Port Mapping...access home network remotely

Similar Messages

• Can not access home network via ipod touch, password entered  not accepted

  Can not access home network via ipod touch, password entered not accepted
  Trying to help my son set up his ipod touch to connect to the network and the password I entered is not accepted.
  1. Which password is required? I entered the password I use for logging into my router
  2. The home network is recognized, when selected it requires a password to be entered, but I am just not sure what password it is looking for to connect.
  I have not been able to find any information on this subject

  jersey0904, Welcome to the discussion area!
  You need to enter the wireless encryption password... not the administrative password for the router.

• Problems accessing home network via FTP

  I get a -50 error when I try to FTP thru my company's wired Ethernet network to my home network via the "Connect to Server" command in the Finder.
  However, I can connect with my home network using FileZilla thru the same (wired) network.
  And I can connect to my homework via my company's wireless network from the Finder.
  Any ideas what might be blocking me from FTP'ing to my home network via the Finder and thru the wired network, and how to resolve?

  At least a partial answer.
  If I use the command FTP://username@IP Address, I'm able to connect. But I don't have to use my username with wireless.

• Access Home iMac Remotely from Work

  I have almost identical setups at home and work. At both locations, I have a 22" iMac with Snow Leopard 10.6.4 and an Airport Extreme Base Station. I would like to access both my iMacs wether I am at home or work. I am a bit confused on how to properly achieve this. The main idea is to access either iMac without anyone being there - that takes iChat out of the equation. Any thoughts?

  The easiest solution, especially since you may not be in control of the necessary hardware at work to make this happen without such a solution, would be to use Back to My Mac with a MobileMe account. See System Preferences -> MobileMe.
  If you don't have a MobileMe account, try a third-patry solution, like LogMeIn.
  If you want to try your hand at making it work without these solutions, see my post at:
  http://discussions.apple.com/thread.jspa?messageID=9436505&#9436505
  It's an old post, but still applies... the only difference is that I've since learned you should set the Configure IPv4 setting to "Manually" instead of what I said in that post.

• Need help trying to access network remotely

  I will start off this post by warning that I am not the most knowledgeable person when it comes to networking beyond a LAN.
  I am trying to set up my network to enable remote login to my Final Cut Server (port 8891). My network consists of an Airport Extreme router, a few switches, and several workstations connected to the network.
  I am connected to the internet via a cable modem and have gone online to find out what my IP address is. Whenever I try to connect to the network via that IP address I receive a "Cannot connect to server" message. I have tried using the IP address and the IP address followed by ":8891" (the port I am trying to access).
  Any help would be greatly appreciated!
  Doug

  Sorry for the delay in response.
  I have been able to access and use Final Cut Server as part of our regular workflow from within our LAN.
  In terms of remote access to the network, I set up the Airport Extreme to forward all incoming requests to the computer running Final Cut Server. When I go to the IP address I am reported to be on (from whatismyip) from inside my network, everything works fine. I can access the apache server and Final Cut Server. When I utilize a computer not on the same network to access the IP address for the network my Final Cut Server is located on, the browser timeouts trying to connect. Eventually I receive a message saying the server is not responding.
  Any ideas why I cannot access my home network remotely?

• Acessing Home Network from work

  If i want to access my home network when i'm at work... what all is involoved in that?

  Hi:
  What services are you running? Who do you want to be able to access them? How "tight" do you want your security to be?
  I run a small personal email server at home, along with afp services, vnc, and ssh. To do that, I require all users to tunnel all desired services over ssh protocol 2.
  To do that, basically, I open one single port in the DSL modem and forward that port to the computer hosting those services. You may or may not have to use static IP routing on your internal LAN 192.168 network for port forwarding, depending on how new/fancy your DSL/cable modem is. If you wanted to allow ssh to multiple computers, you'd have to ssh in on a non-standard port on at least one of them, which you can tell the DSL/cable modem to "cross-strap" to port 22 inside the LAN. I don't see why if you came in from the outside on two different ports, that you couldn't cross-strap one port to one of your internal 192.168 IP addresses on port 22, and cross-strap the other port to the second internal 192.168 IP, also port 22.
  Then, add a line to each user's .bash_login files on their remote computers that says something like
  alias phoneHome='ssh -l {homeShortUserName} -L 5901:127.0.0.1:5900 -L 3238:127.0.0.1:3238 -L 5548:127.0.0.1:548 -L2525:127.0.0.1:25 -L 1143:127.0.0.1:143 {yourDomainName}
  Now, each user launches Terminal, types phoneHome and gets an encrypted channel for VNC (first two "-L" port forwards), afp file sharing, smtp mail services, and imap mail services. And it's all encrypted. I would also recommend taking a look at http://www.corsaire.com/white-papers/050819-securing-mac-os-x-tiger.pdf.
  After the user has "phoneHome'd," (s)he can launch Mail, ChickenoftheVNC, or ⌘k in Finder to start AFP. Your users' remote computers' Mail would use 127.0.0.1 as the imap and smtp server, ports 1143 and 2525 respectively, to access the server mail account set up there. To connect afp, the remote user would connect to 127.0.0.1:5548. To connect to vnc session, remote users would connect to 127.0.0.1:5901.
  The hosting Mac (at home) would need to have VNC andARD services enabled (btw, VNC is pre-defined as an "other" "new" service when you add it in SysPrefs Sharing Firewall), and apple file sharing, and remote login (ssh) enabled in the Sharing Services tab. In the firewall tab, you would need to add smtp (port 25 TCP) and imap (port 143) and/or pop (port 110) if you are going to run a mail server. You don't need SSL if you tunnel over ssh. I prefer this approach because if you use public/private key exchange for ssh login (basically, like an automated PGP authentication), that is, to me, way more secure than password authentication, and it's two less ports you need open for universal access.
  To get mail from other smtp servers, I recommend you get mailhop relay by dyndns.com. It costs $40 a year, and whenever anybody sends mail to your domain, it gets routed through them first, where they spam-assassinate it and virus-scan it before forwarding it on to you. The other advantage is that then, when you open port 25 in your router, you can restrict that port to only be accessible to traffic coming from dyndns' several mailhop relay smtp servers' IP addresses. Helps to cut down on the hack attacks by intruders coz a port scan from any other IP address will show the port as closed. MailServe, by cutedgesystems.com, is a GUI frontend for Mac's built-in postfix, and it also includes uw-imap. It lets you get an imap(or pop)+smtp mailserver up and running in literally minutes for only $20.
  If you don't get a static WAN IP address assignment from your ISP, get dyndns.com's DynDNSupdater program (the same guys that have the mailhop services). Then, whenever, your ISP changes your DHCP-assigned WAN IP address, dyndns.com's DNS servers are updated with your new IP address, so your domain name can always be resolved. They offer a number of variations of TLD's for your domain name for free, or you can pay them for a custom one. But I don't have a problem with a domain name like jv.dyndns.org. But they've got a lot of others, like isageek.net and some other goofy ones. There are other programs like DynDNSupdater, but I am only familiar with dyndns. One thing is for certain, to me anyways, and that is being able to operate DHCP from your ISP is better than paying monthly premium for a static IP assignment from your ISP.
  I mentioned mailhop relay earlier -- if you are going to be dynamic WAN IP from your ISP rather than buying a static WAN IP address, and are going to be running that mailserver, and you bought mailhop relay, you will probably find yourself wanting to buy another service from them for as little as $10/yr called mailhop outbound (pricing depends on amount of outbound mail traffic). Outfits like roadrunner.com and aol.com block smtp requests coming from servers whose domain names reverse-dns to dynamic IP space. So your users might not be able to send mail to aol or rr.com people, and others, without a service like this. Still, $10/yr is better than $5-$10/mo for a static WAN IP.
  Digressing somewhat, if you are going to be running your own webserver, open to the public, you'll need to open port 80 on your DSL/cable modem (and in Sys Prefs Sharing Services) and forward that port to the computer hosting the web server, too. And, as Karl said, if running multiple webservers, you'll need multiple ports open in the modem, cross-strapped to port 80 of the appropriate server.
  Last but not least (well, at least last for this post!) I would recommend installing a network intrusion detection system. One is available that comes pre-compiled for Mac OS X client, called HenWen. It is a GUI front-end for Snort, which comes included with HenWen (it's not the most recent version of snort, and it doesn't install snort in the usual default location that snort would, instead being contained within the HenWen application, but I still recommend it). Fairly easy to set up, although since the last version of HenWen came out, snort has added rule sets for spyware, so you need to add a rule for that in HenWen's GUI. Sign up for a free account at snort.org, so you can get the latest NIDS rulesets. It doesn't block bad things before they happen, but at least it lets you know that suspicious activity occurred after the fact -- which is way better than being totally oblivious.
  And I guess I lied, this is actually the last thing: if your work's IT dept is like mine, they keep just about ALL destination ports closed. So you may need to try to telnet {yourDomainName} {port#forDesiredService} just to make sure that your IT dept allows outbound traffic to go to the desired destination ports on your home network, or use Tiger's provided Network Utility to port scan your home's network's desired ports.
  (if this solves your problem, or is actually helpful towards arriving at a solution to your problem, please consider marking this reply as "helpful" or "solved," in addition to, if applicable, marking this question as "answered")
  2001 Quicksilver G4 (M8360LL/A)   Mac OS X (10.4.8)  

• I have airport extreme and just purchased a D-Link DCS-932L home network camera.  D-Link says I need UpNp but the extreme doesn't support this.  Can I use port mapping?  if so anyone know how to set that up?  thanks

  I have airport extreme and just purchased a D-Link DCS-932L home network camera.  D-Link says I need UpNp but the extreme doesn't support this.  Can I use port mapping?  if so anyone know how to set that up?  thanks

  Since the D-Link DCS-932L is accessible on the local network via a web browser, you should be able to access this camera from the Internet if your router has a publically accessible Public IP address. If your ISP provides you with a dynamic Public IP address, you may want to use a DDNS service to make it easier for you to locate your camera whenever your ISP changes your IP address.
  Start the AirPort Utility > Select the 802.11n AirPort Extreme Base Station (AEBSn).
  Select Manual Setup.
  Verify that Connection Sharing = Share a public IP address is selected on the Internet > Internet Connection tab.
  Select Advanced, and then, select the Port Mapping tab.
  Click the plus sign to add a new port mapping.
  For Service, leave the default; this will change to "Custom" once you start entering port values.
  In the Public UDP Port(s) and Public TCP Port(s) boxes, type in a 4-digit port number (e.g., 8888) that you choose. In the Private IP Address box, type the internal IP address of your camera. In the Private UDP Port(s) and Private TCP Port(s) boxes, enter the appropriate port values that should have been provided to you by the camera manufacturer. Click Continue.
  In the Description box, type a descriptive name like "Internet Camera Access," and then, click Done.
  Click on Update.
  To connect to the shared Camera from a remote location using a Mac or PC:
  Start your favorite web browser.
  Enter either your Public IP address or DDNS-provided Domain Name, followed by a colon and the Public port number that you choose in step 7 of the previous procedure. For example: http://123.123.123.123:8888 or http://www.mydtdnsdomainname.com:8888

• Map a port through Airport Extreme to access my NAS remotely through FTP

  Hello Everyone,
  Was hoping someone might be able to enlighten me. I recently purchased a WD ShareSpace. It has the ability to setup FTP access to it. I am currently using an Airport Extreme and I seem to be having trouble finding information on how to setup my AE to allow my WD be accessed outside my router. I have looked at the settings for port mapping and assume I need to setup a Service in there for FTP Access, but regarding all the UTP ports and addresses, I am a little lost.
  I cant seem to find a simple site that kind of goes into details on more or less what is what, how this and that work. I do well with networking but a lot of this port mapping and forwarding stuff is somewhat new to me.
  Any help would be great, thank you!
  Tim

  The WD ShareSpace has a bunch of ways (it seems) to connect to it remotely, but I know that I would still need to open access up through the router.
  It probably is not worth it. WD makes it seem easy and tells how to access the NAS by typing in my ip and all, but I get the feeling it is not as easy nor secure as they make it sound.
  There is a built in menu regarding FTP through WD web configuration, so I got the impression it might be easier.
  Simply all I want to do is access my music and movies from the NAS elsewhere. I get the feeling this is not the best move in regards to security.
  Thanks!

• I have a mac mini server which I want to set up for remote access from windows and mac pcs.  How do I do this.  I can access it form my home network OK

  I have a mac mini server which I want to set up for remote access from windows and mac pcs.  How do I do this.  I can access it form my home network OK

  Posted in error.

• Suggestions for NAS for home network and remote access to clients

  I have a photo studio in my home and will need to get the digital files to my clients roughly once a week. i am currently using dropbox, but was thinking of purchasing a NAS that I could use for this purpose,as well as for my home network needs, mainly itunes and photos of the kid...
  any suggestions for a mac friendly NAS , and how it can be accesed by my client over the internet?
  can a NAS be accessed like a FTP site, using fetch or another FTP client?
  thank for any help.
  -thomas

  Hi Thomas,
  I have had similar considerations and finally chose QNAP 439 Pro II over the many other ones out there (LinkSys, NetGear, Bufallo, etc.). Without going into technical details, the main reason for my choice were easy-of-use, functionalities and scalability:
  http://www.qnap.com/prodetail_feature.asp?pid=148
  It's not the cheapest solution out there, but works great with the Mac, even acts as storage solution for TimeMachine (with latest firm ware). And implementing client access is easy.
  Hope this helps.
  Kind regards,
  Mark

• I can access my time capsule from my mac mini at work but my macbook can only access it from my home network. how do i fix this?

  I have a Mac Mini and a MacBook, both were configured at home to access the time capsule. I have since moved the mini to work to use there and it has no issues looking up files on the time capsule which remains at home. The macbook whoever can only access the time capsule from within the home network. I can't seem to find what I may have done differently. Can anybody help?
  Not sure if your allowed to post two questions, but it's may be related. I find that accessing the files on the time capsule from the mac mini or the macbook is very slow. Accessing the same files from an older HP laptop is as fast as accessing its own hard drive. How can I speed up the accessing of these files from my apple products. One would think they would work fast and the 'windows' computers would take minutes to map the drive each time... 
  Thanks for any help.

  I have since moved the mini to work to use there and it has no issues looking up files on the time capsule which remains at home.
  This cannot happen by magic though.. you must have configured the mini to access the TC remotely.. which method are you using, BTMM and iCloud??
  The macbook whoever can only access the time capsule from within the home network. I can't seem to find what I may have done differently. Can anybody help?
  How is the Macbook configured to access the TC remotely?? If you are trying to use BTMM and iCloud, then it might be a case that with the mini running the connection cannot be done by more than one computer at a time.. this is generally the case although I do not know if that is specifically true of BTMM method. Try turning off the mini and leave it off.. (off not standby)... then reboot the TC when you are at home.. and then try and connect the laptop to the TC the next morning from work. See if it is then able to capture the connection.. if so start up the mini and I suspect it now will not be able to connect.. that will prove that the TC cannot cope with two remote connections.
  There also could be another factor in here. If you are accessing the laptop via the same router as the mini is on.. then actually you cannot have two users mount the same files on a TC.. from the same IP address.. as far as the TC is concerned both devices have identical IP, that is the public IP of the work location router.
  If you happen to not be using BTMM then the situation is even easier.. you cannot make two different devices connect to the same network resource using the same port. That is the failing of the NAT system.. one device uses the port then it cannot be used by a second device. You will need to do some fancy footwork and use a different port.
  Anyhow tell us exactly how you are doing remote access.. otherwise I am just guessing.
  Not sure if your allowed to post two questions, but it's may be related. I find that accessing the files on the time capsule from the mac mini or the macbook is very slow.
  Are you talking about files you are hosting on the TC?? Not Time Machine backups??
  Can you tell me exactly how you are accessing the TC.. please do a test..
  Copy a file to the TC and from the TC using the Laptop.. Use a single very large file, eg 1GB movie file.
  Give me a read and write speed.. you can use activity monitor to give me an aprox average speed as well as peak.
  Do the same test from the same computer with wireless turned off running ethernet.
  Then do the tests from the mini.. same ones.. copy large file to and from the TC by ethernet and by wireless.. when using ethernet make sure wireless is off.
  I strongly recommend you set IPv6 to link local only for your wireless and ethernet setup in the Mac.
  eg
  Now do the test from the HP laptop and give me the results from that.
  Is the issue wireless only.. ??
  Then you might need to spend a bit of time fixing the wireless in the Macs.. you can run wireless diagnostics in Mavericks.
  About Wireless Diagnostics

• VPN connects but unable to access resources on remote network

  HI,
  I'm able to ping the ASA interface once  the VPN is connected but unable to access any of the resources located on the remote network such as shares and computers. The cisco vpn client shows data being sent and recieved when I ping the interface on the ASA but it doesn't recieve any data when I attempt to ping or access other resources on the network. 
  ASA Version 8.2(5)
  hostname HOST_NAME
  domain-name default.domain.invalid
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  speed 10
  duplex half
  interface Ethernet0/4
  speed 100
  duplex full
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 10.10.8.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 12.x.x.x x.x.x.x
  boot system disk0:/asa825-k8.bin
  ftp mode passive
  dns domain-lookup inside
  dns domain-lookup outside
  dns server-group DefaultDNS
  name-server 10.10.8.2
  domain-name default.domain.invalid
  same-security-traffic permit intra-interface
  object-group service Vipre tcp
  port-object range 18082 18082
  port-object range 18086 18086
  object-group network town
  network-object 192.168.0.0 255.255.0.0
  access-list outside_20_cryptomap extended permit ip 10.10.8.0 255.255.255.0 192.168.0.0 255.255.252.0
  access-list new extended permit ip host 192.168.0.1 any
  access-list new extended permit ip any host 192.168.0.1
  access-list outside_20_cryptomap_1 extended permit ip 10.10.8.0 255.255.255.0 192.168.0.0 255.255.252.0
  access-list townoffice_splitTunnelAcl standard permit 10.10.8.0 255.255.255.0
  access-list townremote_splitTunnelAcl standard permit 10.10.8.0 255.255.255.0
  access-list outside_access_in extended permit tcp any interface outside object-group Vipre
  access-list outside_access_in extended permit tcp any object-group Vipre interface inside object-group Vipre
  access-list outside_access_in extended permit tcp any eq 3389 10.10.8.0 255.255.255.0 eq 3389
  access-list test extended permit ip host 192.168.0.6 host 10.10.8.155
  access-list test extended permit ip host 10.10.8.155 host 192.168.0.6
  access-list test extended permit ip host 10.10.8.2 host 192.168.3.116
  access-list test extended permit ip host 192.168.3.116 host 10.10.8.2
  access-list test extended permit ip host 10.10.8.155 host 192.168.3.116
  access-list bypass extended permit ip host 10.10.8.155 host 192.168.3.116
  access-list bypass extended permit tcp 192.168.0.0 255.255.0.0 10.10.8.0 255.255.255.0
  access-list bypass extended permit tcp 10.10.8.0 255.255.255.0 192.168.0.0 255.255.0.0
  pager lines 24
  logging enable
  logging buffered debugging
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ip local pool vpn 10.10.8.125-10.10.8.149 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-522.bin
  no asdm history enable
  arp timeout 14400
  global (inside) 1 interface
  global (outside) 1 interface
  nat (inside) 1 192.168.0.0 255.255.0.0
  nat (inside) 1 0.0.0.0 0.0.0.0
  static (inside,outside) tcp interface 18082 10.10.8.2 18082 netmask 255.255.255.255
  static (inside,outside) tcp interface 18086 10.10.8.2 18086 netmask 255.255.255.255
  static (inside,outside) tcp interface 3389 10.10.8.2 3389 netmask 255.255.255.255
  static (inside,inside) 192.168.0.0 192.168.0.0 netmask 255.255.0.0
  static (inside,inside) 10.10.8.0 10.10.8.0 netmask 255.255.255.0
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 12.70.119.65 1
  route inside 192.168.0.0 255.255.0.0 10.10.8.250 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication ssh console LOCAL
  aaa authentication telnet console LOCAL
  http server enable
  http  outside
  http  outside
  http  inside
  http  outside
  http inside
  http  outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  sysopt noproxyarp inside
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map outside_dyn_map 20 set pfs
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 40 set pfs
  crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 60 set pfs
  crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 80 set pfs
  crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 100 set pfs
  crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
  crypto map outside_map 20 match address outside_20_cryptomap_1
  crypto map outside_map 20 set pfs
  crypto map outside_map 20 set peer 69.87.150.118
  crypto map outside_map 20 set transform-set ESP-3DES-SHA ESP-3DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 86400
  crypto isakmp policy 30
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp nat-traversal 30
  telnet 10.10.8.0 255.255.255.0 inside
  telnet timeout 5
  ssh 63.161.207.0 255.255.255.0 outside
  ssh timeout 5
  console timeout 0
  dhcpd dns 10.8.8.2
  dhcpd address 10.10.8.150-10.10.8.200 inside
  dhcpd dns 10.10.8.2 interface inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  group-policy aaa internal
  group-policy aaa attributes
  dns-server value 10.10.8.2 4.2.2.2
  vpn-tunnel-protocol IPSec
  default-domain value domainname
  group-policy bbb internal
  group-policy bbb attributes
  wins-server value 10.10.8.2
  dns-server value 10.10.8.2
  vpn-tunnel-protocol IPSec l2tp-ipsec
  split-tunnel-policy tunnelall
  split-tunnel-network-list value townoffice_splitTunnelAcl
  default-domain value domainname.local
  group-policy townremote internal
  group-policy townremote attributes
  wins-server value 10.10.8.2
  dns-server value 10.10.8.2 4.2.2.2
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value townremote_splitTunnelAcl
  default-domain value domainanme
  group-policy remote internal
  group-policy remote attributes
  wins-server value 10.10.8.2
  dns-server value 10.10.8.2
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value townremote_splitTunnelAcl
  default-domain value dksecurity.local
  address-pools value vpn
  username xxxx password . encrypted privilege 15
  username xxxx attributes
  vpn-group-policy dksecurityremote
  username xxx password  encrypted privilege 15
  username xxx attributes
  vpn-group-policy dksecurityremote
  username xxxx password . encrypted privilege 15
  username xxx password  encrypted privilege 15
  username xxx attributes
  vpn-group-policy dksecurityremote
  username xxx password  encrypted privilege 15
  username xxxx attributes
  vpn-group-policy dksecurityremote
  username xxx password  encrypted privilege 15
  username xxx attributes
  vpn-group-policy dksecurityremote
  username xxx password  encrypted privilege 15
  username xxx attributes
  vpn-group-policy dksecurityremote
  username xxx password  encrypted privilege 15
  username xxx password  encrypted privilege 15
  username xxxx attributes
  vpn-group-policy remote
  username xxx password  encrypted privilege 15
  username xxx attributes
  vpn-group-policy remote
  username xxx password  encrypted privilege 15
  username xxx attributes
  vpn-group-policy remote
  username xxxx password  encrypted privilege 15
  username xxx password  encrypted privilege 15
  username xxx attributes
  vpn-group-policy remote
  tunnel-group 69.87.150.118 type ipsec-l2l
  tunnel-group 69.87.150.118 ipsec-attributes
  pre-shared-key *****
  tunnel-group remote type remote-access
  tunnel-group remote general-attributes
  address-pool vpn
  default-group-policy townremote
  tunnel-group townremote ipsec-attributes
  pre-shared-key *****
  isakmp keepalive disable
  tunnel-group townremote type remote-access
  tunnel-group townremote general-attributes
  address-pool vpn
  default-group-policy townremote
  tunnel-group lansingremote ipsec-attributes
  pre-shared-key *****
  class-map tcp-bypass
  match access-list bypass
  class-map test
  match access-list new
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
    no dns-guard
    no protocol-enforcement
    no nat-rewrite
  policy-map global_policy
  class test
  class inspection_default
  policy-map tcp
  class tcp-bypass
    set connection random-sequence-number disable
    set connection advanced-options tcp-state-bypass
  service-policy global_policy global
  service-policy tcp interface inside
  prompt hostname context
  call-home reporting anonymous prompt 2
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:c724d6744097760d94a7dcc79c39568a
  : end

  You need to change the VPN pool ip subnet to something other than the same ip range used on the inside interface.
  Sent from Cisco Technical Support iPad App

• I want to be able to totally block the FaceTime functionality in my home network.  I would like to do this at the router level.  Does anyone know the hostname or IP address that the FaceTime application uses? Or which port it connects to?

  I want to be able to totally block the FaceTime functionality in my home network so my 4 kids aren't using the Facetime feature- It was easy for Skype just had to enter the work Skype on my Router Security list- and it denies access. I would like to do this at the router level for FaceTime? Only site I find in init.ess.apple.com - is this the startup site for Facetime?   Does anyone know a site I can block, hostname or IP address that the FaceTime application uses? Or which port it connects to?

  I would presume so, but it might be worth your while to experiment and play around with different combinations to see if you can block FaceTime while keeping Game Center open.  Good luck!

• How can I Access TC outside of my home network?

  Hi everyone:
  I am new to the MAC World. We just bought my daughter a Mac Book Pro to use in University then added the time capsule at home so she would be able to back up her work over the internet and we would be able to use the WIFI and TC here at home.  We get to the University, set everythin up and Airport goes into a loop searching for the TC; it appears it cant see the TC.  We are using the wired internet through the school then go to a wireless router in my daughters dorm to allow her to access the internet both with her phone and computer.
  Is there a simple fix for this?  I also have three other PC's other laptops and several cell phones accessing the home network at any given time but only need access outside my home to the TC for the MAC Book Pro.  The sales rep at Future Shop said it would be easy to hook up and access.
  Any help would be appreciated.
  Thanks,
  Martin

  Ok.. you have to work out the way you are going to access the TC..
  There are basically three methods..
  1. Direct access using AFP.. you need a static public IP and the TC as the main internet router.. then you need to turn on internet access and password the hard disk. The college has to have port 548 open.
  If you do not have a static public IP then you can use ddns service but there is no client in the TC.. so you will have to figure out a way to update the service.
  2. Use BTMM with icloud. This is the Apple method. It actually uses vpn..(the vpn is locked to apple use only but it is not available to end user).. The requirements are 7.6.1 firmware and lion or ML on a Mac computer. I am not sure of the ports because the link to the Apple cloud is separate from the vpn to your home system.
  3. VPN.. that means you need to bridge the TC and use a decent quality vpn modem / router or combo thereof.
  VPN are not for the faint of heart.. it can take a lot of work to get running but offers the best security.. you will need to change the network equipment in your house more than likely.. using a pc / mac as a vpn server is possible.. but messy.
  There are also easy ways to at least access the home computer.. teamviewer for example. This is likely blocked by the college though.
  Double NAT is where you put a router on a private IP behind another router on a private IP.. that makes port forwarding close to impossible.

• My printers works fine on my home network but disappears on a remote desktop terminal connection

  As I don't really know how to post a general addition to the knowledge base, I'm doing in Jeopardy style.  Here is the question to the above answer.  Well close enough.
  Many people have reported all over the net issues with printers working just fine on their home network  but disappearing when they connect to a server via RDT.  There are some legit updates needed where windows did not see anything but LPT and COM ports for printer re-direction assignment.  There are Mr. Fix it's for those and registry patches.  When all of that fails, the information highway seems to dead end.
  Here is what I learned today via 2 specific printers:  HP1022 and HP2840 lasjerjets.
  After many months of frustration and 7 1/2 hours with Microsoft advanced prof support I've finally pinned down this printer and a slew of others.  This problem as far as I have come across deals exclusively with HP printers.  In simple terms:  the drivers are flawed.  This 1022 is a prime example.  It prints locally and via TCP/IP just fine. I have about 7 other printers and dummy printers in my printer folder.  Enter a remote desktop session and ALL of them populate except the 1022.  This shows that the hooks and RDT finders are locating your printers and installing them properly as remote printers.  All except the 1022. 
    Log out of your RDT session: goto the local 1022 setup and change the printer driver to a PCL driver.  I used a 1200 PCL driver.  Now log back into your RDT server and hockus pocus! there is your printer.  Totally un-usable because the driver will not run this printer.  Caveat:  each time I did this XP crashed (I couldn't get to the properties TAB anymore -- I had to un-install the 1022 and then re-install it with at least 1 reboot in the process)
  Moving on we go to the HP OfficeJet/LajerJet2840.  Same thing.  It won't pass through as remote printer in RDT.  Go local.  Set the printer driver to AppleLaserWriter8500 and boom. (same logout, change, back in steps) and your LJ2840 shows up and works.
  While I will have to wait until tomorrow I am betting that this will fix the exact same problem with the HP Officejet 8500A all in one with the exact same problem.
  Hey HP?  Whats with the drivers??
  Another work around if you have a static enough environment is to install your local printer that will not show up under RDT on the server, and then point the port to your fixed IP on your router, and passthru port 9100 to your locally installed printer that is failing.  You can now be on RDT and chooses the network printer that is printing to the TCP address of your home (or office) router.

  As I don't really know how to post a general addition to the knowledge base, I'm doing in Jeopardy style.  Here is the question to the above answer.  Well close enough.
  Many people have reported all over the net issues with printers working just fine on their home network  but disappearing when they connect to a server via RDT.  There are some legit updates needed where windows did not see anything but LPT and COM ports for printer re-direction assignment.  There are Mr. Fix it's for those and registry patches.  When all of that fails, the information highway seems to dead end.
  Here is what I learned today via 2 specific printers:  HP1022 and HP2840 lasjerjets.
  After many months of frustration and 7 1/2 hours with Microsoft advanced prof support I've finally pinned down this printer and a slew of others.  This problem as far as I have come across deals exclusively with HP printers.  In simple terms:  the drivers are flawed.  This 1022 is a prime example.  It prints locally and via TCP/IP just fine. I have about 7 other printers and dummy printers in my printer folder.  Enter a remote desktop session and ALL of them populate except the 1022.  This shows that the hooks and RDT finders are locating your printers and installing them properly as remote printers.  All except the 1022. 
    Log out of your RDT session: goto the local 1022 setup and change the printer driver to a PCL driver.  I used a 1200 PCL driver.  Now log back into your RDT server and hockus pocus! there is your printer.  Totally un-usable because the driver will not run this printer.  Caveat:  each time I did this XP crashed (I couldn't get to the properties TAB anymore -- I had to un-install the 1022 and then re-install it with at least 1 reboot in the process)
  Moving on we go to the HP OfficeJet/LajerJet2840.  Same thing.  It won't pass through as remote printer in RDT.  Go local.  Set the printer driver to AppleLaserWriter8500 and boom. (same logout, change, back in steps) and your LJ2840 shows up and works.
  While I will have to wait until tomorrow I am betting that this will fix the exact same problem with the HP Officejet 8500A all in one with the exact same problem.
  Hey HP?  Whats with the drivers??
  Another work around if you have a static enough environment is to install your local printer that will not show up under RDT on the server, and then point the port to your fixed IP on your router, and passthru port 9100 to your locally installed printer that is failing.  You can now be on RDT and chooses the network printer that is printing to the TCP address of your home (or office) router.