Low cost router with DHCP option 66

Similar Messages

• Low-cost OS X purchase option for obsolete iBooks?

  I have some obsolete iBook G3 500 mhz / 10 gig / 128 meg / CD and iBook G3 700 mhz / 20 gig / 128 meg / Combo. I have been thinking about just throwing them in the trash. Someone tells me, no no don't do that, you can sell them on ebay for ... $50 each or so. Woo.
  (Oh, and yes a bunch of them do have that powerful sweaty "iBook Stink" keyboard problem. I am not sure what the official Apple solution is. Anyone tried applying Old Spice to a keyboard?)
  Well the only way they are going to be useful is to run at least a newer OS than the 9.2.2 / 10.2 they have. And If I have to pay $120 per license for 10.4, there's really no point starting this exercise and I should go back to the original plan, electronics waste disposal. Preferably with a sledgehammer.
  Microsoft has a way to deal with this. They practically give away Windows XP and now Windows 7 for low-cost rebuilt PCs through their refurbisher program, and the licenses cost something like $5-10 per computer.
  Microsoft Refurbisher Program
  http://www.microsoft.com/refurbishedpcs/programs.aspx
  Is there a refurbisher licensing program for cheap old licenses of OS X, from Apple? I am not finding anything.
  But I went through this previously. I'm mainly just looking for an update.
  I wrote to Steve directly a few years ago asking about free or low-cost OS X licenses for these obsolete Macs, and Apple responded with the name of an electronics recycler near me. (Really!) Once support ends in about 3-4 years, who cares? Apple sure doesn't. And besides, you should be buying "the next one", to stay all hip and cool and "with it", anyway.
  Still looks like trashing them is the best option, as trying to sell them for $20 per machine with 9.2.2 / 10.2 is not worth my time to pack and ship them..

  txformer wrote:
  Apple sure doesn't.
  Precisely.
  BDAqua wrote:
  I have no idea what Apple has to lose by making say 10.4 available cheaply, certainly no sales loses
  No? Through forced obsolescence you are removing older computers from the market and obliging people to buy newer, so faster turnover and sales of newer (unless they decide that they give up on Macs).  Fast forward 5 years. Scenario where Apple sticks with their pattern of no longer selling old versions, nor will they be available on disc because it's all download.  How will you get hold of Lion 5 years from now to make a 2008 Mac functional in 2017?  I suspect the used Mac market will really be hit hard because our current means of updating older Macs by finding old discs on the used market will be gone.  Right now I can buy a 6 year old OS (Leopard) to make my 10 year old Quicksilver still pretty functional in 2012.  I am not sure we will be able to do the equivalent in a few years from now becuse we won't have a means of getting hold of the new system versions unless you buy one now and stick it on the shelf "just in case".
  Only thing I can think of is maybe a Family Pack install Disc.
  Technically those are for family use, not selling 5 computers to anybody on e-bay.  In that regard you'd be no better off with a family pack than a single installer.

• ISG with DHCP Option 82 sessions

  Greetings, I'm looking to roll out a GPON deployment using the ISG as our BRAS with DHCP-based sessions but we are experience some problems with session restart.  Were using an external DHCP server and RADIUS.  Sessions come up fine the first time, but if there is an existing session and the CPE node is rebooted the session get's "stuck". To clear the session we turn off the CPE device, clear the state in the GPON shelf and wait for more than 5 minutes.  Doing some debug shows the SG-DPM process thinking there is an existing DHCP lease that seems to clear out after five minutes of "silence".  I'd like to get this five minutes down to something in the less than 60 seconds range.  Anybody know of any knobs to tweak this?
  Dec  2 12:49:19.642 EST: SG-DPM: getting the context for mac_address = 0024.c823.7322
  Dec  2 12:49:19.642 EST: SG-DPM: input override for mac_address = 0024.c823.7322
  Dec  2 12:49:19.642 EST: SG-DPM: null input interface from dhcp,returning access interface GigabitEthernet0/3.300
  Dec  2 12:49:19.642 EST: SG-DPM: DHCP Offer notification from client, mac_address = 0024.c823.7322
  Dec  2 12:49:19.642 EST: SG-DPM: getting the context for mac_address = 0024.c823.7322
  Dec  2 12:49:19.642 EST: SG-DPM: Aborting update. IP address: 10.2.2.162 hasn't changed
  Running 12.2 (31) SB19 with the following code snippet:
  aaa authorization subscriber-service USER_LOGON group radius
  policy-map type control USER
  class type control always event session-start
    20 authorize aaa list USER_LOGON password blablabla identifier circuit-id
    30 service disconnect
  interface GigabitEthernet0/3.300
  encapsulation dot1Q 300
  ip dhcp relay information trusted
  ip address 10.1.1.1 255.255.255.224
  ip helper-address 10.10.10.10
  no cdp enable
  service-policy type control USER
  ip subscriber l2-connected
    initiator dhcp

  Try...
  If the session is still un an unauthenticated state setting the unauthe timer will help:
  class type control always event session-start
    25 set-timer IP_UNAUTH_TIMER 6
  But if the session is authenticated then it is suggested to set a idle timeout value like this:
  policy-map type service IDLE_TIME_SERVICE
  class type traffic IDLE_TIME
    timeout idle 600
  class type control always event session-start
  24 service-policy type service name IDLE_TIME_SERVICE
  Shelley.

• How do I connect my HP Laserjet 1102w directly to a Linksys AE3500 wireless router with USB option?

  I am trying to connect an HP Laserjet 1102w directly to an HP desktop model a172n with Windows Vista Home Premium OS (32 bit) through a new Linksys AE3500 dual band wireless router which has a USB port for a direct connection. The desktop can see the wireless router but not the printer.
  Is there a work around, a printer installer update, or some other solution that enables me to connect the desktop to the printer via the USB connection on the wireless router? I need to have one wireless laptop and one non-wireless desk computer able to use the one printer.
  Thanks for any assistance!
  Murleen Ray

  hi there,
  It seems as though this situation will require the Cisco connect software to function properly. Check out this article from the cisco knowledge base. It has the step by step setup specific to your case. Let us know if this helps or if you have already been through these steps.
  Best of Luck!
  You can say thanks by clicking the Kudos Star in my post. If my post resolves your problem, please mark it as Accepted Solution so others can benefit too.

• Intel Anti-Theft Technology: Low cost enterprise options

  Working in education, I'm looking for a low cost option for implementing anti-theft tech. All we need is a way to disable stolen computers, in order to deter thieves in the future. We don't expect to recover stolen equipment, so tracking is not needed. Computrace is too expensive. SecureDisable seems like a good option without unnecessary features, but still seems like a lot for a simple service.
  Anybody have any experience in this area?
  Are pay services absolutely required for this tech? What about writing a custom management plug-in?

  Hello,
  Two thoughts:
  Check with your existing vendor(s) of security software to see if they offer an anti-theft module or product as an add-on to your existing license.
  The open source Prey Project is another solution to investigate.
  Regards,
  Aryeh Goretsky
  I am a volunteer and neither a Lenovo nor a Microsoft employee. • Dexter is a good dog • Dexter je dobrý pes
  S230u (3347-4HU) • X220 (4286-CTO) • W510 (4318-CTO) • W530 (2441-4R3) • X100e (3508-CTO) • X120e (0596-CTO) • T61p (6459-CTO) • T43p (2678-H7U) • T42 (2378-R4U) • T23 (2648-LU7)
    Deutsche Community   Comunidad en Español Русскоязычное Сообщество

• Low cost storage options

  Hi,
  We are new to grid etc. We are a little frustrated at the costs involved in setting up shared storage with expandability.
  We want to use commodity hardware for our servers.
  We want to be able to add additional storage when space becomes an issue.
  I have read that using NFS and/or Firewire is not a suitable production solution.
  Does anybody have a low cost, commodity hardware storage solution?
  Thanks
  Ben

  go for AX100.
  Source : www.dell.com .... The award-winning Dell/EMC AX100 and the new Dell/EMC AX100i are designed to bring customers an easy-to-use, low-cost SAN solution. The AX100 and the AX100i are ideal storage arrays for small workgroups, medium-sized businesses or branch offices of large corporations.
  Rgds
  kaps

• Best low cost camcorder to use with imovie?

  Currently use windows movie maker and Canon A620 for simple home movies. Some other movie programs won't recognize the Canon format from the camera. Considering macbookpro when leopard and ilife 07 released.
  Looking at lower cost comparisons between Sony and Canon in tape and mini DVD. Sony had better reliability & picture & sound ratings in leading consumer magazine of older similar models, but I had the impression Canon might work better with Apple in general?
  Also is the current version of iMovie not compatible with formats used by miniDVD?
  Since these cameras are all newer will iMovie recognize them, or is there an update to improve compatibility with newer models
  Specifically comparing:
  Canon ZR850 to Sony DCR-HC38 Mini DV
  Canon DC-210 to Sony DCR-DVD108 Mini DVD
  Looking for comments or other recommendations
  Thanks,
    Windows XP  

  Mark,
  You wrote: "..My iMac has 1-400MB and 1-800MB Firewire port. The 400MB port is in use by a hard drive so I want to use the 800MB port for a camcorder. My research has led me to a Firewiredirect.com site that has 4pin to 9pin cables, so I think this will work.."
  ..but I doubt it.
  I've never got a Sony camcorder to work with a Mac by connecting it with a 4-pin-to-9-pin cable to a FireWire 800 port. But you may be luckier!
  However, I often get a Sony camcorder to work by "daisy-chaining" it through an FW400 hard drive, as long as the external hard drive has two FW400 sockets on it. Not all camcorders will work this way - and notably not Canons.
  But if the hard drive has two FW400 connections, connect the drive to the Mac with one of them, and plug the camcorder into the other socket on the hard drive. (..You may have to experiment by swapping over the connections to see which way works best..)
  With a Sony camcorder plugged into the hard drive, and the hard drive plugged into the Mac, the camcorder should be perfectly visible to the Mac ..and you should be able to save your video onto either the Mac's internal disc, or the external disc ..as long as the external disc is formatted as 'Mac OS Extended', and not as MS-DOS-compatible, or FAT32, or some other Windows format.
  If your external hard disc has an FW800 socket, then I'd connect it into your iMac via FW800, and plug the camcorder into the FW400 socket on the Mac. The hard disc - if it has an FW800 connection - will probably work better (..i.e; faster..) through that connection anyway.

• Kindly Is the Linksys E4200 Dual Band Router compatible with DHCP and VPN ?

  Kindly 
  Is the Linksys E4200 Dual Band Router compatible with DHCP and VPN?
  Thanks,

  Linksys/Cisco E4200 are compatible with DHCP. Second, these Wireless-N routers are only capable of enabling the VPN traffic to pass through the device.  You will need a VPN router and software to create the actual network to connect with your VPN client.

• Configure WRT54G Wireless Router with PUBLIC IP address and use DHCP for internal computers

  Hi,I have an Internet online service with 5 public IP addresses. The router and the AP are connected to a switch. I would like to configure a WRT54G wireless router with one of this IP public Address and use DHCP (with private ip address)  for the computers that will connect to the AP. As the AP is connected to the switch it is possible that other wired computers that are connected to the same switch can obtain an IP address from the DHCP ?
   Thansk in advance
   

  Thanks for your help. Please correct me if Im wrong. After connecte the equipments the way you suggestI setup a static IP address (The public IP)  in the WRT54GI enable DHCP in the WRT54G with a range from 10.10.0.100 to 10.10.0.200 (as an example) The gateway is the Public IP address right ? How do I route the 10.10.0.x addresses to the public IP address. Thansk again 

• How to write query with low cost

  hi
  i want to write a query of low cost for the following scenario.
  in a table
  if a person got a salary >=10000 he is in grade A
  if a person got salary >=7000 he is in grade B
  if a person got salary >=5000 he is in grade C
  if a person got salary >=3000 he is in grade D
  else grade E.

  use CASE
  case when salary >= 10000 then 'A'
         when salary >= 7000 then 'B'
         else 'E'
  end as grade
       

• Malfunction of Low balanace router

  I encounter the following Forte problem:
  The low-balancing routers are somtimes disconnected from the environment and
  show the following errors in the router log.
  However the routers continuously stay on ONLINE.
  Is it a bug in Forte 3.0.F.2? The existing replicates under the routers are
  also ONLINE and no error is recorded down in each replicate's log file.
  I have already turn off the Keep Alive feature which causes sudden
  disconnection (stated on the Forte defect report).
  Any suggestion is welcome.
  Rgds
  Tom
  INFORMATION: An abnormal disconnect from partition
  (30B47390-88AA-11D1-89C9-8754A988AA77:0x9e9ba) was received. Since there
  are
  no method invocations outstanding to this partition, no notification could
  be
  given of this disconnect (by indicating a method invocation failed).
  Therefore, the information associated with this disconnect is being
  reported
  to the log.
  Class: qqsp_DistAccessException
  Error #: [601, 119]
  Detected at: qqdo_PartitionMgr::StopLocation at 2
  Error Time: Tue Nov 30 11:09:53
  Exception occurred (locally) on partition "OP_MB_BLF_cl1_Part21-router",
  (partitionId = 30B47390-88AA-11D1-89C9-8754A988AA77:0x9ebd0, taskId =
  [30B47390-88AA-11D1-89C9-8754A988AA77:0x9ebd0.5365]) in application
  "OP_MB_BLF_cl1", pid 31331 on node seattle in environment ProductEnv.
  INFORMATION: The connection to the partner was terminated by the
  Communication Manager for the reasons below.
  Class: qqsp_DistAccessException
  Detected at: qqdo_PartitionMgr::StopLocation at 1
  Error Time: Tue Nov 30 11:09:53
  Exception occurred (locally) on partition
  "OP_MB_BLF_cl1_Part21-router", (partitionId =
  30B47390-88AA-11D1-89C9-8754A988AA77:0x9ebd0, taskId =
  [30B47390-88AA-11D1-89C9-8754A988AA77:0x9ebd0.5365]) in
  application
  "OP_MB_BLF_cl1", pid 31331 on node seattle in environment
  ProductEnv.
  SYSTEM ERROR: Failed to establish connection: OS Error 61: Connection
  refused
  Class: qqsp_DistAccessException
  Detected at: qqcm_HoseFSM::SetError at 5
  Error Time: Tue Nov 30 11:09:53
  Exception occurred (locally) on partition
  "OP_MB_BLF_cl1_Part21-router", (partitionId =
  30B47390-88AA-11D1-89C9-8754A988AA77:0x9ebd0, taskId =
  [30B47390-88AA-11D1-89C9-8754A988AA77:0x9ebd0.5365]) in
  application
  "OP_MB_BLF_cl1", pid 31331 on node seattle in environment
  ProductEnv.
  SYSTEM ERROR: hose 23 STATE_CONNECTING (EXT_RECEIVED) from
  qqcm_HoseFSM::IssueConnect (after EstablishConnection)
  Class: qqsp_ErrorDescriptor
  Detected at: qqcm_HoseFSM::SetError at 1
  Error Time: Tue Nov 30 11:09:53
  Exception occurred (locally) on partition
  "OP_MB_BLF_cl1_Part21-router", (partitionId =
  30B47390-88AA-11D1-89C9-8754A988AA77:0x9ebd0, taskId =
  [30B47390-88AA-11D1-89C9-8754A988AA77:0x9ebd0.5365]) in
  application
  "OP_MB_BLF_cl1", pid 31331 on node seattle in environment
  ProductEnv.

  Dear Sage,
  Thank you for reaching the Small Business Support Community.
  Unfortunately none of the Small Business routers were intended to provide DHCP option 66 for IP Phones configuration via TFTF server. I suggest you to look for a enterprise device for that matter, like an ASA for example, and you can also inquire about a low cost option from their community support forum.
  My job role in Cisco, among several, is to identify business opportunities and product enhancements for the Small Business products so I am definitely going to suggest this option 66 feature for future firmware releases.
  Please do not hesitate to reach me back if there is anything I may assist you with in the meantime.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• Can I use Time Capsule to share a public ip within a network with DHCP enabled?

  Hi I have a router with 8 public ip's which is doing DHCP for the public ip's I own. What I am trying to do is to give a static public IP to my Time Capsule and then the time capsule should create another network (both wired and wireless) with private IP (eg. 192.168.1.xxx) and do DHCP to the connected to time capsule devices.
  I tried to select the option SHARE A PUBLIC IP but it is not working.
  Any help?
  Armandos

  I am assuming that the static IP address that you are attempting to assign the WAN-side of the Time Capsule is one of the eight Public IP addresses available to you ... correct?
  If so, then you should be able to configure the TC's WAN port for either: 1) Use the "Using DHCP" option to grab one of these Public IP addresses from the upstream router's DHCP server, or 2) Use the "Manually" option, and then, enter the appropriate IP addresses in their appropriate fields.
  With the Connection Sharing = Share a public IP address selected, the TC's NAT & DHCP services will be enabled and they should be able to provide a Private LAN behind it.
  Are either or neither the TC's WAN or LAN sides working properly?

• RA VPN into ASA5505 behind C871 Router with one public IP address

  Hello,
  I have a network like below for testing remote access VPN to ASA5505 behind C871 router with one public IP address.
  PC1 (with VPN client)----Internet-----Modem----C871------ASA5505------PC2
  The  public IP address is assigned to the outside interface of the C871. The  C871 forwards incoming traffic UDP 500, 4500, and esp to the outside  interface of the ASA that has a private IP address. The PC1 can  establish a secure tunnel to the ASA. However, it is not able to ping or  access PC2. PC2 is also not able to ping PC1. The PC1 encrypts packets  to PC2 but the ASA does not to PC1. Maybe a NAT problem? I understand  removing C871 and just use ASA makes VPN much simpler and easier, but I  like to understand why it is not working with the current setup and  learn how to troubleshoot and fix it. Here's the running config for the C871 and ASA. Thanks in advance for your help!C871:
  version 15.0
  no service pad
  service timestamps debug datetime msec localtime
  service timestamps log datetime msec localtime
  service password-encryption
  hostname router
  boot-start-marker
  boot-end-marker
  enable password 7 xxxx
  aaa new-model
  aaa session-id common
  clock timezone UTC -8
  clock summer-time PDT recurring
  dot11 syslog
  ip source-route
  ip dhcp excluded-address 192.168.2.1
  ip dhcp excluded-address 192.168.2.2
  ip dhcp pool dhcp-vlan2
     network 192.168.2.0 255.255.255.0
     default-router 192.168.2.1
  ip cef
  ip domain name xxxx.local
  no ipv6 cef
  multilink bundle-name authenticated
  password encryption aes
  username xxxx password 7 xxxx
  ip ssh version 2
  interface FastEthernet0
  switchport mode trunk
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  description WAN Interface
  ip address 1.1.1.2 255.255.255.252
  ip access-group wna-in in
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  no cdp enable
  interface Vlan1
  no ip address
  interface Vlan2
  description LAN-192.168.2
  ip address 192.168.2.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  interface Vlan10
  description router-asa
  ip address 10.10.10.1 255.255.255.252
  ip nat inside
  ip virtual-reassembly
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip nat inside source list nat-pat interface FastEthernet4 overload
  ip nat inside source static 10.10.10.1 interface FastEthernet4
  ip nat inside source static udp 10.10.10.2 500 interface FastEthernet4 500
  ip nat inside source static udp 10.10.10.2 4500 interface FastEthernet4 4500
  ip nat inside source static esp 10.10.10.2 interface FastEthernet4
  ip route 0.0.0.0 0.0.0.0 1.1.1.1
  ip route 10.10.10.0 255.255.255.252 10.10.10.2
  ip route 192.168.2.0 255.255.255.0 10.10.10.2
  ip access-list standard ssh
  permit 0.0.0.0 255.255.255.0 log
  permit any log
  ip access-list extended nat-pat
  deny   ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
  permit ip 192.168.2.0 0.0.0.255 any
  ip access-list extended wan-in
  deny   ip 192.168.0.0 0.0.255.255 any
  deny   ip 172.16.0.0 0.15.255.255 any
  deny   ip 10.0.0.0 0.255.255.255 any
  deny   ip 127.0.0.0 0.255.255.255 any
  deny   ip 169.255.0.0 0.0.255.255 any
  deny   ip 255.0.0.0 0.255.255.255 any
  deny   ip 224.0.0.0 31.255.255.255 any
  deny   ip host 0.0.0.0 any
  deny   icmp any any fragments log
  permit tcp any any established
  permit icmp any any net-unreachable
  permit udp any any eq isakmp
  permit udp any any eq non500-isakmp
  permit esp any any
  permit icmp any any host-unreachable
  permit icmp any any port-unreachable
  permit icmp any any packet-too-big
  permit icmp any any administratively-prohibited
  permit icmp any any source-quench
  permit icmp any any ttl-exceeded
  permit icmp any any echo-reply
  deny   ip any any log
  control-plane
  line con 0
  exec-timeout 0 0
  logging synchronous
  no modem enable
  line aux 0
  line vty 0 4
  access-class ssh in
  exec-timeout 5 0
  logging synchronous
  transport input ssh
  scheduler max-task-time 5000
  end
  ASA:
  ASA Version 9.1(2)
  hostname asa
  domain-name xxxx.local
  enable password xxxx encrypted
  xlate per-session deny tcp any4 any4
  xlate per-session deny tcp any4 any6
  xlate per-session deny tcp any6 any4
  xlate per-session deny tcp any6 any6
  xlate per-session deny udp any4 any4 eq domain
  xlate per-session deny udp any4 any6 eq domain
  xlate per-session deny udp any6 any4 eq domain
  xlate per-session deny udp any6 any6 eq domain
  passwd xxxx encrypted
  names
  ip local pool vpn-pool 192.168.100.10-192.168.100.35 mask 255.255.255.0
  interface Ethernet0/0
  switchport trunk allowed vlan 2,10
  switchport mode trunk
  interface Ethernet0/1
  switchport access vlan 2
  interface Ethernet0/2
  shutdown
  interface Ethernet0/3
  shutdown
  interface Ethernet0/4
  shutdown
  interface Ethernet0/5
  shutdown
  interface Ethernet0/6
  shutdown
  interface Ethernet0/7
  shutdown
  interface Vlan1
  no nameif
  no security-level
  no ip address
  interface Vlan2
  nameif inside
  security-level 100
  ip address 192.168.2.2 255.255.255.0
  interface Vlan10
  nameif outside
  security-level 0
  ip address 10.10.10.2 255.255.255.252
  ftp mode passive
  clock timezone UTC -8
  clock summer-time PDT recurring
  dns server-group DefaultDNS
  domain-name xxxx.local
  object network vlan2-mapped
  subnet 192.168.2.0 255.255.255.0
  object network vlan2-real
  subnet 192.168.2.0 255.255.255.0
  object network vpn-192.168.100.0
  subnet 192.168.100.0 255.255.255.224
  object network lan-192.168.2.0
  subnet 192.168.2.0 255.255.255.0
  access-list no-nat-in extended permit ip 192.168.2.0 255.255.255.0 192.168.100.0 255.255.255.0
  access-list vpn-split extended permit ip 192.168.2.0 255.255.255.0 any
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  nat (inside,outside) source static lan-192.168.2.0 lan-192.168.2.0 destination static vpn-192.168.100.0 vpn-192.168.100.0 no-proxy-arp route-lookup
  object network vlan2-real
  nat (inside,outside) static vlan2-mapped
  route outside 0.0.0.0 0.0.0.0 10.10.10.1 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  aaa authentication http console LOCAL
  http server enable
  http 192.168.2.0 255.255.255.0 inside
  http 10.10.10.1 255.255.255.255 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec security-association pmtu-aging infinite
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-256-SHA
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto ca trustpool policy
  crypto ikev1 enable outside
  crypto ikev1 policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 192.168.2.0 255.255.255.0 inside
  ssh 10.10.10.1 255.255.255.255 outside
  ssh timeout 20
  ssh version 2
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  anyconnect-essentials
  group-policy vpn internal
  group-policy vpn attributes
  dns-server value 8.8.8.8 8.8.4.4
  vpn-tunnel-protocol ikev1
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value vpn-split
  default-domain value xxxx.local
  username xxxx password xxxx encrypted privilege 15
  tunnel-group vpn type remote-access
  tunnel-group vpn general-attributes
  address-pool vpn-pool
  default-group-policy vpn
  tunnel-group vpn ipsec-attributes
  ikev1 pre-shared-key xxxx
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:40c05c90210242a42b7dbfe9bda79ce2
  : end

  Hi,
  I think, that you want control all outbound traffic from the LAN to the outside by ASA.
  I suggest some modifications as shown below.
  C871:
  interface Vlan2
  description LAN-192.168.2
  ip address 192.168.2.2 255.255.255.0
  no ip nat inside
  no ip proxy-arp
  ip virtual-reassembly
  ip access-list extended nat-pat
  no deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
  no permit ip 192.168.2.0 0.0.0.255 any
  deny ip 192.168.2.0 0.0.0.255 any
  permit ip 10.10.10.0 0.0.0.255 any
  ASA 5505:
  interface Vlan2
  nameif inside
  security-level 100
  ip address 192.168.2.1 255.255.255.0
  Try them out and response.
  Best regards,
  MB

• DHCP Option Tags are not being applied...

  Hi,
  About to loose my mind... basically we are working towards a small WYSE Thin Client deployment in our environment.  The WYSE clients require to receive certain DHCP Option Tags to find the WCM server of which they receive their configuration from.  Same
  applies to the WDM Server as well.  The problem is no matter what we do, our test client is not receiving the custom option tags we've defined in our DHCP server.  
  DHCP Servers:
  vlan41
  10.40.1.206
  10.40.1.207
  Test Client:
  vlan46 - ip helpers defined on the switch
  Set to receive the same ip address from the DHCP server through the reservation route.
  Option Tags:
  186 - WDM Server - 10.40.1.184
  195 - WCM Server - 10.40.1.185
  196 - WCM Path - / 
  I've installed Wire Shark on the test client to monitor the DHCP activity.  The above custom options tags are not being pushed on to the client.  
  The Router, DNS Server and Domain Tags are being pushed.  So it's working but also not working????!!!
  Anybody with some insight to this problem?

  Hi hpaul_p
  In all fairness I'm about to give up... the vendor is not coming up with a solution and constantly blaming Microsoft.  To further test and confirm this wasn't a network issue, I've setup a secondary test environment using a 4 port switch, a client and
  a DHCP server.  Same results!!!  I'm really running out of time, so my work around is this:  I've setup a SRV records pointing to the WCM server... in your case this would be SRV record for the WDM server.  I've disabled the auto
  discovery functionality of the WDM Agent, for some reason it seems to be clashing with the WCM agent.  Since you will be using WDM only, don't disable auto discovery, tick the DNS SRV record from the Discovery Settings under the client agent. 
  I'm going to add the clients to the WDM server manually through their ip addresses so don't need auto discovery. From what I gather from the manuals the WCM searches for the repository or conifg servers in this order:  1. SRV 2.DNS (A record)
  3.DHCP (Options), I bet it's the same with WDM.  Though SRV and DNS methods has their limitations, if you will be using the default paths and credentials it shouldn't be a problem.  This is all I have have.  Steven Song I've forwarded you the
  DHCP database, if you find any problems with it please let me know.

• Which is the best low-cost camera for my use?

  Hi everyone. Been busy and off the forums for a while, but need your expertise once again.
  I just found out that the Panasonic HVX-200p that's been on loan to me for 2 years has to be returned. Since I run a non-profit, I am thinking about asking my major donors to buy one for us. So, the question becomes which one? I own the CS4 MC, and you can see my other info in my profile.
  I only do educational-type videos in an interview format against a green screen so far. I've been capturing direct to OnLocation via 1394 FireWire at 720p/60fps and editing in an HDV 720p/30 sequence. I sometimes do "man on the street" segments (capturing to OnLocation on laptop). I integrate numerous PSD graphics as educational slides, a lot of AE projects I get from videohive and customize, render, & import into PP, and motion backgrounds like Pond5's weekly free stock footage (much of this stuff gets resized, of course). I do some scoring and some SFX and export the audio to SB for touchup. I use a bunch of Lowes/Home Depot worklamps with fluorescent bulbs for lighting the subject and background. I key my backgrounds using PP/AE Dynamic Link. Oh, and I'll need a lapel mic and a tripod, too. I would prefer not to rule out shooting at 1080i/p at some point.
  I export H.264 highlight clips which get uploaded to Vimeo and embedded in our website using prettyPhoto features. Ultimately, the finished PP project is exported as MPEG2-DVD, finished in Encore, burned via ImgBurn. If you want to see a good example, watch this http://vimeo.com/23346431. Caution: this is religious material. Be sure to repent before watching
  So, there's not really much heavy lifting here. But when it comes to what is the minimum I need with the options of capture formats, etc., I'm clueless. I've read about problems with AVCHD, and although low-cost, is it really a problem for what I do? I trust this forum more than online reviews, and I'd appreciate recommendations of specific models and where to buy, if possible. Also, what about used cameras? Please remember, the budget is tight.
  All suggestions and questions are welcome and very much appreciated.
  Paul

  Actually, two things surprise me in your statement and one is simply incorrect:
  As for Broadcast quality..... a little station called CNN - you might have heard about them bought 250 of them from Panasonic about a year ago.
  First, that CNN would buy JVC cameras not from JVC, but from Panasonic.
  Second, there are no JVC cameras on the BBC approved list at all, see http://downloads.bbc.co.uk/commissioning/site/BBC_Approved_HD_Cameras.pdf and the only affordable ones on the list in the handheld category are the Canon XF300/305. Maybe that is the reason the BBC bought 350 of these. Even the Sony XDCAM EX is only accepted in combination with a 50 Mb disk drive, not in the native 35 Mb format.
  The BBC approved list is a list that most broadcasters adhere to, including CNN, Discovery, ARD and NGC.
  The JVC GY-HD100U is definitely not acceptable for HD, and in no way HD broadcast ready. But that CNN bought that number of these cameras is probably caused by the fact that they think these deliver better quality than regular phones. And it does not use XDCAM, but a very simple HDV codec, limited to 1280 x 720 resolution. See http://pro.jvc.com/prof/attributes/specs.jsp?model_id=MDL101539&feature_id=03
  This simply means that the Canon codec is very acceptable to the BBC for HD programs. The XF100 uses the same codec, but is only a single sensor camera and for that reason alone not approved by the BBC.
  Paul, if you can live with the limitations of a single sensor camera - and given your intended purposes, I think you can - the JVC does not even come close and the XF100 material will be hardly worse than the XF300/305. To the untrained eye the results are almost the same.