Port forwarding - why is forwarded and permitted port always CLOSED?
Hello,
I have a network configured a follows:
AEBS(WDSmain)----->AExpressBS(WDSremote)------>G5/MacMiniA/MacMiniB (All on AE cards)
The AEBS is set up to access the world via DHCP and to share/use IP address 192.168.1.1 (NAT). PORT 59500 Public and Private is supposed to be opened and sent to 192.168.1.5 (G5).
The G5 is set up as DHCP with manual address (192.168.1.5)
The local firewall rule on the G5 allows network traffic on port 59500. So, all should be fine. Right? WRONG!
The port once and only once appeared as OPEN.
But, now and ever since, it is shown (by the remotely accessing computer) as CLOSED and sometimes STEALTH. The configuration is exactly as I've described. But, the port is just not accessible. I have tried several other ports. But, none will open for me.
Can someone please let me in on the secret to actually controlling my ports? It's as if the engineers decided that this was something better left to them and they are just humoring us with the entries.
Oh, and the Default Host as suggested many times in this discussion area is not an option. I want to leave that disabled (as it should always be).
Any real help would be greatly appreciated.
Thanks
G5 Dual 1.8 (PCI-X) Mac OS X (10.4.3)
I would guess that you have your AEBS configured with "Distribute IP addresses" enabled. If this is true, you should use a static IP address outside of the range used by the AEBS's DHCP server. You can use any address in the range 192.168.1.201 192.168.1.255.The G5 is set up as DHCP with manual address (192.168.1.5)Set it up as just manual IP (with no DHCP).
If you haven't already I suggest that you read through How do I use Port Mapping (Part I).
Similar Messages
-
Why do Preview and other programs always open the most recently opened documents?
This is a minor issue but it bugs me a lot because I never have more windows/documents up than necessary. Every time I open a PDF in Preview, it also opens up all the documents that were up when I quit Preview before. All the Office programs do the same thing. I've searched high and low in the individual program preferences, and nothing works--for example, unchecking "Track recently opened documents" doesn't help for PowerPoint, and I don't even see a similar setting for Preview. Since it's a pan-program problem, I looked in the general System Prefs and I tried unchecking "Restore windows when quitting and re-opening apps." Didn't help. I even re-started. Didn't help (the "Restore windows..." box is still unchecked though, it didn't re-check it). What can I do to stop this silly setting???
Thanks!That looks like it would work...for someone who knows how to do it! That is way over my head. I found this article in another thread and it looks do-able for someone as tech-unsavvy as me, except that I can't find the "Saved Application State" folder that they talk about, not even if I search using Spotlight or Alfred. Sigh. Any other ideas, or am I doomed if I can't write script?
-
Port forwarding and DMZ refuses to work properly on WRT54G wireless router.
I have a network setup on the wireless WRT54G version 8 (with latest firmware) router and port forwarding and DMZ refuse to work correctly. I'm trying to use bittorrent and connect my xbox360 to my computer and neither work properly even after setting up port forwarding in the "Applications and Gaming" tab.
here's a screenshot of my port forwarding page:
http://img205.imageshack.us/img205/1497/linksysbg2.jpg
here's a screenshot of the DMZ page (my computer's IP ends in 102 obviously):
http://img510.imageshack.us/img510/2131/linksys1rf5.jpg
now, I've experienced this type of problem before. On a different linksys router a year or 2 back I remember the DMZ never working on that one either and I eventually had to buy a d-link router which worked perfectly. I'm only using this wireless router because it's my roommates and he brought it up. Somebody please explain to me why this isn't working correctly. I am becoming more and more frustrated as I lose faith in linksys routers. ThanksDid you tired upgrade of the firmware on the router??
Also after upgrade reset & reconfigure the router for few seconds ... so that the firmware works properly for longer time .... -
NAT port-forwarding and WAN side IP addresses
I have my Airport Extreme setup to forward port 21 to an FTP server on the LAN side of my network. The AE is connected via DSL to my ISP.
When a client from the WAN side connects to my server, the server's LOGS don't list the IP of the client, rather it says the client connected from my assigned WAN IP. For example (fake ip's):
Client ----> AE ----> FTP-SERVER
130.129.12.3 76.99.89.3 10.0.1.2
Log states client connected
from IP: 76.99.89.3
My previous Linksys router, with the same DSL modem and ISP, would report the client as connecting from 130.129.12.3.
Am I missing something in how I am configureing my AE? Or, is this how the AE manages port-forwarding and there's nothing I can do about it?
I used to use firewall rules to control access to the FTP server, i.e. rules set on the server. This can't be done anymore with the AE operating as it does.Seems to me that the NAT translation in the Airport 802.11n is such that it does not use the incoming IP of clients connecting from the WAN side to a computer on the LAN side. The ingoing and outgoing packets reach their respective destinations, it is just that the AE uses some kind of non-standard routing (at least not that I am used to working with).
This is bad because it prevents the use of some forms of access controls on BSD and Linux servers on the LAN side, TCP Wrappers and iptables for example. This can create obvious security problems when WAN ports are set to forward to such a LAN client. We are already getting hit with robot-like script attacks on our server, this was a problem with our Linksys router, but with the above mentioned tools and scripts we were able to block abusive clients.
Perhaps an Apple can work on resolving this issue in a future firmware release, at least make it an option... Anyone from Apple out there?
jmj -
Port forwarding and LAN traffic suddenly stopped working
My WRT54G was chugging along happily for many months, and suddenly all port forwarding and local LAN traffic stopped flowing. All PCs behind the router on the LAN side can get to all WAN sites just fine, but they cannot ping one another. All of them can ping the router (192.168.1.1) just fine.
Any ideas?
Thanks,
CurtisI solved this. Turned out to not be the router at all, but the accidental enablement of the "Stateful Firewall" within my Cisco VPN client. Once this option is turned on, the machine gets isolated from the LAN, even when the VPN client isn't visibly running.
-
Time Capsule 2 TB, stops port forwarding and cannot be accessed by AAU
Hi
I am having the above problem off and on since purchasing the TC. It is dialing in PPOE (fiber optic), connects fine to internet and feeds internet reliably by wireless and wired connections. It will however stop port forwarding and allowing access by Finder or Airport Util. simultaneously at what appears to be random intervals.
I can unplug the electric and power back on and all is fixed for a week or so. This of course causes havoc with time machine, web server on the network, vpn service etc.
I have all the updates on AAU osx and I believe everything possible.
I have the TC, a mini running osx server 10.6.3, a macbook pro, macbook air (Leopard). All running 10.6.3 except the Air.
I run time machine on all the computers but usually do it manually to avoid 2 machines accessing the Tc at the same time, though sometimes I forget to turn TM off and 2 comps. may be trying to access TC through Time Mach. simultaneously.
I also have another wireless router getting the internet and making a wireless network in a separate building.
I have read all the posts but do not see any clear solution or mention of the port forwarding stopping along with access.
Any help appreciated. If it's defective my year will be coming up, so I want to figure this out now.Hi Bob,
Yes I did a hard reset in order to set it up. I then used the Airport Utility to give it a Network name and base station name that was different from the Wireless AC one upstairs. I left everything else set to defaults and used 'Create a new wireless network'. Added some passwords and then let it boot itself. It all worked ok but as I mentioned I can then only access this downstairs network. The Wireless AC one then refuses to connect afterwards. The only way I can get the Wireless AC to work is to switch off the Wireless N one and then reboot the Wireless AC.
Maybe I need to change the DHCP port ranges or something ? Is it correct to have x2 networks ?. I dont see any other option given wireless wont reach and I cant cable between the two to create a bridged network. -
Port Forwarding and Loopback with HomeHub 3B
There have been a number of threads discussing port forwarding and loopback, so I thought it might be useful to summarise my experiences. I have two HomeHub 3Bs on separate lines, one is a standard broadband line, the other is on an Infinity connection. My experience is limited to these two specific devices :-)
Port Forwarding does work but it is "temperamental" and "arcane" in the way you need to set it up. Although I have had it running perfectly, I have also had experiences where the router has refused to "accept" my changes. Tentatively, I put this down to the fact that I was running a Seagate GoFlex network drive on the network and this piece of equipment (definitely a Do Not Buy) was acting aggressively and screwing up the DDNS allocations. But ... YMMV
One definite probllem with Port Forwarding is if you attempt to specify a range of addresses. I have failed to get this to work on both my hubs. In my case I was trying to forward (say) 8021-8022 to 21-22, and the router insisted on forwarding both 8021 and 8022 to port 21. The cure is to set up each port as a separate rule within the same user-defined application.
On Loopback, I know various people have said it doesnt work, but it has always worked fine for me, at both the locations where I have a HomeHub 3B. I use a DDNS service and I can test that my port forwarding is working by opening a Command Prompt window on my PC and typing telnet mydomain.dyndns.web.com 21 or whatever. That command contacts my DDNS host to ascertain my IP address and then (attempts to) connect to port 21.
If port 21 is closed on your router (i.e. you have no port forwarding in place) you will see the message attempting to connect to mydomain.dyndns.web.com... and, after a while that will time out, with Could not open connection to the host, on port 21: Connect failed. If you do have your port forwarding set up correctly then your application will respond in some appropriate mannerr. However, you do need to understand what youre doing, because the response of an application that is expecting HTTP data is simply to do nothing! You will probably get a blank screen. If you type GET / HTTP/1.1 [note spaces] (which is not echoed to your screen, so be careful not to mistype it) you will receive a page of HTTP response data and HTML data. Thus proving that your port forwarding is working.
If you do not have any port forwarding set up at all, you can still test the loopback function by attempting to connect to port 161. This port is open on the BT routers and telnetting to it will result in a blank screen (as opposed to the attempting to connect message).
In summary: loopback works on the Home Hub 3B. Port forwarding also works to a degree but it is temperamental and does have some quirks, like not properly accepting ranges of ports. On this last point, at least, it would be helpful to get an acknowledgement from BT that this is a known fault.There have been a number of threads discussing port forwarding and loopback, so I thought it might be useful to summarise my experiences. I have two HomeHub 3Bs on separate lines, one is a standard broadband line, the other is on an Infinity connection. My experience is limited to these two specific devices :-)
Port Forwarding does work but it is "temperamental" and "arcane" in the way you need to set it up. Although I have had it running perfectly, I have also had experiences where the router has refused to "accept" my changes. Tentatively, I put this down to the fact that I was running a Seagate GoFlex network drive on the network and this piece of equipment (definitely a Do Not Buy) was acting aggressively and screwing up the DDNS allocations. But ... YMMV
One definite probllem with Port Forwarding is if you attempt to specify a range of addresses. I have failed to get this to work on both my hubs. In my case I was trying to forward (say) 8021-8022 to 21-22, and the router insisted on forwarding both 8021 and 8022 to port 21. The cure is to set up each port as a separate rule within the same user-defined application.
On Loopback, I know various people have said it doesnt work, but it has always worked fine for me, at both the locations where I have a HomeHub 3B. I use a DDNS service and I can test that my port forwarding is working by opening a Command Prompt window on my PC and typing telnet mydomain.dyndns.web.com 21 or whatever. That command contacts my DDNS host to ascertain my IP address and then (attempts to) connect to port 21.
If port 21 is closed on your router (i.e. you have no port forwarding in place) you will see the message attempting to connect to mydomain.dyndns.web.com... and, after a while that will time out, with Could not open connection to the host, on port 21: Connect failed. If you do have your port forwarding set up correctly then your application will respond in some appropriate mannerr. However, you do need to understand what youre doing, because the response of an application that is expecting HTTP data is simply to do nothing! You will probably get a blank screen. If you type GET / HTTP/1.1 [note spaces] (which is not echoed to your screen, so be careful not to mistype it) you will receive a page of HTTP response data and HTML data. Thus proving that your port forwarding is working.
If you do not have any port forwarding set up at all, you can still test the loopback function by attempting to connect to port 161. This port is open on the BT routers and telnetting to it will result in a blank screen (as opposed to the attempting to connect message).
In summary: loopback works on the Home Hub 3B. Port forwarding also works to a degree but it is temperamental and does have some quirks, like not properly accepting ranges of ports. On this last point, at least, it would be helpful to get an acknowledgement from BT that this is a known fault. -
Difference Between Port Forwarding and Port Triggering.
Hi guys,
I'm lost! The differences between port forwarding and port triggering is driving me nuts! It all seems very subtle to me. Can anyone explain to me (in a very simple way) what exactly are their differences. Thanks in advance!!Port Forwarding
The big difference between this and port triggering is that forwarding is fixed.. you forward a port and it is always forwarded.. IE available to connection.. basically the forwarded port is excluded from the fire walling abilities of the router. Second it is static and applies to one machine only. Whereas you could set port triggering to the router and thereafter any machine on the LAN can trigger it unless its already in use.. port forwarding must be specified for each individual machine.
Port forwarding requires you to give each PC on the network its own unique static IP address.. Although there is ssh port forwarding that can be set dynamically. Most users only have the option of static ip port forwarding.
The real downside of port forwarding is that it can be very tricky to set up... You may have to allow a series of ports on a machine and have to do that for each machine you want to allow through. Also routers often have limited abilities and may not allow you the ability to forward a port or select the service you require.
Port Triggering
This is a way of Dynamically assigning a service to a port WHEN it is required by an outgoing service. The port is initially not allowed so nothing can get in and you are protected by your network.
A good example of this is when using Yahoo! voice .. the voice works fine for a few minutes after you connect to Yahoo! then Yahoo! sends some kind of packet that requires a response from your PC... The packet is allowed in through your router no prob but the outgoing reply is not authorized to open a port on the router and is thus blocked.
'ope this helps -
Why doesn't Mail 6.3 show forward and reply icons consistently?
I am using a MacBook Pro with Mountain Lion and Mail 6.3. My issue is that Mail seems to randomly decide when to put the reply and forward icons next to messaegs in the inbox. It happens with both my Gmail account and an account from a different server. For some of the messages I reply to, it gives me the reply icon and for some, it doesn't. For some of the messages that I forward, it gives me the forward icon and for some, it doesn't. One good thing is that it never shows the icons for messages that have not been replied to or forwarded. So it has that much going for it. I am using a different SMTP for each account. For the messages that I reply to and the forwarded ones, they do actually go out - I can find them in my sent folder. Mail is also synced with my iPad Mini and the icons or lack thereof are consistent across the two devices. One thing to note is that ANY emails replied to or forwarded from my iPad, always show the correct icons - both on the iPad and then on my MacBook once synced. The problem seems to stem from my MacBook Mail.
Any ideas? Thank-you.Select the affected mailboxes in the mailbox list, then select
Mailbox ▹ Rebuild
from the menu bar. -
Asymmetric NAT rules matched for forward and reverse flows - NAT Issue
Having a problem with a VPN site trying to communicate to a subnet off my ASA 5505. The network is simple, VPN IPSEC remote site is 192.168.6.0/24 and I can ping and access hosts on 192.168.10.0/24 (called InfraNet). I am now trying to allow communications between 192.168.6.0/24 (called FD_net) to 192.168.9.0/24 (called Inside)
The Error:
5 Nov 12 2012 13:52:50 192.168.9.19 Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src outside:192.168.6.11 dst inside:192.168.9.19 (type 8, code 0) denied due to NAT reverse path failure
I understand this is a NAT issue; but I not seeing the error and could use a second set of eyes. Here's my current running configuration.
: Saved
ASA Version 8.3(2)
hostname fw1
domain-name xxxxxxxx.xxx
enable password <removed>
passwd <removed>
names
interface Vlan1
description Town Internal Network
nameif inside
security-level 100
ip address 192.168.9.1 255.255.255.0
interface Vlan2
description Public Internet
nameif outside
security-level 0
ip address 173.xxx.xxx.xxx 255.255.255.248
interface Vlan3
description DMZ (CaTV)
nameif dmz
security-level 50
ip address 192.168.2.1 255.255.255.0
interface Vlan10
description Infrastructure Network
nameif InfraNet
security-level 100
ip address 192.168.10.1 255.255.255.0
interface Vlan13
description Guest Wireless
nameif Wireless-Guest
security-level 25
ip address 192.168.1.1 255.255.255.0
interface Vlan23
nameif StateNet
security-level 75
ip address 10.63.198.2 255.255.255.0
interface Vlan33
description Police Subnet
shutdown
nameif PDNet
security-level 90
ip address 192.168.0.1 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport trunk allowed vlan 1,5,10,13
switchport trunk native vlan 1
switchport mode trunk
speed 100
duplex full
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
interface Ethernet0/4
switchport trunk allowed vlan 1,10,13
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/5
switchport access vlan 23
interface Ethernet0/6
shutdown
interface Ethernet0/7
switchport trunk allowed vlan 1
switchport trunk native vlan 1
switchport mode trunk
shutdown
banner exec Access Restricted to Personnel Only
banner login Access Restricted to Personnel Only
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name xxxxxxx.xxx
same-security-traffic permit inter-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object service IMAPoverSSL
service tcp destination eq 993
description IMAP over SSL
object service POPoverSSL
service tcp destination eq 995
description POP3 over SSL
object service SMTPwTLS
service tcp destination eq 465
description SMTP with TLS
object network obj-192.168.9.20
host 192.168.9.20
object network obj-claggett-https
host 192.168.9.20
object network obj-claggett-imap4
host 192.168.9.20
object network obj-claggett-pop3
host 192.168.9.20
object network obj-claggett-smtp
host 192.168.9.20
object network obj-claggett-imapoverssl
host 192.168.9.20
object network obj-claggett-popoverssl
host 192.168.9.20
object network obj-claggett-smtpwTLS
host 192.168.9.20
object network obj-192.168.9.120
host 192.168.9.120
object network obj-192.168.9.119
host 192.168.9.119
object network obj-192.168.9.121
host 192.168.9.121
object network obj-wirelessnet
subnet 192.168.1.0 255.255.255.0
object network WirelessClients
subnet 192.168.1.0 255.255.255.0
object network obj-dmznetwork
subnet 192.168.2.0 255.255.255.0
object network FD_Firewall
host 74.94.142.229
object network FD_Net
subnet 192.168.6.0 255.255.255.0
object network NETWORK_OBJ_192.168.10.0_24
subnet 192.168.10.0 255.255.255.0
object network obj-TownHallNet
subnet 192.168.9.0 255.255.255.0
object network obj_InfraNet
subnet 192.168.10.0 255.255.255.0
object-group service EmailServices
description Normal Email/Exchange Services
service-object object IMAPoverSSL
service-object object POPoverSSL
service-object object SMTPwTLS
service-object tcp destination eq https
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group service DM_INLINE_SERVICE_1
service-object object IMAPoverSSL
service-object object POPoverSSL
service-object object SMTPwTLS
service-object tcp destination eq pop3
service-object tcp destination eq https
service-object tcp destination eq smtp
object-group service DM_INLINE_SERVICE_2
service-object object IMAPoverSSL
service-object object POPoverSSL
service-object object SMTPwTLS
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group network obj_clerkpc
description Clerk's PCs
network-object object obj-192.168.9.119
network-object object obj-192.168.9.120
network-object object obj-192.168.9.121
object-group network TownHall_Nets
network-object 192.168.10.0 255.255.255.0
network-object object obj-TownHallNet
object-group network DM_INLINE_NETWORK_1
network-object 192.168.10.0 255.255.255.0
network-object 192.168.9.0 255.255.255.0
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any interface outside
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any host 192.168.9.20
access-list StateNet_access_in extended permit ip object-group obj_clerkpc any
access-list outside_2_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 object FD_Net
pager lines 24
logging enable
logging asdm debugging
logging mail errors
logging from-address hostmaster@xxxxxxxxx
logging recipient-address john@xxxxxxxxx level errors
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu Wireless-Guest 1500
mtu StateNet 1500
mtu InfraNet 1500
mtu PDNet 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-635.bin
no asdm history enable
arp timeout 14400
nat (InfraNet,outside) source static TownHall_Nets TownHall_Nets destination static FD_Net FD_Net
nat (inside,outside) source static TownHall_Nets TownHall_Nets destination static FD_Net FD_Net
object network obj_any
nat (inside,outside) static interface
object network obj-claggett-https
nat (inside,outside) static interface service tcp https https
object network obj-claggett-imap4
nat (inside,outside) static interface service tcp imap4 imap4
object network obj-claggett-pop3
nat (inside,outside) static interface service tcp pop3 pop3
object network obj-claggett-smtp
nat (inside,outside) static interface service tcp smtp smtp
object network obj-claggett-imapoverssl
nat (inside,outside) static interface service tcp 993 993
object network obj-claggett-popoverssl
nat (inside,outside) static interface service tcp 995 995
object network obj-claggett-smtpwTLS
nat (inside,outside) static interface service tcp 465 465
object network obj-192.168.9.120
nat (inside,StateNet) static 10.63.198.12
object network obj-192.168.9.119
nat (any,StateNet) static 10.63.198.10
object network obj-192.168.9.121
nat (any,StateNet) static 10.63.198.11
object network obj-wirelessnet
nat (Wireless-Guest,outside) static interface
object network obj-dmznetwork
nat (any,outside) static interface
object network obj_InfraNet
nat (InfraNet,outside) static interface
access-group outside_access_in in interface outside
access-group StateNet_access_in in interface StateNet
route outside 0.0.0.0 0.0.0.0 173.166.117.190 1
route StateNet 10.0.0.0 255.0.0.0 10.63.198.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable 5443
http 192.168.9.0 255.255.255.0 inside
http 74.xxx.xxx.xxx 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs
crypto map outside_map 2 set peer 173.xxx.xxx.xxx
crypto map outside_map 2 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.9.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.9.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd dns 208.67.222.222 208.67.220.220
dhcpd lease 10800
dhcpd auto_config outside
dhcpd address 192.168.2.100-192.168.2.254 dmz
dhcpd dns 8.8.8.8 8.8.4.4 interface dmz
dhcpd enable dmz
dhcpd address 192.168.1.100-192.168.1.254 Wireless-Guest
dhcpd enable Wireless-Guest
threat-detection basic-threat
threat-detection statistics host number-of-rate 2
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 63.240.161.99 source outside prefer
ntp server 207.171.30.106 source outside prefer
ntp server 70.86.250.6 source outside prefer
webvpn
group-policy FDIPSECTunnel internal
group-policy FDIPSECTunnel attributes
vpn-idle-timeout none
vpn-tunnel-protocol IPSec l2tp-ipsec
username support password <removed> privilege 15
tunnel-group 173.xxx.xxx.xxx type ipsec-l2l
tunnel-group 173.xxx.xxx.xxx general-attributes
default-group-policy FDIPSECTunnel
tunnel-group 173.xxx.xxx.xxx ipsec-attributes
pre-shared-key *****
smtp-server 192.168.9.20
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:e4dc3cef0de15123f11439822880a2c7
: end
Any ideas would be appreciated.
JohnI don't see any inspection-commands in your config. Is there a reason for not using any of them?
If your problem is only with ICMP, then you should enable at least icmp-inspection. You can do that easiely with the legacy command " fixup protocol icmp"
Sent from Cisco Technical Support iPad App -
What are the parameters "page-forward" and "page-backward" used for?
In the LIMITS section of the Netscape Calendar Server configuration
documentation, there are two parameters called "page-forward" and
"page-backward." The default setting for these parameters is FALSE. However,
it is unclear what these parameters are used for.
<P>
With previous versions of Calendar Server, you could scroll one page forward
or one page backward through the user search screens. However, with the
implementation of LDAP in later versions, the options have been disabled in
the client.
<P>
Although the page-forward and page-backward parameters are documented in the
Administrator guides for Calendar Server versions 3.5 and 4.0, the guides
state that the default value of FALSE for both parameters cannot be
changed. In actuality, the parameters can be changed. However, the reason
that users should not change these parameters is that versions 3.5 and 4.0
do not support the page-forward and page-backward capabilities. So to avoid
errors, please do not change these parameters from the default value of FALSE.if AdobeRGB is the more professional working space, then why not use that profile?
on the web (and in unmanaged and broken work flows) sRGB is the safest profile (source space)
just open your tagged Adobe RGB and tagged ProPhoto RGB document (use the embedded profile in each document)
and go to View> Proof Setup: Monitor RGB (notice the loss in saturation? that's how most of the people on the Internet will be viewing your color, assuming you have a standard-gamut monitor like most people)
always CONVERT to sRGB for the World Wide Web
i didn't read your link
anyone who recommends "disable color management in Photoshop" -- set Working RGB to "Monitor RGB" -- AND MOST UNBELIEVABLY -- "Don't color manage this document" (ignore embedded profiles) ------ is pretty mixed up (in my opinion)
i will recommend reading JEFF SCHEWE and BRUCE FRASER for professional color management information -
How do i do a forward and reverse sweep two independent variables
Hi,
So I was looking through the post on how to do a forward and reverse sweep with a real-time x-y plot. I have a similar situation except that instead of sweeping (forward and reverse) of one variable, but instead two variables (in my case, I call it gate voltage G-S Volt and source-drain voltage S-D Volt). I understand how to do it with one variable as provided in previous posts, but I am caught when I add another variable to reverse sweep. I have attached my vi to this post. Any suggesstions is greatly appreciated. Thank you. Also, a little more details on my plot, I am plotting current vs gate voltage which forward and reverse sweepeing (gate and source-drain voltage)..
Attachments:
FET_Isd - Vg measurement_Vg_201.vi 45 KBjasonct,
It is very difficult to follow what your code is doing. It violates all of the style guide and good practice recommendation for LabVIEW code.
The diagram should fit on one screen. SubVIs can help. Generally dataflow eliminates the need for sequence structures. Stacked sequence structures in particular obscure the code. Local variables are prone to race conditions, violate dataflow, and are not needed for the uses you are making of them. Wiring should go right to left, with minimal numbers of bends. Comments documenting what you are doing are helpful to others looking at your code and to you next month when you wonder why you did it that way.
Lynn -
Fast Forward and Rewind keyboard shortcuts in Log and Capture
In FCP, I want to assign the Fast Forward and Rewind buttons (in the Log and Capture mode) to buttons on the keyboard. I've assigned the functions using the Keyboard Layout in the Tools menu but it doesn't seem to be working like it should. In Log and Capture when I use the mouse to press the Fast Forward button, FCP stops the miniDV deck and fast forwards the tape as fast as possible without showing any picture. However, when I invoke the keyboard shortcut I created all I get is the picture moving a few fames per second instead of the tape stopping and fast forwarding as fast as possible. The same happens with the Rewind keyboard shortcut as well. Any ideas as to why, and how I might be able to fix this?
The computer I'm currently working on is a Dual 2 GHz PowerMac G5, 2.5 GB RAM, Final Cut Studio (Final Cut Pro 5.0.4).
–Michael
Message was edited by: Michael StarksWhen I press the fast forward or rewind button while logging a miniDV tape the video stops and then the tape fast forwards or rewinds at a MUCH faster rate than L or J ever give me. That is the behavior I am trying to get from a keyboard shortcut.
Not possible via keyboard shortcuts, unfortunately.
Even if you map the Rewind and Fast Forward functions to keys in a Custom Keyboard Layout - for those who didn't know, yes, there are specific commands for those functions even though they are not mapped by default - those shortcuts will not within the L&C window. We're stuck pressing the buttons.
Forgot to mention: the only time you're able to invoke the true fast forward or rewind function is using Shift-I/O (that is, Go to In Point or Out Point). Of course that only works if you have the necessary In/Out point set... -
Applescript to forward and change subject?
Hi,
I'm striving to make an Applescript to forward and change the subject of some messages filtered by some rules at Apple Mail.
This is what I'm using:
using terms from application "Mail"
on perform mail action with messages theSelectedMessages for rule RRRR
repeat with eachSelectedMessage in theSelectedMessages
forward eachSelectedMessage
set subject of eachSelectedMessage to yyy
set recipients to "[email protected]"
end repeat
end perform mail action with messages
end using terms from
The script is correctly forwarding the messages, but it isn't changing the subject of them.
Any tips?
Thanks.
GermanoWhile testing your script, I have noticed the forwarded message contained two copies of the original message most of the time, but not always, whithout understanding why it sometimes worked as expected.
Nevertheless, here's the workaround I've finally found out for those times when it doesn't work as expected:
tell application "Mail"
set theSelection to selection
set theForwardedMessage to forward (item 1 of theSelection) with opening window
tell theForwardedMessage
make new to recipient at end of to recipients with properties {address:"[email protected]"}
activate
tell application "System Events"
keystroke "a" using command down -- ⌘A (select all)
key code 51 -- ⌫ (erase to the left)
end tell
delay 1
set subject to "new subject text goes here"
tell application "System Events"
key code 117 -- ⌦ (erase to the right)
end tell
send
end tell
end tell
And no need to enable access for assistive devices this time!
(I hope the script is self-explanatory.)
Message was edited by: Pierre L. -
Asymmetric NAT rules matched for forward and reverse flows
Hi! I don't know why this comes up in the logs when I have configured my vpn like so:
crypto dynamic-map L2L_MAP 50 set reverse-route
crypto dynamic-map OUTSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 40 set pfs
crypto dynamic-map OUTSIDE_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 60 set pfs
crypto dynamic-map OUTSIDE_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime seconds 288000
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime kilobytes 4608000
crypto dynamic-map INSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 20 match address IDP_VPN
crypto map L2L_MAP 20 set peer x.x.x.x
crypto map L2L_MAP 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 40 match address cp_l2l_map_40
crypto map L2L_MAP 40 set peer x.x.x.x
crypto map L2L_MAP 40 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 60 match address bwi_l2l
crypto map L2L_MAP 60 set peer x.x.x.x
crypto map L2L_MAP 60 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 80 match address outside_80_cryptomap
crypto map L2L_MAP 80 set peer x.x.x.x
crypto map L2L_MAP 80 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 65535 ipsec-isakmp dynamic OUTSIDE_dyn_map
crypto map L2L_MAP interface outside
crypto map INSIDE_map 65535 ipsec-isakmp dynamic INSIDE_dyn_map
crypto map INSIDE_map interface inside
I am able to connect successfully via vpn client. Its just that i cant reach the internal servers... Any ideas?
i get this error:
Oct 18 2012 00:52:37: %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for udp src outside:10.10.13.221/137 dst inside:10.10.13.255/137 deniedI put in the important configs:
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.0 standby x.x.x.x
ospf cost 10
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.10.13.5 255.255.255.0 standby 10.10.13.6
ospf cost 10
interface GigabitEthernet0/2
nameif dmz
security-level 50
no ip address
ospf cost 10
interface GigabitEthernet0/2.720
vlan 720
nameif dmz-vsp
security-level 50
ip address 172.24.0.1 255.255.255.0 standby 172.24.0.2
ospf cost 10
interface GigabitEthernet0/2.724
vlan 724
nameif dmz-dbz
security-level 75
ip address 172.24.4.1 255.255.255.0 standby 172.24.4.2
ospf cost 10
interface GigabitEthernet0/2.725
vlan 725
nameif dmz-smtp
security-level 50
ip address 172.24.5.1 255.255.255.0 standby 172.24.5.2
ospf cost 10
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.10.10.50
domain-name xxxx.local
access-list nonatacl extended permit ip 10.10.0.0 255.255.0.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 172.16.0.0 255.255.0.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 192.168.2.0 255.255.255.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 192.168.3.0 255.255.255.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.0.0 255.255.0.0 10.40.14.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.13.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.10.0 255.255.255.0 10.10.13.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.13.0 255.255.255.0 192.168.6.0 255.255.255.0
access-list nonatacl extended permit ip 192.168.6.0 255.255.255.0 10.10.13.0 255.255.255.0
ip local pool inshse-vpn-pool2 192.168.6.220-192.168.6.230 mask 255.255.255.0
global (outside) 201 192.168.16.1-192.168.16.250
global (outside) 202 10.201.5.145-10.201.5.158
global (outside) 4 10.10.13.180-10.10.13.189 netmask 255.0.0.0
global (outside) 101 interface
global (outside) 1 x.x.x.x netmask 255.0.0.0
global (inside) 204 10.10.13.70-10.10.13.79 netmask 255.0.0.0
nat (inside) 0 access-list nonatacl
nat (inside) 201 access-list NAT_TO_IDP
nat (inside) 202 access-list inside2-vsp_nat_outbound
nat (inside) 101 0.0.0.0 0.0.0.0
nat (dmz-vsp) 202 access-list dmz-vsp_nat_outbound
nat (dmz-vsp) 101 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route inside 10.0.0.0 255.240.0.0 10.10.13.1 1
route inside 10.40.1.0 255.255.255.0 10.10.13.1 1
route inside 10.40.2.0 255.255.255.0 10.10.13.1 1
route inside 10.40.3.0 255.255.255.0 10.10.13.1 1
route inside 10.40.4.0 255.255.255.0 10.10.13.1 1
route inside 10.40.13.0 255.255.255.0 10.10.13.1 1
route inside 10.40.254.0 255.255.255.0 10.10.13.1 1
route inside 172.16.0.0 255.255.0.0 10.10.13.1 1
route inside 192.168.2.0 255.255.255.0 10.10.13.1 1
dynamic-access-policy-record DfltAccessPolicy
aaa-server VPN_Auth protocol radius
aaa-server VPN_Auth (inside) host 10.10.2.20
timeout 5
key *****
no mschapv2-capable
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map L2L_MAP 50 set reverse-route
crypto dynamic-map OUTSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 40 set pfs
crypto dynamic-map OUTSIDE_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 60 set pfs
crypto dynamic-map OUTSIDE_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime seconds 288000
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime kilobytes 4608000
crypto dynamic-map INSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 20 match address IDP_VPN
crypto map L2L_MAP 20 set peer x.x.x.x
crypto map L2L_MAP 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 40 match address cp_l2l_map_40
crypto map L2L_MAP 40 set peer x.x.x.x
crypto map L2L_MAP 40 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 60 match address nonatacl
crypto map L2L_MAP 60 set peer x.x.x.x
crypto map L2L_MAP 60 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 80 match address outside_80_cryptomap
crypto map L2L_MAP 80 set peer x.x.x.x
crypto map L2L_MAP 80 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 65535 ipsec-isakmp dynamic OUTSIDE_dyn_map
crypto map L2L_MAP interface outside
crypto map INSIDE_map 65535 ipsec-isakmp dynamic INSIDE_dyn_map
crypto map INSIDE_map interface inside
crypto isakmp enable outside
crypto isakmp enable inside
crypto isakmp enable dmz
crypto isakmp enable dmz-vsp
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
group-policy ihasavpn2_gp internal
group-policy ihasavpn2_gp attributes
dns-server value 10.10.10.52
vpn-tunnel-protocol IPSec
default-domain value xxxx.local
tunnel-group ihasavpn2 type remote-access
tunnel-group ihasavpn2 general-attributes
address-pool inshse-vpn-pool2
authentication-server-group VPN_Auth
authentication-server-group (inside) VPN_Auth
default-group-policy ihasavpn2_gp
tunnel-group ihasavpn2 ipsec-attributes
pre-shared-key *****
tunnel-group ihasavpn2 ppp-attributes
authentication ms-chap-v2
Maybe you are looking for
-
ITunes update server could not be contacted error!! HELP!! :)
ok.. I have the exact same issue as everyone else does.. My internet connection is fine.. I am able to browse the internet.. go into the itunes store in itunes.. download music.. Stream video previews.. but I just dont get how or why itunes can not b
-
Ongoing, very frustrating problems with Snow Leopard
I've really been struggling to get my machine to work optimally with Snow Leopard. I recently upgraded to 4GB RAM thinking my problem was insufficient memory, but several seemingly intractable problems are persisting. 1) Still having font issues. I a
-
Black flashing every 10 min Handshake issues
I have had FiOS less than a week. I used to have cable. The picture is much better the internet seems faster, the other stuff looks cool. HOWEVER I have handshake issues and no one knows what I am talking about. Cable was much better when it comes to
-
Converting from H.264 to DV
I need to convert some .MOVs that are H.264 to DV, because they need to output on Canopus Video output device that requires DV. The .MOV looks great. The DV output from Quicktime Pro looks pretty crappy, even though the file is nine times bigger. The
-
Does Snow Leopard (10.6) DVD have newer Windows drivers?
Does anyone know if Apple has included new drivers on the Snow Leopard DVD? I'm using Windows 7 thanks in advance