New to 501 pix

Hey gang-
I'm a CNE, MCSE and CCNA; been teaching networking for 15 years. Trying to learn the 501 to teach it in the fall. It's a LOT harder than I had hoped it would be.....
I have two laptops connected to the pix. PC1 is on the inside interface, PC2 is on the outside. They can both ping their local interfaces in the pix.
I also have an FTP server connected to the pix's switch. The pix can ping the FTP server.
I did a factory reset, so everything is at defaults except for the outside address. I installed a new 6.3.4 O/S and version 3.0.3 of the PDM. Here's the show run:
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxx encrypted
passwd xxxx
encrypted
hostname pixfirewall
domain-name ciscopix.com
names
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 175.x.x.1 255.255.0.0
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.129 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
terminal width 80
Cryptochecksum:xxxx
: end
When I create a static map between the inside and outside interfaces, I can connect from the outside laptop (PC2) to the FTP server. Fine. When I try to create a PAT connection using the PDM I get:
"This static port mapping translation rule is overlapping with a dynamic address translation rule for inside:0.0.0.0/0.0.0.0(any) using global pool 1. Do you wish to proceed?".
If I do so, it adds this to the running config:
static (inside,outside) tcp interface 21 192.168.1.200 21 netmask 255.255.255.255 0 0
I then created an allow-everything ACL using the PDM. It pasted to the pix as:
access-list outside_access_in line 1 permit ip any any
access-group outside_access_in in interface outside
20 minutes later.....
Well, things actually seem to be working now, as they should! First time in 20 hours of playing with this. However, does anyone know why I'm getting this message of overlapping translation rule? When I enter the same rule at the CLI, I do NOT get any error message.
Also, in the static command, there always seems to be a "0 0" at the end. What does that mean?
thanks much...
dave s.

Dave,
The 0 0 at the end of the static command is
max_connections and embryodic limit. If you wanted to change these values for your ftp server, do it here.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#wp1026694
Here is another link for pix 6.3 commands:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/qref.htm
In reguards to the overlap, the nat(inside) 1 0 0 says nat eveything "inside" of which 192.168.1.200 is a part of. Hence the overlap. I don't think the pix will have a problem. I believe the order for making a translation slot is such that the static is used first.
I would change the outside_access_in to: permit tcp any host interface outside eq ftp
or something similar
permit ip any any isn't much of a firewall
Bob

Similar Messages

GOOD NEWS: Asha 501 features upgraded

After updating Asha 501 following features have finally made it. though the list of pending features still remain.
Features in
- Whatsapp, Microsoft Office Exchange
- Now an option to clear a single Fastlane entry
- The Music Library search function now does not hide a significant portion of "search results" due to the pop up of the keyboard. As a result, it's easy to view the results.
- Facebook and Twitter app seems smooth with their notifications.
- "Alarms" sound is proper for custom music selected as "alarm tone"
- YES, Support for "Alarms" to work when the phone is switched off.
Features left out
No Cut/Copy/Paste feature outside browsers for the documents viewed within them and from the app "Notes"
No feature to minimise opened apps and switch between them.
Can't delete pre-installed apps
Option for "Counters" to "Clear counters" daywise and not clear entire history to date
Support for custom "Wallpaper for home screen" to choose from Memory card/Phone Memory
Support for compression tools like .zip or .rar, etc.
Addition of "Battery icon" and display "date" on the pull down notification centre.
Support for higher file sizes to upload in Emails as attachments ( not more than 1.5 MB)
[TO BE VERIFIED]
Screen turns off completely while you are attending a call and requires to push "home" key. A better and easy approach to this is requested, mostly, keeping the screen ON always while the Call is active.
Java apps supported but no access to stuff online that requires java? Browsers lack support for Java plug-in
Support for Flash in Browsers to view /flv videos and play saved content

Please, let us continue about this update in its main thread …

Pix 501 with adsl

Hello
I am hoping that someone can help me a little.
I know this may be a tall order but here goes.
I have new cisco 501 pix that I bought to learn with. I want to use it with my home dsl for a while. I have dsl with a modem in bridge mode. I have accessed the cisco via the pdm software and console. I setup the cisco with pppoe and successfully obtained a wan ip on the pix unit.
I also have dhcp setup and my pcs are getting an inside address and dns from the pix unit. For some reason I still cannot ping past the pix unit. I know that some packets are getting out because when I ping a dns name it will resolve but no packets are returned.
I was hoping to get a little guidance on this.
Thanks
Building configuration...
: Saved
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxx
passwd xxx
hostname pixfirewall
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list inbound permit icmp any any
access-list inbound permit tcp any any
access-list inbound permit udp any any
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside pppoe setroute
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.1.0 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 192.168.1.0 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group pppoe_group request dialout pppoe
vpdn group pppoe_group localname [email protected]
vpdn group pppoe_group ppp authentication pap
vpdn username [email protected] password *********
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
terminal width 80
Cryptochecksum:xxxx
: end
[OK]

I am on the net!
Now I need to forward http to 192.168.1.200
I have dyndns setup so I am good on that.
Here is what I changed but it is not working
access-list inbound permit icmp any any
acess-list inbound permit tcp any any eq www
access-group inbound in interface outside
static (inside,outside) tcp interface www 192.168.1.200 www netmask 255.255.255.255
This is not working..below is current config
Building configuration...
: Saved
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxx
passwd xxxx
hostname pixfirewall
domain-name ciscopix.com
clock timezone CST -6
clock summer-time CDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list inbound permit icmp any any
access-list inbound permit tcp any any eq www
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside pppoe setroute
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.1.0 255.255.255.255 inside
pdm location 192.168.1.200 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface www 192.168.1.200 www netmask 255.255.255.255 0 0
access-group inbound in interface outside
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group pppoe_group request dialout pppoe
vpdn group pppoe_group localname [email protected]
vpdn group pppoe_group ppp authentication pap
vpdn username [email protected] password *********
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
terminal width 80
Cryptochecksum:xxxx
: end
[OK]

How do I access a network camera from internet via 501

Please understand that I am nowhere near being a network guru and I'm even farther away from being a PIX guru.
I have a 501 PIX between my home network and the outside internet. The PIX is connected to a cable modem and pretty much keeps the same DHCP IP address as assigned by the ISP. I have an AXIS 207 IP camera connected to my home network on IP 192.168.1.11. For the sake of illustration say the address assigned by my cable ISP is 123.123.123.1.
What I need to do is to access the camera from the internet. To do that I suppose I need to add some instructions to the PIX configuration but I don't know where to start...I have never even thought about communicating with devices on my home network through the internet. Can someone please provide some pointers or better yet the commands I need to add. The next question is how do I access the camera assuming the PIX is all set up. I don't think I use the camera's address and I don't know how the ISP address would get to a specific device such as the camera - maybe appending a port number or whatever to the IP address I type when trying to access the camera from the internet?
The way the camera works on the internal network is you type in it's IP address in a browser window and the camera opens up a web page just like any url and the video is streamed to a window in the web page.
I hope I've provided enough info to understand what I'm trying to do and I would be most appreciative for any help.
thanks

I tried installing the commands as provided but am running into issues. Here are the error messages:
pixfirewall(config)# nat (inside) 1 0.0.0.0
ERROR: Duplicate NAT entry
ERROR: fail to insert nat entry
pixfirewall(config)# global (outside) 1 xxx.xxx.114.55
ERROR: xxx.xxx.114.55-xxx.xxx.114.55 overlaps with outside interface address
pixfirewall(config)#
And here is a copy of my current configuration (including the code prior to entering the changes and the successful changes). Any Idea what needs to be done to fix things?
thanks
Building configuration...
: Saved
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxx
passwd xxx
hostname pixfirewall
domain-name ciscopix.com
clock timezone CST -6
clock summer-time CDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any unreachable
access-list inbound permit tcp any host xxx.xxx.114.55 eq www
pager lines 24
logging timestamp
logging trap informational
logging host inside 192.168.1.3
icmp deny any echo outside
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.1.3 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp xxx.xxx.114.55 www 192.168.1.11 www netmask 255.255.255.255 0 0
access-group inbound in interface outside
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa authentication http console LOCAL
aaa authentication telnet console LOCAL
aaa authentication serial console LOCAL
aaa authentication enable console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 15
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.6-192.168.1.10 inside
dhcpd dns 207.69.188.171 207.69.188.172
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
username administrator password xxx privilege 15
terminal width 80
Cryptochecksum:xxx
: end
[OK]

Blank screen after Ending a call on Asha 501

I got a new Asha 501 last week. I am very happy with the product and its worth for the money spent.
However, two issues i have noticed so far and its bothering me a bit
1. after ending a call the screen goes blank and sometimes it takes a bit to end the call. This is very awkward during some important calls. would appreciate if there is any solution for this.
2. Mail app takes a long time to load the message contents. I know 2g is not the fastest connection but still this is too slow even for 2g.
best,
Selvan

1. On call, when you bring your phone near to your ear, the Proximity sensor recognises your ear and turn off the screen so that there is no unwanted inputs as the screen touches your skin. But when you pull it back, it turns the screen on again, but it takes 0.5-1 second to the Max.
If it takes longer, make sure there is nothing in front of sensor (it is placed on top left), like Plastic lamination, some accessory, dust or while you pull off your phone, your finger should not be there.
If it still takes longer, better make your device checked at Nokia Care. If found some problem, they will change the sensor.
2. The mail app is working perfectly fine for me on Wi-Fi. You should try loading some websites in browser, if it takes longer, check network strength, it should be strong on 2G internet (Personal experience- BSNL 2G, residing near Network tower, slow like hell, in INDIA). Try changing provider.
Source- Personal experience (owning a Nokia 501)

No nokia music App in Asha 501

Purchased new asha 501 and discovered that there is no nokia music app to download songs in the phone.It was there at all the previous asha phone released.will it be supported in later software updates????

It was renamed a few weeks ago to Nokia MixRadio:
Click on the blue Star Icon below if my advice has helped you or press the 'Accept As Solution' link if I solved your problem..

What app not starting on my nokia asha 501

I bought a new asha 501 with a whats app. But now when i launch whatsapp it is running phone setup and sys contact refresh is not possible?
What does it mean?

Because it works here, we need more information about your setup, for example: Which E-mail provider do you use? Or is that an HTML E-mail?

Software update instructions for Nokia Asha 501

Hey,
software update instructions for Asha 501 can be found from here:
http://www.nokia.com/global/support/software-update/new-nokia-asha-software-update
By default your phone is set to automatically check for updates every 8 days and you will be notified when an update is available for download. If you want, it's possible to force the update check immediately by switching off and back on "Check via mobile data" setting from the “Phone update” menu. The size of the update is around 8 MB, so it's recommended to use Wi-Fi for the download.
Check out also the attached .pdf document and/or this video:
http://www.microsoft.com/en/mobile/nokia-x-updates/
http://www.microsoft.com/en/mobile/nokia-x2-update/
http://www.microsoft.com/en/mobile/asha-software-update/
http://www.microsoft.com/en/mobile/support/software-update/wp8-software-update/
http://www.developer.nokia.com/Community/Wiki/Nokia_firmware_change_logs
https://twitter.com/LumiaSWUpdates
Attachments:
Nokia Asha 501 OTA software update onepager v1.1.pdf ‏361 KB

Dear Nokia Software Employee,
Thank you for the new nokia 501 update.
However I am interested to get another new update concerning:
1) Wireless configuration:
It will include security mode of 802.1x, and EAP plug-in settings such as EAP-LEAP, EAP-PEAP, etcc....
2) Keep applications minimized instead of closed:
Sometimes there are some applications need to be minimized and not to be closed
Ex: Applications such Athan, Prayers, Quran, etccc...
3) Some Applications menu not working with screen touch but working with key buttons
There are some applications that you cannot use the screen touch under the menu
I will be greatful if the software will finalize the above suggestions
Thank you and Best Regards
//Eabdhad
eabdhad
Attachments:
2013-12-04-0275.jpg ‏394 KB

Asha 501 how to transfer contacts from Macbook

Hi,
did anybody find out about the best way to transfer contacts from MacBook's address book to the new Asha 501?
I tried by bluetooth, however, whenever I try to open the Vcard with all my contacts only the first contacts starting with the letter "A" are copied.
One work around would be to send my Vcard from the Mac by email to my phone and open the Vcard in my Asha 501. However, the Vcard with all my contacts is 4,6 MB big. I cannot open this attachement in my Asha 501.
Any tip appreciated. Thanks, J.

How to Sync Contacts with Your iPad Using iTunes
http://www.dummies.com/how-to/content/how-to-sync-contacts-with-your-ipad-using- itunes.html
Importing a Contact List CSV to the iPad
http://techchannel.radioshack.com/importing-contact-list-csv-ipad-2235.html
 Cheers, Tom

Email sync problem on asha 501

I bought new asha 501 and updated the software, but the email dont sync very well and cant open any email.
posted from my nokia x2

I noticed only live mail works well, but yahoo, gmail and ovi mail are not sync well
posted from my nokia x2

Cisco 501 Licensing

Hey, I'm sure this is an old topic somewhere, but i've had some trouble finding an answer. I recently purchased a referb 501 PIX and was wondering if there was a way I could get a 10-50 user license. i know the EOL has passed, but i was wondering if anyone knew a way I could get one. I'm pretty sure i'll have as much as 15 users on his device. I mean if I use a router beneath it using NAT could i bipass that 10 user restriction (probs not just thought i'd ask.)
Is there a place that still sells these licenses?

Hi David,
To purchase the license for your PIX, please refer the below link:
www.cisco.com/go/license
This will require to have a PAK which i doubt you will have. Otherwise, if you have a contract you can open up a case with TAC licensing or call up cisco support for enquiries on that.
For details on how the user count is calculated, please refer the below discussion:
https://supportforums.cisco.com/message/3187670#3187670
Hope this helps!!
Cheers,
Prapanch

WhatsApp (finally!) coming to New Nokia Asha phone...

There has been so many questions on the topic here and other channels that I thought to post a short "heads up" on the topic here as well. It was announced today at Nokia World that WhatsApp is coming to the Asha platform phones starting next month. Stay tuned for further details, but here are a few snippets of what was announced today.
http://conversations.nokia.com/2013/10/22/clear-advantage-the-nokia-asha-500-502-and-503/
->
"Continued app support for the platform is also celebrated today, with the launch of the enormously popular WhatsApp for new Asha Platform devices, including the Asha 501."
The Asha ecosystem continues to grow with over 900 developers already in the million download club. Many of them are developing social imaging applications for the newest crop of Asha phones. WhatsApp, the popular social application providing free messaging to millions of people around the world, will be available for the Nokia Asha 501 starting November, with support for the new Nokia Asha 500, Asha 502 and Asha 503 coming soon. - See more at: http://press.nokia.com/2013/10/22/nokias-latest-family-of-products-accelerates-application-innovatio...
http://press.nokia.com/2013/10/22/nokias-latest-family-of-products-accelerates-application-innovatio...
->
The Asha ecosystem continues to grow with over 900 developers already in the million download club. Many of them are developing social imaging applications for the newest crop of Asha phones. WhatsApp, the popular social application providing free messaging to millions of people around the world, will be available for the Nokia Asha 501 starting November, with support for the new Nokia Asha 500, Asha 502 and Asha 503 coming soon. - See more at: http://press.nokia.com/2013/10/22/nokias-latest-family-of-products-accelerates-application-innovatio...
The Asha ecosystem continues to grow with over 900 developers already in the million download club. Many of them are developing social imaging applications for the newest crop of Asha phones. WhatsApp, the popular social application providing free messaging to millions of people around the world, will be available for the Nokia Asha 501 starting November, with support for the new Nokia Asha 500, Asha 502 and Asha 503 coming soon. - See more at: http://press.nokia.com/2013/10/22/nokias-latest-family-of-products-accelerates-application-innovatio...
"The Asha ecosystem continues to grow with over 900 developers already in the million download club. Many of them are developing social imaging applications for the newest crop of Asha phones. WhatsApp, the popular social application providing free messaging to millions of people around the world, will be available for the Nokia Asha 501 starting November, with support for the new Nokia Asha 500, Asha 502 and Asha 503 coming soon."
Regarding other new announced features for Nokia Asha phones, it's also worth noting that:
"Owners of the first Asha Platform device, the Asha 501, aren’t left out: they will receive the new features through a software update. All new Asha 501s shipped from the factory will also come with the new software."
http://www.microsoft.com/en/mobile/nokia-x-updates/
http://www.microsoft.com/en/mobile/nokia-x2-update/
http://www.microsoft.com/en/mobile/asha-software-update/
http://www.microsoft.com/en/mobile/support/software-update/wp8-software-update/
http://www.developer.nokia.com/Community/Wiki/Nokia_firmware_change_logs
https://twitter.com/LumiaSWUpdates

asha503Finland:
expected to arrive soon, but we will communicate ín more detail when the availability schedule is verified.
http://www.microsoft.com/en/mobile/nokia-x-updates/
http://www.microsoft.com/en/mobile/nokia-x2-update/
http://www.microsoft.com/en/mobile/asha-software-update/
http://www.microsoft.com/en/mobile/support/software-update/wp8-software-update/
http://www.developer.nokia.com/Community/Wiki/Nokia_firmware_change_logs
https://twitter.com/LumiaSWUpdates

Configure a VPN client and Site to Site VPN tunnel

Hi, I'm setting up a test network between 2 sites. SiteA has a 515E PIX and SiteB has a 501 PIX. Both sites have been setup with a site to site VPN tunnel, see SiteA config below. I also require that remote clients using Cisco VPN client 3.6 be able to connect into SiteA, be authenticated, get DHCP info and connect to hosts inside the network. However, when I add these config lines, see below, to SiteA PIX it stops the vpn tunnel to SiteB. However, the client can conect and do as needed so that part of my config is correct but I cannot see why the site to site vpn tunnel is then no longer.
SiteA config with working VPN tunnel to SiteB:
SITE A
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 webdmz security20
enable password xxx
passwd xxx
hostname SiteA-pix
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
no fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
name 200.x.x.0 SiteA_INT
name 201.x.x.201 SiteA_EXT
name 200.x.x.254 PIX_INT
name 10.10.10.0 SiteB_INT
name 11.x.x.11 SiteB_EXT
access-list inside_outbound_nat0_acl permit ip SiteA_INT 255.255.0.0 SiteB_INT 255.255.255.0
access-list outside_cryptomap_20 permit ip SiteA_INT 255.255.0.0 SiteB_INT 255.255.255.0
access-list acl_inside permit icmp any any
access-list acl_inside permit ip any any
access-list acl_outside permit ip any any
access-list acl_outside permit icmp any any
pager lines 24
mtu outside 1500
mtu inside 1500
mtu webdmz 1500
ip address outside SiteA_EXT 255.x.x.128
ip address inside PIX_INT 255.255.0.0
no ip address webdmz
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
route outside 0.0.0.x.x.0.0 201.201.201.202 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer SiteB_EXT
crypto map outside_map 20 set transform-set ESP-DES-MD5
crypto map outside_map interface outside
isakmp enable outside
isakmp key secret address SiteB_EXT netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
SiteA-pix(config)#
Lines I add for Cisco VPN clients is attached
I entered each line one by one and did a reload and sh crypto map all was OK until I entered the crypto map VPNPEER lines.
Anyone any ideas what this can be?
Thanks

Heres my config:
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 webdmz security20
enable password xxx
passwd xxx
hostname SiteA-pix
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
no fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
name 200.x.x.0 SiteA_INT
name 201.x.x.201 SiteA_EXT
name 200.x.x.254 PIX_INT
name 10.10.10.0 SiteB_INT
name 11.11.11.11 SiteB_EXT
access-list inside_outbound_nat0_acl permit ip SiteA_INT 255.255.0.0 SiteB_INT 255.255.255.0
access-list outside_cryptomap_20 permit ip SiteA_INT 255.255.0.0 SiteB_INT 255.255.255.0
access-list acl_inside permit icmp any any
access-list acl_inside permit ip any any
access-list acl_outside permit ip any any
access-list acl_outside permit icmp any any
access-list 80 permit ip SiteA_INT 255.255.0.0 200.220.0.0 255.255.0.0
pager lines 24
mtu outside 1500
mtu inside 1500
mtu webdmz 1500
ip address outside SiteA_EXT 255.255.255.128
ip address inside PIX_INT 255.255.0.0
no ip address webdmz
ip audit info action alarm
ip audit attack action alarm
ip local pool pix_inside 200.x.x.100-200.220.200.150
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
route outside 0.0.0.0 0.0.0.x.x.201.202 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host 200.200.200.20 letmein timeout 10
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set AAADES esp-3des esp-md5-hmac
crypto dynamic-map DYNOMAP 10 match address 80
crypto dynamic-map DYNOMAP 10 set transform-set AAADES
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer SiteB_EXT
crypto map outside_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 30 ipsec-isakmp dynamic DYNOMAP
crypto map outside_map client authentication RADIUS
crypto map outside_map interface outside
isakmp enable outside
isakmp key secret address SiteB_EXT netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption 3des
isakmp policy 30 hash sha
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
vpngroup Remote address-pool pix_inside
vpngroup Remote dns-server 200.200.200.20
vpngroup Remote wins-server 200.200.200.20
vpngroup Remote default-domain mycorp.co.uk
vpngroup Remote idle-time 1800
vpngroup Remote password password
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
I will attach debug output later today.
Thanks

Swf works solo, but not when loaded in another swf

if u wanna see for yourself how it works, create and export a font named "Century" and create an .as file that gets and sets a textfield. Anyways the first issue is, it sometimes doesn't handle it's event listeners when I test the movie, then if i retest it, it works fine. Second I tried loading this swf file into my main file but i get
TypeError: Error #1009: Cannot access a property or method of a null object reference.
at MethodInfo-90()
at MethodInfo-82()
even if the menu file works fine on its own
here's the menu file
import com.greensock.TweenLite;
import com.greensock.easing.*;
import getSet;
var getter:getSet = new getSet();
var menu:Sprite;
init();
function init():void {
menu = initMenu();
addChild(menu);
menu.addEventListener(Event.ENTER_FRAME,float,false,0,true);
menu.x = stage.stageWidth - 61;
menu.y = stage.stageWidth/2 + menu.height/1.75;
function initMenu():Sprite {
var menuStart:Boolean = false;
var homeL:Sprite = homeLink();
var workL:Sprite = workLink();
var resumeL:Sprite = resumeLink();
var contactL:Sprite = contactLink();
var flashL:Sprite = flashLink();
var j:int = 0;
menu = new Sprite();
menu.addChild(homeL);
menu.addChild(workL);
menu.addChild(resumeL);
menu.addChild(contactL);
menu.addChild(flashL);
workL.y = homeL.y - 60;
resumeL.y = workL.y - 60;
contactL.y = resumeL.y - 60;
flashL.y = contactL.y - 60;
var homeDist:Number = homeL.y;
var workDist:Number = workL.y;
var resumeDist:Number = resumeL.y;
var contactDist:Number = contactL.y;
var flashDist:Number = flashL.y;
homeL.addEventListener(MouseEvent.ROLL_OVER,menuRollOver,false,0,true);
workL.addEventListener(MouseEvent.ROLL_OVER,menuRollOver,false,0,true);
resumeL.addEventListener(MouseEvent.ROLL_OVER,menuRollOver,false,0,true);
contactL.addEventListener(MouseEvent.ROLL_OVER,menuRollOver,false,0,true);
flashL.addEventListener(MouseEvent.ROLL_OVER,menuRollOver,false,0,true);
function menuRollOver(e:MouseEvent):void {
var that:Object = e.target;
e.target.graphics.lineStyle(1,0xEEEEEE);
e.target.graphics.beginFill(0xEEEEEE);
e.target.graphics.drawRect(0,0,60,60);
e.target.graphics.endFill();
if (menuStart == false) {
if (e.target.name == "instance12" && menuStart != false) {
var menuTimer2:Timer = new Timer(501,1);
menuTimer2.addEventListener("timer",startContact,false,0,true);
menuTimer2.start();
function startContact(e:TimerEvent):void {
menuTimer2.stop();
showTarget(that);
that.addEventListener(Event.ENTER_FRAME,showLink,false,0,true);
that.addEventListener(MouseEvent.ROLL_OUT,menuRollOut,false,0,true);
that.removeEventListener(MouseEvent.ROLL_OVER,menuRollOver);
menuTimer2.removeEventListener("timer",startContact);
} else {
showTarget(e.target);
e.target.addEventListener(Event.ENTER_FRAME,showLink,false,0,true);
e.target.addEventListener(MouseEvent.ROLL_OUT,menuRollOut,false,0,true);
e.target.removeEventListener(MouseEvent.ROLL_OVER,menuRollOver);
} else {
var menuTimer:Timer = new Timer(200);
menuTimer.addEventListener("timer",checkMenu,false,0,true);
menuTimer.start();
function checkMenu(e:TimerEvent):void {
if (menuStart == false) {
menuTimer.stop();
showTarget(that);
that.addEventListener(Event.ENTER_FRAME,showLink,false,0,true);
that.addEventListener(MouseEvent.ROLL_OUT,menuRollOut,false,0,true);
that.removeEventListener(MouseEvent.ROLL_OVER,menuRollOver);
menuTimer.removeEventListener("timer",checkMenu);
function menuRollOut(e:MouseEvent):void {
if (e.target.name == "instance15") {
fadeObj(e.target);
hideTarget(e.target);
var menuStartTimer:Timer = new Timer(50,1);
menuStartTimer.addEventListener("timer",equalsTrue,false,0,true);
menuStartTimer.start();
function equalsTrue(e:TimerEvent):void {
menuStart = false;
menuStartTimer.removeEventListener("timer",equalsTrue);
e.target.graphics.lineStyle(1,0xEEEEEE);
e.target.graphics.beginFill(0xFFFFFF);
e.target.graphics.drawRect(0,0,60,60);
e.target.graphics.endFill();
e.target.addEventListener(MouseEvent.ROLL_OVER,menuRollOver,false,0,true);
e.target.removeEventListener(MouseEvent.ROLL_OUT,menuRollOut);
e.target.removeEventListener(Event.ENTER_FRAME,showLink);
e.target.addEventListener(Event.ENTER_FRAME,hideLink,false,0,true);
function showLink(e:Event):void {
var amount:Number = getAmount(e.target);
var i:int = getTarget(e.target);
var curFlash:Number = flashL.y;
menuStart = true;
if (e.target.name == "instance15") {
e.target.removeEventListener(Event.ENTER_FRAME,showLink);
for (i; i < menu.numChildren; i++) {
if (menu.getChildAt(i) == e.target) {
} else {
if (curFlash >= flashDist - amount) {
menu.getChildAt(i).y -= 7;
} else {
e.target.removeEventListener(Event.ENTER_FRAME,showLink);
function hideLink(e:Event):void {
var i:int = getTarget(e.target);
var curFlash:Number = flashL.y;
var curContact:Number = contactL.y;
var curResume:Number = resumeL.y;
var curWork:Number = workL.y;
menuStart = true;
fadeObj(e.target);
if (e.target.name == "instance15") {
e.target.removeEventListener(Event.ENTER_FRAME,hideLink);
for (i; i < menu.numChildren; i++) {
if (menu.getChildAt(i) == e.target) {
} else {
if (curFlash <= flashDist) {
menu.getChildAt(i).y += 7;
if (curFlash > flashDist || curContact > contactDist || curResume > resumeDist ||
curWork > workDist) {
setDistance();
hideTarget(e.target);
e.target.removeEventListener(Event.ENTER_FRAME,hideLink);
menuStart = false;
} else if (curFlash == flashDist) {
setDistance();
hideTarget(e.target);
e.target.removeEventListener(Event.ENTER_FRAME,hideLink);
menuStart = false;
function getAmount(obj:Object):Number {
if (obj.name == "instance3") {
//trace("home");
return 94;
} else if (obj.name == "instance6") {
//trace("work");
return 63;
} else if (obj.name == "instance9") {
//trace("resume");
return 134;
} else if (obj.name == "instance12") {
//trace("contact");
return 135;
} else if (obj.name == "instance15") {
//trace("flash");
return 80;
return 4;
function getTarget(obj:Object):int {
for (var i:int = 0; i < menu.numChildren; i++) {
if (menu.getChildAt(i) == obj) {
return i;
return 8;
function setDistance():void {
homeL.y = homeDist;
workL.y = workDist;
resumeL.y = resumeDist;
contactL.y = contactDist;
flashL.y = flashDist;
function showTarget(obj:Object):void {
var i:int = getTarget(obj);
var restMenu:TextField;
var that:Object;
//if (menuStart = false
if (i == 0) {
restMenu = getRest("ome");//shows the rest of menu
} else if (i == 1) {
restMenu = getRest("ork");
} else if (i == 2) {
restMenu = getRest("esume");
} else if (i == 3) {
restMenu = getRest("ontact");
} else if (i == 4) {
restMenu = getRest("lash");
getter.menuObject = restMenu;
getter.menuObject.alpha = 0;
if (i != 3) {
TweenLite.to(getter.menuObject,1,{alpha:1});
} else {
TweenLite.to(getter.menuObject,1,{alpha:1, delay:.5, overwrite:false});
if (restMenu != null) {
if (i == 0) {
that = menu.getChildByName("instance3");
that.addChild(getter.menuObject);
} else if (i == 1) {
that = menu.getChildByName("instance6");
that.addChild(getter.menuObject);
} else if (i == 2) {
that = menu.getChildByName("instance9");
that.addChild(getter.menuObject);
} else if (i == 3) {
that = menu.getChildByName("instance12");
that.addChild(getter.menuObject);
} else if (i == 4) {
that = menu.getChildByName("instance15");
that.addChild(getter.menuObject);
function hideTarget(obj:Object):void {
var that:Object;
j++
if (getter.menuObject != null && obj.name == "instance3" && j == 4) {
that = menu.getChildByName("instance3");
that.removeChild(getter.menuObject);
j = 0;
} else if (getter.menuObject != null && obj.name == "instance6" && j == 3) {
that = menu.getChildByName("instance6");
that.removeChild(getter.menuObject);
j = 0;
} else if (getter.menuObject != null && obj.name == "instance9" && j == 2) {
that = menu.getChildByName("instance9");
that.removeChild(getter.menuObject);
j = 0;
} else if (getter.menuObject != null && obj.name == "instance12" && j == 1) {
that = menu.getChildByName("instance12");
that.removeChild(getter.menuObject);
j = 0;
} else if (getter.menuObject != null && obj.name == "instance15") {
that = menu.getChildByName("instance15");
that.removeChild(getter.menuObject);
j = 0;
function fadeObj(obj:Object):void {
TweenLite.to(getter.menuObject,.5,{alpha:0});
return menu;
function homeLink():Sprite {
var homeField:TextField = menuF("H");
var clickable:Sprite = mClickable();
var _home = new Sprite();
_home.graphics.lineStyle(1,0xEEEEEE);
_home.graphics.beginFill(0xFFFFFF);
_home.graphics.drawRect(0,0,60,60);
_home.graphics.endFill();
homeField.rotation -= 90;
_home.addChild(homeField);
homeField.y += 48;
homeField.x -= 3;
_home.buttonMode = true;
_home.addChild(clickable);
return _home;
function workLink():Sprite {
var workField:TextField = menuF("W");
var clickable:Sprite = mClickable();//square ontop of letters to be clickable
var _work = new Sprite();
_work.graphics.lineStyle(1,0xEEEEEE);
_work.graphics.beginFill(0xFFFFFF);
_work.graphics.drawRect(0,0,60,60);
_work.graphics.endFill();
workField.rotation -= 90;
_work.addChild(workField);
workField.y += 55;
workField.x -= 3;
_work.buttonMode = true;
_work.addChild(clickable);
return _work;
function resumeLink():Sprite {
var resumeField:TextField = menuF("R");
var clickable:Sprite = mClickable();
var _resume = new Sprite();
_resume.graphics.lineStyle(1,0xEEEEEE);
_resume.graphics.beginFill(0xFFFFFF);
_resume.graphics.drawRect(0,0,60,60);
_resume.graphics.endFill();
resumeField.rotation -= 90;
_resume.addChild(resumeField);
resumeField.y += 46.5;
resumeField.x -= 3;
_resume.buttonMode = true;
_resume.addChild(clickable);
return _resume;
function contactLink():Sprite {
var contactField:TextField = menuF("C");
var clickable:Sprite = mClickable();
var _contact = new Sprite();
_contact.graphics.lineStyle(1,0xEEEEEE);
_contact.graphics.beginFill(0xFFFFFF);
_contact.graphics.drawRect(0,0,60,60);
_contact.graphics.endFill();
contactField.rotation -= 90;
_contact.addChild(contactField);
contactField.y += 53;
contactField.x -= 3;
_contact.buttonMode = true;
_contact.addChild(clickable);
return _contact;
function flashLink():Sprite {
var flashField:TextField = menuF("F");
var clickable:Sprite = mClickable();
var _flash = new Sprite();
_flash.graphics.lineStyle(1,0xEEEEEE);
_flash.graphics.beginFill(0xFFFFFF);
_flash.graphics.drawRect(0,0,60,60);
_flash.graphics.endFill();
flashField.rotation -= 90;
_flash.addChild(flashField);
flashField.y += 44;
flashField.x -= 3;
_flash.buttonMode = true;
_flash.addChild(clickable);
return _flash;
function menuF(letter:String):TextField {
var mFont = new Century();
var menuFormat:TextFormat = new TextFormat();
menuFormat.font = mFont.fontName;
menuFormat.size = 50;
var menuField:TextField = new TextField();
menuField.defaultTextFormat = menuFormat;
menuField.text = letter;
menuField.height = menuField.width = 59;
menuField.embedFonts = true;
menuField.antiAliasType = AntiAliasType.ADVANCED;
menuField.selectable = false;
menuField.cacheAsBitmap = true;
return menuField;
function getRest(letter:String):TextField {
var mFont = new Century();
var menuFormat:TextFormat = new TextFormat();
menuFormat.font = mFont.fontName;
menuFormat.size = 40;
menuFormat.color = 0xFF0000;
var menuField:TextField = new TextField();
menuField.defaultTextFormat = menuFormat;
menuField.text = letter;
menuField.embedFonts = true;
menuField.antiAliasType = AntiAliasType.ADVANCED;
menuField.selectable = false;
menuField.cacheAsBitmap = true;
menuField.width = 200;
menuField.rotation -= 90;
return menuField;
function mClickable():Sprite {
var clicker:Sprite = new Sprite();
clicker.graphics.beginFill(0xFFFFFF,0);
clicker.graphics.drawRect(1,1,58,58);
clicker.graphics.endFill();
return clicker;
function float(e:Event):void {
var mouseClamped:Number = this.mouseY;
if (e.target.y <= 400) {
e.target.y = 400;
} else if (e.target.y >= 480) {
e.target.y = 480;
e.target.y += (.1 * (mouseClamped/8 - e.target.y/8));

You should not nest named functions... a source of problems waiting to happen. You should go into your Publish settings and select the Permit Debugging option in the Flash section. That could provide more specific information regarding the source of the error, such as a line number. I haven't read thru your code beyond a glance, but where you are using e.target in mouse event handler functions, you should try using e.currentTarget instead.

WOW! Major video issues here..and everywhere it seems!!

I have the latest iTunes version and runnin Windows Vista. Multiple issues with new 64gb ipod touch..well with itunes:
I can drag and drop new vids, songs pix etc to my touch, but when I go to convert to ipod verison on the vid the screen wither locks up for a minute or so and then lets me choose to convert and this also happens when i go to change the name of the file so they will be in some type of order on my ipod. this wasn't so bad until I starting adding more and more to itunes. I have a 64 gb and still have almost 35 gb available to add, so I have alot but it is far from full.
i am at the point now wheere itunes just locks up as soon as i click on a vid to convert or change the name and have to force quit to get out of it!?!?!? VERY FRUSTRATED since I just spent over 400 bucks on the dame thing and cant use it as is intended!
Searched far into the forums for similar issue but found none. Anyone else out there like this?

OK. I just turned off Genius and itunes is allowing me to go in and delete the larger file before the conversion to ipod version, but it is still very slow when i click on Get Info and Delete. I am afraind to add anything else tho for fear it will only get worse.

New to 501 pix

Similar Messages

Maybe you are looking for