Remote access to iPhoto acts wonky...
Hello,
I have tried to access iPhoto via Apple's Remote Desktop and via VNC. The application
starts ok but I cannot get anything more than the thumbnails to show.
If I double click a thumbnail with the default editor I get a black screen. If I set
the editor to Preview I get a blank screen but the thumbnail shows in the side
panel.
Is there a way to use iPhoto via remote access?
Thanks
Jerry
Ok,
I hooked the mini up to the TV and double clicking an image shows the
image in edit mode...
Something strange is going on since if I access my mac book pro via
vnc the edit mode works.
The mini has integrated graphics, the mbp has a dedicated graphics card.
Can't think of any reason for the mac mini to fail to display the images...
Any suggestions?
Jerry
Similar Messages
-
Remote access VPN on ASA5520 Ping Issues.
Hi I hope someone might be able to help me. I have setup a remote access VPN on an ASA 5520. The VPN client connects ok, accepts my username and password and then I am in. I get an allocated IP address of 172.16.1.1 from the local pool. The problem is that I cannot then ping the inside LAN which is 192.168.1.1. I've got isakmp nat traversal set to default which is 20. I've been looking at this all day and I think I've gone crossed eyed, a fresh pair of eyes are definitley required, so any help would be gratefully received. My config is
Saved
ASA Version 7.0(8)
hostname Hospira-firewall
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
interface GigabitEthernet0/0
speed 100
duplex full
nameif outside
security-level 0
ip address 213.212.66.52 255.255.255.248
interface GigabitEthernet0/1
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
shutdown
no nameif
no security-level
no ip address
ftp mode passive
same-security-traffic permit intra-interface
access-list NONAT extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list Split standard permit 192.168.1.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
ip local pool mypool 172.16.1.1-172.16.1.253 mask 255.255.255.0
no failover
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NONAT
nat (inside) 1 192.168.1.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 213.212.66.49 1
route outside 172.16.1.0 255.255.255.0 213.212.66.49 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy hospira internal
group-policy hospira attributes
vpn-simultaneous-logins 400
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split
webvpn
username user password 08S9WUsiSMr3RauN encrypted
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set hospira esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map dmap 1 set transform-set hospira
crypto dynamic-map dmap 1 set security-association lifetime seconds 28800
crypto dynamic-map dmap 1 set security-association lifetime kilobytes 4608000
crypto dynamic-map dmap 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dmap
crypto map mymap 2 match address NONAT
crypto map mymap 2 set security-association lifetime seconds 28800
crypto map mymap 2 set security-association lifetime kilobytes 4608000
crypto map mymap interface outside
isakmp identity address
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
isakmp policy 65535 authentication pre-share
isakmp policy 65535 encryption 3des
isakmp policy 65535 hash sha
isakmp policy 65535 group 2
isakmp policy 65535 lifetime 86400
isakmp nat-traversal 20
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group hospira type ipsec-ra
tunnel-group hospira general-attributes
address-pool mypool
default-group-policy hospira
tunnel-group hospira ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh timeout 5
console timeout 0
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect icmp error
service-policy global_policy global
Cryptochecksum:98f85c39a5cbffe66b0f6585d5083c7c
: end
Many thanksHi Richard ,
- we don't need access-list with RA connection , we have the dynamic map that acts as a template , so your crypto config :
crypto map mymap 1 ipsec-isakmp dynamic dmap
crypto map mymap 2 match address NONAT
crypto map mymap 2 set security-association lifetime seconds 28800
crypto map mymap 2 set security-association lifetime kilobytes 4608000
crypto map mymap interface outside
map with seq 1 is being binded to the dynamic map , now map 2 you are using the nonat access list as the encryption trigger for this map , so this should not be there as it encrypt traffic from the inside subnet to the pool .
please remove the second entry, then test if not working please provide a capture from the inside interface .
HTH
Mohammad. -
How can I remotely access my computer from a different location on Apple Remote Desktop?
I downloaded Apple Remote Desktop and am trying to access our computer at our church that is in the auditorium and work on slides for ProPresenter from my office which is on a different network. The Mac Pro, which is in the auditorium, is connected to a Netgear wireless router. I would also want to be able to have access to observe and control the screen on the Mac Pro whether I am in my office or at my house. I have tried everything from going to portforward.com, followed those instructions, did port forwarding, used ipchicken.com to get my external IP and made sure that the Mac Pro had a static internal IP address and made sure the computer had access for remote management. Any help to resolve this issue would be greatly appreciated! Works fine when it is on the same wireless network, but I need access being on a different wireless network. Thanks!
Hi austinmac14,
So the steps listed bellow assume some things. They assume that the Airport Extreme Router your configuring is connected directly to the internet connection. And that the Airport Extreme is the only router between your computers and the internet.
That means we're talking about say a DSL modem plugged directly into the Airport Extreme, or a cable modem. in ether case, this assumes that said modem, is not acting as an internet router.
If your modem has multiple ethernet ports on it, or has a little antenna sticking out of it, then your modem is probable also a router, and these steps listed bellow will probable not work.
Also these steps are so one person, can connect to one computer at your work.
Open Airport Utility:
go to the dock
Click on the finder
go to the menu bar
Click on the "Go" menu
Chose "Utilities" from the "Go" Menu
double Click on "AirPort Utility"
Access the Base Station:
Double Click on your Airport Extreme BaseStation that is your internet connection router.
a new window should pop up with your Airport Base Station as the Window Name
Configure Static Address for the computer you want to connect to via ARD:
Click on the internet Icon from the toolbar
Click on the "DHCP" tab
For "DHCP Reservations:" Click on the "+" button
For the "Description" put "ARD"
For "Reserve Address by:" set "DHCP Client ID"
Click the "Continue" button
For "DHCP Client ID:" set "ARD"
write down the number in "IPv4" address field
Click the "Done" Button
Configure routing to ARD computer:
Click on the "Advanced" icon from the tool bar.
Click on the "Port Mapping" tab
Click on the "+" button
for "Service:" Chose "Apple Remote Desktop"
for "Private IP Address:" copy the exact IP address you wrote down in step "3. 8)"
Click the "Continue" button
Click the "Done" button
Click the "+" button
For the pulldown menu "Service:" Chose "Remote Apple Events"
for "Private IP Address:" copy the exact IP address you wrote down in step "3. 8."
Click the "Continue" button
Click the "Done" button
Click the "+" button
For the pulldown menu "Service:" Chose "Remote Login - SSH"
for "Private IP Address:" copy the exact IP address you wrote down in step "3. 8."
Click the "Continue" button
Click the "Done" button
Click the "Update" button.
wait for the Airport Extreme to update, and for your computer to reconnect to the airport extreme. (make sure you can load and browse websites.)
Configure the ARD computer to use the correct IP address:
Go to the computer you want to be able to remotely connect to
On that computer, Go to the menu bar
Chose the "Apple" menu bar
Chose "System Preferences…"
Click on the "Show All" button
Click on the "Network" icon
For the active network connection, (the connection on the left side with the green dot), click on it
Clock on the "Advanced…" button
Click on the "TCP/IP" tab
for the "DHCP Cient ID: field put "ARD".
Click the "OK" button
Click the "Apply" buttonNOTE: Under "Status" you should see "(connection name) is connected to (airport base station name) and has the IP address (IP address)." the "(IP address)" address displayed should match the IP address you wrote down in step "3. 8."
Find out what your public internet IP address is.
On the computer you wish to connect to over the internet, gotohttp://whatismyipaddress.com/
when the web page loads, you should see "IP Information:" fallow by a number like 192.168.0.1, write down what ever number it is.
At this point you should be able to connect to the computer remotely
connect to the internet from another location.
open Apple Remote Desktop
go to the file menu
chose connect to computer using ip address
set the address to the address to the IP address you wrote down for step 6. 2.
use the same password as you used to connect to the computer at work using ARD.
So here the catch. If your router gets reset... well then your going to have to configure it again. Also all the same rules you have to connect to the computer at work, also apply to connecting to the computer from over the local network. That means your computer need to be on or sleeping. And if it's sleeping it need to be configure to wake for network access.
Also some network connections change. When it comes to internet connections, some connections are static IP, while other connections are DHCP. If your connection is static... great! if it's DHCP, your address may change. If it dose.. well then your ability to connect will break. And then you'd have to do step 6 & 7 again.
Of corse there are ways around this. But that's kind of another conversation.
Some internet locations may block your ability to connect to your computer at work. This is very common at schools, and companies. Basically any place that tries to control your ability to browse the internet, may block remote access to computers; because a remote computer would completely by pass their web filter.
ALSO there is an easier option. As far as setup. There are programs designed to make remotely accessing your mac as easy as possible. For instance there is LogMeIn or Slack. With both of these programs, it's simple. make sure your computer is always on. Then install the software. Create an account with the service. And then you can connect to the computer almost any where by going to their website.
This option requires no router configuration. It handles DHCP. It's designed to work in as many locations as possible. -
One username for two tunnel in IPSec remote access vpn + ACS for authentication
Hi all,
I want to set up a username which can be used for two different IPSec tunnel (i.e. username USER1 can be used in tunnel TUN1 and TUN2). Can anyone help me how to do this? My current configuration is that I tied the username to tunnel group using group-lock (RADIUS property) so a username can only be used for a particular remote access vpn tunnel (USER1 can only be used for TUN1). I have already tried to enable multiple entry for group lock in ACS (by manipulating the dictionaru setting in ACS), but it seems that authentication still takes the first group and can not take the second group.You'd have to create a new AAA server group pointing to servers in the new domain for authentication.
Then make a new connection profile that uses that AAA server group.
Your users would have to choose the connection profile (absent some more advanced tricks like issuing them user certificates that can be checked for attributes which map to one profile or another).
This could also be done with ISE 1.3 which can act as the RADIUS server and join to multiple AD domains on the backend as identity stores. (or even with ISE 1.2 if you use one of the AD directories as an LDAP store vs. native AD). -
Hello,
I'm giving it one more chance and then Mac goes into trash. My iMac is either remotely accessed, perhaps malicious code, hacked and/or all of the aforementioned. I am not savvy in these areas. Please read some of the many symptoms and if you can assist me -- I am beyond grateful. If you want to say it is my fault because I allowed somebody to use my computer or other nonsense please do not waste my time or yours. This is serious and has been going on for a period of time that is longer then I can remember!
I have a neighbor, lives in my apartment building, 'had' physical access to my iMac. Shortly after this I started to have problems that beyond any nightmare I have ever heard of - whether it be Windows or Apple! Please feel free to ask me any question(s) that might help me rid my iMac of this malicious act as the police have been useless -- say they do not have equipment to check my Mac. FBI can't b bothered.
It is more then clear that a person(s) has access and has messed up the OS, among other terrible things. He took over my Facebook account months ago, posted as though he was me. He also prevented me from getting back into FB and Yahoo to close those connected accounts. Went to an Apple store, under protection of their router and removed FB/Yahoo accounts. The pages that were showing at home turned out to be fake pages controlled by him. (Think they are called "defaced").
Anytime I did a 7X or zero out clean install -- he was there before I even hooked up the router!!!
It came to a point that I can no longer even get to the erase/Utility/install from my apartment so I took it to Apple more then once. Besides erase/install, I turned off ALL Sys Preferences that could alert him to Mac. The last time I received a gray Install CD and was told to take it out of the building and do another erase/install. There is no sense of going through this until I know if/how to get rid of him.
Also when I first sign on I ALWAYS get a 192.168.100.11. I do NOT have a router. I then go to System Preferences to Network and click "renew DHCP" several times before I get an IP addy! I am not savvy in this area but do feel that this is a major clue.
Passwords have been changed, master password is not something I can access which prevents me updating, etc., etc.
I will not bombard you with every detail as that would take several pages. I am beyond desperate. Will be happy to provide further details to serious responders only.
Thank you.
'REQUIRE ASSISTANCE'
Heartfelt sympathy to the many family members, friends, people who loved Steve Jobs even though they never met him -- RIP Steve. You are missed.If you really believe that your system has been compromised, here's what you do:
Disconnect your Mac from your cable modem;
Back up any documents on your system that are important to you;
Boot your Mac from the system installation disks that came with it (insert the disk, restart your Mac, and hold down the "c" key until you get the "spinning gear" icon);
Choose a language and click the arrow button to continue;
From the Utilities menu, choose Disk Utility;
In Disk Utility, select your computer's hard drive;
Click the "Erase" tab;
Click the "Security Options" button and select to have it overwrite all the data on the hard drive;
Click the "Erase" button and allow it to process;
Once the "erase process has completed (it will take a while), reinstall Mac OS X.
Or, if this is too much for you to accomplish on your own, take your system to an Apple Store and have them help you perform these steps. If your system was indeed compromised, this will remove any such hack. You can then set up a new user account for the computer, reinstall your applications (reinstall only from original disks or downloads from the company making the software) and documents, and reconnect to the Internet.
Note that when you reconnect to the cable modem, you may still get an IP address starting with 198. This is normal with some cable modems and probably not a cause for concern. It will not be an indication that your system is still compromised; that will not be possible if you perform all the above steps.
Regards. -
[SOLVED] Cups 2.0 remote access issues
After CUPS recent upgrade to 2.0 both my cups server and client stopped working. In particular, I cannot even get to the administration pages from remote access.
I can get to CUPS's home page, but I get an error as soon as I try to access any other page. The error I get in the browser (firefox) is
Unable to connect
Firefox can't establish a connection to the server at ....
Following wiki instructions, in my cupsd.conf file I have replaced the standard
Listen localhost:631
with the ip range for the local network
Listen 192.168.0.0/24:631
and I have added
<Location />
Order allow,deny
Allow from @LOCAL
</Location>
# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
Allow from @LOCAL
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
Order allow,deny
Allow From @LOCAL
</Location>
DefaultEncription Never
Unfortunately, nothing has changed. I still get the same error in the browser and I cannot access the admin pages (or any page other than the home page).
Help is greatly appreciated.
Stefano
Last edited by stefano (2014-11-08 15:27:03)clfarron4 wrote:
Guzzista wrote:
Same here, I discovered my file sshd.service disappeared on the server. I get the error
# systemctl start cupsd
Failed to start cupsd.service: Unit cupsd.service failed to load: No such file or directory.
Don't know how to solve for now
Unless it's a custom service file your relying on, the service has been re-named.
Unfortunately, that's not where my problem lies. I was aware of the renaming issue and had acted accordingly.
Still looking for solutions.
S. -
Was my computer remotely accessed?
I was on iTunes, and a shared folder thing popped up on the left. It contained a vulgar word and had the lock symbol on it. Shortly after I saw this, my iPhoto randomly opened up and started to browse through pictures. I was NOT touching the keyboard or the trackpad. It scared me, so I immediately hit Command+Q to quit both iPhoto and iTunes. This seemed to solve it, as nothing else happened. I also shut down my Wifi. I then went into Settings to see if any of my sharing options were turned on, and they were not. I wanted to see if the folder thing had gone away in iTunes, so I turned my Wifi back on and went into iTunes. The folder was still there, but nothing happened this time. Was my computer remotely accessed?
When on a public network, you should activate the built-in firewall in the Security & Privacy preference pane. However, I doubt that this was an intrusion, unless perhaps you have some kind of third-party screen sharing software installed, such as "TeamViewer." Even then, you'd have to launch it and sign in for anything to happen.
-
Can you access your iPhoto on your MAC from a different device?
My Mac, which is my housing source for all photos from the past 7 years. Is there any way to access my iPhoto and it's contents from a different device WITHOUT using iCloud? I have iCloud, but I don't believe that I ever connected it with my MAC.
Where is your laptop? You might be able if you have file sharing setup and remote access enabled on it. However the laptop whould have to be setup to allow you access remotely. You can learn more about that by asking in the forum for the system that is running on the laptop.
OT -
Remote Access VPN Clients Cannot Access inside LAN
I have been asked to set up remote access VPN on an ASA 5505 that I previously had no invlovement with. I have set it up the VPN using the wizard, they way I normally do, but the clients have no access to anything in the inside subnet, not even the inside interface IP address of the ASA. Thay can ping each other. The remote access policy below that I am working on is labeled VPNPHONE, address pool 172.16.20.1-10. I do not need split tunneling to be enabled. The active WAN interface is the one labeled outside_cable.
: Saved
ASA Version 8.2(1)
hostname ASA5505
domain-name default.domain.invalid
enable password eelnBRz68aYSzHyz encrypted
passwd eelnBRz68aYSzHyz encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group dataDSL
ip address 76.244.75.57 255.255.255.255 pppoe
interface Vlan3
nameif dmz
security-level 50
ip address 192.168.9.1 255.255.255.0
interface Vlan10
nameif outside_cable
security-level 0
ip address 50.84.96.178 255.255.255.240
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 10
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit intra-interface
object-group service Netbios udp
port-object eq 139
port-object eq 445
port-object eq netbios-ns
object-group service Netbios_TCP tcp
port-object eq 445
port-object eq netbios-ssn
object-group network DM_INLINE_NETWORK_1
network-object host 192.168.100.177
network-object host 192.168.100.249
object-group service Web_Services tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq https
object-group network DM_INLINE_NETWORK_10
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_11
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_2
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_3
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_4
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_5
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_6
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_7
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_8
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_9
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network VPN
network-object 192.168.255.0 255.255.255.0
access-list outside_access_in extended permit icmp any host 76.244.75.61
access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp
access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp-data
access-list outside_access_in extended permit tcp any host 76.244.75.62 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.62 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.59 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.59 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.60 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.60 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.58 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.58 eq https
access-list dmz_access_in remark Quickbooks
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_6 host 192.168.100.5 eq 56719
access-list dmz_access_in remark Quickbooks range
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_7 host 192.168.100.5 range 55333 55337
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_8 host 192.168.100.5 eq 1434
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_9 host 192.168.100.5 eq 49398
access-list dmz_access_in remark QB
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_10 host 192.168.100.5 eq 8019
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_2 host 192.168.100.5 eq 2638
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_11 host 192.168.100.5 object-group Netbios
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_3 host 192.168.100.5 object-group Netbios_TCP
access-list dmz_access_in extended deny ip host 192.168.9.4 host 192.168.100.5 inactive
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_4 any
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_5 any
access-list dmz_access_in remark Printer
access-list dmz_access_in extended permit ip 192.168.9.0 255.255.255.0 object-group DM_INLINE_NETWORK_1
access-list dmz_access_in extended permit tcp 192.168.9.0 255.255.255.0 any object-group Web_Services
access-list dmz_access_in extended permit udp 192.168.9.0 255.255.255.0 any eq domain
access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.255.0 255.255.255.0 echo-reply
access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.100.0 255.255.255.0 echo-reply log disable
access-list dmz_access_in remark QB probably does not need any udp
access-list dmz_access_in extended permit udp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
access-list dmz_access_in remark QB included in other rule range
access-list dmz_access_in extended permit tcp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
access-list dmz_access_in remark May be required for Quickbooks
access-list dmz_access_in extended permit icmp host 192.168.9.4 host 192.168.100.5
access-list CAD_capture extended permit ip host 192.168.9.4 host 192.168.100.5
access-list CAD_capture extended permit ip host 192.168.100.5 host 192.168.9.4
access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 172.16.10.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 172.16.20.0 255.255.255.240
access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.9.0 255.255.255.0
access-list dmz_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
access-list outside_cable_access_in extended permit icmp any host 50.84.96.182
access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp
access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp-data
access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq https
access-list Local_LAN_Access standard permit host 0.0.0.0
access-list vpnusers_spitTunnelACL extended permit ip 192.168.100.0 255.255.255.0 any
access-list nonat-in extended permit ip 192.168.100.0 255.255.255.0 172.16.20.0 255.255.255.0
pager lines 24
logging enable
logging buffered informational
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu outside_cable 1500
ip local pool VPN_IP_range 192.168.255.1-192.168.255.10 mask 255.255.255.0
ip local pool VPN_Phone 172.16.20.1-172.16.20.10 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat-control
global (outside) 10 interface
global (outside_cable) 10 interface
nat (inside) 0 access-list nonat-in
nat (inside) 10 0.0.0.0 0.0.0.0
nat (dmz) 0 access-list dmz_nat0_outbound
nat (dmz) 10 0.0.0.0 0.0.0.0
static (inside,outside) 76.244.75.62 192.168.100.25 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.61 192.168.9.123 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.59 192.168.9.124 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.58 192.168.9.4 netmask 255.255.255.255 dns
static (inside,dmz) 192.168.100.0 192.168.100.0 netmask 255.255.255.0
static (dmz,outside) 76.244.75.60 192.168.9.10 netmask 255.255.255.255 dns
static (inside,outside_cable) 50.84.96.183 192.168.100.25 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.182 192.168.9.123 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.180 192.168.9.124 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.179 192.168.9.4 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.181 192.168.9.10 netmask 255.255.255.255 dns
access-group outside_access_in in interface outside
access-group dmz_access_in in interface dmz
access-group outside_cable_access_in in interface outside_cable
route outside_cable 0.0.0.0 0.0.0.0 50.84.96.177 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.100.0 255.255.255.0 inside
http 204.107.173.0 255.255.255.0 outside
http 204.107.173.0 255.255.255.0 outside_cable
http 0.0.0.0 0.0.0.0 outside_cable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_cable_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_cable_map interface outside_cable
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp enable outside_cable
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 192.168.100.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.100.0 255.255.255.0 inside
ssh 204.107.173.0 255.255.255.0 outside
ssh 204.107.173.0 255.255.255.0 outside_cable
ssh 0.0.0.0 0.0.0.0 outside_cable
ssh timeout 15
console timeout 0
vpdn group dataDSL request dialout pppoe
vpdn group dataDSL localname [email protected]
vpdn group dataDSL ppp authentication pap
vpdn username [email protected] password *********
dhcpd address 192.168.100.30-192.168.100.99 inside
dhcpd dns 192.168.100.5 68.94.156.1 interface inside
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.100.5
vpn-tunnel-protocol IPSec l2tp-ipsec
group-policy cad_supplies_RAVPN internal
group-policy cad_supplies_RAVPN attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value cad_supplies_RAVPN_splitTunnelAcl
group-policy VPNPHONE internal
group-policy VPNPHONE attributes
dns-server value 192.168.100.5
vpn-tunnel-protocol IPSec
split-tunnel-policy excludespecified
split-tunnel-network-list value Local_LAN_Access
client-firewall none
client-access-rule none
username swinc password BlhBNWfh7XoeHcQC encrypted
username swinc attributes
vpn-group-policy cad_supplies_RAVPN
username meredithp password L3lRjzwb7TnwOyZ1 encrypted
username meredithp attributes
vpn-group-policy cad_supplies_RAVPN
service-type remote-access
username ipphone1 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone1 attributes
vpn-group-policy VPNPHONE
username ipphone2 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone2 attributes
vpn-group-policy VPNPHONE
username ipphone3 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone3 attributes
vpn-group-policy VPNPHONE
username oethera password WKJxJq7L6wmktFNt encrypted
username oethera attributes
vpn-group-policy cad_supplies_RAVPN
service-type remote-access
username markh password nqH+bk6vj0fR83ai0SAxkg== nt-encrypted
username markh attributes
vpn-group-policy cad_supplies_RAVPN
tunnel-group DefaultRAGroup general-attributes
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group cad_supplies_RAVPN type remote-access
tunnel-group cad_supplies_RAVPN general-attributes
address-pool VPN_IP_range
default-group-policy cad_supplies_RAVPN
tunnel-group cad_supplies_RAVPN ipsec-attributes
pre-shared-key *
tunnel-group VPNPHONE type remote-access
tunnel-group VPNPHONE general-attributes
address-pool VPN_Phone
default-group-policy VPNPHONE
tunnel-group VPNPHONE ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 1500
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:8b25ecc61861a2baa6d2556a3679cc7c
: endHi,
You have your "group-policy" set so that you have excluding some networks from being tunneled.
In this access-list named Local_LAN_Access you specify "0.0.0.0"
Doesnt this mean you are excluding all networks from being tunneled? In other words no traffic goes to your tunnel.
This access-list should only contain your local LAN network from where you are connecting with the VPN Client. If you dont need to access anything on your local LAN while having the VPN on, you don't even need this setting on. You could just tunnel all traffic instead of excluding some networks.
- Jouni -
Is there a way of remote accessing 'Games and More' on a mobile?
I am new to the forum, please excuse me if I am in the wrong space!
Is there a way of remotely accessing/executing Java applications that are residing in the 'Games and More.' folder on a mobile device?
e.g. Java application is downloaded into 'Games and More' and there is a requirement to execute the program from an ODP (On-Device-Portal). The ODP is external to the 'Games and More' folder but within the same mobile device.
Many thanks
IanIVM wrote:
Is there a way of remotely accessing/executing Java applications that are residing in the 'Games and More.' folder on a mobile device? No.
db -
How to set up my elderly parent with Mac so that I can use remote access to help her?
I want to set my elderly mother up with a new Mac mini so that I can use remote access to show her how use email, browse the internet, share photos. (She lives in KY, I live in OR)
She has had an iPhone and an iPad for about 6 months and she can barely use them without becoming frustrated. I want to be able to see her screen with her and show her how to do things.
My plan is to set her up with a Mac mini and I'll use my MacBookAir to remote into her system. I'm buying the mini to configure and then I'll mail it to her.
My question is whether to try to use Back to My Mac or Teamviewer for remote access
I have broadband with comcast and she has broadband with Access Cable. Each have their company modem/routers--neither of us have Airport Express.
I have my own iCloud account and she has her own. If I use Back to My Mac, it seems that I would need to set up a separate account on my Mac that would sync to her iCloud account.
Teamviewer seems easier because I don't have to use a separate account. Any advice? Anything that I'm not thinking about?As Linc says, you can establish a Screen Sharing session via iMessage and Facetime. The advantage of these 2 approaches is that once your Mom gets used to using them, she will be more comfortable using them to communicate with you. I've talked to my Mom via iChat (aka iMessage) more since she learned to use them, then in all the years before that (including when I was a child ). And just being able to see your Mom via Facetime can be useful when you want to gage how she is doing.
However, if you are any distance from your Mom, they you want backup methods incase something goes wrong.
So beside iMessage/Facetime, the next best would be Back-to-My-Mac via iCloud, however, you will want to establish her Mac as using your account so that you have the right to take control remotely.
An alternative that does not mix up your iCloud acounts would be to use TeamViewer.com (which has an unattended mode so you can do off-hour maintenance when your Mom is not around; or check up on her to find out if she is dating - Turns out if I had been paying attention, I would not have been blind-sided by my Mom getting Married again last Summer - she is in her 80's! ).
LogMeIn.com, as dwb says, can be used the same was as TeamViewer.com
Both LogMeIn.com and TeamViewer.com are very good at making it easy to get through the home router and if you are having any problems connecting using other Methods, TeamViewer.com or LogMeIn.com will most likely not have any issues.
Back-to-My-Mac allows screen sharing and file sharing so you can transfer files as well as control the screen.
Screen Sharing via Messages allows cooperative file transfer. That is to say, you can try pushing a file to your Mom, but she has to accept each transfer.
TeamViewer.com has an unattended file transfer mode.
LogMeIn.com requires the paid version to transfer files. However, there are other ways to transfer files, such as downloading them from the original source on your Mom's system while using screen sharing, using Dropbox (or similar), emailing them, etc...
Of course if you are really network savvy, you can roll your own via ssh tunnels, port forwarding routers, getting dynamic DNS names, transferring files via scp, or tunneling AFP file sharing, tunneling your screen sharing sessions. Lots of fun and excitement playing with terminal commands -
How do I access my iPhoto files with the Mac version of Lightroom 3?
I dowloaded Lighthouse 3 to my Macbook Pro and I can not
access my iPhoto files.http://lightroomkillertips.com/2010/video-moving-from-iphoto-to-lightroom-3/
-
Remote Access Question...
Is there a remote access app with which I can open media on a computer or laptop in the apps that support said media or files on my iPad, email these files as a link, email compatable sizes as an attachment, save compatable types to camera roll, Print, view, play, listen to, and read?
You can use email to send files to your iPad. But the best way to transfer photos, music, documents etc. is to use iTunes on your computer. See page 40 of the iPad User's Manual for information on syncing your iPad using iTunes. The manual is here
http://support.apple.com/manuals/#ipad -
Remote access to Time Capsule won't work
Over the past couple of months I've been doing lots of research and planning into replacing my Mac Pro and old MacBook Pro with a new Mac setup. I was looking for efficiency, productivity and ultimate portability so the Macbook Pro Retina and Time Capsule grabbed my attention.
I was interested in the MacBook Pro Retina for work (travel) and home leisure use. Due to having so much music and video iTunes content, I was interested in purchasing a Time Capsule and a secondary external hard drive, placing all my iTunes content on the Time Capsule which I would then back up to the external hard drive when I was at home. I would then setup Time Capsule to be accessible over the internet so that I could view my media content through iTunes wherever in the world I was (internet speeds permitting of course). By doing this I could carry only my work files with me on the 512GB SSD Macbook Pro Retina, but could access the Time Capsule media files remotely, either via wi-fi or by tethering my iPhone 5.
So I purchased a Time Capsule to test my theory. I followed online guidance on how to achieve such a setup and using my 2008 MacBook Pro (which runs Snow Leopard) and a friends internet connection I got the system to work. I was able to remotely contact Time Capsule and watch High Def video content via wireless internet and even tethered to my iPhone. So I went and purchased a Macbook Pro Retina (running Mountain Lion) and set about setting up the system in the same way. But this is where something's gone wrong. I can't connect to the Time Capsule over the internet at all.
The Air Port utility has been updated to version 6 which is lacking the ability to instruct the Time Capsule to "Allow access over WAN". I thought I'd make sure it still connected via the internet using my old MacBook Pro, which had definitely worked perfectly just a couple weeks earlier, and that won't work either. I can't find the option to "Allow access over WAN" within Airport Utility 5.6.1 either? And the simple apple script application that I wrote (following an online guide) to open the remote connection to Time Capsule with the double left click on an icon has stopped working too.
I don't pretend to be a network engineer and I'm no I.T. expert, though I usually manage to teach myself what I need to know to sort issues like this out, but this has gotten me really stumped! I tried downloading an old version of Airport Utility to see if that had the "Allow access over WAN" feature (within the 'Disks' > 'File Sharing' area of Airport Utility) but my Mac OS won't allow the old versions to run.
Perhaps the version of Airport Utility I used on my Macbook Pro a couple of weeks ago didn't have the "Allow access over WAN" check box either and I just didn't notice - which is likely unless Airport Utility updates itself in the background without any prompts etc. I certainly didn't notice a software update for it any time over the past few days. Either way, I don't understand how it could have been working a few days back and now it's suddenly not.
I used this guides to gain remote access to Time Capsule successfully just a couple of weeks ago:
http://www.youtube.com/watch?v=SIQ7SzA1cK4
Can anyone shed any light on the issue and point me toward a fix please? I'd appreciate the help.Thanks LaPastenague. I'm not sure if I have a static IP but I can confirm it hasn't changed in the past month.
I've pretty much come to the conclusion that what I want to do isn't really possible using Time Capsule. Like I mentioned, I had remote access working a couple of weeks ago but it seems like apple have updated the firmware or airport software to remove something that was necessary to remotely connect in the same way. And even if I did get it working I think it would still be so restrictive, requiring a fast wifi or mobile phone tethered connection to view my media files over the internet.
I got connected via iCloud and B.T.M.M. but the connection was very slow and video wouldn't stream well at all (painful). It seems that the speed constraints would make it very frustrating each time I simply wanted to look through my vast iTunes music collection or movie library. Album covers won't appear either.
Even if it were possible to connect via a static IP I just don't think that the WAN connection would be stable or fast enough to offer an efficint solution(?), so I'll probably have to by an external portable HD and use Time Capsule for Time Machine and Printer Sharing.
I wish I could stream my iTunes movies and music successfully over the internet, but right now it just doesn't seem possible. -
Cannot login to Cisco Jabber 10.5.1 over Mobile and Remote Access
Hi,
We have deployed sucessfully VCS Expressway-C and VCS Expressway-E with only 1 zone which is "Unified Communication Traversal" and is for Mobile and Remote Access only. VCS-C and VCS-E are communicating and in statuses everything is active and working. Also VCS-C can communicate with CUCM and CUP (both version 10.5).
Problem is when I deploy Cisco Jabber 10.5.1 on computer outside of LAN and without VPN it start communicating with VCS-E, ask me for accepting certificate (we have certificate only intenally generated on Windows CA) and after that it is trying to connect and after few seconds it will tell me that it can't communicate with server.
Did any of you had same problem or can you advice how to troubleshoot? In Jabber logs there is only something like "Cannot authenticate" error message, but when I startup VPN I can authenticate without any problems.
ThanksOn Expressway-C are your HTTP Allow Lists setup properly? By default, and auto discovered CUCM and IMP should be listed via IP and Hostname, but if not, you'll need to insert manually.
Also, you can look at the config file your Expressway-E would be handing out to Jabber via this method.
From the internet, browse to:
https://vcse.yourdomain.com:8443/Y29sbGFiLmNvbQ/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin
Where:
vcse is your Expressway-E hostname (or CNAME/A record)
yourdomain.com is your own domain
The first directory is your Base64 encoded domain name, remove and trailing equal signs (=)
The XML returned is basically the DNS SRV record information available as if internal for _cisco-uds and _cuplogin
TFTP DNS SRV is optional if you configured TFTP in IMP for your Legacy Clients.
Maybe you are looking for
-
I have synced my IPhone 3GS to the newest iTunes version to get IMessage, it worked for a while but now it doesn't work and I have tried resyncing my phone but it still doesn't work. what should I do?
-
HDMI connected to work flatscreen not displaying, but detected
Hi all. I'm having an HDMI output problem on a MacBook pro retina, just got it a couple days ago. When I connect to the flatscreen in the conference room (Toshiba) via HDMI, the mac screen does it's resolution-switching blue flicker, and I get, in th
-
iOS 7.1.2 iPad 4 Wi-Fi no jailbreak I've noticed the following bug. When I'm on vk using the Safari browser, when I browse the website's newsfeed, either iOS reboots or Safari shuts down. I've noticed it happens only when I'm on vk, haven't checked w
-
I had to recover my hard drive and install Adobe Pro 9.0. I now need to upgrade the program
-
Mini screen resolutions on a Samsung 32" LCD?
Can anyone tell me what screen resolutions (pixel width x pixel height) would be available to a Mac Mini connected to a Samsung SyncMaster 320P 32" LCD? A listing of the monitor, which includes "native" and "supported" resolutions, is available here.