Port forwarding - why is forwarded and permitted port always CLOSED?

Similar Messages

• Why do Preview and other programs always open the most recently opened documents?

  This is a minor issue but it bugs me a lot because I never have more windows/documents up than necessary. Every time I open a PDF in Preview, it also opens up all the documents that were up when I quit Preview before. All the Office programs do the same thing. I've searched high and low in the individual program preferences, and nothing works--for example, unchecking "Track recently opened documents" doesn't help for PowerPoint, and I don't even see a similar setting for Preview. Since it's a pan-program problem, I looked in the general System Prefs and I tried unchecking "Restore windows when quitting and re-opening apps." Didn't help. I even re-started. Didn't help (the "Restore windows..." box is still unchecked though, it didn't re-check it). What can I do to stop this silly setting???
  Thanks!

  That looks like it would work...for someone who knows how to do it! That is way over my head. I found this article in another thread and it looks do-able for someone as tech-unsavvy as me, except that I can't find the "Saved Application State" folder that they talk about, not even if I search using Spotlight or Alfred. Sigh. Any other ideas, or am I doomed if I can't write script?

• Port forwarding and DMZ refuses to work properly on WRT54G wireless router.

  I have a network setup on the wireless WRT54G version 8 (with latest firmware) router and port forwarding and DMZ refuse to work correctly. I'm trying to use bittorrent and connect my xbox360 to my computer and neither work properly even after setting up port forwarding in the "Applications and Gaming" tab.
  here's a screenshot of my port forwarding page:
  http://img205.imageshack.us/img205/1497/linksysbg2.jpg
  here's a screenshot of the DMZ page (my computer's IP ends in 102 obviously):
  http://img510.imageshack.us/img510/2131/linksys1rf5.jpg
  now, I've experienced this type of problem before. On a different linksys router a year or 2 back I remember the DMZ never working on that one either and I eventually had to buy a d-link router which worked perfectly. I'm only using this wireless router because it's my roommates and he brought it up. Somebody please explain to me why this isn't working correctly. I am becoming more and more frustrated as I lose faith in linksys routers. Thanks

  Did you tired upgrade of the firmware on the router??
  Also after upgrade reset & reconfigure the router for few seconds ... so that the firmware works properly for longer time ....

• NAT port-forwarding and WAN side IP addresses

  I have my Airport Extreme setup to forward port 21 to an FTP server on the LAN side of my network. The AE is connected via DSL to my ISP.
  When a client from the WAN side connects to my server, the server's LOGS don't list the IP of the client, rather it says the client connected from my assigned WAN IP. For example (fake ip's):
  Client ----> AE ----> FTP-SERVER
  130.129.12.3 76.99.89.3 10.0.1.2
  Log states client connected
  from IP: 76.99.89.3
  My previous Linksys router, with the same DSL modem and ISP, would report the client as connecting from 130.129.12.3.
  Am I missing something in how I am configureing my AE? Or, is this how the AE manages port-forwarding and there's nothing I can do about it?
  I used to use firewall rules to control access to the FTP server, i.e. rules set on the server. This can't be done anymore with the AE operating as it does.

  Seems to me that the NAT translation in the Airport 802.11n is such that it does not use the incoming IP of clients connecting from the WAN side to a computer on the LAN side. The ingoing and outgoing packets reach their respective destinations, it is just that the AE uses some kind of non-standard routing (at least not that I am used to working with).
  This is bad because it prevents the use of some forms of access controls on BSD and Linux servers on the LAN side, TCP Wrappers and iptables for example. This can create obvious security problems when WAN ports are set to forward to such a LAN client. We are already getting hit with robot-like script attacks on our server, this was a problem with our Linksys router, but with the above mentioned tools and scripts we were able to block abusive clients.
  Perhaps an Apple can work on resolving this issue in a future firmware release, at least make it an option... Anyone from Apple out there?
  jmj

• Port forwarding and LAN traffic suddenly stopped working

  My WRT54G was chugging along happily for many months, and suddenly all port forwarding and local LAN traffic stopped flowing. All PCs behind the router on the LAN side can get to all WAN sites just fine, but they cannot ping one another. All of them can ping the router (192.168.1.1) just fine.
  Any ideas?
  Thanks,
  Curtis

  I solved this.  Turned out to not be the router at all, but the accidental enablement of the "Stateful Firewall" within my Cisco VPN client.  Once this option is turned on, the machine gets isolated from the LAN, even when the VPN client isn't visibly running.

• Time Capsule 2 TB, stops port forwarding and cannot be accessed by AAU

  Hi
  I am having the above problem off and on since purchasing the TC. It is dialing in PPOE (fiber optic), connects fine to internet and feeds internet reliably by wireless and wired connections. It will however stop port forwarding and allowing access by Finder or Airport Util. simultaneously at what appears to be random intervals.
  I can unplug the electric and power back on and all is fixed for a week or so. This of course causes havoc with time machine, web server on the network, vpn service etc.
  I have all the updates on AAU osx and I believe everything possible.
  I have the TC, a mini running osx server 10.6.3, a macbook pro, macbook air (Leopard). All running 10.6.3 except the Air.
  I run time machine on all the computers but usually do it manually to avoid 2 machines accessing the Tc at the same time, though sometimes I forget to turn TM off and 2 comps. may be trying to access TC through Time Mach. simultaneously.
  I also have another wireless router getting the internet and making a wireless network in a separate building.
  I have read all the posts but do not see any clear solution or mention of the port forwarding stopping along with access.
  Any help appreciated. If it's defective my year will be coming up, so I want to figure this out now.

  Hi Bob,
  Yes I did a hard reset in order to set it up. I then used the Airport Utility to give it a Network name and base station name that was different from the Wireless AC one upstairs. I left everything else set to defaults and used 'Create a new wireless network'. Added some passwords and then let it boot itself. It all worked ok but as I mentioned I can then only access this downstairs network. The Wireless AC one then refuses to connect afterwards. The only way I can get the Wireless AC to work is to switch off the Wireless N one and then reboot the Wireless AC.
  Maybe I need to change the DHCP port ranges or something ? Is it correct to have x2 networks ?. I dont see any other option given wireless wont reach and I cant cable between the two to create a bridged network.

• Port Forwarding and Loopback with HomeHub 3B

  There have been a number of threads discussing port forwarding and loopback, so I thought it might be useful to summarise my experiences. I have two HomeHub 3Bs on separate lines, one is a standard broadband line, the other is on an Infinity connection. My experience is limited to these two specific devices :-)
  Port Forwarding does work but it is "temperamental" and "arcane" in the way you need to set it up. Although I have had it running perfectly, I have also had experiences where the router has refused to "accept" my changes. Tentatively, I put this down to the fact that I was running a Seagate GoFlex network drive on the network and this piece of equipment (definitely a Do Not Buy) was acting aggressively and screwing up the DDNS allocations. But ... YMMV
  One definite probllem with Port Forwarding is if you attempt to specify a range of addresses. I have failed to get this to work on both my hubs. In my case I was trying to forward (say) 8021-8022 to 21-22, and the router insisted on forwarding both 8021 and 8022 to port 21.  The cure is to set up each port as a separate rule within the same user-defined application.
  On Loopback, I know various people have said it doesnt work, but it has always worked fine for me, at both the locations where I have a HomeHub 3B. I use a DDNS service and I can test that my port forwarding is working by opening a Command Prompt window on my PC and typing  telnet mydomain.dyndns.web.com 21 or whatever. That command contacts my DDNS host to ascertain my IP address and then (attempts to) connect to port 21.
  If port 21 is closed on your router (i.e. you have no port forwarding in place) you will see the message attempting to connect to mydomain.dyndns.web.com... and, after a while that will time out, with Could not open connection to the host, on port 21: Connect failed. If you do have your port forwarding set up correctly then your application will respond in some appropriate mannerr. However, you do need to understand what youre doing, because the response of an application that is expecting HTTP data is simply to do nothing!  You will probably get a blank screen. If you type GET / HTTP/1.1 [note spaces] (which is not echoed to your screen, so be careful not to mistype it) you will receive a page of HTTP response data and HTML data. Thus proving that your port forwarding is working.
  If you do not have any port forwarding set up at all, you can still test the loopback function by attempting to connect to port 161. This port is open on the BT routers and telnetting to it will result in a blank screen (as opposed to the attempting to connect message).
  In summary: loopback works on the Home Hub 3B. Port forwarding also works to a degree but it is temperamental and does have some quirks, like not properly accepting ranges of ports. On this last point, at least, it would be helpful to get an acknowledgement from BT that this is a known fault.

  There have been a number of threads discussing port forwarding and loopback, so I thought it might be useful to summarise my experiences. I have two HomeHub 3Bs on separate lines, one is a standard broadband line, the other is on an Infinity connection. My experience is limited to these two specific devices :-)
  Port Forwarding does work but it is "temperamental" and "arcane" in the way you need to set it up. Although I have had it running perfectly, I have also had experiences where the router has refused to "accept" my changes. Tentatively, I put this down to the fact that I was running a Seagate GoFlex network drive on the network and this piece of equipment (definitely a Do Not Buy) was acting aggressively and screwing up the DDNS allocations. But ... YMMV
  One definite probllem with Port Forwarding is if you attempt to specify a range of addresses. I have failed to get this to work on both my hubs. In my case I was trying to forward (say) 8021-8022 to 21-22, and the router insisted on forwarding both 8021 and 8022 to port 21.  The cure is to set up each port as a separate rule within the same user-defined application.
  On Loopback, I know various people have said it doesnt work, but it has always worked fine for me, at both the locations where I have a HomeHub 3B. I use a DDNS service and I can test that my port forwarding is working by opening a Command Prompt window on my PC and typing  telnet mydomain.dyndns.web.com 21 or whatever. That command contacts my DDNS host to ascertain my IP address and then (attempts to) connect to port 21.
  If port 21 is closed on your router (i.e. you have no port forwarding in place) you will see the message attempting to connect to mydomain.dyndns.web.com... and, after a while that will time out, with Could not open connection to the host, on port 21: Connect failed. If you do have your port forwarding set up correctly then your application will respond in some appropriate mannerr. However, you do need to understand what youre doing, because the response of an application that is expecting HTTP data is simply to do nothing!  You will probably get a blank screen. If you type GET / HTTP/1.1 [note spaces] (which is not echoed to your screen, so be careful not to mistype it) you will receive a page of HTTP response data and HTML data. Thus proving that your port forwarding is working.
  If you do not have any port forwarding set up at all, you can still test the loopback function by attempting to connect to port 161. This port is open on the BT routers and telnetting to it will result in a blank screen (as opposed to the attempting to connect message).
  In summary: loopback works on the Home Hub 3B. Port forwarding also works to a degree but it is temperamental and does have some quirks, like not properly accepting ranges of ports. On this last point, at least, it would be helpful to get an acknowledgement from BT that this is a known fault.

• Difference Between Port Forwarding and Port Triggering.

  Hi guys,
  I'm lost! The differences between port forwarding and port triggering is driving me nuts! It all seems very subtle to me. Can anyone explain to me (in a very simple way) what exactly are their differences. Thanks in advance!!

  Port Forwarding
  The big difference between this and port triggering is that forwarding is fixed.. you forward a port and it is always forwarded.. IE available to connection.. basically the forwarded port is excluded from the fire walling abilities of the router.  Second it is static and applies to one machine only. Whereas you could set port triggering to the router and thereafter any machine on the LAN can trigger it unless its already in use.. port forwarding must be specified for each individual machine.
  Port forwarding requires you to give each PC on the network its own unique static IP address.. Although there is ssh port forwarding that can be set dynamically. Most users only have the option of static ip port forwarding.
  The real downside of port forwarding is that it can be very tricky to set up... You may have to allow a series of ports on a machine and have to do that for each machine you want to allow through. Also routers often have limited abilities and may not allow you the ability to forward a port or select the service you require.
  Port Triggering
   This is a way of Dynamically assigning a service to a port WHEN it is required by an outgoing service. The port is initially not allowed so nothing can get in and you are protected by your network.  
  A good example of this is when using Yahoo! voice .. the voice works fine for a few minutes after you connect to Yahoo! then Yahoo! sends some kind of packet that requires a response from your PC... The packet is allowed in through your router no prob but the outgoing reply is not authorized to open a port on the router and is thus blocked. 
  'ope this helps

• Why doesn't Mail 6.3 show forward and reply icons consistently?

  I am using a MacBook Pro with Mountain Lion and Mail 6.3. My issue is that Mail seems to randomly decide when to put the reply and forward icons next to messaegs in the inbox. It happens with both my Gmail account and an account from a different server. For some of the messages I reply to, it gives me the reply icon and for some, it doesn't. For some of the messages that I forward, it gives me the forward icon and for some, it doesn't. One good thing is that it never shows the icons for messages that have not been replied to or forwarded. So it has that much going for it. I am using a different SMTP for each account. For the messages that I reply to and the forwarded ones, they do actually go out - I can find them in my sent folder. Mail is also synced with my iPad Mini and the icons or lack thereof are consistent across the two devices. One thing to note is that ANY emails replied to or forwarded from my iPad, always show the correct icons - both on the iPad and then on my MacBook once synced. The problem seems to stem from my MacBook Mail.
  Any ideas? Thank-you.

  Select the affected mailboxes in the mailbox list, then select
  Mailbox ▹ Rebuild
  from the menu bar.

• Asymmetric NAT rules matched for forward and reverse flows - NAT Issue

  Having a problem with a VPN site trying to communicate to a subnet off my ASA 5505.   The network is simple, VPN IPSEC remote site is 192.168.6.0/24 and I can ping and access hosts on 192.168.10.0/24 (called InfraNet).   I am now trying to allow communications between 192.168.6.0/24 (called FD_net) to 192.168.9.0/24 (called Inside)
  The Error:
  5          Nov 12 2012          13:52:50                    192.168.9.19                                        Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src outside:192.168.6.11 dst inside:192.168.9.19 (type 8, code 0) denied due to NAT reverse path failure
  I understand this is a NAT issue; but I not seeing the error and could use a second set of eyes.   Here's my current running configuration.
  : Saved
  ASA Version 8.3(2)
  hostname fw1
  domain-name xxxxxxxx.xxx
  enable password <removed>
  passwd <removed>
  names
  interface Vlan1
  description Town Internal Network
  nameif inside
  security-level 100
  ip address 192.168.9.1 255.255.255.0
  interface Vlan2
  description Public Internet
  nameif outside
  security-level 0
  ip address 173.xxx.xxx.xxx 255.255.255.248
  interface Vlan3
  description DMZ (CaTV)
  nameif dmz
  security-level 50
  ip address 192.168.2.1 255.255.255.0
  interface Vlan10
  description Infrastructure Network
  nameif InfraNet
  security-level 100
  ip address 192.168.10.1 255.255.255.0
  interface Vlan13
  description Guest Wireless
  nameif Wireless-Guest
  security-level 25
  ip address 192.168.1.1 255.255.255.0
  interface Vlan23
  nameif StateNet
  security-level 75
  ip address 10.63.198.2 255.255.255.0
  interface Vlan33
  description Police Subnet
  shutdown
  nameif PDNet
  security-level 90
  ip address 192.168.0.1 255.255.255.0
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  switchport trunk allowed vlan 1,5,10,13
  switchport trunk native vlan 1
  switchport mode trunk
  speed 100
  duplex full
  interface Ethernet0/2
  switchport access vlan 3
  interface Ethernet0/3
  interface Ethernet0/4
  switchport trunk allowed vlan 1,10,13
  switchport trunk native vlan 1
  switchport mode trunk
  interface Ethernet0/5
  switchport access vlan 23
  interface Ethernet0/6
  shutdown
  interface Ethernet0/7
  switchport trunk allowed vlan 1
  switchport trunk native vlan 1
  switchport mode trunk
  shutdown
  banner exec                     Access Restricted to Personnel Only
  banner login                     Access Restricted to Personnel Only
  ftp mode passive
  clock timezone EST -5
  clock summer-time EDT recurring
  dns server-group DefaultDNS
  domain-name xxxxxxx.xxx
  same-security-traffic permit inter-interface
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object service IMAPoverSSL
  service tcp destination eq 993
  description IMAP over SSL     
  object service POPoverSSL
  service tcp destination eq 995
  description POP3 over SSL     
  object service SMTPwTLS
  service tcp destination eq 465
  description SMTP with TLS     
  object network obj-192.168.9.20
  host 192.168.9.20
  object network obj-claggett-https
  host 192.168.9.20
  object network obj-claggett-imap4
  host 192.168.9.20
  object network obj-claggett-pop3
  host 192.168.9.20
  object network obj-claggett-smtp
  host 192.168.9.20
  object network obj-claggett-imapoverssl
  host 192.168.9.20
  object network obj-claggett-popoverssl
  host 192.168.9.20
  object network obj-claggett-smtpwTLS
  host 192.168.9.20
  object network obj-192.168.9.120
  host 192.168.9.120
  object network obj-192.168.9.119
  host 192.168.9.119
  object network obj-192.168.9.121
  host 192.168.9.121
  object network obj-wirelessnet
  subnet 192.168.1.0 255.255.255.0
  object network WirelessClients
  subnet 192.168.1.0 255.255.255.0
  object network obj-dmznetwork
  subnet 192.168.2.0 255.255.255.0
  object network FD_Firewall
  host 74.94.142.229
  object network FD_Net
  subnet 192.168.6.0 255.255.255.0
  object network NETWORK_OBJ_192.168.10.0_24
  subnet 192.168.10.0 255.255.255.0
  object network obj-TownHallNet
  subnet 192.168.9.0 255.255.255.0
  object network obj_InfraNet
  subnet 192.168.10.0 255.255.255.0
  object-group service EmailServices
  description Normal Email/Exchange Services
  service-object object IMAPoverSSL
  service-object object POPoverSSL
  service-object object SMTPwTLS
  service-object tcp destination eq https
  service-object tcp destination eq imap4
  service-object tcp destination eq pop3
  service-object tcp destination eq smtp
  object-group service DM_INLINE_SERVICE_1
  service-object object IMAPoverSSL
  service-object object POPoverSSL
  service-object object SMTPwTLS
  service-object tcp destination eq pop3
  service-object tcp destination eq https
  service-object tcp destination eq smtp
  object-group service DM_INLINE_SERVICE_2
  service-object object IMAPoverSSL
  service-object object POPoverSSL
  service-object object SMTPwTLS
  service-object tcp destination eq https
  service-object tcp destination eq pop3
  service-object tcp destination eq smtp
  object-group network obj_clerkpc
  description Clerk's PCs
  network-object object obj-192.168.9.119
  network-object object obj-192.168.9.120
  network-object object obj-192.168.9.121
  object-group network TownHall_Nets
  network-object 192.168.10.0 255.255.255.0
  network-object object obj-TownHallNet
  object-group network DM_INLINE_NETWORK_1
  network-object 192.168.10.0 255.255.255.0
  network-object 192.168.9.0 255.255.255.0
  access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any interface outside
  access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any host 192.168.9.20
  access-list StateNet_access_in extended permit ip object-group obj_clerkpc any
  access-list outside_2_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 object FD_Net
  pager lines 24
  logging enable
  logging asdm debugging
  logging mail errors
  logging from-address hostmaster@xxxxxxxxx
  logging recipient-address john@xxxxxxxxx level errors
  mtu inside 1500
  mtu outside 1500
  mtu dmz 1500
  mtu Wireless-Guest 1500
  mtu StateNet 1500
  mtu InfraNet 1500
  mtu PDNet 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-635.bin
  no asdm history enable
  arp timeout 14400
  nat (InfraNet,outside) source static TownHall_Nets TownHall_Nets destination static FD_Net FD_Net
  nat (inside,outside) source static TownHall_Nets TownHall_Nets destination static FD_Net FD_Net
  object network obj_any
  nat (inside,outside) static interface
  object network obj-claggett-https
  nat (inside,outside) static interface service tcp https https
  object network obj-claggett-imap4
  nat (inside,outside) static interface service tcp imap4 imap4
  object network obj-claggett-pop3
  nat (inside,outside) static interface service tcp pop3 pop3
  object network obj-claggett-smtp
  nat (inside,outside) static interface service tcp smtp smtp
  object network obj-claggett-imapoverssl
  nat (inside,outside) static interface service tcp 993 993
  object network obj-claggett-popoverssl
  nat (inside,outside) static interface service tcp 995 995
  object network obj-claggett-smtpwTLS
  nat (inside,outside) static interface service tcp 465 465
  object network obj-192.168.9.120
  nat (inside,StateNet) static 10.63.198.12
  object network obj-192.168.9.119
  nat (any,StateNet) static 10.63.198.10
  object network obj-192.168.9.121
  nat (any,StateNet) static 10.63.198.11
  object network obj-wirelessnet
  nat (Wireless-Guest,outside) static interface
  object network obj-dmznetwork
  nat (any,outside) static interface
  object network obj_InfraNet
  nat (InfraNet,outside) static interface
  access-group outside_access_in in interface outside
  access-group StateNet_access_in in interface StateNet
  route outside 0.0.0.0 0.0.0.0 173.166.117.190 1
  route StateNet 10.0.0.0 255.0.0.0 10.63.198.1 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable 5443
  http 192.168.9.0 255.255.255.0 inside
  http 74.xxx.xxx.xxx 255.255.255.255 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto map outside_map 2 match address outside_2_cryptomap
  crypto map outside_map 2 set pfs
  crypto map outside_map 2 set peer 173.xxx.xxx.xxx
  crypto map outside_map 2 set transform-set ESP-3DES-SHA
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet 192.168.9.0 255.255.255.0 inside
  telnet timeout 5
  ssh 192.168.9.0 255.255.255.0 inside
  ssh timeout 5
  console timeout 0
  dhcpd dns 208.67.222.222 208.67.220.220
  dhcpd lease 10800
  dhcpd auto_config outside
  dhcpd address 192.168.2.100-192.168.2.254 dmz
  dhcpd dns 8.8.8.8 8.8.4.4 interface dmz
  dhcpd enable dmz
  dhcpd address 192.168.1.100-192.168.1.254 Wireless-Guest
  dhcpd enable Wireless-Guest
  threat-detection basic-threat
  threat-detection statistics host number-of-rate 2
  threat-detection statistics port
  threat-detection statistics protocol
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ntp server 63.240.161.99 source outside prefer
  ntp server 207.171.30.106 source outside prefer
  ntp server 70.86.250.6 source outside prefer
  webvpn
  group-policy FDIPSECTunnel internal
  group-policy FDIPSECTunnel attributes
  vpn-idle-timeout none
  vpn-tunnel-protocol IPSec l2tp-ipsec
  username support password <removed> privilege 15
  tunnel-group 173.xxx.xxx.xxx type ipsec-l2l
  tunnel-group 173.xxx.xxx.xxx general-attributes
  default-group-policy FDIPSECTunnel
  tunnel-group 173.xxx.xxx.xxx ipsec-attributes
  pre-shared-key *****
  smtp-server 192.168.9.20
  prompt hostname context
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:e4dc3cef0de15123f11439822880a2c7
  : end
  Any ideas would be appreciated.
  John

  I don't see any inspection-commands in your config. Is there a reason for not using any of them?
  If your problem is only with ICMP, then you should enable at least icmp-inspection. You can do that easiely with the legacy command " fixup protocol icmp"
  Sent from Cisco Technical Support iPad App

• What are the parameters "page-forward" and "page-backward"  used for?

  In the LIMITS section of the Netscape Calendar Server configuration
  documentation, there are two parameters called "page-forward" and
  "page-backward." The default setting for these parameters is FALSE. However,
  it is unclear what these parameters are used for.
  <P>
  With previous versions of Calendar Server, you could scroll one page forward
  or one page backward through the user search screens. However, with the
  implementation of LDAP in later versions, the options have been disabled in
  the client.
  <P>
  Although the page-forward and page-backward parameters are documented in the
  Administrator guides for Calendar Server versions 3.5 and 4.0, the guides
  state that the default value of FALSE for both parameters cannot be
  changed. In actuality, the parameters can be changed. However, the reason
  that users should not change these parameters is that versions 3.5 and 4.0
  do not support the page-forward and page-backward capabilities. So to avoid
  errors, please do not change these parameters from the default value of FALSE.

  if AdobeRGB is the more professional working space, then why not use that profile?
  on the web (and in unmanaged and broken work flows) sRGB is the safest profile (source space)
  just open your tagged Adobe RGB and tagged ProPhoto RGB document (use the embedded profile in each document)
  and go to View> Proof Setup: Monitor RGB (notice the loss in saturation? that's how most of the people on the Internet will be viewing your color, assuming you have a standard-gamut monitor like most people)
  always CONVERT to sRGB for the World Wide Web
  i didn't read your link
  anyone who recommends "disable color management in Photoshop" -- set Working RGB to "Monitor RGB" -- AND MOST UNBELIEVABLY -- "Don't color manage this document" (ignore embedded profiles) ------ is pretty mixed up (in my opinion)
  i will recommend reading JEFF SCHEWE and BRUCE FRASER for professional color management information

• How do i do a forward and reverse sweep two independent variables

  Hi,
    So I was looking through the post on how to do a forward and reverse sweep with a real-time x-y plot. I have a similar situation except that instead of sweeping (forward and reverse) of one variable, but instead two variables (in my case, I call it gate voltage G-S Volt and source-drain voltage S-D Volt). I understand how to do it with one variable as provided in previous posts, but I am caught when I add another variable to reverse sweep. I have attached my vi to this post. Any suggesstions is greatly appreciated. Thank you. Also, a little more details on my plot, I am plotting current vs gate voltage which forward and reverse sweepeing (gate and source-drain voltage)..
  Attachments:
  FET_Isd - Vg measurement_Vg_201.vi ‏45 KB

  jasonct,
  It is very difficult to follow what your code is doing. It violates all of the style guide and good practice recommendation for LabVIEW code.
  The diagram should fit on one screen. SubVIs can help.  Generally dataflow eliminates the need for sequence structures.  Stacked sequence structures in particular obscure the code. Local variables are prone to race conditions, violate dataflow, and are not needed for the uses you are making of them.  Wiring should go right to left, with minimal numbers of bends.   Comments documenting what you are doing are helpful to others looking at your code and to you next month when you wonder why you did it that way.
  Lynn 

• Fast Forward and Rewind keyboard shortcuts in Log and Capture

  In FCP, I want to assign the Fast Forward and Rewind buttons (in the Log and Capture mode) to buttons on the keyboard. I've assigned the functions using the Keyboard Layout in the Tools menu but it doesn't seem to be working like it should. In Log and Capture when I use the mouse to press the Fast Forward button, FCP stops the miniDV deck and fast forwards the tape as fast as possible without showing any picture. However, when I invoke the keyboard shortcut I created all I get is the picture moving a few fames per second instead of the tape stopping and fast forwarding as fast as possible. The same happens with the Rewind keyboard shortcut as well. Any ideas as to why, and how I might be able to fix this?
  The computer I'm currently working on is a Dual 2 GHz PowerMac G5, 2.5 GB RAM, Final Cut Studio (Final Cut Pro 5.0.4).
  –Michael
  Message was edited by: Michael Starks

  When I press the fast forward or rewind button while logging a miniDV tape the video stops and then the tape fast forwards or rewinds at a MUCH faster rate than L or J ever give me. That is the behavior I am trying to get from a keyboard shortcut.
  Not possible via keyboard shortcuts, unfortunately.
  Even if you map the Rewind and Fast Forward functions to keys in a Custom Keyboard Layout - for those who didn't know, yes, there are specific commands for those functions even though they are not mapped by default - those shortcuts will not within the L&C window. We're stuck pressing the buttons.
  Forgot to mention: the only time you're able to invoke the true fast forward or rewind function is using Shift-I/O (that is, Go to In Point or Out Point). Of course that only works if you have the necessary In/Out point set...

• Applescript to forward and change subject?

  Hi,
  I'm striving to make an Applescript to forward and change the subject of some messages filtered by some rules at Apple Mail.
  This is what I'm using:
  using terms from application "Mail"
            on perform mail action with messages theSelectedMessages for rule RRRR
                      repeat with eachSelectedMessage in theSelectedMessages
    forward eachSelectedMessage
                                set subject of eachSelectedMessage to yyy
                                set recipients to "[email protected]"
                      end repeat
            end perform mail action with messages
  end using terms from
  The script is correctly forwarding the messages, but it isn't changing the subject of them.
  Any tips?
  Thanks.
  Germano

  While testing your script, I have noticed the forwarded message contained two copies of the original message most of the time, but not always, whithout understanding why it sometimes worked as expected.
  Nevertheless, here's the workaround I've finally found out for those times when it doesn't work as expected:
  tell application "Mail"
      set theSelection to selection
      set theForwardedMessage to forward (item 1 of theSelection) with opening window
      tell theForwardedMessage
          make new to recipient at end of to recipients with properties {address:"[email protected]"}
          activate
          tell application "System Events"
              keystroke "a" using command down -- ⌘A (select all)
              key code 51 -- ⌫ (erase to the left)
          end tell
          delay 1
          set subject to "new subject text goes here"
          tell application "System Events"
              key code 117 -- ⌦ (erase to the right)
          end tell
          send
      end tell
  end tell
  And no need to enable access for assistive devices this time!
  (I hope the script is self-explanatory.)
  Message was edited by: Pierre L.

• Asymmetric NAT rules matched for forward and reverse flows

  Hi! I don't know why this comes up in the logs when I have configured my vpn like so:
  crypto dynamic-map L2L_MAP 50 set reverse-route
  crypto dynamic-map OUTSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
  crypto dynamic-map OUTSIDE_dyn_map 40 set pfs
  crypto dynamic-map OUTSIDE_dyn_map 40 set transform-set ESP-3DES-SHA
  crypto dynamic-map OUTSIDE_dyn_map 60 set pfs
  crypto dynamic-map OUTSIDE_dyn_map 60 set transform-set ESP-3DES-SHA
  crypto dynamic-map OUTSIDE_dyn_map 65535 set transform-set ESP-3DES-SHA
  crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime seconds 288000
  crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime kilobytes 4608000
  crypto dynamic-map INSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
  crypto map L2L_MAP 20 match address IDP_VPN
  crypto map L2L_MAP 20 set peer x.x.x.x
  crypto map L2L_MAP 20 set transform-set ESP-3DES-SHA
  crypto map L2L_MAP 40 match address cp_l2l_map_40
  crypto map L2L_MAP 40 set peer x.x.x.x
  crypto map L2L_MAP 40 set transform-set ESP-3DES-SHA
  crypto map L2L_MAP 60 match address bwi_l2l
  crypto map L2L_MAP 60 set peer x.x.x.x
  crypto map L2L_MAP 60 set transform-set ESP-3DES-SHA
  crypto map L2L_MAP 80 match address outside_80_cryptomap
  crypto map L2L_MAP 80 set peer x.x.x.x
  crypto map L2L_MAP 80 set transform-set ESP-3DES-SHA
  crypto map L2L_MAP 65535 ipsec-isakmp dynamic OUTSIDE_dyn_map
  crypto map L2L_MAP interface outside
  crypto map INSIDE_map 65535 ipsec-isakmp dynamic INSIDE_dyn_map
  crypto map INSIDE_map interface inside
  I am able to connect successfully via vpn client.  Its just that i cant reach the internal servers...  Any ideas?
  i get this error:
  Oct 18 2012 00:52:37: %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for udp src outside:10.10.13.221/137 dst inside:10.10.13.255/137 denied

  I put in the important configs:
  interface GigabitEthernet0/0
  nameif outside
  security-level 0
  ip address x.x.x.x 255.255.255.0 standby x.x.x.x
  ospf cost 10
  interface GigabitEthernet0/1
  nameif inside
  security-level 100
  ip address 10.10.13.5 255.255.255.0 standby 10.10.13.6
  ospf cost 10
  interface GigabitEthernet0/2
  nameif dmz
  security-level 50
  no ip address
  ospf cost 10
  interface GigabitEthernet0/2.720
  vlan 720
  nameif dmz-vsp
  security-level 50
  ip address 172.24.0.1 255.255.255.0 standby 172.24.0.2
  ospf cost 10
  interface GigabitEthernet0/2.724
  vlan 724
  nameif dmz-dbz
  security-level 75
  ip address 172.24.4.1 255.255.255.0 standby 172.24.4.2
  ospf cost 10
  interface GigabitEthernet0/2.725
  vlan 725
  nameif dmz-smtp
  security-level 50
  ip address 172.24.5.1 255.255.255.0 standby 172.24.5.2
  ospf cost 10
  dns domain-lookup outside
  dns domain-lookup inside
  dns server-group DefaultDNS
  name-server 10.10.10.50
  domain-name xxxx.local
  access-list nonatacl extended permit ip 10.10.0.0 255.255.0.0 10.40.4.0 255.255.255.0
  access-list nonatacl extended permit ip 172.16.0.0 255.255.0.0 10.40.4.0 255.255.255.0
  access-list nonatacl extended permit ip 192.168.2.0 255.255.255.0 10.40.4.0 255.255.255.0
  access-list nonatacl extended permit ip 192.168.3.0 255.255.255.0 10.40.4.0 255.255.255.0
  access-list nonatacl extended permit ip 10.10.0.0 255.255.0.0 10.40.14.0 255.255.255.0
  access-list nonatacl extended permit ip 10.10.13.0 255.255.255.0 10.10.10.0 255.255.255.0
  access-list nonatacl extended permit ip 10.10.10.0 255.255.255.0 10.10.13.0 255.255.255.0
  access-list nonatacl extended permit ip 10.10.13.0 255.255.255.0 192.168.6.0 255.255.255.0
  access-list nonatacl extended permit ip 192.168.6.0 255.255.255.0 10.10.13.0 255.255.255.0
  ip local pool inshse-vpn-pool2 192.168.6.220-192.168.6.230 mask 255.255.255.0
  global (outside) 201 192.168.16.1-192.168.16.250
  global (outside) 202 10.201.5.145-10.201.5.158
  global (outside) 4 10.10.13.180-10.10.13.189 netmask 255.0.0.0
  global (outside) 101 interface
  global (outside) 1 x.x.x.x netmask 255.0.0.0
  global (inside) 204 10.10.13.70-10.10.13.79 netmask 255.0.0.0
  nat (inside) 0 access-list nonatacl
  nat (inside) 201 access-list NAT_TO_IDP
  nat (inside) 202 access-list inside2-vsp_nat_outbound
  nat (inside) 101 0.0.0.0 0.0.0.0
  nat (dmz-vsp) 202 access-list dmz-vsp_nat_outbound
  nat (dmz-vsp) 101 0.0.0.0 0.0.0.0
  route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
  route inside 10.0.0.0 255.240.0.0 10.10.13.1 1
  route inside 10.40.1.0 255.255.255.0 10.10.13.1 1
  route inside 10.40.2.0 255.255.255.0 10.10.13.1 1
  route inside 10.40.3.0 255.255.255.0 10.10.13.1 1
  route inside 10.40.4.0 255.255.255.0 10.10.13.1 1
  route inside 10.40.13.0 255.255.255.0 10.10.13.1 1
  route inside 10.40.254.0 255.255.255.0 10.10.13.1 1
  route inside 172.16.0.0 255.255.0.0 10.10.13.1 1
  route inside 192.168.2.0 255.255.255.0 10.10.13.1 1
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server VPN_Auth protocol radius
  aaa-server VPN_Auth (inside) host 10.10.2.20
  timeout 5
  key *****
  no mschapv2-capable
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map L2L_MAP 50 set reverse-route
  crypto dynamic-map OUTSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
  crypto dynamic-map OUTSIDE_dyn_map 40 set pfs
  crypto dynamic-map OUTSIDE_dyn_map 40 set transform-set ESP-3DES-SHA
  crypto dynamic-map OUTSIDE_dyn_map 60 set pfs
  crypto dynamic-map OUTSIDE_dyn_map 60 set transform-set ESP-3DES-SHA
  crypto dynamic-map OUTSIDE_dyn_map 65535 set transform-set ESP-3DES-SHA
  crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime seconds 288000
  crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime kilobytes 4608000
  crypto dynamic-map INSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
  crypto map L2L_MAP 20 match address IDP_VPN
  crypto map L2L_MAP 20 set peer x.x.x.x
  crypto map L2L_MAP 20 set transform-set ESP-3DES-SHA
  crypto map L2L_MAP 40 match address cp_l2l_map_40
  crypto map L2L_MAP 40 set peer x.x.x.x
  crypto map L2L_MAP 40 set transform-set ESP-3DES-SHA
  crypto map L2L_MAP 60 match address nonatacl
  crypto map L2L_MAP 60 set peer x.x.x.x
  crypto map L2L_MAP 60 set transform-set ESP-3DES-SHA
  crypto map L2L_MAP 80 match address outside_80_cryptomap
  crypto map L2L_MAP 80 set peer x.x.x.x
  crypto map L2L_MAP 80 set transform-set ESP-3DES-SHA
  crypto map L2L_MAP 65535 ipsec-isakmp dynamic OUTSIDE_dyn_map
  crypto map L2L_MAP interface outside
  crypto map INSIDE_map 65535 ipsec-isakmp dynamic INSIDE_dyn_map
  crypto map INSIDE_map interface inside
  crypto isakmp enable outside
  crypto isakmp enable inside
  crypto isakmp enable dmz
  crypto isakmp enable dmz-vsp
  crypto isakmp policy 20
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 65535
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  no vpn-addr-assign aaa
  no vpn-addr-assign dhcp
  group-policy ihasavpn2_gp internal
  group-policy ihasavpn2_gp attributes
  dns-server value 10.10.10.52
  vpn-tunnel-protocol IPSec
  default-domain value xxxx.local
  tunnel-group ihasavpn2 type remote-access
  tunnel-group ihasavpn2 general-attributes
  address-pool inshse-vpn-pool2
  authentication-server-group VPN_Auth
  authentication-server-group (inside) VPN_Auth
  default-group-policy ihasavpn2_gp
  tunnel-group ihasavpn2 ipsec-attributes
  pre-shared-key *****
  tunnel-group ihasavpn2 ppp-attributes
  authentication ms-chap-v2