Odd port forwarding messages ?

I'm getting lots and lots of these in my HH3 log - any ideas
11:46:04, 28 Oct.
(707643.010000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->53759, internal ports: 53759, internal client: 192.168.1.103
11:46:02, 28 Oct.
(707641.000000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->53759, internal ports: 53759, internal client: 192.168.1.103
11:45:39, 28 Oct.
Host 38:e7:d8:06:83:23 connected to SSID 'BTHub3-CWC8' at 54 Mbps

Hi whoosh,
I used to also get lots of these, mainly from only one laptop. You could check which one by checking the device list to see which one is on 192.168.1.103. You could turn off UPnP, I did - No more events will be logged, without any issues.
-+-No longer a forum member-+-

Similar Messages

  • Port Forward: Conflicts with all of them.

    A bit about me: I am an IT professional 20+ years so I know how to port forward
    Situation:
    I had a Actiontec Gen1 router. A technician came out the other day and tried to resolve an upload speed issue. As a result, he replaced the ONT and the Router to a Gen2. He got it all up and running and left. My issue started 20 minutes after he left -- when I sat down to reestablish my port forwards.
    When I tryed creating my first port forward, I got a warning message about a conflict. I looked at the list and all I had were 3 preset entries:
    --Localhost                               TCP Any -> 4567
    --192.168.1.100:63145          Application - TCP Any -> Any
    --192.168.1.100:63145          Application - TCP Any -> 1
    Now, I have done port forwards a lot with my previous router so I was a bit taken back. I did a factory restore on the router and tried to create another port forward - still conflicts.
    I knew something was up so I called Verizon. A tech didn't get anywhere so they put me on the phone with Actiontec. They had me try to create a port forward and got the same results. They said the router was corrupt and to have Verizon send me another.
    I got the new router in today. While the tech was setting it up in the basement, I quickly tried to create a port forward on it and it worked. I was excited and waited for him to connected it to the WAN. Once he did his thing and established outside connectivity, I tried to create another port forward, and it failed. I asked him to give me back my original Gen1 router so I could use it to troubleshoot. He did with the rule that I call him when I was done.
    I got Verizon back on the line and they couldn't help. They then got me on the phone with Actiontec. A couple hours later, they still had no answer. One thing we found though was that they were also not able to connect remotely. They tried 443 and 8080 - nothing worked. I also found that I was able to create UDP port forwards - they worked fine but as soon as I tried any TCP ports, the always came back with a conflict.
    Actiontec said the issue was with Verizon and that I should work with them again, so I called Verizon.
    I got a great tech who was really going the extra mile instead of giving me the infamous "We don't support that". He too couldn't access the router remotely and we tried just about anything under the sun. For giggles, we decided to put my old Gen1 router back in place. He wanted to reset it to factory defaults so we did. I took a screen capture of my original port forwards though first. When we restored it, it was also stating that there is a conflict when I created a new port forward.
    I took a look at my screen capture of my original Gen1 router (this is the one that was originally working over the last year) and I noticed that its 192.168.1.100 entry was set to go to Application - UDP any -> 63146. After resetting it to factory default, Verizon is now setting it to the two setting I documented above.
    So now I am questioning Verizons settings that they are pushing down to the router.
    My next step was to disconnect it from the WAN completely, do a factory reset and see if I can create a port forward. After doing that test, I was able to create port forwards - TCP, UDP -- they all entered without a conflict. As soon as I connected the router to the WAN and Verizon pushed their settings, it broke again.
    The technician did all he could. It is Sunday today and the higher tier techs do not work on Sundays so he said he will have them contact me tomorrow. I sure hope they can resolve this!
    So this is the deal:
    -Go into your router and try to create a port forward. Pick anyone from the list that includes a TCP port. If you get a message stating there is a conflict, you are most likely in the same boat as I. I would bet anything that Verzion cannot access your router remotely too.
    -If you ARE able to create tcp port forwards, then I would highly suggest that you do not do a factory reset. When doing so, I would bet anything that you will no longer be able to create those forwards.
    -if you are able to port forward fine, do me a favor and tell me what your 192.168.1.100 port forwards are that Verizon throws in there. If I were to bet, I would bet that the ones that work are set for Application - UDP any -> 63146; If they don't work, I would bet that they are set to:
    --192.168.1.100:63145          Application - TCP Any -> Any
    --192.168.1.100:63145          Application - TCP Any -> 1
    Anyway, that is my story. I spent a whole weekend with Verizon and I am still not working. Any data from the community will be helpful. I want to know if this is a global issue or if it is only affecting me. I have had this happen with 3 routers, 1 gen1 and 2 gen2's.
    Thanks for your help in advance.
    Solved!
    Go to Solution.

    Finally - a solution. *wipes brow*
    First off, I want to state that the networking group located in the Syracuse - all the other tech need to visit them for a week and learn:
    - How to talk to a customer (what to say and not to say)
    - How routers work, how they can be configured, and what they are capable of. Basically, learn a bit about networking.
    - Listen to the customer - they may know more than you.
    Anyway, thank you very much Syracuse Team!
    While working with the tech (this guy was awesome and actually listened to me about the automatic port forwards that were appearing from Verizon), he decided to to use the RJ45 network WAN connection in addition the COAX. My setup was setup to only use the COAX connection - it's been that way for over a year now.
    The tech turned set it up so that my data was going through the RJ45 and the TV was going through the COAX. When he did this and we reset the router to factory, the Verizon forwarded ports were no longer showing up and as a result, I was able to create ports at will without conflict.
    So beware all of you who are setup to only use the COAX connection. It appears that one of my set top boxes was now throwing in the port forwards that I noted in the original post and those were screwing everything up. Go figure that, eh? I wonder who said that some 14 tech hours ago?
    Anyway - if you are unable to create port forwards without a conflict error, call up Verizon and tell them the issue. If they act like they never heard this, tell them about my situation and that adding the RJ45 connection in addition the COAX is the solution. Just make sure you reset your router to factory when they are done or else those odd port forwards won't clear.
    Peace out and good luck!

  • How do you port forward with linksys routers?

    It's all in the title.Message Edited by NaturalViolence on 10-19-200606:14 PM

    to forward the ports, click this:  Port Forwarding
    Message Edited by Beetlebum on 10-19-2006 06:41 PM
    "a helping hand in a community makes the world a universe"

  • Messages port forwarding Telstra cable modem

    Anyone know how to get Messages video chat to work with the new "BigPond Ultimate Cable Home Network Gateway". It's the Netgear CG3100D-2BPAUS.
    Messages worked just fine using the old Motorola cable modem but stopped with the new one.  I've tried setting up port forwarding as per:
    http://support.apple.com/kb/HT1507
    and: http://portforward.com/networking/static-Mac10.4.htm
    but no luck.
    Thanks

    HI,
    Does this device (and the firmware on it) have UPnP ?
    UPnP allows multiple devices use the same ports (Port Forwarding does not)
    This means you can leave the modem/router doing DHCP to Issue IP addresses  and it will not matter if the computer gets a new IP now and then.
    In a one computer set up it is likely to always get the same IP when you start it up.
    1) because you probably restart it before the lease time runs out
    2) because there is nothing else to "take" the number.
    However with Smart Phones, Games Consoles and multiple computers you may find that with out setting up IP address that don't change, either by Static routing or Address reservation that computers (And other devices) will swap IP addresses and set ups like Port Forwarding will not work - they tend to list which IP to send stuff to.
    The Port Forward  site lists only a CG3100 (plain, no suffixes)
    Presumably you have used the info on the Port Forwarding bit to learn the access User ID and Password.
    I linked to the AIM talk set up (Portforward.com > Chose Brand > Chose Model > dismiss advert page > chose App > set up instructions)
    Using the link at the bottom to see the Router's screen Shots I went to the Basic set up one
    http://screenshots.portforward.com/routers/Netgear/CG3100/Basic_Settings.htm
    Near the bottom of the menu is UPnP
    On most Netgears it is enabled by default.  Specific Screen Shot.
    On some devices setting up Port Forwarding or Port Triggering and having UPnP on can cause conflicts.
    UPnP is needed for Screen Sharing in Messages or iChat.
    9:31 PM      Tuesday; July 16, 2013
      iMac 2.5Ghz 5i 2011 (Mountain Lion 10.8.4)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro 2Gb (Snow Leopard 10.6.8)
     Mac OS X (10.6.8),
     Couple of iPhones and an iPad
    "Limit the Logs to the Bits above Binary Images."  No, Seriously

  • Port Forwarding on a Router

    I'm getting quite frustrated with ARD 2.2. I'm trying to use ARD over the internet to teach my parents how to use their iMacs. I have all of the Network and Sharing settings turned on at their end, which isn't easy to accomplish since they are novice users 1500 miles away. I can use ARD to access and control the macs on my local network, but every time I input my parent's IP addresses, I get the message "Verify Failed", and it can't be because I have the wrong User Name or Password.
    I've read a lot about port forwarding for macs behind a router and I may need to do it. But it seems like everyone but me knows how to forward a port and nobody has given step-by-step instructions on how to do this. So I have some questions.
    1. I have a Linksys router on my end and a MacSense router on theirs. Do I need to enable Port Forwarding on both routers?
    2. When I enter their IP addresses, their computers are "seen" by ARD. How can it "see" these computers if the port forwarding is not enabled?
    3. My Linksys router has a web page that controls it, but nowhere is there a "Port Forwarding" option. Where is this located? Is it called by another name? Does it have something to do with NAT? How exactly do you "adjust" NAT settings to open a port?
    All the macs in question are using OS 10.4.5 or 10.4.6. My version of ARD is 2.2. Here is the line of connection between their macs and mine:
    Parent's iMac : MacSense Router : Cable Modem : INTERNET : Cable Modem : Linksys Router : 4 Port Hub : Airport Extreme Base Station : Powerbook G4.
    I would appreciate any suggestions at this point. Thanks!

    Things have taken a turn for the worse. After my last solution, we found that my Mom's iMac could not send email. She could receive mail and surf the internet, but not send. The problem showed up as soon as I mucked about with the router ports. She has a .Mac account, btw.
    To complicate things, my ARD connection shows my Dad's iMac, not Mom's. I could connect to Dad's iMac through ARD but not Mom's. Only if we shut down Dad's iMac could I connect to Mom's. The odd thing was the connection I was getting to Mom's iMac was listed as Dad's computer!
    I have read that ARD can only connect to one computer behind a router. No biggie, I'll just have them turn one off when I use the other. But how to solve the send email problem?
    I decided to use the DMZ (De-Militarized-Zone) setting of their router to open all ports on one IP address. When I did this we could finally see my Mom's iMac with her proper name in ARD. But joy was short lived because my control and observe attempts failed. I get the message "Connection Failed to XXX" where XXX is the name of Mom's iMac. Adding insult to injury, the mail still won't send.
    ARD shows the Current Application, Current User and Status (Available). I can send messages through ARD and they are received successfully (they can see the messages on their end).
    If I can get this far, why can't I observe? And what happened to the sending of email? Help me Obi Won Kanobi - you're my only hope!
    1Ghz Aluminum PowerBook G4   Mac OS X (10.4.6)  

  • Port forwarding for LaCie NAS on AirPort Express

    Hello,
    I have just purchased both an AirPort Express and Airport Extreme to which I would like to connect a LaCie 5big NAS Pro. The NAS is physically connected to the AirPort Express, which is acting as a bridge to the AirPort Extreme. The issue is that all the ports which the NAS uses for various sharing services (SFTP, HTTPS, MyNAS, etc) are unavailable. How would I go upon opening these ports on the AirPort network, or go upon forwarding new ports to the local ones?
    Thank you in advance!

    Just to make sure I understand the situation..
    You have a new AC model extreme?? Running 7.7.1?
    Are these the correct things to be doing? I've included screenshots of both the NAS port errors as well as an example of a port entry in the AirPort utility.
    Your port forwarding looks fine..
    This is pedantic but can you change the variable name.. eg.
    Harrison HTTPS
    I know will fail in most routers.. the space being illegal.. I know apple have this strange naming convention.. but it just gives me the heabie jeabies when I see it. You can call it HHTTPS for example .. anything but no spaces and pure alphanumeric.
    BTW you never need block out a private IP address.. it is not routable.. I can tell you my computer is here.
    MacProie-5
    Information
    Status:
    Active
    Type:
    Generic Device
    Connected To:
    ethport1 (Ethernet)
    Addressing
    Physical Address:
    00:1f:f3:bd:58:52
    IP Address Assignment:
    DHCP
    IP Address:
    192.168.2.103
    Always use the same IP address:
    Yes
    DHCP Lease Time:
    Infinite
    Connection Sharing
    There is no game or service assigned to this device.
    There is absolutely no way you can connect to 192.168.2.103 or 10.0.1.101 or whatever private IP is.
    When hovering over the red buttons, it reads "Port # is already in use on your router, or your router is not compatible with the UPnP-IGD/NAT-PMP protocol"
    Your last few lines are the most distressing..
    Lacie being a more Mac orientated product has included NAT-PMP protocol in the NAS to open the required ports.. automatically in an apple router..  that means it should be able to work without intervention.
    Ports cannot be opened if they are already allocated. which is what the error message means.. already in use.. they are in use because you allocated them..
    I suggest you reset to factory the AE.. start up a single computer.. leave everything else off.. Do a basic setup of the AE just to get you network and internet access.. Then power up the NAS .. and see if it can open those ports automagically.. If not then the AE is simply not going to work at this firmware level.
    BTW.. there is no doubt the 6.3.1 utility on Mac is problematic.. Apparently the iOS one is much better.. or even 5.6.1 utility on a windows PC. If you have an iphone/ipad use the airport utility app and do the setup from there.. rather than a mac.. it has more chances of working.. maybe.
    You have an express.. this sounds odd but please change the firmware in the express back to 7.6.1 (I don't use express so I know less about them). Set it up as router in place of the extreme.. and try the NAS again.. you might need to buy a switch to do all this. But it should work if you do it via the iOS device.. well worth a try too and see if the earlier firmware can auto allocate ports via the NAT-PMP or even if that fails by manually allocating them. 
    Or the other choice is a non apple router for now.. and put the Extreme in bridge .. ie take away all NAT responsibility from it .. use your non-apple router firstly try by upnp and then manually forward the ports if you have to..
    Hope something in there helps.

  • Port Forwarding for RDP 3389 is not working

    Hi,
    I am having trouble getting rdp (port 3389) to forward to my server (10.20.30.20).  I have made sure it is not an issue with the servers firewall, its just the cisco.  I highlighted in red to what i thought I need in my config to get this  to work.  I have removed the last 2 octets of the public IP info for security .Here is the configuration below:
    TAMSATR1#show run
    Building configuration...
    Current configuration : 11082 bytes
    version 15.2
    no service pad
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    hostname TAMSATR1
    boot-start-marker
    boot system flash:/c880data-universalk9-mz.152-1.T.bin
    boot-end-marker
    logging count
    logging buffered 16384
    enable secret
    aaa new-model
    aaa authentication login default local
    aaa authentication login ipsec-vpn local
    aaa authentication login ciscocp_vpn_xauth_ml_1 local
    aaa authorization console
    aaa authorization exec default local
    aaa authorization network groupauthor local
    aaa session-id common
    memory-size iomem 10
    clock timezone CST -6 0
    clock summer-time CDT recurring
    crypto pki token default removal timeout 0
    crypto pki trustpoint TP-self-signed-1879941380
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1879941380
    revocation-check none
    rsakeypair TP-self-signed-1879941380
    crypto pki certificate chain TP-self-signed-1879941380
    certificate self-signed 01
      3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
      31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 31383739 39343133 3830301E 170D3131 30393136 31393035
      32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38373939
      34313338 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
      8100BD7E 754A0A89 33AFD729 7035E8E1 C29A6806 04A31923 5AE2D53E 9181F76C
      ED17D130 FC9B5767 6FD1F58B 87B3A96D FA74E919 8A87376A FF38A712 BD88DB31
      88042B9C CCA8F3A6 39DC2448 CD749FC7 08805AF6 D3CDFFCB 1FE8B9A5 5466B2A4
      E5DFA69E 636B83E4 3A2C02F9 D806A277 E6379EB8 76186B69 EA94D657 70E25B03
      542D0203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
    ip dhcp excluded-address 10.20.30.1 10.20.30.99
    ip dhcp excluded-address 10.20.30.201 10.20.30.254
    ip dhcp excluded-address 10.20.30.250
    ip dhcp pool tamDHCPpool
    import all
    network 10.20.30.0 255.255.255.0
    default-router 10.20.30.1
    domain-name domain.com
    dns-server 10.20.30.20 8.8.8.8
    ip domain name domain.com
    ip name-server 10.20.30.20
    ip cef
    no ipv6 cef
    license udi pid CISCO881W-GN-A-K9 sn
    crypto vpn anyconnect flash:/webvpn/anyconnect-dart-win-2.5.3054-k9.pkg sequence 1
    ip tftp source-interface Vlan1
    class-map type inspect match-all CCP_SSLVPN
    match access-group name CCP_IP
    policy-map type inspect ccp-sslvpn-pol
    class type inspect CCP_SSLVPN
      pass
    zone security sslvpn-zone
    crypto isakmp policy 10
    encr aes 256
    authentication pre-share
    group 2
    crypto isakmp policy 20
    encr aes 192
    authentication pre-share
    group 2
    crypto isakmp key password
    crypto isakmp client configuration group ipsec-ra
    key password
    dns 10.20.30.20
    domain tamgmt.com
    pool sat-ipsec-vpn-pool
    netmask 255.255.255.0
    crypto ipsec transform-set ipsec-ra esp-aes esp-sha-hmac
    crypto ipsec transform-set TSET esp-aes esp-sha-hmac
    crypto ipsec profile VTI
    set security-association replay window-size 512
    set transform-set TSET
    crypto dynamic-map dynmap 10
    set transform-set ipsec-ra
    reverse-route
    crypto map clientmap client authentication list ipsec-vpn
    crypto map clientmap isakmp authorization list groupauthor
    crypto map clientmap client configuration address respond
    crypto map clientmap 10 ipsec-isakmp dynamic dynmap
    interface Loopback0
    ip address 10.20.250.1 255.255.255.252
    ip nat inside
    ip virtual-reassembly in
    interface Tunnel0
    description To AUS
    ip address 192.168.10.1 255.255.255.252
    load-interval 30
    tunnel source
    tunnel mode ipsec ipv4
    tunnel destination
    tunnel protection ipsec profile VTI
    interface FastEthernet0
    no ip address
    interface FastEthernet1
    no ip address
    interface FastEthernet2
    no ip address
    interface FastEthernet3
    no ip address
    interface FastEthernet4
    ip address 1.2.3.4
    ip access-group INTERNET_IN in
    ip access-group INTERNET_OUT out
    ip nat outside
    ip virtual-reassembly in
    no ip route-cache cef
    ip route-cache policy
    ip policy route-map IPSEC-RA-ROUTE-MAP
    duplex auto
    speed auto
    crypto map clientmap
    interface Virtual-Template1
    ip unnumbered Vlan1
    zone-member security sslvpn-zone
    interface wlan-ap0
    description Service module interface to manage the embedded AP
    ip unnumbered Vlan1
    arp timeout 0
    interface Wlan-GigabitEthernet0
    description Internal switch interface connecting to the embedded AP
    switchport mode trunk
    no ip address
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
    ip address 10.20.30.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly in
    ip tcp adjust-mss 1452
    ip local pool sat-ipsec-vpn-pool 10.20.30.209 10.20.30.239
    ip default-gateway 71.41.20.129
    ip forward-protocol nd
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip dns server
    ip nat inside source list ACL-POLICY-NAT interface FastEthernet4 overload
    ip nat inside source static tcp 10.20.30.20 3389 interface FastEthernet4 3389
    ip nat inside source static 10.20.30.20 (public ip)
    ip route 0.0.0.0 0.0.0.0 public ip
    ip route 10.20.40.0 255.255.255.0 192.168.10.2 name AUS_LAN
    ip access-list extended ACL-POLICY-NAT
    deny   ip 10.0.0.0 0.255.255.255 10.20.30.208 0.0.0.15
    deny   ip 172.16.0.0 0.15.255.255 10.20.30.208 0.0.0.15
    deny   ip 192.168.0.0 0.0.255.255 10.20.30.208 0.0.0.15
    permit ip 10.20.30.0 0.0.0.255 any
    permit ip 10.20.31.208 0.0.0.15 any
    ip access-list extended CCP_IP
    remark CCP_ACL Category=128
    permit ip any any
    ip access-list extended INTERNET_IN
    permit icmp any any echo
    permit icmp any any echo-reply
    permit icmp any any unreachable
    permit icmp any any time-exceeded
    permit esp host 24.153. host 66.196
    permit udp host 24.153 host 71.41.eq isakmp
    permit tcp host 70.123. host 71.41 eq 22
    permit tcp host 72.177. host 71.41 eq 22
    permit tcp host 70.123. host 71.41. eq 22
    permit tcp any host 71..134 eq 443
    permit tcp host 70.123. host 71.41 eq 443
    permit tcp host 72.177. host 71.41. eq 443
    permit udp host 198.82. host 71.41 eq ntp
    permit udp any host 71.41. eq isakmp
    permit udp any host 71.41eq non500-isakmp
    permit tcp host 192.223. host 71.41. eq 4022
    permit tcp host 155.199. host 71.41 eq 4022
    permit tcp host 155.199. host 71.41. eq 4022
    permit udp host 192.223. host 71.41. eq 4022
    permit udp host 155.199. host 71.41. eq 4022
    permit udp host 155.199. host 71.41. eq 4022
    permit tcp any host 10.20.30.20 eq 3389
    evaluate INTERNET_REFLECTED
    deny   ip any any
    ip access-list extended INTERNET_OUT
    permit ip any any reflect INTERNET_REFLECTED timeout 300
    ip access-list extended IPSEC-RA-ROUTE-MAP
    deny   ip 10.20.30.208 0.0.0.15 10.0.0.0 0.255.255.255
    deny   ip 10.20.30.224 0.0.0.15 10.0.0.0 0.255.255.255
    deny   ip 10.20.30.208 0.0.0.15 172.16.0.0 0.15.255.255
    deny   ip 10.20.30.224 0.0.0.15 172.16.0.0 0.15.255.255
    deny   ip 10.20.30.208 0.0.0.15 192.168.0.0 0.0.255.255
    deny   ip 10.20.30.224 0.0.0.15 192.168.0.0 0.0.255.255
    permit ip 10.20.30.208 0.0.0.15 any
    deny   ip any any
    access-list 23 permit 70.123.
    access-list 23 permit 10.20.30.0 0.0.0.255
    access-list 24 permit 72.177.
    no cdp run
    route-map IPSEC-RA-ROUTE-MAP permit 10
    match ip address IPSEC-RA-ROUTE-MAP
    set ip next-hop 10.20.250.2
    banner motd ^C
    UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED.
    You must have explicit permission to access or configure this device.  All activities performed on this device are logged and violations of this policy may result in disciplinary and/or legal action.
    ^C
    line con 0
    logging synchronous
    line aux 0
    line 2
    no activation-character
    no exec
    transport preferred none
    transport input all
    line vty 0
    access-class 23 in
    privilege level 15
    logging synchronous
    transport input telnet ssh
    line vty 1 4
    access-class 23 in
    exec-timeout 5 0
    privilege level 15
    logging synchronous
    transport input telnet ssh
    scheduler max-task-time 5000
    ntp server 198.82.1.201
    webvpn gateway gateway_1
    ip address 71.41. port 443
    http-redirect port 80
    ssl encryption rc4-md5
    ssl trustpoint TP-self-signed-1879941380
    inservice
    webvpn context TAM-SSL-VPN
    title "title"
    logo file titleist_logo.jpg
    secondary-color white
    title-color #CCCC66
    text-color black
    login-message "RESTRICTED ACCESS"
    policy group policy_1
       functions svc-enabled
       svc address-pool "sat-ipsec-vpn-pool"
       svc default-domain "domain.com"
       svc keep-client-installed
       svc split dns "domain.com"
       svc split include 10.0.0.0 255.0.0.0
       svc split include 192.168.0.0 255.255.0.0
       svc split include 172.16.0.0 255.240.0.0
       svc dns-server primary 10.20.30.20
       svc dns-server secondary 66.196.216.10
    default-group-policy policy_1
    aaa authentication list ciscocp_vpn_xauth_ml_1
    gateway gateway_1
    ssl authenticate verify all
    inservice
    end

    Hi,
    I didnt see anything marked with red in the above? (Atleast when I was reading)
    I have not really had to deal with Routers at all since we all access control and NAT with firewalls.
    But to me it seems you have allowed the traffic to the actual IP address of the internal server rather than the public IP NAT IP address which in this case seems to be configured to use your FastEthernet4 interfaces public IP address.
    There also seems to be a Static NAT configured for the same internal host so I am wondering why the Static PAT (Port Forward) is used?
    - Jouni

  • HELP!! asa 5505 8.4(5) problem with port forwarding-smtp

    Hi I am having a big problem with port forwarding on my asa. I am trying to forward smtp through the asa  to my mail server.
    my mail server ip is 10.0.0.2 and my outside interface is 80.80.80.80 , the ASA is setup with pppoe (I get internet access no problem and that seems fine)
    When I run a trace i get "(ACL-Drop) - flow is deied by configured rule"
    below is my config file , any help would be appreciated
    Result of the command: "show running-config"
    : Saved
    ASA Version 8.4(5)
    hostname ciscoasa
    domain-name domain.local
    enable password mXa5sNUu4rCZ.t5y encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.0.0.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    pppoe client vpdn group ISPDsl
    ip address 80.80.80.80 255.255.255.255 pppoe setroute
    ftp mode passive
    dns server-group DefaultDNS
    domain-name domain.local
    same-security-traffic permit intra-interface
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network Server_SMTP
    host 10.0.0.2
    access-list outside_access_in extended permit tcp any object server_SMTP eq smtp
    pager lines 24
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    object network obj_any
    nat (inside,outside) dynamic interface
    object network server_SMTP
    nat (inside,outside) static interface service tcp smtp smtp
    nat (inside,outside) after-auto source dynamic any interface
    access-group outside_access_in in interface outside
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    http server enable
    http 10.0.0.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    telnet timeout 5
    ssh timeout 5
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    vpdn group ISP request dialout pppoe
    vpdn group ISP localname [email protected]
    vpdn group ISP ppp authentication chap
    vpdn username [email protected] password *****
    dhcpd auto_config outside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:c5570d7ddffd46c528a76e515e65f366
    : end

    Hi Jennifer
    I have removed that nat line as suggested but still no joy.
    here is my current config
    Result of the command: "show running-config"
    : Saved
    ASA Version 8.4(5)
    hostname ciscoasa
    domain-name domain.local
    enable password mXa5sNUu4rCZ.t5y encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.0.0.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    pppoe client vpdn group ISP
    ip address 80.80.80.80 255.255.255.255 pppoe setroute
    ftp mode passive
    dns server-group DefaultDNS
    domain-name domain.local
    same-security-traffic permit intra-interface
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network Server_Mail
    host 10.0.0.2
    access-list outside_access_in extended permit tcp any object Server_Mail eq smtp
    pager lines 24
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    object network obj_any
    nat (inside,outside) dynamic interface
    object network Server_Mail
    nat (inside,outside) static interface service tcp smtp smtp
    access-group outside_access_in in interface outside
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    http server enable
    http 10.0.0.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    telnet timeout 5
    ssh timeout 5
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    vpdn group ISP request dialout pppoe
    vpdn group ISP localname [email protected]
    vpdn group ISP ppp authentication chap
    vpdn username [email protected] password *****
    dhcpd auto_config outside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:f3bd954d1f9499595aab4f9da8c15795
    : end
    also here is the packet trace
    and my acl
    Thanks

  • How to IPsec site to site vpn port forwarding to remote site?

    Hi All,
    The scenario where a Site to Site VPN tunnel has been established between Site A and Site B. Lan on Site A can ping Lan on Site B. My problem is a Printer behind Site B needs to be accessed by using the WAN IP address of Site A. Also i could not ping the remote lan or printer from the router.
    Below are my configure on the Cisco 877 in site A. Would you please advise the solution for that?
    Building configuration...
    Current configuration : 5425 bytes
    ! Last configuration change at 15:09:21 PCTime Fri Jun 15 2012 by admin01
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname Laverton
    boot-start-marker
    boot-end-marker
    logging message-counter syslog
    no logging buffered
    aaa new-model
    aaa authentication login default local
    aaa authorization exec default local
    aaa session-id common
    clock timezone PCTime 10
    crypto pki trustpoint TP-self-signed-1119949081
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1119949081
    revocation-check none
    rsakeypair TP-self-signed-1119949081
    crypto pki certificate chain TP-self-signed-1119949081
    certificate self-signed 01
      XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
      XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
      69666963 6174652D 31313139 39343930 3831301E 170D3132 30363135 30343032
      30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31313939
                quit
    dot11 syslog
    ip source-route
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.1.1 192.168.1.50
    ip dhcp pool DHCP_LAN
       network 192.168.1.0 255.255.255.0
       default-router 192.168.1.1
       dns-server 61.9.134.49
       lease infinite
    ip cef
    no ipv6 cef
    multilink bundle-name authenticated
    object-group network VPN
    description ---Port Forward to vpn Turnnel---
    host 192.168.2.99
    username admin01 privilege 15 secret 5 $1$6pJE$ngWtGp051xpSXLAizsX6B.
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp key mypasswordkey address 0.0.0.0 0.0.0.0
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto dynamic-map SDM_DYNMAP_1 1
    set transform-set ESP-3DES-SHA
    match address 100
    crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
    archive
    log config
      hidekeys
    no ip ftp passive
    interface ATM0
    description ---Telstra ADSL---
    no ip address
    no atm ilmi-keepalive
    pvc 8/35
      tx-ring-limit 3
      encapsulation aal5snap
      protocol ppp dialer
      dialer pool-member 1
    dsl operating-mode auto
    interface FastEthernet0
    interface FastEthernet1
    interface FastEthernet2
    switchport access vlan 10
    shutdown
    interface FastEthernet3
    interface Vlan1
    description ---Ethernet LAN---
    ip address 192.168.1.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1420
    interface Vlan10
    ip dhcp relay information trusted
    ip dhcp relay information check-reply none
    no ip dhcp client request tftp-server-address
    no ip dhcp client request netbios-nameserver
    no ip dhcp client request vendor-specific
    no ip dhcp client request static-route
    ip address dhcp
    ip nat outside
    ip virtual-reassembly
    interface Dialer0
    description ---ADSL Detail---
    ip address negotiated
    ip mtu 1460
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    ip tcp adjust-mss 1420
    dialer pool 1
    dialer-group 1
    ppp chap hostname [email protected]
    ppp chap password 0 mypassword
    crypto map SDM_CMAP_1
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 Dialer0
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip dns server
    ip nat inside source static tcp 192.168.2.99 80 interface Dialer0 8000
    ip nat inside source static tcp 192.168.2.99 9100 interface Dialer0 9100
    ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
    ip nat inside source route-map SDM_RMAP_2 interface Dialer0 overload
    ip access-list extended NAT
    remark CCP_ACL Category=16
    remark IPSec Rule
    deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    permit ip 192.168.1.0 0.0.0.255 any
    access-list 1 permit 192.168.1.0 0.0.0.255
    access-list 100 remark CCP_ACL Category=4
    access-list 100 remark IPSec Rule
    access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    access-list 101 remark CCP_ACL Category=2
    access-list 101 remark IPSec Rule
    access-list 101 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    access-list 101 permit ip 192.168.2.0 0.0.0.255 any
    route-map SDM_RMAP_1 permit 1
    match ip address NAT
    route-map SDM_RMAP_2 permit 1
    match ip address 101
    control-plane
    line con 0
    no modem enable
    line aux 0
    line vty 0 4
    transport input telnet ssh
    scheduler max-task-time 5000
    end
    Your help would be very appreciated!
    PS: I know it is easier if i config Site A as the VPN server but in out scenario, we need to access printer from internet over static WAN IP of site A.
    Thanks,
    Thai

    Is there anyone can help please?

  • BT Home Hub 3 + Back To My Mac / Port Forwarding

    I've recently got BT Infinity and along with it a BT Home Hub 3 which doesn't seem to be playing nicely with Back to my Mac.
    The setup on the Mac side of things is correct and I can see my remote computer but I just can't connect to them, or vice versa. The Back to My Mac preference is showing that the router needs configuring for better performance.
    I've ensured UPnP is enabled and forwarded the following ports to the device:
    TCP 5354
    UDP 4500
    UDP 5353
    UDP 500
    UDP/TCP 4488
    Which I found listed in http://support.apple.com/kb/TS1629
    After doing some checks on these ports using http://canyouseeme.org it would seem that only one of these ports is open, and even then it's occassional.
    BT seem to state on http://bt.custhelp.com/app/answers/detail/a_id/12529/~/why-do-i-get-an-error-message-when-using-appl... that 'Back to My Mac' isn't compatible and this is due to a compatibility issue on Apple's part. Frustratingly this article doesn't indicate a date when this was posted. Never the less, I would presume this could only be UPnP related — i.e. the necessary ports won't open automatically. I'm unsure of what other compatibility issues there would be. If the ports are open it should work fine.
    I've read numerous threads in many forums about the BT Home Hub 3 port forwarding not working correctly, is this still true? If so, surely the device should be deemed faulty or a firmware update should have been put in place by now to resolve this. I can't seem to find any recent articles regarding this.
    Thanks in advance for any help!
    Solved!
    Go to Solution.

    Hi ollie,
    If you're still having problems with this please feel free to contact us via the webform link in my profile and we'll check to see what the current status of the investigations with Back to my Mac is.
    Cheers
    Dean
    BTCare Community Mod
    If you like a post, or want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side of the post.
    If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.

  • Home Hub 3 Port forwarding for Netgear Stora

    Hi, 
    I have had a Negear Stora on my home network with a HH3 for about 6 months. Up untill about 10 days ago, all was good, however now when i try to access it remotely via the mystora.com web portal, i am getting the following error messages
      Stora is Online,
      but cannot be accessed remotely.
      Your Stora is not currently accessible. This may be for several reasons:
      • Your ISP is not allowing Internet traffic to your Stora
      • A firewall is blocking internet access to your Stora
      • Port forwarding is not correctly configured on your router, or UPnP is disabled
    I have enabled UPnP and have turned of the firewall off, but still no joy. 
    Is anybody else having this issue? Can somebody please guide me threw the port forwarding as i dont want to braak anything else.
    Thanks in advance
    W

    There is a guide to port forwarding on this page.
    Port forwarding problems
    If you need more specific help, then please ask me.
    There are some useful help pages here, for BT Broadband customers only, on my personal website.
    BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

  • Port Forwarding To Two Macs with Port 22 limitations

    This is another port forwarding/port 22 issue and I've look around and not seen an answer to my specific problem.  I work for a business that has an in-house ad system that runs on a Mac Mini.  I have been accessing that Mac Mini remotely because we set up port forwarding through the Linksys rounter that is at the business using port 22.  This is the only port that works for this connection to the mini and the software.
    We are now adding a second Mac Mini to send the ads to a different set of monitors.  I can't set up port forward to the new mini on the same port so I don't know how to connect to this mini remotely.  Is there a way to get into the first mini through port 22 and then somehow communite to the second one through the first?  Is there another way to do port forwarding...or have the linksys router switch from one mini to the other when a request comes in?  There will only be one remote computer trying to reach either Mac Mini so there will never be simultaneous traffic coming in.  Any help would be appreciated!
    The linksys router is critical to the business becasue a host of other devices are forwarded though it as well.
    Thank you.

    klara wrote:
    Having set up my IP camera with HH4 successfully, I've now got another one and would like to set it up as well. I gave it a unique, static IP address which my router can see fine. When I try to set up port forwarding, I get a message saying:
    "The game or application you’ve selected conflicts with an application (IP Cam 1) you’ve already assigned to another device. Please remove the other application or select the same device."
    I am not being given the option to select the same device.
    I'm now wondering if port forwarding to two identical devices actually works in principle with HH4? Has anyone else done this?
    If in the Home Hub 4 A you go to
    Advanced Settings
    Firewall
    Port Fowarding
    Manage Games and Applications 
    You get the following statement:
    "Each game or application can be assigned to only one device on your home network"
    I would think that the only way round your problem is to have each Camera running a different application or the same application with a different name.  
    Does the remote browser app need to know the application name  or just the device name ?
    If you think about how Port Forwarding needs to function you need a way whereby  the remote user needs to be able to tell the Hub what Camera to talk to.  

  • Port forwarding to two devices with HH4

    Having set up my IP camera with HH4 successfully, I've now got another one and would like to set it up as well. I gave it a unique, static IP address which my router can see fine. When I try to set up port forwarding, I get a message saying:
    "The game or application you’ve selected conflicts with an application (IP Cam 1) you’ve already assigned to another device. Please remove the other application or select the same device."
    I am not being given the option to select the same device.
    I'm now wondering if port forwarding to two identical devices actually works in principle with HH4? Has anyone else done this?
    Solved!
    Go to Solution.

    klara wrote:
    Having set up my IP camera with HH4 successfully, I've now got another one and would like to set it up as well. I gave it a unique, static IP address which my router can see fine. When I try to set up port forwarding, I get a message saying:
    "The game or application you’ve selected conflicts with an application (IP Cam 1) you’ve already assigned to another device. Please remove the other application or select the same device."
    I am not being given the option to select the same device.
    I'm now wondering if port forwarding to two identical devices actually works in principle with HH4? Has anyone else done this?
    If in the Home Hub 4 A you go to
    Advanced Settings
    Firewall
    Port Fowarding
    Manage Games and Applications 
    You get the following statement:
    "Each game or application can be assigned to only one device on your home network"
    I would think that the only way round your problem is to have each Camera running a different application or the same application with a different name.  
    Does the remote browser app need to know the application name  or just the device name ?
    If you think about how Port Forwarding needs to function you need a way whereby  the remote user needs to be able to tell the Hub what Camera to talk to.  

  • Port Forwarding for a PPoA device connected to Time Capsule

    Hi - advice please.
    Relevant hardware configuration:
    iMac
    Time Capsule 1Tb -latest dual band version*
    Vigor 120 ADSL modem*
    Vodafone Sure Signal
    I recently upgraded my old D-Link ADSL router with the starred items* above. Really pleased with the performance of my Time Capsule and ADSL modem - it's much faster and more reliable.
    Problem
    However I have one piece of hardware that will not work on the new set up - the Vodafone Sure Signal which boosts my 3G signal using my ADSL connection. As I live in a mobile signal blackspot this is a big deal for me.
    *Possible solution?*
    I've read on a Vodafone forum that the issue is that Sure Signal box needs a PPoA connection - the TC is PPoE. I've read on some of the forum threads that the Vodafone box might work if *port forwarding* is set up on the Time Capsule.
    I'd like to give this a go and I have the TCP / UDP settings but do not know how to set this up in the Airport Utility. Can anyone offer any help or advice on how to achieve this?
    Also do I need to set anything up on the ADSL modem? This modem does not require bridge mode as it's a straight through connection to the ISP (that's why I bought it!)
    The only other option I can see is to take out the new ADSL modem (pity) and put in the old D-Link (disabling the wi-fi so it's just a router) and configuring the Time Capsule to bridge mode.
    Many thanks to the Community for any advice received.
    Grant
    Message was edited by: Rural_Signal
    Message was edited by: Rural_Signal

    If your Modem has a wifi router in it: yes the TC in "create network" and "bridge mode", and -if there is such setting -  set the TC "allow this network to be extended". The Express set in "extend the network".

  • Port Forwarding on Home Hub 5 not working

    Hi,
    Is anybody else having problems getting ports to forward on their Home Hub or Home Hub 5?
    I am a new BT customer, less than a week infact and BT have been utterly hopeless in getting this resolved. All they do is send me instructions for port forwarding on a homehub which I do not need and tell me that i need to pay for their tech support to investigate it further which is freaking ridiculous considering port forwarding is an essential part of any router and this router is brand new, less than a week old. (Do BMW sell you a car and then refuse to take responsibility for a broken engine?)
    My other option is buying an ADSL 802.11ac router for £150 which out of principle, i dont think i should have to do. One of the reasons i came to BT in the first place was because the homehub is supposed to be one of the best free provider supplied routers around. 
    Please only reply to this if you know what you are talking about or have experienced this same issue yourselves. I reiterate that I have not missed any configuration steps on my part and this is a case of the homehub simply not working as it is designed.
    Scenario:
    I like to have remote desktop access to my home computer from external networks. I do not use 3rd party software such as 'log me in' or 'team viewer', I like to use Microsoft Remote desktop and had been doing so for years with my Sky broadband until last week.
    I have dynamic DNS running on my machine which updates my constantly changing external IP to the dns server so dont worry about that, thats all good.
    I have correctly set up the forwarding of TCP 3389 to the static I.P of my home desktop on the homehub (and rebooted and or factory reset several times)
    Result:
    Nothing. The homehub displays as though it has forwarded the ports yet i am still unable to remote in from an external network. The port shows as closed when i run a port scanner.
    The same goes for other ports I have tried to open. For example, my Xbox One.
    BT are sending me out a replacement Hub to try but I fear that this will have the same result as i have seen a few other people post with the same issues.
    If anybody has experienced and or resolved this, please let me know and i will be forever grateful
    Thank you

    When you do a major network revision always reset the TC to factory and start over.. it simply remembers too much of the last setup.
    Plug WAN TC into the HH5 and run through the airport utility again. The TC must go into bridge mode. It then should work fine, but I recommend particularly with Mavericks you use strict naming.
    Not apple names.. long, loose and loopy.
    Names that are short, 2-10 characters is plenty but make an upper limit of 20.
    No spaces..
    Pure alphanumeric.. no apostrophe or any other odd character.

Maybe you are looking for