Need help with ASA config to set up proxy on DMZ
Hello guys,
I have a problem, I´m trying to configure an ASA as shown in the attached scenario.
I need that all inside users to go to the proxy server on DMZ and from there they will go out to the internet.
Right now i have:
INSIDE INTERFACE
Access-list inside permit ip 10.1.1.0 255.255.255.0 host 11.1.1.6
DMZ INTERFACE
Access-list dmz permit ip host 11.1.1.6 any
OUTSIDE INTERFACE
Access-list outside permit ip any host <proxy server public ip>
REGARDING NAT I HAVE THE FOLLOWING:
Static (dmz,outside) <proxy server public> 11.1.1.6 netmask 255.255.255.255
My question would be if it would work with this configuration? Do i need to apply Nat on my inside hosts? Would all my inside hosts when reached the ASA will be send to the proxy and then through the proxy it will send them back to the ASA and then to the internet??
Thanks,
Tony
Hello Jennifer,
Thanks for your response. So basically i will need to add a static to allow trafic from inside to dmz without being natted. I don't know what proxy server it will be, the server would be managed by another party, but in my inside hosts i will need to set all the parameters to point to the proxy, once this done trafic will go out through the proxy server to the dmz interface of the ASA and then to the outside world, is that correct?
Do you think this configuration would work???
Outside = security 0
Inside = security 100
DMZ = security 50
static (dmz,outside) 11.1.1.6 netmask 255.255.255.255
static (inside,dmz) 10.1.1.0 10.1.1.0 netmask 255.255.255.0
access-list inside permit tcp 10.1.1.0 255.255.255.0 any
access-list dmz permit ip host 11.1.1.6 any
access-group inside in interface inside
access-group dmz in interface dmz
Basically with this configuration my web request will go to the proxy on the DMZ and then from there it will go out to the internet??
Thanks
Similar Messages
-
Hi,
I'm using Adobe Flash CS3 Professional version of Flash
software,
I need help and guidance on
Different approaches to setting variables in a Flash movie,
what I should do in the fla file, and in the html file.
Thanks, GilHi petro_jemes,
Just a little claritification, you need to add the value to the variable "[string]$ou", and also change the language in the variable "$emailbody" in the function "Get-ADUserPasswordExpirationDate".
I hope this helps. -
Need help with ASA 5512 and SQL port between DMZ and inside
Hello everyone,
Inside is on gigabitEthernet0/1 ip 192.9.200.254
I have a dmz on gigabitEthernet2 ip 192.168.100.254
I need to pass port 443 from outside to dmz ip 192.168.100.80 and open port 1433 from 192.168.100.80 to the inside network.
I believe this will work for port 443:
object network dmz
subnet 192.168.100.0 255.255.255.0
object network webserver
host 192.168.100.80
object network webserver
nat (dmz,outside) static interface service tcp 443 443
access-list Outside_access_in extended permit tcp any object webserver eq 443
access-group Outside_access_in in interface Outside
However...How would I open only port 1433 from dmz to inside?
At the bottom of this message is my config if it helps.
Thanks,
John Clausen
Config:
: Saved
ASA Version 9.1(2)
hostname ciscoasa-gcs
domain-name router.local
enable password f4yhsdf.4sadf977 encrypted
passwd f4yhsdf.4sadf977 encrypted
names
ip local pool vpnpool 192.168.201.10-192.168.201.50
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 123.222.222.212 255.255.255.224
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.9.200.254 255.255.255.0
interface GigabitEthernet0/2
nameif dmz
security-level 100
ip address 192.168.100.254 255.255.255.0
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name router.local
object network inside-subnet
subnet 192.9.200.0 255.255.255.0
object network netmotion
host 192.9.200.6
object network inside-network
subnet 192.9.200.0 255.255.255.0
object network vpnpool
subnet 192.168.201.0 255.255.255.192
object network NETWORK_OBJ_192.168.201.0_26
subnet 192.168.201.0 255.255.255.192
object network NETWORK_OBJ_192.9.200.0_24
subnet 192.9.200.0 255.255.255.0
access-list outside_access_in extended permit icmp any4 any4 log disable
access-list Outside_access_in extended permit udp any object netmotion eq 5020
access-list split standard permit 192.9.200.0 255.255.255.0
access-list VPNT_splitTunnelAcl standard permit 192.9.200.0 255.255.255.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static inside-network inside-network destination static vpnpool vpnpool
nat (inside,outside) source static NETWORK_OBJ_192.9.200.0_24 NETWORK_OBJ_192.9.200.0_24 destination static NETWORK_OBJ_192.168.201.0_26 NETWORK_OBJ_192.168.201.0_26 no-proxy-arp route-lookup
object network netmotion
nat (inside,outside) static interface service udp 5020 5020
nat (inside,outside) after-auto source dynamic any interface
access-group Outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 123.222.222.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.9.200.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 192.9.200.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption aes128-sha1 3des-sha1
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 2 regex "Windows NT"
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3 regex "Intel Mac OS X"
anyconnect enable
tunnel-group-list enable
group-policy SSLVPN internal
group-policy SSLVPN attributes
dns-server value 192.9.200.13
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
default-domain value router.local
group-policy VPNT internal
group-policy VPNT attributes
dns-server value 192.9.200.13
vpn-tunnel-protocol ikev1 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPNT_splitTunnelAcl
default-domain value router.local
username grimesvpn password 7.wersfhyt encrypted
username grimesvpn attributes
service-type remote-access
tunnel-group SSLVPN type remote-access
tunnel-group SSLVPN general-attributes
address-pool vpnpool
default-group-policy SSLVPN
tunnel-group SSLVPN webvpn-attributes
group-alias SSLVPN enable
tunnel-group VPNT type remote-access
tunnel-group VPNT general-attributes
address-pool vpnpool
default-group-policy VPNT
tunnel-group VPNT ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:36271b5a1b9382621e14c3aa635e2fbb
: endHi Vibor. Apologies if my comment was misunderstood. What I meant to say was that the security level of the dmz interface should probably be less than 100.
And therefore traffic could be controlled between DMZ and inside networks.
As per thr security level on the DMZ interface. ....... that command is correct. :-) -
Need help with QoS config/setup for my home network.
I have a home network that spans two buildings, has and FTP download server, VoIP phones,and several computers among other IP devices. I run a home based business where my clients get access to the company FTP download server (NOT illegal file sharing). the problem is that when they are downloading files my VoIP takes a big hit and gets choppy when speaking to my customers. Below is the layout of the network.
Our Internet access is Verizon 4G, there are no other options available at this time or we would switch. The Verizon 4G MiFi connects to a TP-Link wifi router that then connects to port fa0/5 on the Office 3550PoE switch. There is a trunk between the Office switch to the House 3550PoE switch. The House switch then connects to the Shop 3524XL switch also using a trunk. Please note that EVERYTHING works fine other than the VoIP issue, VoIP makes and receives calls without connections issues.
Auto QoS has been run on the Office switch ports fa0/1 and fa0/2 as well as on the House switch ports fa0/3 and fa0/5. There is NO auto QoS on the 3524XL
What is the best way to give VoIP traffic top priority over FTP and web browsing when going out port fa0/5 on the Office Switch? Over the internal network we are not having any call quality issues between the IP phones, just calls to our SIP provider. Yes, I understand that once calls exit the Office switch to the TP-Link wifi router there will not be any QoS. But, if I can give priority to the packets at the layer 3 Office switch (or wherever you suggest) then at least I will not have to kill a users FTP download while I am on the phone.
Thank YouI can make ANY changes necessary, just need to know what to do.
First, did you notice the output of the command sh mls qos fa0/5 above? Is it working correctly?
Next, Yes I do have version W17 and can install if if needed. The lost of possible commands I listed above was from the conf t - config interface fa0/x level. There is class and policy mapping commands the the config global level along with all these other commands:
aaa Authentication, Authorization and Accounting.
access-list Add an access list entry
alias Create command alias
arp Set a static ARP entry
banner Define a login banner
boot Boot Commands
buffers Adjust system buffer pool parameters
cdp Global CDP configuration subcommands
cgmp Global CGMP configuration commands
class-map Configure QoS Class Map
clock Configure time-of-day clock
cluster Cluster configuration commands
default Set a command to its defaults
default-value Default character-bits values
downward-compatible-config Generate a configuration compatible with older software
enable Modify enable password parameters
end Exit from configure mode
errdisable Error disable
exception Exception handling
exit Exit from configure mode
file Adjust file system parameters
help Description of the interactive help system
hostname Set system's network name
interface Select an interface to configure
ip Global IP configuration subcommands
line Configure a terminal line
logging Modify message logging facilities
mac-address-table Configure the MAC address table
map-class Configure static map class
map-list Configure static map list
mvr Enable/Disable MVR on the switch
no Negate a command or set its defaults
ntp Configure NTP
policy-map Configure QoS Policy Map
power power configuration
priority-list Build a priority list
privilege Command privilege parameters
queue-list Build a custom queue list
rmon Remote Monitoring
scheduler Scheduler parameters
service Modify use of network based services
shutdown Shutdown system elements
snmp-server Modify SNMP parameters
spanning-tree Spanning Tree Subsystem
stackmaker Specify stack name and add its member
tacacs-server Modify TACACS query parameters
tftp-server Provide TFTP service for netload requests
time-range Define time range entries
udld Configure global UDLD setting
username Establish User Name Authentication
vmps VMPS settings
vtp Configure global VTP state -
[SOLVED]Need help with Xmonad config(just basic stuff)
Hello Guys,
I thought I'd give Xmonad a try even if I don't know haskell. So I just tried to use some examples from the net, however even for just mapping some special keys it fails.
I used this example http://www.haskell.org/haskellwiki/Xmon … _%280.9%29
and this is my config file:
import XMonad
import Graphics.X11.ExtraTypes.XF86
import XMonad.Util.EZConfig
import Data.Monoid
import System.Exit
import qualified XMonad.StackSet as W
import qualified Data.Map as M
MyKeys conf@(XConfig {XMonad.modMask = modm}) = M.fromList $
[((0, XF86MonBrightnessUp), spawn "xbacklight +20")
,((0, XF86MonBrightnessDown), spawn "xbacklight -20")
,((0, XF86AudioRaiseVolume), spawn "amixer set Master 1+ unmute")
,((0, XF86AudioLowerVolume), spawn "amixer set Master 1- unmute")
main=xmonad defaults
-- use the defaults exepct for super instead of alt mod and the special keys
defaults=defaultConfig{
modMask =mod4Mask
,keys =MyKeys
So as could could guess, I just want to my the keys so that I can adjust volume and backlight. The keys I got with xev so these should be correct.
So when I try xmonad --recompile this error shows up.
Error detected while loading xmonad configuration file: ~/.xmonad/xmonad.hs
xmonad.hs:12:1: Not in scope: data constructor `MyKeys'
xmonad.hs:13:15:
Not in scope: data constructor `XF86MonBrightnessUp'
xmonad.hs:14:15:
Not in scope: data constructor `XF86MonBrightnessDown'
xmonad.hs:15:15:
Not in scope: data constructor `XF86AudioRaiseVolume'
xmonad.hs:16:15:
Not in scope: data constructor `XF86AudioLowerVolume'
xmonad.hs:22:26: Not in scope: data constructor `MyKeys'
Please check the file for errors.
I'd really appreciate _any_ help since I can't see any significant difference to the linked page(except for cutting-out a lot and filling in my special keys )
Greetings
Edit: Here's the output of xev for the keys, perhaps it help any way:
audio lower
KeyRelease event, serial 40, synthetic NO, window 0x6600001,
root 0x9d, subw 0x0, time 388994, (516,521), root:(1024,549),
state 0x0, keycode 122 (keysym 0x1008ff11, XF86AudioLowerVolume), same_screen YES,
XLookupString gives 0 bytes:
XFilterEvent returns: False
raise audio
KeyRelease event, serial 40, synthetic NO, window 0x6600001,
root 0x9d, subw 0x0, time 381193, (517,259), root:(1025,287),
state 0x0, keycode 123 (keysym 0x1008ff13, XF86AudioRaiseVolume), same_screen YES,
XLookupString gives 0 bytes:
XFilterEvent returns: False
mute audio x2
KeyRelease event, serial 46, synthetic NO, window 0x6600001,
root 0x9d, subw 0x6600002, time 776961, (17,46), root:(525,74),
state 0x0, keycode 121 (keysym 0x1008ff12, XF86AudioMute), same_screen YES,
XLookupString gives 0 bytes:
XFilterEvent returns: False
FocusOut event, serial 46, synthetic NO, window 0x6600001,
mode NotifyGrab, detail NotifyAncestor
FocusIn event, serial 46, synthetic NO, window 0x6600001,
mode NotifyUngrab, detail NotifyAncestor
KeymapNotify event, serial 46, synthetic NO, window 0x0,
keys: 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
KeyRelease event, serial 46, synthetic NO, window 0x6600001,
root 0x9d, subw 0x6600002, time 780104, (17,46), root:(525,74),
state 0x0, keycode 121 (keysym 0x1008ff12, XF86AudioMute), same_screen YES,
XLookupString gives 0 bytes:
XFilterEvent returns: False
mute mikro
KeyRelease event, serial 45, synthetic NO, window 0x6600001,
root 0x9d, subw 0x0, time 754481, (122,123), root:(630,151),
state 0x0, keycode 198 (keysym 0x1008ffb2, XF86AudioMicMute), same_screen YES,
XLookupString gives 0 bytes:
XFilterEvent returns: False
fn
KeyRelease event, serial 46, synthetic NO, window 0x6600001,
root 0x9d, subw 0x0, time 828065, (121,141), root:(629,169),
state 0x0, keycode 151 (keysym 0x1008ff2b, XF86WakeUp), same_screen YES,
XLookupString gives 0 bytes:
XFilterEvent returns: False
f9
KeyRelease event, serial 46, synthetic NO, window 0x6600001,
root 0x9d, subw 0x0, time 881813, (155,121), root:(663,149),
state 0x0, keycode 75 (keysym 0xffc6, F9), same_screen YES,
XLookupString gives 0 bytes:
XFilterEvent returns: False
fn+f9
KeyRelease event, serial 49, synthetic NO, window 0x6600001,
root 0x9d, subw 0x0, time 942023, (163,85), root:(671,113),
state 0x0, keycode 233 (keysym 0x1008ff02, XF86MonBrightnessUp), same_screen YES,
XLookupString gives 0 bytes:
XFilterEvent returns: False
fn+f8
KeyRelease event, serial 51, synthetic NO, window 0x6600001,
root 0x9d, subw 0x0, time 976374, (138,125), root:(646,153),
state 0x0, keycode 232 (keysym 0x1008ff03, XF86MonBrightnessDown), same_screen YES,
XLookupString gives 0 bytes:
XFilterEvent returns: False
black button(specified like this in manuel <.< )
KeyRelease event, serial 55, synthetic NO, window 0x6600001,
root 0x9d, subw 0x0, time 1048947, (67,99), root:(575,127),
state 0x0, keycode 156 (keysym 0x1008ff41, XF86Launch1), same_screen YES,
XLookupString gives 0 bytes:
XFilterEvent returns: False
Last edited by blubbb (2013-12-29 11:07:15)Raynman wrote:
The first difference is that you wrote 'MyKeys' with an uppercase M. Variable/function names cannot start with an uppercase letter; that's reserved for type and data constructors.
The second problem is the key bindings themselves. Your list is completely different from that example. You probably imported XMonad.Util.EZConfig to use the "emacs style" key descriptions, but you're mixing the two styles. You can only generate a Map (of the right type) with fromList if you use the same format as that example. Look at the documentation for the EZConfig module to see how the shorter string descriptions should be used. The part
keys = \c ->
in that example is basically the same as your
myKeys conf@(XConfig {XMonad.modMask = modm}) =
. The difference is that you're unpacking the conf/c value to extract the modMask (binding it to the name modm) but you're not using modm anywhere in your list of keybindings, so you dont need the @(..) part. And you don't need it anyway, because you can use a string starting with "M-" (in emacs-style key descriptions) to define a binding that uses the mod key (see examples).
Hey, thanks a lot for your fast and extensive answer, however I still couldn't get it working. Stupid me.
So, tried using the style of this example:
keys = \c -> mkKeymap c $
[ ("M-S-<Return>", spawn $ terminal c)
, ("M-x w", spawn "xmessage 'woohoo!'") -- type mod+x then w to pop up 'woohoo!'
, ("M-x y", spawn "xmessage 'yay!'") -- type mod+x then y to pop up 'yay!'
, ("M-S-c", kill)
and since I don't want to pres the mod key, just the mediakeys themselfes I thought I could directly write
..."<Mediakey>", spawn ...
But my code still won't work, but I get a new fancy error log:
Error detected while loading xmonad configuration file: ~/.xmonad/xmonad.hs
xmonad.hs:24:26:
Couldn't match type `[Char]' with `(ButtonMask, KeySym)'
Expected type: XConfig Layout -> M.Map (ButtonMask, KeySym) (X ())
Actual type: XConfig Layout -> M.Map [Char] (X ())
In the `keys' field of a record
In the expression:
defaultConfig {modMask = mod4Mask, keys = myKeys}
In an equation for `defaults':
defaults = defaultConfig {modMask = mod4Mask, keys = myKeys}
Please check the file for errors.
So apparently I don't use the right type since I was using the type char. However if I compare my code to the example I don't find a significan't difference(for the keymapping himself) except for not using the modkey. Is this perhaps the mistake? Doesen't this work without the modkey?
import XMonad
import Graphics.X11.ExtraTypes.XF86
import XMonad.Util.EZConfig
import Data.Monoid
import System.Exit
import qualified XMonad.StackSet as W
import qualified Data.Map as M
myKeys = \c -> M.fromList $
[("<XF86MonBrightnessUp>", spawn "xbacklight +20")
,("<XF86MonBrightnessDown>", spawn "xbacklight -20")
,("<XF86AudioRaiseVolume>", spawn "amixer set Master 1+ unmute")
,("<XF86AudioLowerVolume>", spawn "amixer set Master 1- unmute")
main=xmonad defaults
-- use the defaults exepct for super instead of alt mod and the special keys
defaults=defaultConfig{
modMask =mod4Mask
,keys =myKeys
Last edited by blubbb (2013-12-19 12:55:56) -
Need help with 4-5 camera set up for audio/video podcast
Hey guys. I'm overseeing the podcast/audiobook studio construction for my company's new entertainment venture. It will ultimately be my job to produce the podcasts and audiobooks. The catch is that they also want to film the podcasts as well. I'm trying to find the most affordable set up that makes the editing/conversion process easiest for me on FCPX.
As you'll see I'm a bit all over the place. The essentials for what I'm looking for is
1) The right Camcorder
2) The most efficient way to record, edit and sync audio
What is the most affordable camcorder to use that works really well with FCPX? I've been hearing rumors that some aren't compatable and require a tedious conversion process. The Kodak Zi8 seems perfect because it shoots in 1080p and has a mic input, but I'm not sure if it works well with FCPX. Now, I don't know if the mic input is necessary. I was thinking the easiest way to automatically sync audio is by plugging the 4 mics into the camera's mic input and record that way. That should sync everything up automatically right? I also watched a tutorial on the multicam editing option in Final Cut and that seems perfect for this project. Do I need a mic input if I use this method? It seems like the syncing is super easy with the built in camera audio and the podcast audio files together.
I also would like to be able to record directly into the computer but don't know if that's possible. The process of taking 4-5 SD cards and uploading it after each shoot that way seems super tedious. I'm not sure if there is way to do that.
Another option would be for us to buy a video switcher but all the options seem so expensive. Anybody know of good hardware that'd work? That way I could edit on the go and if we want to make this a live ustream we can do so. I was also thinking about switcher software and using MIDI. Not sure if that is possible either.Lets ignore whether you should be doing this, but, if they are requesting that you do it, have at it.
Although, the simplicity of this is mind boggling, for them not to do it...ah well, you're donating for a non profit, they are probably the cheapest game in town, and lost the sole employee who could scratch their backside...
Choice one, I dont recommend this one - File > Print booklet, 2 up saddle stitch. Flip back and forth using the Print Settings button at the bottom to orient the page layout and set paper size. Set the printer as Adobe PDF. Keep checking the Preview in the main Print Booklet dialog, I had to set a page range of 39 pages in a 40 page book for this to work last week.
Choice two - If you have set a 44 page document with bleeds, export to pdf, toggle "Use ducument bleeds", no crops. Place those reulting pdf's in a new 11 x 17, landscape doc, with appropriate bleeds. How you defined the bleeds in the 44 page document dictates how much fiddling you will have to do at the center (fold line) of the new 11 x 17 "imposed" document. (If your 44 page was not set as facing pages, you might have defind inside bleed to zero. If it was not set as a facing pages document, it references top, bottom, left and right bleeds) (The use of pdf for this is not necessary, you could just as easily place pages from the original InDesign file as pdf's) Setting a blue line/guide line at the center would help to crop in bleeding frames.
All above seems too simple, you are only needing to impose pages 22-23 for these steps btw.
@Scott Falkner - I knew I was being to wordy. -
Need help with my MX98715 NIC setting
Hi,
I had trouble with my MX98715 NIC. My question is, how can I change the transceiver capablities of my MX98715-based Ethernet Adapter from adv_autoneg_cap to adv_10hdx_cap?
I tried to change everything including system file or use the ndd command, but it takes no effects.
I changed the /etc/system file by adding:
set hme:hme_adv_autoneg_cap=0
set hme:hme_adv_10hdx_cap=1
set mxfe0:mxfe0_adv_autoneg_cap=0
set mxfe0:mxfe0_adv_10hdx_cap=1
Then I reboot my system, but the Solaris 10 still auto negotiates it with the 100Mbps full duplex.
What's wrong with it?I had solve this problem by use the driver from Masayuki Murayama.
I think the tu-2.2.0 is the suitable driver for MX98715 and etc. -
Need help with hard-wiring speaker set-up
Heres what I am trying to do:
I have a pair of nice old-fashioned speakers. Old-fashioned meaning that there are two wires coming out of each, stereo sound. The ends of the wires are just metal strands, well, you know, they have been cut off. They originally had plugs at the end that could plug into normal sterio outputs. I cut them off because I wanted to use them for an old radio. But now I need speakers for my imach g5 and these will work if only I can connect the wires some how. So should I but plugs to go on the end? I need to pair the wires together, I am guessing? Any help would be much appreciated. This is quite urgent.
I have made a little diagram of what I mean.
[IMG]http://img250.imageshack.us/img250/795/speakersetup6wb.jpg[/IMG]You will need to put the plug ends back on the wires. I'm fairly sure that any attempt to solder the wires in "permanantly" would be dangerous to the computer. I am absolutely positive that any such attempt to wire them in, would void whatever warranty you may or may not have left.
-
Need help with voiceover multiband compressor setting
Hi there,
I produce a national talk radio and TV program, and we often do voiceover for various commercials, spots, underwriting, etc. I've been running them through the "broadcast" preset in the multiband compressor, but have been told by a couple of people that it's too bassy and isn't sounding good on their end. While it sounds ok on my end, since this has been mentioned by several people, I'd like to change it.
Is there a better multiband compressor preset either already in audition or that someone could tell me how to create that would sound better for what i'm trying to do?Again, from the ones that are already in the multiband compressor, broadcast is the closest to what i want, but isn't quite it...
Best,
DavidIf the compressed sound itself is okay, then probably the easiest thing to do is to EQ the result, rather than play about with the compression. What you really need to do though is to get yourself a monitoring system that sounds the same as the one the clients are using!
Generally when people produce bass-heavy sound, it's because they are monitoring on something woefully small, with no real bass response. So you produce sound that sounds okay on your computer monitors, or whatever and inevitably the file sounds bass-heavy on a more neutral system.
None of us here could tell you what would be better settings, or what EQ to use, simply because we haven't heard any of the offending sound. If you post a sample, we could at least listen to it on a neutral system (I have 3!) and tell you what we think might improve it. -
Need help with configuring a particular setting on SF300-08
I work for a small business and we have a couple computers that we want to share a ethernet enabled copier/printer with, but for security reasons want to block those computers from internet access. How would one go about allowing that?
Thanks in advance,
Mark DavisHello Mark,
I can't support the netopia router/modem, but I would think there should be an admin guide for the configuration. If it is a modem/router and you said there is rules for allowing or blocking services, which sounds like access list you should be able to create a rule for the client you want to block on the modem/router to prevent it from talking to the internet.
If you want to insure no outside security threats can make it to the computer staticly assign an IP address but don't give it a default gateway address. The client will not be able to talk to any other network but its own. It sounds like you only have one vlan or a flat network so this should work, but if you need to be able to have this computer in the future talk to other networks internally then it isn't a viable solution. Blocking at the modem/router would be the only solution.
The SG300-08 Switch you could setup an ACL to block that client from talking to the modem/router, but the potential for causing valid traffic from being blocked in your own network grows.
To create this rule you would first
go to Access Control
Create a MAC Base ACL (give it a meaning full name)
Create 2 a MAC BASE ACE
Rule 1
Priority 10
Action Deny
Destination Any
Source User Defined
MAC address of client wanting to be blocked
Apply
Rule 2
Priority 20
Action Permit
Destination Any
Source Any
Apply
Bind the ACL to a port
Make sure to only bind the ACL to the port that connects to the router/modem.
Cisco Small Business Support Center
Randy Manthey
CCNA, CCNA - Security -
I need help with the initial dowload/set up with itunes on my PC w/Windows
itunes is not recognizing or insync with my itunes account which I have created...I am getting a meesage to create an account and Error msg 11222
Welcome kimmyak.
You'll get more responses if you post your question in the Using iTunes for Windows forum. Good luck! -
i need help with a second hand iphone i purchased recently,i am having issues setting it up as it has is requesting for the icloud account that was used by the previous user
Sorry.
The iPhone is of no use until/unless the previous owner removes it from their account.
You will need to find the prior owner or return the iPhone. -
Purchased extreme to replace modem/router DSL used telephone cord need help with set up
Prior to purchasing Airport Extreme had a standard modem/ wireless router from ATT for DSL. I have two macbooks both dropped connections while online with older modem.
Airport Extreme purchased to correct connection issues I need help with set up. The older modem just used telephone cord. I tried to use telephone with extreme it did not work.
How do I get extreme to work as the modem and router ?How do I get extreme to work as the modem and router ?
you can't. the extreme is only a router. you need a separate modem (or disable the wireless part of your old router and use it as a modem - if that's possible). -
I need help with setting up my Sun Java Studio Creator
Hello all, i need help with setting up the Studio Creator, i"m new to all that staff so is there anyone to help me just a little with all that if yes email me at [email protected] or get me on AOL Instant Messanger with the screen name: wretch17
thanks :-)Hi,
Welcome to the Creator community! Thanks for your interst in Sun Java Studio Creator. Please feel free to post any question related to creator on this forum .
Take a look the creator website at
http://developers.sun.com/prodtech/javatools/jscreator/
CreatorTeam -
[SOLVED] Need help with setting up X
Hello guys am new to the forum and this is my first post here. I am in need of a little help.
Need help with X configuration. It starts like this, I installed xorg-server , xorg-utils, xorg-server-utils. When I tried installed xorg-init it says no package, anyway I ignored and moved on.
Now I installed regular mesa stuff and installed xf86-video-ati driver for my HD4250 graphics adapter. with libgl and ati-dri (I have old arch wiki print so it mentioned to install those while newer doesn't list some stuff)
Now the problem is that Xorg -configure doesn't work with newer X and nor the packages has generated /etc/X11/xorg.conf file.
Anyway I created the file manually and added each and every section as mentioned in the "old" guide that I have.
I even added a /etc/X11/xorg.conf.d/20-radeon.conf file for my graphics card with the content as
Section "Device"
Identifire "r"
Driver "radeon"
EndSection
After manually creating all such files I installed x-term, xclock and twm. But when I tried to start X by startx or Xinit it says command not found. Add to that a simple X shows couple of errors.
Please see the errors here Paste #399362 | LodgeIt!
Some more questions : My old guide mentioned to install HAL while newer guide on the net mention DBUS. Though I have added DBUS to be on the safe side but why not HAL ? Is it because of Udev ?
So please help me getting X up and running.
Regards
Last edited by Shashwat (2011-06-04 09:47:47)Ok I sorted out the misprints in the file and installed xinit but still can't get it to work.
1. There are few errors in xorg.conf that I cannot make it out.
2. The X output says no screen found. ?
http://paste.pocoo.org/show/399383/
Now when I add EndSection at the last its says invalid parameter and when I remove it, I get an error "No EndSection, EOF missing"
Kind of bugging
Please do help.
Maybe you are looking for
-
Old Apple dock and composite AV cables
My old iPod with Color display (circa 2005) recently died, so I'm getting a new iPod Touch 4G. the old iPod could display pictures on the TV as well as play music. I had it in an old style genuine Apple dock and used a genuine Apple Composite AV cabl
-
Payment card processing in SAP DBM
Hi All, I am analyzing the use of payment card processing to be used in DBM orders. I tried to search for the same but with no luck. Anybody wokring on such stuff or have any nformation / data related to the same. or if anybody can guide us on this.
-
Calling a webi query from xcelsius dashboard
Hi Experts, I have created an xcelsius dashboard with a URL link to a detailed webi report. I'm using open document to launch the webi query and with 1 parameter value to pass over from xcelsius to webi. The URL is http<server:8080/OpenDocument/open
-
Why does true-type font not appear in the Microsoft Word Font menu?
Hi, I am trying to install the "Apple Symbols.ttf" font so that I can use the male and female biological symbols in a Microsoft Word (version X) file. In "Font Book", I found the font under "All Fonts" and dragged it onto the "User" and "Computer" ic
-
All of a sudden my iPhone 4 started speaking commands....ie...slide to unlock or double tap." When I tap the application, it does not work. How can I fix this problem?