PING - Unknown host 127.0.0.1, Unknown host localhost
Hello,
I have a problem - I created a chrooted jail for one user. When I'm logged in as root, everything work fine, but when I'm logged in as a chrooted user - I have many problems:
1. When I execute the command ping, I get weird results:
bash-3.00$ usr/sbin/ping localhost
usr/sbin/ping: unknown host localhost
bash-3.00$ usr/sbin/ping 127.0.0.1
usr/sbin/ping: unknown host 127.0.0.1
bash-3.00$ usr/sbin/ping ip_address1
usr/sbin/ping: unknown host ip_address12. When I execute
bash-3.00$ svcs -x I get:
svcs: Could not bind to repository server: repository server unavailable. Exiting.3. When I try to sftp or ssh another machine
bash-3.00$ sftp ip_address1
bash-3.00$ ssh ip_address1I receive the message:
Host key verification failed.although I am able to ssh/sftp the machine as root
4. When I ftp another machine
bash-3.00$ ftp ip_address1I get
unknown host or invalid literal address5. If I telnet another machine:
bash-3.00$ telnet ip_address1I receive
ip_address1: service name not available for the specified socket typeI need to add that all these commands work perfectly for root. I probably didn't copy some of the necessary configuration files/programs to the chrooted directory. But which ones?
Regards,
Przemek
Przemek198 wrote:
Hello,
I have a problem - I created a chrooted jail for one user. When I'm logged in as root, everything work fine, but when I'm logged in as a chrooted user - I have many problems:When something works as root and not as a regular user, I think "permission problems".
1. When I execute the command ping, I get weird results:
bash-3.00$ usr/sbin/ping localhost
usr/sbin/ping: unknown host localhost
Here it appears that hostname resolution is different. Since that happens in the /etc/inet/hosts file (or possibly the /etc/inet/ipnodes file), I'd examine those and see if they are only readable by root for some reason. (And this would be within the chroot environment, since that's where the problem is).
Darren
Similar Messages
-
[SOLVED] ping: unknown host
Ok I feel kinda stupid here. Yesterday I decided to make a clean install on my system. After the installation I tried to upgrade the system but couldn't. The pacman -Syu gets me:
error: failed retrieving file 'core.db' from ftp. .. . .. : No address record
error: failed to update core (No address record)
I guess it has to do with this (http://www.archlinux.org/news/hostname- … inetutils/) but I have no idea on how to fix it. The ping command gets me:
ping: unknown host www.google.com
Any help? Thanks.
If I posted this on the wrong section feel free to change it.
Last edited by Aventinus (2011-10-17 06:07:26)sensei wrote:
Aventinus wrote:I use wired connection, ethernet. If I login via Ubuntu or Windows (triple boot) everything is fine. I have done this procedure many times. The article doesn't help (or I'm missing something).
I can't understand what's the matter.
How do you configure your network?
Here's an article on how to configure a wired network.
Well, that did the trick. All I had to do is to add "eth0" to the interface section on rc.conf. Although I wonder why all the other times when I did a clean install, this procedure was automatic. Anyway, thank you all for your time. :-) -
ASA 5505: unable to ping external hosts
Hi,
I have a LAN behind ASA 5505, interface NAT/PAT is configured.
External interface is configured for PPPoE.
Everything works fine except I cannot ping from a LAN PC external hosts. I can however ping external hosts from ASA itself. ICMP is allowed:
icmp permit any inside
icmp permit any outside
access-list outside_access_in extended permit icmp any any
Protocol inspections and fixups are default.
When I ping an external host 61.95.50.185 from the LAN host 10.2.32.68 I am getting the following in the log:
302020 61.95.50.185 10.2.32.68 Built ICMP connection for faddr 61.95.50.185/0 gaddr 202.xx.yy.zz/1 laddr 10.2.32.68/512
302020 61.95.50.185 202.xx.yy.zz Built ICMP connection for faddr 61.95.50.185/0 gaddr 202.xx.yy.zz/1 laddr 202.xx.yy.zz/1
313004 Denied ICMP type=0, from laddr 61.95.50.185 on interface outside to 202.xx.yy.zz: no matching session
313001 61.95.50.185 Denied ICMP type=0, code=0 from 61.95.50.185 on interface outside
302021 61.95.50.185 202.xx.yy.zz Teardown ICMP connection for faddr 61.95.50.185/0 gaddr 202.xx.yy.zz/1 laddr 202.xx.yy.zz/1
302021 61.95.50.185 10.2.32.68 Teardown ICMP connection for faddr 61.95.50.185/0 gaddr 202.xx.yy.zz/1 laddr 10.2.32.68/512
Where 202.xx.yy.zz is IP of external interface of ASA.
This is a very simple setup that runs on a number of othe PIXes/ASAs and pings to external IP normally work just fine. I can't understand why ping replies are getting dropped on the interface?
Any help will be highly appreciated.
Thank you.
AlexAlex / Kerry, you have couple of options for handling icmp outbound, either acl or icmp inspection :
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit icmp any any source-quench
access-list outside_access_in extended permit icmp any any unreachable
access-list outside_access_in extended permit icmp any any time-exceeded
access-group outside_access_in in interface outside
or icmp inspection instead of acl.
policy-map global_policy
class inspection_default
inspect icmp
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml
HTH
Jorge -
No ping between host in the same subnet
Hello,
I have a question about the ASA and the ARP traffic in IOS 9.1.2 for ASA 5585-X and multicontext. I have discovered a curious behaviour about the traffic ARP in the my CLUSTER of ASA's. When I try to send a ping between host in the same subnet and these host have as Gateway the interface of the ASA (ASA is his router) don't works, if I mark the check to enable the comunications between host connected to the same interface this cotinues without work. The only way to get my aim (ping between host), I need to implement and Access Rule allowing the traffic IP between my origin network and destination the same network.
I think that this is some feature of ASA that filter the ARP Request but I don't understand!!! Can I help me, please?
Thanks.Hi,
Your firewall should not see any traffic between the hosts on the same subnet.
If it is seeing traffic between the hosts then its likely that Proxy ARP on the ASA is the problem. Proxy ARP is enabled on the ASA by default on all interfaces. This essentially means that when the host connecting to the other host on the same subnet sends an ARP request the ASA might reply to that ARP request instead of the actual destination host. This is why traffic might get forwarded to the ASA instead of the actual host.
If you want to disable the Proxy ARP on some ASA interface then you can use
sysopt norpoxyarp
Where you replace the with the actual name you have given to the interface on the ASA. This disables the Proxy ARP
- Jouni -
Script to ping multiple hosts and return domain info to a txt or csv file
Hi,
I wonder if anyone can help. I need a script that will allow me to ping multiple hosts (all listed on seperate lines in a txt file) and return IP, server up\down and domain info to a txt or ideally a csv file.
I'm sure this must have been done\requested before but I can't seem to find the correct script anywhere
Thanks for your help
MalTry this modification:
$result=@()
Get-Content p:\list.TXT | %{
$start_name = $_
$conn = Test-Connection -ComputerName $_ -Quiet
if(-not $conn)
$start_name = ""
Try
$dns = [System.Net.Dns]::GetHostEntry($_)
$dns_host = $dns.HostName
$dns_ip = $dns.AddressList | select -ExpandProperty IPAddressToString
catch
$dns_host = "invalid host name" #as jrich proposed :)
$dns_ip = "invalid host name" #as jrich proposed :)
$start_name = ""
$HostObj = New-Object PSObject -Property @{
Host = $start_name
IP = $dns_ip
DNSHost = $dns_host
Active = $conn
$result += $HostObj
$result | Export-Csv p:list.csv -NoTypeInformation -
Hello, can anyone help me out with how to ping a host using java I dont have to use Process p=Runtime.getRuntime().exec("ping ........
instead I need some powerful mechanism.. i am working on java 2 sdk 1.5.
Thank youWhy do you have to ping a host using Java?
Why not just try to connect to it?Because there's overhead in establishing a TCP or UDP connection if you just want to see if the host is there.
Because you don't necessarily know which services a given host may be offering, but you might be able to assume that it will respond to icmp echo request, and you just want to see if the host is minimally "alive".
Because you might want info about number of hops or roundtrip time or packet loss that's more easily obtained through ICMP than through a TCP connection. -
The TCP/IP connection to the host localhost, port 1433 has failed.
Hi, im using sql server 2000,
i have declared this in my program:
Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
String url = "jdbc:sqlserver://localhost:1433;databaseName=Factura";
Connection conn = DriverManager.getConnection(url,"sa","");and is giving me this exception:
run:
Got an exception!
The TCP/IP connection to the host localhost, port 1433 has failed.
Error: "connect timed out.
Verify the connection properties,
check that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port,
and that no firewall is blocking TCP connections to the port.".
com.microsoft.sqlserver.jdbc.SQLServerException: The TCP/IP connection to the host localhost, port 1433 has failed.
Error: "connect timed out. Verify the connection properties,
check that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port,
and that no firewall is blocking TCP connections to the port.".
at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDriverError(SQLServerException.java:171)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1033)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:817)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:700)
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:842)
at java.sql.DriverManager.getConnection(DriverManager.java:582)
at java.sql.DriverManager.getConnection(DriverManager.java:185)
at factura.FacturaView.conexion(FacturaView.java:317)
at factura.FacturaView.jTextField1KeyPressed(FacturaView.java:268)
at factura.FacturaView.access$900(FacturaView.java:41)
at factura.FacturaView$5.keyPressed(FacturaView.java:150)
at java.awt.Component.processKeyEvent(Component.java:6225)
at javax.swing.JComponent.processKeyEvent(JComponent.java:2801)
at java.awt.Component.processEvent(Component.java:6044)
at java.awt.Container.processEvent(Container.java:2041)
at java.awt.Component.dispatchEventImpl(Component.java:4630)
at java.awt.Container.dispatchEventImpl(Container.java:2099)
at java.awt.Component.dispatchEvent(Component.java:4460)
at java.awt.KeyboardFocusManager.redispatchEvent(KeyboardFocusManager.java:1850)
at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(DefaultKeyboardFocusManager.java:712)
at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(DefaultKeyboardFocusManager.java:990)
at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(DefaultKeyboardFocusManager.java:855)
at java.awt.DefaultKeyboardFocusManager.dispatchEvent(DefaultKeyboardFocusManager.java:676)
at java.awt.Component.dispatchEventImpl(Component.java:4502)
at java.awt.Container.dispatchEventImpl(Container.java:2099)
at java.awt.Window.dispatchEventImpl(Window.java:2478)
at java.awt.Component.dispatchEvent(Component.java:4460)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:599)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:269)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:174)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:169)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:161)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)
BUILD SUCCESSFUL (total time: 34 seconds)how can i solve this?
thanks..
Edited by: derok on Dec 8, 2010 1:31 PM
Edited by: derok on Dec 8, 2010 9:14 PM
Edited by: derok on Dec 11, 2010 1:51 PM
Edited by: derok on Dec 11, 2010 1:52 PMtschodt wrote:
derok wrote:
1434 did not worked eitherWhat port is your SQL Server listening on?
List of active ports:
C:\> netstat -naboOn linux I would add -l and -t to only get listening TCP ports.netstat -nabo gave me this:
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 2004
[httpd.exe]
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1148
e:\windows\system32\WS2_32.dll
E:\WINDOWS\system32\RPCRT4.dll
e:\windows\system32\rpcss.dll
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 2004
[httpd.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 1528
E:\WINDOWS\system32\httpapi.dll
e:\windows\system32\ssdpsrv.dll
E:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 2428
[mysqld.exe]
TCP 0.0.0.0:4400 0.0.0.0:0 LISTENING 2592
[nlsvc.exe]
TCP 0.0.0.0:7511 0.0.0.0:0 LISTENING 204
[raysat_3dsmax2010_32server.exe]
TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING 3080
[alg.exe]
TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING 188
[jqs.exe]
TCP 192.168.0.101:139 0.0.0.0:0 LISTENING 4
[System]
TCP 127.0.0.1:5152 127.0.0.1:1163 CLOSE_WAIT 188
[jqs.exe]
TCP 192.168.0.101:2869 192.168.0.1:4563 CLOSE_WAIT 4
[System]
UDP 0.0.0.0:500 *:* 908
[lsass.exe]
UDP 0.0.0.0:445 *:* 4
[System]
UDP 0.0.0.0:4500 *:* 908
[lsass.exe]
UDP 0.0.0.0:1434 *:* 3036
[sqlbrowser.exe]
UDP 127.0.0.1:123 *:* 1284
e:\windows\system32\WS2_32.dll
e:\windows\system32\w32time.dll
ntdll.dll
E:\WINDOWS\system32\kernel32.dll
[svchost.exe]
UDP 127.0.0.1:1135 *:* 3508
[iexplore.exe]
UDP 127.0.0.1:1040 *:* 1284
e:\windows\system32\WS2_32.dll
E:\WINDOWS\system32\WINHTTP.dll
E:\WINDOWS\system32\upnp.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\ole32.dll
[svchost.exe]
UDP 127.0.0.1:44301 *:* 2880
[PnkBstrA.exe]
UDP 127.0.0.1:1900 *:* 1528
e:\windows\system32\WS2_32.dll
e:\windows\system32\ssdpsrv.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\kernel32.dll
[svchost.exe]
UDP 192.168.0.101:1900 *:* 1528
e:\windows\system32\WS2_32.dll
e:\windows\system32\ssdpsrv.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\kernel32.dll
[svchost.exe]
UDP 192.168.0.101:137 *:* 4
[System]
UDP 192.168.0.101:123 *:* 1284
e:\windows\system32\WS2_32.dll
e:\windows\system32\w32time.dll
ntdll.dll
-- unknown component(s) --
[svchost.exe]
UDP 192.168.0.101:138 *:* 4
[System]Edited by: derok on Dec 10, 2010 11:04 AM
Edited by: derok on Dec 10, 2010 11:11 AM -
Configuring tnsnames.ora / listener.ora with HOST = localhost
Dear Oracle experts,
presently I'm trying to configure an Oracle installation on a Win2k server
to work with HOST = localhost entries in my tnsnames.ora and listener.ora.
I have to do that because I want to use that Oracle installation as an image
for several computers which will get different IPs and computer names.
My problem is, taht I only can configure my entries with a real IP adres (127.0.0.1 does not work ) or with the present name of the system but not with localhost or 127.0.0.1.
My listener.ora looks like below :
# listener.ora Network Configuration File: D:\oracle\product\10.1.0\Db_1\NETWORK\ADMIN\listener.ora
# Generated by Oracle configuration tools.
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SDU = 4096)
(SID_NAME = EMS)
(ORACLE_HOME = D:\oracle\product\10.1.0\Db_1)
(PRESPAWN_MAX = 10)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost )(PORT = 1521))
The listener above lead to a
ERROR - ORA-12541: TNS:no listener
if I try to connect via iSQLPlus. If I exchange HOST = localhost with HOST = mydnsname the I can connect to the computer via isqlplus.
Is there any possibility to configure the listener and tnsnames without using real IP adresses ?
Best regards,
Daniel WetzlerHi maran,
thanks for your answer.
i started the listener from cmd and had the output below :
C:\Documents and Settings\ECS>lsnrctl start
LSNRCTL for 32-bit Windows: Version 10.1.0.2.0 - Production on 22-MAR-2007 16:04
:32
Copyright (c) 1991, 2004, Oracle. All rights reserved.
Starting tnslsnr: please wait...
TNSLSNR for 32-bit Windows: Version 10.1.0.2.0 - Production
System parameter file is D:\oracle\product\10.1.0\Db_1\network\admin\listener.or
a
Log messages written to D:\oracle\product\10.1.0\Db_1\network\log\listener.log
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
STATUS of the LISTENER
Alias LISTENER
Version TNSLSNR for 32-bit Windows: Version 10.1.0.2.0 - Produ
ction
Start Date 22-MAR-2007 16:04:33
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File D:\oracle\product\10.1.0\Db_1\network\admin\listener.o
ra
Listener Log File D:\oracle\product\10.1.0\Db_1\network\log\listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
Services Summary...
Service "EMS" has 1 instance(s).
Instance "EMS", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
C:\Documents and Settings\ECS>
In my listener.log I found the following information :
TNSLSNR for 32-bit Windows: Version 10.1.0.2.0 - Production on 22-MAR-2007 16:11:42
Copyright (c) 1991, 2004, Oracle. All rights reserved.
System parameter file is D:\oracle\product\10.1.0\Db_1\network\admin\listener.ora
Log messages written to D:\oracle\product\10.1.0\Db_1\network\log\listener.log
Trace information written to D:\oracle\product\10.1.0\Db_1\network\trace\listener.trc
Trace level is currently 0
Started with pid=1672
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
TIMESTAMP * CONNECT DATA [* PROTOCOL INFO] * EVENT [* SID] * RETURN CODE
22-MAR-2007 16:11:43 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=)(USER=ECS))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=168821248)) * status * 0
So it seems that my lister is running fine, isn't it ?
But I cannot conect to my database....
I pasted my tnsnames.ora below.
Perhabs there's a bug I didn't fins yet. But if I replace in both files t(tnsnames.ora and listener.ora the "localhost" with my local IP it works just fine...
# tnsnames.ora Network Configuration File: D:\oracle\product\10.1.0\Db_1\network\admin\tnsnames.ora
# Generated by Oracle configuration tools.
SIG =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost )(PORT = 1521))
(CONNECT_DATA =
(SERVER = SHARED)
(SERVICE_NAME = SIG)
Hpe someone can help.....
Best regards,
Daniel -
Could not connect to any JRun/ColdFusion servers on host localhost
I am a new CF admin and I am trying to upgrade my Apache. I am following the instructions in http://help.adobe.com/en_US/ColdFusion/9.0/Admin/WSc3ff6d0ea77859461172e0811cbf364104-7fd9 .html but am getting an error. Could not connect to any JRun/ColdFusion servers on host localhost
I am running CF8 on Linux Suse and trying to upgrade apache to version 2.2.22. I am running apache on server-1 and ColdFuson on server-2.
I tried running the following on server1:
/data/jrun4/bin/wsconfig -server cf8-2 -ws Apache -bin /data/web3/apache-2.2.22-general-cf/bin/httpd -script /data/web3/apache-2.2.22-general-cf/bin/apachectl -dir /data/web3/apache-2.2.22-general-cf/conf -coldfusion -v
but got the error.
So then I tried installing apache on server-2 and running:
/data/cf8/bin/wsconfig -server cf8-2 -ws Apache -bin /data/web3/apache-2.2.22-general-cf/bin/httpd -script /data/web3/apache-2.2.22-general-cf/bin/apachectl -dir /data/web3/apache-2.2.22-general-cf/conf -coldfusion -v
I got the exact same error.
CF is definately up and running.
What am I doing wrong?Hi Kiran,
Yes, Coldfusion is running and I have root access. You need
to be root just to get the installer to run and to execute the
Apache connector to produce the error I pasted into my message. My
firewall is disabled, as is SELinux. I'm not sure how to "Write
small program to check socket creation..."
I'm reading through some of the tortured things Steven Erat
had to do to get CF7 running on FC6 here:
http://www.talkingtree.com/blog/index.cfm/2006/12/6/Running-ColdFusion-MX-7-on-Fedora-Core -6-Linux
I suspect I'm running into one of these snags. I was just
wondering if anyone knew if RHEL5 was officially supported yet, or
more concisely, Apache 2.2? -
Could not connect to host localhost on port 21212
Hi Experts,
I am trying to install SAP NW 2004s SR1 with Linux [Red Hat Enterprise Linux AS release 4 (Nahant Update 4)
, Kernel (2.6.9-42.EL)] and Oracle 10.2. I am getting the following error:
=============
SAP NetWeaver
SAPinst Installation GUI
Could not connect to host localhost on port 21212
java.net.ConnectException:Connection refused
Host: localhost
Port 21212
==================
I am using SDK 1.4.2_16.
Kindly help me to resolve go ahead in installation.
Regards.......YogeshHi Yogesh,
The error comes if :-
1. Incorrect version of JDK.
2. Java_Home is not set.
3.The port is already as an old binary is using it.
Please check on the above lines.
Thanks
Pankaj -
Could not connect to host localhost on port 21212 (linux Redhat)
Hi Gurus,
I'm trying to install NW7 on linux Red Hat. After executing SAPinst, the following log executes:
root@sapserver1 IM_LINUX_I386]# ./sapinst
[==============================] | extracting... done!
Starting GUIServer using:
SAPinst port : 21200
GUIServer port: 21212
HTTP port : 4239
GUI autostart : on
GUI mode : normal
command : /tmp/sapinst_exe.4231.1318317961/jre/bin/java -Xmx256M -Dsap.env.var.javahome=SAPINST_JRE_HOME -cp /tmp/sapinst_exe.4231.1318317961/JAR/instgui.jar SDTServer rootdir=/root/.sdtgui config=jar:sdtserver.xml guiport=21212 httpport=4239 -nolock -srvarg=/SAPinstService/host=localhost -srvarg=/SAPinstService/port=21200
init: retrieving account information for group sapinst...
init: retrieving account information done.
load resource pool /mnt/masterinstall/IM_LINUX_I386/resourcepool.xml
guiengine: No GUI server connected; waiting for a connection on host sapserver1, port 21200 to continue with the installation
Oct 11, 2011 7:26:37 AM [Info]: *************************
Oct 11, 2011 7:26:37 AM [Info]: Starting Server
Oct 11, 2011 7:26:37 AM [Info]: Reading server configuration.
Oct 11, 2011 7:26:37 AM [Info]: Reading service configuration SAPinstService.
Oct 11, 2011 7:26:37 AM [Info]: Configuring LogManager ...
Oct 11, 2011 7:26:37 AM [Info]: *************************************************
Oct 11, 2011 7:26:37 AM [Info]: Starting SL Controller listening on port 21212 ...
Oct 11, 2011 7:26:37 AM [Info]: StorageService switched off.
Oct 11, 2011 7:26:37 AM [Info]: Initializing SecurityManager ...
Oct 11, 2011 7:26:40 AM [Info]: Server certificate fingerprint is 92 9F C1 FC 74 60 48 C9 4F 9F 9E 94 C8 E3 BE 40
Oct 11, 2011 7:26:40 AM [Info]: Configuring HTTPManager ...
Oct 11, 2011 7:26:40 AM [Info]: WebstartService switched off.
Oct 11, 2011 7:26:40 AM [Info]: RoleService switched off.
Oct 11, 2011 7:26:40 AM [Info]: AlertService switched off.
Oct 11, 2011 7:26:40 AM [Info]: Starting NotesService ...
Oct 11, 2011 7:26:40 AM [Info]: ProcessService switched off.
Oct 11, 2011 7:26:40 AM [Info]: Starting MIDService ...
Oct 11, 2011 7:26:40 AM [Info]: Starting FileService ...
Oct 11, 2011 7:26:40 AM [Info]: LogService switched off.
Oct 11, 2011 7:26:40 AM [Info]: MailService switched off.
Oct 11, 2011 7:26:40 AM [Info]: Starting services ...
Oct 11, 2011 7:26:40 AM [Info]: Starting service "SAPinstService" ...
Oct 11, 2011 7:26:40 AM [Info]: Service "SAPinstService" started
Oct 11, 2011 7:26:40 AM [Info]: Services started.
Oct 11, 2011 7:26:40 AM [Info]: Starting HTTP server listening on port 4239 ...
Oct 11, 2011 7:26:40 AM [Info]: HTTP server started.
Oct 11, 2011 7:26:40 AM [Info]: SL Controller started.
Oct 11, 2011 7:26:40 AM [Info]: Starting GUI ...
Oct 11, 2011 7:26:40 AM [Info]: /tmp/sapinst_exe.4231.1318317961/jre/bin/java -XX:+HeapDumpOnOutOfMemoryError -Xmx256M -cp /tmp/sapinst_exe.4231.1318317961/JAR/instgui.jar SDTGui host=localhost port=21212 service=SAPinstService -noauth
Oct 11, 2011 7:26:40 AM [Info]: GUI started.
Oct 11, 2011 7:26:46 AM [Info]: >> <<< frog.jar: version 7.20.12 06/06/08 sap.theme: null >>>
===>> At this point the installation program starts and the following message pops up :
Connection to SAPinst refused with the following message:
Connection to SAPinst could not be established, see following messages.
Could not connect to host localhost on port 21212
java.net.ConnectException: Connection refused
java.net.ConnectException: Connection refused
Please correct the error condition and restart.
====>> First, I don't understand why it tries to connect to "localhost" even I defined the host as "sapserver1"
====>> Second, the "tmp/sapinst_exe.4231.1318317961/jre/bin/java -XX:+HeapDumpOnOutOfMemoryError " is confusing me.
Hope this will help resolve my problem.
Thanks and RegardsMarkus,
I have also another hint from SELinux.
When I change the SELinux parametr from Enforced to Permissive, and I run the SAPinst program, the SELinux pops up the following alert:
Summary:
SELinux is preventing java from loading
/tmp/sapinst_exe.6387.1318347447/jre/lib/i386/server/libjvm.so which requires
text relocation.
Detailed Description:
[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]
The java application attempted to load
/tmp/sapinst_exe.6387.1318347447/jre/lib/i386/server/libjvm.so which requires
text relocation. This is a potential security problem. Most libraries do not
need this permission. Libraries are sometimes coded incorrectly and request this
permission. The SELinux Memory Protection Tests
(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
remove this requirement. You can configure SELinux temporarily to allow
/tmp/sapinst_exe.6387.1318347447/jre/lib/i386/server/libjvm.so to use relocation
as a workaround, until the library is fixed. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Allowing Access:
If you trust /tmp/sapinst_exe.6387.1318347447/jre/lib/i386/server/libjvm.so to
run correctly, you can change the file context to textrel_shlib_t. "chcon -t
textrel_shlib_t
'/tmp/sapinst_exe.6387.1318347447/jre/lib/i386/server/libjvm.so'" You must also
change the default file context files on the system in order to preserve them
even on a full relabel. "semanage fcontext -a -t textrel_shlib_t
'/tmp/sapinst_exe.6387.1318347447/jre/lib/i386/server/libjvm.so'"
The following command will allow this access:
chcon -t textrel_shlib_t '/tmp/sapinst_exe.6387.1318347447/jre/lib/i386/server/libjvm.so'
====>>> Does it make some sense ?? When do I have to the below command ?
Hope this will help
Regards -
I'm running the current version of Arch Linux inside VMware Player 6.0.4 on Windows 7. This installation is on a laptop which I already have successfully connected to WiFi both natively and in other virtual machines. I tried to install sudo, but I received a bunch of error messages about not being able to find the host. I checked this with ping www.example.com and got the same thing. Is there any reason for why Arch Linux is failing to resolve these domain names? How do I fix it? I've looked around the forums already and none of what I read either worked or was relevant to my situation.
fukawi2 wrote:
Post the output of:
ip a s
ip r s
cat /etc/resolv.conf
Command:
ip a s
Output:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65336 qdisc noqeue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
Keeping that one MAC address private with "XX:XX:XX:XX:XX:XX".
Command:
ip r s
Output:
Nothing
Command:
cat /etc/resolv.conf
Output:
# /etc/resolv.conf
search localdomain
nameserver 198.168.8.2
# End of file
"nameserver 198.168.8.2" is exactly what I have in my Ubuntu VM…I think. Now I'm not so sure. I copied that over from the Ubuntu VM, so maybe I missed a digit. -
Why cant i ping any host/servers behing my Firewall Cisco 5505
Can anyone please help me to figure out what in my configuration of the Cisco asa 5505 is wrong or missing. I have multiple host behind my firewall these hosts run different websites on port 80. I am able to ping the server from one to another but I am not able to ping the servers from the internet. I am using static NAT. Is there a translation issue going on here. Please help me!
========
CISCOASACLOUD# show run
CISCOASACLOUD# show running-config
: Saved
ASA Version 9.0(1)
hostname CISCOASACLOUD
enable password ************* encrypted
passwd ************* encrypted
names
ip local pool VPN_IP_POOL 10.0.2.50-10.0.2.75 mask 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.0.2.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 82.94.XX.XX 255.255.255.0
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 194.109.104.104
name-server 194.109.9.99
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network VPN_NETWORK
subnet 10.0.2.0 255.255.255.0
object network NETWORK_OBJ_10.0.2.0_24
subnet 10.0.2.0 255.255.255.0
object network NETWORK_OBJ_10.0.2.0_25
subnet 10.0.2.0 255.255.255.128
object network SERVER2003_HTTP
host 10.0.2.104
object network SERVER2003_HTTPS
host 10.0.2.104
object network SERVER2004_HTTP
host 10.0.2.105
object network SERVER2004_HTTPS
host 10.0.2.105
object network SERVER2002_HTTP
host 10.0.2.103
object network SERVER2002_HTTPS
host 10.0.2.103
object network SERVER2002_NAGIOS
host 10.0.2.103
object network SERVER2003_NAGIOS
host 10.0.2.104
object network SERVER2002_NAGIOS_NSCP
host 10.0.2.103
object network SERVER2003_NAGIOS_NSCP
host 10.0.2.104
object network SERVER2004_NAGIOS
host 10.0.2.105
object network SERVER3001_NAGIOS
host 10.0.2.202
object network SERVER2001_NAGIOS
host 10.0.2.102
object network SERVER3001_HTTP
host 10.0.2.202
object network SERVER3001_HTTPS
host 10.0.2.202
object network SERVER2004_FTP
host 10.0.2.105
object network SERVER2004_FTP_TCP
host 10.0.2.105
object network SERVER2004_FTP_SSL
host 10.0.2.105
object network SERVER2005_HTTP
host 10.0.2.106
object network SERVER2005_HTTPS
host 10.0.2.106
object network SERVER3001_ICMP
host 10.0.2.201
access-list Default_Tunnel_Group_Name_VPN_splitTunnelAcl standard permit 10.0.2.0 255.255.255.0
access-list OutsideToInside extended permit tcp any host 10.0.2.104 eq www
access-list OutsideToInside extended permit tcp any host 10.0.2.104 eq https
access-list OutsideToInside extended permit tcp any host 10.0.2.105 eq www
access-list OutsideToInside extended permit tcp any host 10.0.2.105 eq https
access-list OutsideToInside extended permit tcp any host 10.0.2.103 eq www
access-list OutsideToInside extended permit tcp any host 10.0.2.103 eq https
access-list OutsideToInside extended permit tcp any host 10.0.2.102 eq 12489
access-list OutsideToInside extended permit tcp any host 10.0.2.103 eq 12489
access-list OutsideToInside extended permit tcp any host 10.0.2.104 eq 12489
access-list OutsideToInside extended permit tcp any host 10.0.2.105 eq 12489
access-list OutsideToInside extended permit tcp any host 10.0.2.202 eq 12489
access-list OutsideToInside extended permit tcp any host 10.0.2.202 eq www
access-list OutsideToInside extended permit tcp any host 10.0.2.202 eq https
access-list OutsideToInside extended permit tcp any host 10.0.2.105 eq ftp
access-list OutsideToInside extended permit tcp any host 10.0.2.105 eq ftp-data
access-list OutsideToInside extended permit tcp any host 10.0.2.105 eq 990
access-list OutsideToInside extended permit tcp any host 10.0.2.106 eq www
access-list OutsideToInside extended permit tcp any host 10.0.2.106 eq https
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static any any destination static VPN_NETWORK VPN_NETWORK route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.0.2.0_24 NETWORK_OBJ_10.0.2.0_24 destination static NETWORK_OBJ_10.0.2.0_25 NETWORK_OBJ_10.0.2.0_25 no-proxy-arp route-lookup
object network obj_any
nat (inside,outside) dynamic interface
object network SERVER2003_HTTP
nat (inside,outside) static 82.94.XXX.XXX service tcp www www
object network SERVER2003_HTTPS
nat (inside,outside) static 82.94.XXX.XXX service tcp https https
object network SERVER2004_HTTP
nat (inside,outside) static 82.94.XXX.XXX service tcp www www
object network SERVER2004_HTTPS
nat (inside,outside) static 82.94.XXX.XXX service tcp https https
object network SERVER2002_HTTP
nat (inside,outside) static 82.94.XXX.XXX service tcp www www
object network SERVER2002_HTTPS
nat (inside,outside) static 82.94.XXX.XXX service tcp https https
object network SERVER2002_NAGIOS
nat (inside,outside) static 82.94.XXX.XXX service tcp 12489 12489
object network SERVER2003_NAGIOS
nat (inside,outside) static 82.94.XXX.XXX service tcp 12489 12489
object network SERVER2004_NAGIOS
nat (inside,outside) static 82.94.XXX.XXX service tcp 12489 12489
object network SERVER3001_NAGIOS
nat (inside,outside) static 82.94.XXX.XXX service tcp 12489 12489
object network SERVER2001_NAGIOS
nat (inside,outside) static 82.94.XXX.XXX service tcp 12489 12489
object network SERVER3001_HTTP
nat (inside,outside) static 82.94.XXX.XXX service tcp www www
object network SERVER3001_HTTPS
nat (inside,outside) static 82.94.XXX.XXX service tcp https https
object network SERVER2004_FTP
nat (inside,outside) static 82.94.XXX.XXX service tcp ftp ftp
object network SERVER2004_FTP_TCP
nat (inside,outside) static 82.94.XXX.XXX service tcp ftp-data ftp-data
object network SERVER2004_FTP_SSL
nat (inside,outside) static 82.94.XXX.XXX service tcp 990 990
object network SERVER2005_HTTP
nat (inside,outside) static 82.94.XXX.XXX service tcp www www
object network SERVER2005_HTTPS
nat (inside,outside) static 82.94.XXX.XXX service tcp https https
access-group inside_access_in in interface inside
access-group OutsideToInside in interface outside
route outside 0.0.0.0 0.0.0.0 82.94.XXX.XXX 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http XXX.XXX.XXX.XXX 255.255.255.255 outside
http XXX.XXX.XXX.XXX 255.255.255.255 outside
http XXX.XXX.XXX.XXX 255.255.255.255 outside
http XXX.XXX.XXX.XXX 255.255.255.255 outside
http 10.0.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 10.0.2.0 255.255.255.0 inside
ssh XXX.XXX.XXX.XXX 255.255.255.255 outside
ssh XXX.XXX.XXX.XXX 255.255.255.255 outside
ssh XXX.XXX.XXX.XXX 255.255.255.255 outside
ssh XXX.XXX.XXX.XXX 255.255.255.255 outside
ssh timeout 60
console timeout 0
management-access inside
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 213.132.202.192 source outside
ntp server 72.251.252.11 source outside
ntp server 131.211.8.244 source outside
group-policy Default_Tunnel_Group_Name_VPN internal
group-policy Default_Tunnel_Group_Name_VPN attributes
dns-server value 194.109.104.104 194.109.9.99
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value
Default_Tunnel_Group_Name_VPN_splitTunnelAcl
username ******* password ************* encrypted privilege 0
username ******* attributes
vpn-group-policy Default_Tunnel_Group_Name_VPN
username ******* password ************* encrypted privilege 15
username ******* password ************* encrypted privilege 0
username ******* attributes
vpn-group-policy Default_Tunnel_Group_Name_VPN
username ******* password ************* encrypted privilege 0
username ******* attributes
vpn-group-policy Default_Tunnel_Group_Name_VPN
tunnel-group Default_Tunnel_Group_Name_VPN type remote-access
tunnel-group Default_Tunnel_Group_Name_VPN general-attributes
address-pool VPN_IP_POOL
default-group-policy Default_Tunnel_Group_Name_VPN
tunnel-group Default_Tunnel_Group_Name_VPN ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp error
inspect ftp
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:655f9d00d6ed1c593506cbf9a876cd49
: end
CISCOASACLOUD#Hi Ron,
I have found the solution!
Indeed I had to extend my access-list on my outside interface!!!
I have succeeded using ASDM.
First I created a NEW network object for each of my servers. When you create a new object you will be asked for the internal IP address and "this is where the magic happens" you have to set the NAT IP address (the external address) !!!
Secondly I extended my access-list on my outside interface by defining every server and the required service (echo, echo-reply) in the "Public server list". When I performed these 2 steps I was able to ping the server from the internet.
My access-list looks the following now:
access-list OutsideToInside extended permit icmp any4 object SERVER2003 object-group DM_INLINE_ICMP_2
access-list OutsideToInside extended permit icmp any4 object SERVER2002 object-group DM_INLINE_ICMP_1
access-list OutsideToInside extended permit icmp any4 object SERVER2004 object-group DM_INLINE_ICMP_0
object network SERVER2004
nat (inside,outside) static 82.94.xxx.xxx
object network SERVER2002
nat (inside,outside) static 82.94.xxx.xxx
object network SERVER2003
nat (inside,outside) static 82.94.xxx.xxx -
I have an out of state Esxi 4.1 host that is working fine with 12 virtual servers on it. The problem is I cannot ping (IP or name) or connect to it using vSphere from my current location. The only machines which see the host are the VMs it is hosting. So to connect I have to remote desktop to one of the VMs and run vSphere from there. Any idea why I can't connect from other PCs on the network?
Welcome to the Community,
that's interesting. From what you say, the Management Network on the host seems to be working fine. Can you please provide some information about the host's virtual network configuration as well as the physical switch port(s) configuration?
What's the result of running "Test Management Network" from the host's DCUI? Maby restarting the Management Network will help!?
André -
ASA 5505 8.2 - SSL VPN - Cannot Ping inside host's
Hello All,
I'm an ASA Newb.
I feel like I have tried everything posted and still no success.
PROBLEM: When connected to the SSL VPN I cannot ping any internal host's. I cannot ping anything on this inside?
Result of the command: "show running-config"
: Saved
ASA Version 8.2(5)
hostname MCASA01
domain-name mydomain.org
enable password xxbtzv6P4Hqevn4N encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.2.0 VLAN
name 192.168.5.0 VPNPOOL
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 3
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ddns update hostname MC_DNS
dhcp client update dns server both
ip address 192.168.1.1 255.255.255.0
interface Vlan2
no forward interface Vlan1
nameif outside
security-level 0
ip address 11.11.11.202 255.255.255.252
interface Vlan3
no nameif
security-level 50
ip address 192.168.2.1 255.255.255.0
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns server-group DefaultDNS
domain-name mydomain.org
access-list SPLIT-TUNNEL standard permit 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPNPOOL 192.168.5.1-192.168.5.10 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 74.7.217.201 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
http authentication-certificate inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ca trustpoint ASDM_TrustPoint0
enrollment terminal
subject-name CN=vpn.mydomain.org,OU=IT,O="mydomain",C=US,St=CA,L=Chino
keypair digicert.key
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 00b63edadf5efa057ea49da56b179132e8
3082051c 30820404 a0030201 02021100 b63edadf 5efa057e a49da56b 179132e8
300d0609 2a864886 f70d0101 05050030 72310b30 09060355 04061302 4742311b
30190603 55040813 12477265 61746572 204d616e 63686573 74657231 10300e06
03550407 13075361 6c666f72 64311a30 18060355 040a1311 434f4d4f 444f2043
41204c69 6d697465 64311830 16060355 0403130f 45737365 6e746961 6c53534c
20434130 1e170d31 33313130 35303030 3030305a 170d3134 30323033 32333539
35395a30 52312130 1f060355 040b1318 446f6d61 696e2043 6f6e7472 6f6c2056
616c6964 61746564 3111300f 06035504 0b130846 72656520 53534c31 1a301806
03550403 13117670 6e2e6d65 74726f63 656c6c2e 6f726730 82012230 0d06092a
864886f7 0d010101 05000382 010f0030 82010a02 82010100 a0d97d51 fcd18293
eaf8e9b2 d632b2e3 e4d92eb1 5b639766 52677a26 2aa7d09d 437be3b6 dfb8649c
4d715278 e1745955 27e8aab2 9c9da997 694a73e8 c1c426f3 a519adba acc2ad94
aa0e09af 6db7bfc6 bad90bf2 b057dc56 c69a4276 1b826c83 6cd7ae09 af39bd7d
4abe60b4 9b04613a 287a1ae6 9d117d05 c7cdc15f 09d588b0 fcc05c47 c1cb6d67
c3701389 d3b7691d b05ff82c b0be475d 746a4916 0bbf11a6 7ee1b7ec bd05e1d2
dda305a6 918bfd35 17447b04 bca1e6d9 10955649 d8211878 168c4c21 279a6584
4b560a9f 414aea15 91e21581 a71d6b98 86d9eac3 47ea3a1d a172c71a ecf77aaa
536d73e4 bc53eb68 c7bfacdd fab87ea5 121baf55 067dbd19 02030100 01a38201
cb308201 c7301f06 03551d23 04183016 8014dacb eaad5b08 5dccfffc 2654ce49
e555c638 f4f8301d 0603551d 0e041604 14fabb1d f439c41f e59207c7 202c2fda
b46bcacc ee300e06 03551d0f 0101ff04 04030205 a0300c06 03551d13 0101ff04
02300030 34060355 1d25042d 302b0608 2b060105 05070301 06082b06 01050507
0302060a 2b060104 0182370a 03030609 60864801 86f84204 01304f06 03551d20
04483046 303a060b 2b060104 01b23101 02020730 2b302906 082b0601 05050702
01161d68 74747073 3a2f2f73 65637572 652e636f 6d6f646f 2e636f6d 2f435053
30080606 67810c01 0201303b 0603551d 1f043430 323030a0 2ea02c86 2a687474
703a2f2f 63726c2e 636f6d6f 646f6361 2e636f6d 2f457373 656e7469 616c5353
4c43412e 63726c30 6e06082b 06010505 07010104 62306030 3806082b 06010505
07300286 2c687474 703a2f2f 6372742e 636f6d6f 646f6361 2e636f6d 2f457373
656e7469 616c5353 4c43415f 322e6372 74302406 082b0601 05050730 01861868
7474703a 2f2f6f63 73702e63 6f6d6f64 6f63612e 636f6d30 33060355 1d11042c
302a8211 76706e2e 6d657472 6f63656c 6c2e6f72 67821577 77772e76 706e2e6d
6574726f 63656c6c 2e6f7267 300d0609 2a864886 f70d0101 05050003 82010100
2484b72c 56161585 c9caa1a3 43cbc754 d3b43cef 7902a775 d40d064f 6918d52f
0aaaea0c ad873124 11b68847 406812da fd0c5d71 6e110898 1ebddcab ddf980e4
b95be4e2 0633cc23 7a4cbc27 f1f5e4e8 1de3c127 2b28a364 f1f26764 98afe871
45547855 c0ceaf39 256f46db 4ac412a7 2b594817 a967ba5a 24986b24 57002ce4
f046c6b3 5f7c9cc2 e6cd8ede 8fbcac60 b87fd497 71328783 8b148f7f affec249
191c460b 3d46d352 0651f35e 96a60fbe 7b22e057 06aa7722 da447cd3 0ea72e7f
5ec8c13c b550f502 b020efdc 35f62b89 52d7e6e3 14ade632 802dee70 1cdbf7ad
a39a173b 916406e4 887ba623 4813b925 8a63a300 fd016981 a8d70651 a736267a
quit
no crypto isakmp nat-traversal
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside vpnclient-wins-override
dhcpd address 192.168.1.100-192.168.1.200 inside
dhcpd dns 66.180.96.12 64.238.96.12 interface inside
dhcpd lease 86400 interface inside
dhcpd ping_timeout 4000 interface inside
dhcpd domain mydomain.org interface inside
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 64.147.116.229 source outside
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
svc enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
group-policy VPNGP internal
group-policy VPNGP attributes
vpn-tunnel-protocol svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT-TUNNEL
username GaryC password TGbvzEO3d6HlfU66 encrypted privilege 15
username GaryC attributes
vpn-group-policy VPNGP
tunnel-group MCVPN type remote-access
tunnel-group MCVPN general-attributes
address-pool VPNPOOL
default-group-policy VPNGP
tunnel-group MCVPN webvpn-attributes
group-alias MCVPN enable
group-url https://11.11.11.202/MCVPN enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:1e950c041cc2c25116d30e5c884abbfc
: end
My goal is to allow Remote Users to RDP(3389) through VPN.
Thank you,
Gary
Message was edited by: Gary CulwellHello Jon,
Thank you so much for your response. Clients will not be connect to a specific RDP server. I was hoping if we were to establish a VPN Client tunnel I would like that tunnel to provide full local are access. So the way the clients are used to is while in the field they use RDP to connect to their desktops on the internal LAN.
Would you say this would work:
route inside 192.168.1.0 255.255.255.0 192.168.1.1 1
Do you have examples?
Thank you,
Gary
Maybe you are looking for
-
Hi-- I just tried to open AI from Creative Cloud and it won't open. This may have had to do with a cleanup operation I did yesterday. Here's the problem report. I have no idea what to make of it. Can anyone help? Process: Adobe Illustrator [1
-
[solved] Suddenly no permissions on specific USB flash drive
Hi, since yesterday I can't delete or create new files on my primary USB flash drive. I then tried my other USB drive and it works without a problem. Both are from the same manufacturer and formated with the FAT16 file system. When I check the permis
-
Hello, I have checked the GR based IV flag in the vendor master record their is no tick over selected. However, when I create a PO the GR based IV flag is coming automaticlly . It should not come checked in case of this vendor. please advice. Thank
-
I edited a .mov file in QTPro. Now it won't open.
I performed a quick trim edit to a .mov file (taken by my HD camera) in QTPro. Not knowing, I simply closed the file pressing the red button and hit "save" when prompted. Now I can't reopen the file. I've tried to change the extension and reopen, no
-
How do I get blue and white boxes and No Matches Found message to stop showing on launch?
This is a very annoying problem. I have a brand new client and right now, the first thing he and every student will see is some ugly blue and white boxes with No Matches Found message. It disappears very quickly. But it happens even when I use a pre