crypto ipsec 190
capture outside-cap interface outside match udp any any
I then used a remote access tool to access the client and tried to connect. I got absolutely nothing from debugging. So I issued the following command:
show capture outside | include 500
and also got nothing. So I issued the following command:
ping 4.2.2.2
Upon which my normal deug messaged began to showup, so I issued the show capture outside command again and recieved the expected output below:
   1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 868
   2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 444
   3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 172
   4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 76
   5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 92
   6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 76
   7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 60
   8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 204
   9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 92
10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 252
11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 868
12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 444
13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 172
14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 76
15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 92
16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 76
17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 60
18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 204
19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 252
20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 1036
21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 92
22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 188
23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 60
34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 92
35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 92
70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000: udp 100
174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000: udp 500
377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000: udp 100    1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 868
   2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 444
   3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 172
   4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 76
   5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 92
   6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 76
   7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 60
   8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 204
   9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 92
10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 252
11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 868
12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 444
13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 172
14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 76
15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 92
16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 76
17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 60
18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 204
19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 252
20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 1036
21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 92
22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 188
23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 60
34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 92
35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 92
70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000: udp 100
174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000: udp 500
377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000: udp 100
It would seem as if no traffic reached the ASA until some outbound traffic to an arbitrary public IP. In this case I sent an echo request to a public DNS server. It seems almost like a state-table issue although I don't know how ICMP ties in.
Once again, any insight would be greatly appreciated.
Thanks,
Justin

HT5306 I do not want to give remote access to anyone but myself as privacy is my friend. Can this remote desktop software still be for me personally unless I allow access and for my MAC lap top only? What if I do not update? compatibility issues with wh

Hello:
Thank you for the update for remote access for desktops.
Personally, I do not want to give remote access to anyone but myself as privacy is my friend. Can this remote desktop software still be for me personally unless I allow access and for my MAC lap top only? What if I do not update? I do use this lap top in other countries. compatibility issues with what?

Apple Remote Desktop is off be default. It has to be enabled for some one to be able to remotely connect to the computer. And then, you still have to have a user name and password on the computer to remotely connect with.
If you want to see if remote access has is enabled for Apple Remote Desktop; you can find the setting in, Apple Menu, System Prefrences, Sharing. If it's enabled, Remote Management or Screen Sharing will be checked.
Beucase Apple Remote Desktop Agent is part of the Mac Operating System; even if your not using it, Apple Software Updates will from time to time offer updates for ARD Agent. Software Updates can some times be stacked ontop of each other; so chosing not to install an update, can mean other updates you may want may not be offered. At least until you install the updates those updates require. Also software updates can improve the security of your computer.

Remote Access (internet) to Time Capsule Issue

Hi and tnxs for reading,
after having tried a lot of suggestions on the internet about how to make TC file sharing working remotely, I am writing here because I am still looking for a solution!!
I have my TC bridged via ethernet to my DSL router (given from my internet provider).
I am using for all my devices TC WiFi, for local network and internet.
I activated Back to my mac on TC and to my Mac.
I can see my TC files when connected on my local WiFi, however, if I connect to the internet through another network, although I can see my Time Capsule on the left column of my finder, if I click on it, the connection fails.
Maybe it notoworthy to say that on System Preferences, iCloud, back to My Mac, I have a note saying that in order to improve the network, i should use use port mapping or upnp. Now, I cannot activate upnp on my router, but I can do port mapping, as i am doing for video surveillance stuff or similar things. However, I have tried to open ports suggested in http://support.apple.com/kb/ht4907 but nothing at all...
Please, help!!!
PS: I would like to remotely connect to my airport devices through Airport Utility but it is not working aswell, and I think it is due to the same issue.
I'd really appreciate to be helped in this issue.

Sorry with time differences this is going to take a while.
I am going to need to work through some of the scenario myself.. my main concern is that BTMM may simply not work with the TC in bridge.
When people run into trouble.. eg here. https://discussions.apple.com/thread/3699096?start=0&tstart=0
Alot of the problems come from the TC being in bridge. If you cannot get the TC to be the main router.. due to the kind of setup you have, then direct access method to the TC is the only way to do it.
5) The main thing I'd like to do is to have access to my TC HD from the internet.
That gives you what you mainly want at point 5.. access to the TC HD.
1) I rebooted my computer after turning of my BTMM on airport express. I kept on on my TC and in my iCloud Setting.
So the TC is now the only item that has BTMM set??
But no luck?? You didn't give me a result.
2) The brand of my modem is ELSAG DATAMAT, model ARGO55+, provided by FASTWEB internet provider (I need it to have internet).
I will look this up. Appears to be ikanos based adsl modem. But all the details are in other languages.. so it is hard for me to get exact details. Does it have dyndns client available of some sort? As this is essential if you don't have a static public IP.
3) the msg "Chk your router setting to improve speed NAT-UPNP" is on my mac, in iCloud BTMM setting, and I got it in all these cases: a) connected to TC WiFi bridged to my router with 548 TCP open b) Personal Hotspot iPhone 3) US Robotics with UPNP plug&play activated.
So this means that in every case even with the iphone as hotspot.. so this is completely different to your ADSL internet connection BTMM still fails?? There is not one single configuration that works.
Perhaps you need to ring your local Apple support and see if they can figure this out. To me.. a single computer.. plugged into a modem directly.. of whatever kind, adsl or 3G or whatever.. that gets a public IP should be able to do BTMM.. but could apple be blocked in your country.
The exercise I did via the direct connection is to prove there is no block by ISP to actually connect to the TC.. which you said worked.. but there can be other blocks.
It could fail if your ISP gives you a private IP address.. same btw for the adsl connection.
You will need to check by doing a traceroute to say Google DNS server, 8.8.8.8 and see if you are connected via a private IP.. you cannot access a LAN from a double NAT which results.
4) if I am not supposed to do configurations through the net, what is the reason to have a back to my mac iCloud setting available on my Airport Express which has no hard drives and the only feature associated with BTMM is remote configuration?
If you get remote access to change a configuration.. and you make the slightest mistake.. you will not be able to access it again until you get home. So I am unsure what configuration changes to your local lan at home you need to make from remote location. Remembering that a single wrong move will lock you out permanently.
Can you please explain why you need this??

Routing and Remote access can cause cluster network issues?

After enabling routing and remote access on the servers, we found lots of cluster issues on our server like<o:p></o:p>
Cluster Service stopped
Communication was lost and reestablished between cluster nodes
Unable to access witness resource
Cluster resource failed
can RRAS enabling causes cluster network issues?
Rahul

Hi TwoR,
Please offer more information about your current cluster and RRAS configuration, such as are you installed the RRAS role on any cluster node? Are your cluster in Hyper-V environment?
Or if you want to create the RRAS cluster you can refer the following KB:
Deploy Remote Access in a Cluster
http://technet.microsoft.com/en-us/library/jj134175.aspx
How to configure Network Load Balancing (NLB) based cluster of VPN Servers
http://blogs.technet.com/b/rrasblog/archive/2009/07/02/configuring-network-load-balancing-nlb-cluster-of-vpn-servers.aspx
I’m glad to be of help to you!
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Remote access terminal server & VOIP phone issues

I pose a question to the community. I work and manage a building that remotely accesses a terminal services server for my users to view an ERP application at our other building. Lately we have issues where those users when the let their screen idle lose their connection and have to wait with a customer on the line to reconnect to the Terminal Server. We don't have the server set to boot users off after any amount of time and the users at the other building have no issue of course since its on site. We also have a Mitel VOIP system and on regular occasion the calls go static or drop all together. Ive done trace routes from the router at both buildings and it seems to get stuck at a Level3 datacenter in Washington DC. Ive contacted my ISP's NOC asking for them to contact Level3 to look into the issue, but the responder gave me grief and...
This topic first appeared in the Spiceworks Community

Having them both kills being able to access the Net.Take out the gateway on your loopback adapter and network traffic should happen as normal :)
Is this configured only in TNSNAMES.ORA, and if so how?It's configured in listener.ora, but changing the port won't change the amount of traffic nor the Oracle load, it will just make everything slightly more confusing to everyone trying to help you troubleshoot your machine ;)
~Jer

Remote access VPN on ASA5520 Ping Issues.

Hi I hope someone might be able to help me. I have setup a remote access VPN on an ASA 5520. The VPN client connects ok, accepts my username and password and then I am in. I get an allocated IP address of 172.16.1.1 from the local pool. The problem is that I cannot then ping the inside LAN which is 192.168.1.1. I've got isakmp nat traversal set to default which is 20. I've been looking at this all day and I think I've gone crossed eyed, a fresh pair of eyes are definitley required, so any help would be gratefully received. My config is
Saved
ASA Version 7.0(8)
hostname Hospira-firewall
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
interface GigabitEthernet0/0
speed 100
duplex full
nameif outside
security-level 0
ip address 213.212.66.52 255.255.255.248
interface GigabitEthernet0/1
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
shutdown
no nameif
no security-level
no ip address
ftp mode passive
same-security-traffic permit intra-interface
access-list NONAT extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list Split standard permit 192.168.1.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
ip local pool mypool 172.16.1.1-172.16.1.253 mask 255.255.255.0
no failover
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NONAT
nat (inside) 1 192.168.1.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 213.212.66.49 1
route outside 172.16.1.0 255.255.255.0 213.212.66.49 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy hospira internal
group-policy hospira attributes
vpn-simultaneous-logins 400
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split
webvpn
username user password 08S9WUsiSMr3RauN encrypted
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set hospira esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map dmap 1 set transform-set hospira
crypto dynamic-map dmap 1 set security-association lifetime seconds 28800
crypto dynamic-map dmap 1 set security-association lifetime kilobytes 4608000
crypto dynamic-map dmap 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dmap
crypto map mymap 2 match address NONAT
crypto map mymap 2 set security-association lifetime seconds 28800
crypto map mymap 2 set security-association lifetime kilobytes 4608000
crypto map mymap interface outside
isakmp identity address
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
isakmp policy 65535 authentication pre-share
isakmp policy 65535 encryption 3des
isakmp policy 65535 hash sha
isakmp policy 65535 group 2
isakmp policy 65535 lifetime 86400
isakmp nat-traversal 20
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group hospira type ipsec-ra
tunnel-group hospira general-attributes
address-pool mypool
default-group-policy hospira
tunnel-group hospira ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh timeout 5
console timeout 0
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect icmp error
service-policy global_policy global
Cryptochecksum:98f85c39a5cbffe66b0f6585d5083c7c
: end
Many thanks

Hi Richard ,
- we don't need access-list with RA connection , we have the dynamic map that acts as a template , so your crypto config :
crypto map mymap 1 ipsec-isakmp dynamic dmap
crypto map mymap 2 match address NONAT
crypto map mymap 2 set security-association lifetime seconds 28800
crypto map mymap 2 set security-association lifetime kilobytes 4608000
crypto map mymap interface outside
map with seq 1 is being binded to the dynamic map , now map 2 you are using the nonat access list as the encryption trigger for this map , so this should not be there as it encrypt traffic from the inside subnet to the pool .
please remove the second entry, then test if not working please provide a capture from the inside interface .
HTH
Mohammad.

IMac either or has been remotely accessed, has malicious code, is hacked and/or all of the aforementioned or something that I have not yet researched. With my health issues, my Mac keeps me from thinking about the pain and disability I have. Thank you.

Hello,
I'm giving it one more chance and then Mac goes into trash. My iMac is either remotely accessed, perhaps malicious code, hacked and/or all of the aforementioned. I am not savvy in these areas. Please read some of the many symptoms and if you can assist me -- I am beyond grateful. If you want to say it is my fault because I allowed somebody to use my computer or other nonsense please do not waste my time or yours. This is serious and has been going on for a period of time that is longer then I can remember!
I have a neighbor, lives in my apartment building, 'had' physical access to my iMac. Shortly after this I started to have problems that beyond any nightmare I have ever heard of - whether it be Windows or Apple! Please feel free to ask me any question(s) that might help me rid my iMac of this malicious act as the police have been useless -- say they do not have equipment to check my Mac. FBI can't b bothered.
It is more then clear that a person(s) has access and has messed up the OS, among other terrible things. He took over my Facebook account months ago, posted as though he was me. He also prevented me from getting back into FB and Yahoo to close those connected accounts. Went to an Apple store, under protection of their router and removed FB/Yahoo accounts. The pages that were showing at home turned out to be fake pages controlled by him. (Think they are called "defaced").
Anytime I did a 7X or zero out clean install -- he was there before I even hooked up the router!!!
It came to a point that I can no longer even get to the erase/Utility/install from my apartment so I took it to Apple more then once. Besides erase/install, I turned off ALL Sys Preferences that could alert him to Mac. The last time I received a gray Install CD and was told to take it out of the building and do another erase/install. There is no sense of going through this until I know if/how to get rid of him.
Also when I first sign on I ALWAYS get a 192.168.100.11. I do NOT have a router. I then go to System Preferences to Network and click "renew DHCP" several times before I get an IP addy! I am not savvy in this area but do feel that this is a major clue.
Passwords have been changed, master password is not something I can access which prevents me updating, etc., etc.
I will not bombard you with every detail as that would take several pages. I am beyond desperate. Will be happy to provide further details to serious responders only.
Thank you.
'REQUIRE ASSISTANCE'
Heartfelt sympathy to the many family members, friends, people who loved Steve Jobs even though they never met him -- RIP Steve. You are missed.

If you really believe that your system has been compromised, here's what you do:
Disconnect your Mac from your cable modem;
Back up any documents on your system that are important to you;
Boot your Mac from the system installation disks that came with it (insert the disk, restart your Mac, and hold down the "c" key until you get the "spinning gear" icon);
Choose a language and click the arrow button to continue;
From the Utilities menu, choose Disk Utility;
In Disk Utility, select your computer's hard drive;
Click the "Erase" tab;
Click the "Security Options" button and select to have it overwrite all the data on the hard drive;
Click the "Erase" button and allow it to process;
Once the "erase process has completed (it will take a while), reinstall Mac OS X.
Or, if this is too much for you to accomplish on your own, take your system to an Apple Store and have them help you perform these steps. If your system was indeed compromised, this will remove any such hack. You can then set up a new user account for the computer, reinstall your applications (reinstall only from original disks or downloads from the company making the software) and documents, and reconnect to the Internet.
Note that when you reconnect to the cable modem, you may still get an IP address starting with 198. This is normal with some cable modems and probably not a cause for concern. It will not be an indication that your system is still compromised; that will not be possible if you perform all the above steps.
Regards.

LMS 4.0 Remote Access Issue

Similar Messages

Maybe you are looking for