Remote user cant access internet
Hello there,
I have a problem with my remote vpn users. They cant acces internet after they establish vpn connection. I read about split tunnel and i think its right configured, but its not working.
Please if you have the time take a look. I attached my asa 5505 configuration
Best regards.
your split-tunneling is configured correct, but the group-policy in which this configuration is done is not applied to the tunnel-group:
tunnel-group monitoring_vpn_group general-attributes
default-group-policy monitoring_vpn_policy
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
Similar Messages
-
I cant access internet with new i pad 2 , i have a netgear dgn 1000 router any ideas
i cant access internet with new ipad 2 ,i have a netgear dgn 1000 router any ideas.............
More detail please. Assuming you knew how to set up the internet connection, have you tried resetting the iPad and/or rebooting the router?
The User Guide is available at http://support.apple.com/manuals/ or downloadable from iTunes as an iBook. -
Exchange 2013 Sp1 some users cant access owa
After I install new exchange 2013 with sp1 on windows 2012 R2 server one for mail boxes and the second Client Access, i move all mail boxes to it, then i uninstall the old server (exchange 213 with cu3).
All may exchange server’s virtual machines on hyper-v 2012R2
I install certificate and configure virtual directories
I notice some users can’t open there mail boxes from OWA they get a blank page after the enter username and password (from internal and external) (the same users can open outlook anywhere) at the same times many users can access owa.
After many restarts they can access OWA.
After some days some other users can’t access owa.
I remove ECP and OWA virtual directories, Then Recreate and configure it.
But the same problem some users cant access owa
I install a new client access server, configure it
But the same problemHI
YOu can check below things to resolve the problem
Disable SSL from Default Web Site if you have enabled them
Check if you have set any redirection in the Default Website if so remove redirection and see the results
Ensure that you have a valid certificate for owa VD
check correctly the authentication type - windows authentication is enabled or if you have form based authentication enabled
Below is an example for enabling WA
set-Owavirtualdirectory -identity "servername\owa (Exchange Back End)" -WindowsAuthentication $True -Basicauthentication $false -Formsauthentication $false
Set-EcpVirtualDirectory -Identity "servername\ecp (Exchange Back End)" -WindowsAuthentication $true -FormsAuthentication $false
Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you -
i bought a new iphone i dont know how to operste it. i cant access internet too. what should i do now?.
Hello mskanan
Check out the article below to troubleshoot the issue of not being able to get on your cellular connection.
iPhone: Troubleshooting a cellular data connection
http://support.apple.com/kb/ts3780
Regards,
-Norm G. -
Full bars, 3g connected, but cant access internet
please help me, i'm using TELKOMSEL (indonesian) i have data plans, and it's 4gb, the thing is, as i said Full bars, 3g connected, but cant access internet, i tried to access google using safari, chrome, but still the same message, network not available, those things.... PLEASE HELP ME..
It sounds like a poor data connection. I get the same thing when I try to use AT&T here in my house. It shows 4G and 3 bars but I get little to no data at all. If that is what is happening to you, you can try another carrier if there is one.
Here, I can get LTE at my house and about 10-15Mbps on T-Mobile. Switching carriers can make the difference. -
I have downloaded system log apps to gain more info on what is exactly taking place in my phone and have saved everything- ports connections IP address local an remote ones -advanced system logs - keg logs in my system logs - ect - there are words such as hash - remote user - localpeer Id - js processes - gem - registering unknown app identifier - MobileMe.fmf- system override by unknown source- bootstrap process - SMS plug in sim toolkit plugin - ect - GSEvent that is not designated as being routed to frontmost (type 2), forwarding to the System Ap- PSSystemConfigurationDynamicStoreMISWatcher sendStateUpdate]: MIS state change: 1022 -> 1022, reason: 4 -> 0- MobileMail [95] (Warning): BOOL hasAutosavedMessageWithIdentifier(id<NSCoding>) f-
PLEASE HELP - phone dies in two hours - cant turn off - switches screens - yes I've up dated software- leave kn charger over night and have 60% battery
I'm willing to send all info to anyone who will provide some type of reasonable answer for me other than back it up wipe it clean and restart BC- I live with the person I believe did It and really that's not going to help as I already have - would like more definitive info -Will do that tomorrow - but the problem is- he has had access to my iCloud since I got an iPhone - we live together - have for a long time he set it up for me - I never realized there was a possibility he could possibly hack my phone entirely through that- and im still not sure - as answers here are vague- I don't have a problem with him viewing any info there- I never set up much more than contacts and find my iPhone which - who cares if he looks where I am - I don't lie about that- but until I started having multiple persistent problems with my phone - and finding many locked files on his Mac and Cydia on his iPad -( after hours of digging) - I never had a clue to think maybe he hacked my phone - I started really researching the concept and found vuze BitTorrent VMware strange wifi numbers - different locations on Mac - apple script and text edit files - pdf files that made no sense- stuffit - frankly i dont know what any o it really means- the problem is - I don't think going to apple tomorrow having them fix it - and not knowing if the problem is here at home is going to help this situation -if he is hacking / remote using - my phone on the level I think he has - I clearly can't figure it out with the knowledge I have in regards to this software - never knew he was into it - and frankly I think If its true its pretty easy for him to do again as we share everything here - can apple look at the information I have and really answer this question or do I need to find someone who will be able to understand the data ( im sure apple will -but who wants their product hack able) and all I've heard is its impossible to hack an apple phone with out jail breaking it - which from what I've looked at the last month I'm not sure about that if you share all your devices constantly. I would just like a definitive yes or no - and before I wipe it clean - it's kind of a serious thing.
-
How can we allow internal users to access internet through ASA firewall?
Hello,
I am new to security track, i have been asked to setup lab and allow users from inside firewall to access internet. here is my lab setup
PC -> switch 1 (layer2) -> (inside) ASA (outside) -> switch 2 (Layer2) -> Router
does switch 2 port needs internet access through router?
what configuration required on ASA to allow users behind the firewall to access internet?
any help on this would be much appreciated.
thanks,Hi,
Okay , can you clarify on this for me. Are you able to ping the internet from the ASA outside interface ?
Just try something like this:-
ping 4.2.2.2 .. Does this work ?
If this does not work , then i think the ASA even is not able to get to the internet and that would be a problem on the router.
Also , internet from Switch 2 is not a requirement as that is only a Layer 2 device.
You can assign the ISP allocated address on the PC , connect it to the Switch 2 port and then try to ping something on the internet or surf internet and i think that should work.
Thanks and Regards,
Vibhor Amrodia -
[SOLVED]Creative Zen V - libmtp regular user cant access
Anyone know how to configure libmtp so that a regular user (not root) can access the device? I have searched the forum/wiki but didnt find anything usefull.
When I run mtp-detect as root it prints alot of info about the device, so I guess its working correctly. Same command as non-root user gives
[fester]$ mtp-detect
Found non-autodetected device "Creative Zen V" on USB bus...
usb_claim_interface(): Operation not permitted
Connection error.
No devices.
[fester]$
Cant access through amarok either as non-root user.
Thanks for any help I get!:DLOL...solved it myself :oops:
And incase someone else runs into the same problems, heres how I solved it...
Make sure you have libmtp installed "pacman -Q libmtp". Add the udev rule one post above and reboot. Plug in player. Start amarok, then go to Settings->Configure Amarok->Media Devices, click Add Device. Choose MTP Media Device from the pulldown menu, give it a name and click OK. Then click Apply then OK. Amarok should now detect the device and you will be able to add files to the player.
I was clicking Autodetect Device and thats why it wasnt working.... Now I love linux again -
Trying to give remote user FTP access to external HDD connected to my iMac
This gets a little complicated, so bear with me.
I have an external hard drive connected via FireWire to my iMac. I have a remote user that I want to be able to access this hard drive via FTP.
Here's what I've done so far:
1) I've given the iMac a static IP on the local network.
2) I've forwarded port 21 to said IP address via my Airport Extreme.
3) I've given the user her own account on my iMac.
4) I've turned on file sharing in System Preferences, and the user has read & write permissions. I've also enabled FTP access to the iMac.
5) I've added the external drive to the Shared Folders list, and given the user read & write permissions.
When the user attempts to FTP into my iMac, she is prompted for a user name and password. She authenticates and is redirected to her home folder on my iMac. She can read and write to this folder, but the external drive is nowhere to be found.
I'm sure I've just missed a small detail. Does anyone have any ideas?I came up with a work around, if anyone is interested.
In user accounts system preferences, I edited advanced options for the user I want to give access to. I changed the location of her home directory to the external hard drive. Now every time she logs in, she's directed straight to the external. -
scenario: generated app in app studio that access youtube
I installed on lumia 535 windows phone 8.1 and its ok
But when i installed(via link sent to me from app studio) the app in windows desktop 8.1 cant view the you tube video because cant access the internet
ideas?Hi, omrfrq.
Thank you for visiting Apple Support Communities.
I understand that you are unable to connect to the internet after updating. I am not sure if you are experiencing this issue while on Wi-Fi or via the cellular data network. However, here are a couple troubleshooting articles that cover both scenarios.
If your iPhone, iPad, or iPod touch won’t connect to a Wi-Fi network
iPhone cellular data connection issues
-Jason H. -
I cant access internet through ma black berry curve.
one weak back i bought ma new blackberry curve mobile. m new to it so m facing bit problem wth ma fone.can u please tell me how can i access internet. like other phones depends n GPRS so blackberry depends on which software. plz yar help me out of dis. thank u...
Under options>advanced>tci/ip punch in your carriers APN, make sure it is also showing edge or gprs on your network bar
Twitter: @IAmBenGiey | Click " Like " if you want to Thank someone.
If Problem Resolves mark the post(s) as " Solution ", so that other can make use of it.
Try my apps:
The Ultimate Currency Converter and T2G - BloGFeed -
AnyConnect users cannot access internet
When AnyConnect users try to connect to the internet it will not let them out. I've included a copy of my config below. Also, I have a 5505 with base license but the AnyConnect for mobile is disabled. I got what seems to be a demo license from Cisco for 91 days. I thought that the base license came with AnyConnect for 2 devices. Why is the AnyConnect for mobile disabled by default?
ASA Version 8.4(2)
hostname ASA5505
domain-name <removed>
enable password <removed>
passwd <removed>
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.10.10.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
banner motd
banner motd +...................................................-+
banner motd | |
banner motd | *** Unauthorized Use or Access Prohibited *** |
banner motd | |
banner motd | For Authorized Official Use Only |
banner motd | You must have explicit permission to access or |
banner motd | configure this device. All activities performed |
banner motd | on this device will be logged, and violations of |
banner motd | this policy may result in disciplinary action, and |
banner motd | may be reported to law enforcement authorities. |
banner motd | |
banner motd | There is no right to privacy on this device. |
banner motd | |
banner motd +...................................................-+
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 68.105.28.12
name-server 68.105.29.12
domain-name ok.cox.net
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network INSIDE-HOSTS
subnet 10.10.10.0 255.255.255.0
object network AnyConnect-INET
subnet 192.168.10.0 255.255.255.0
access-list Internet_IN extended permit icmp any interface outside echo-reply
access-list Internet_IN extended permit icmp any interface outside
pager lines 24
logging enable
logging timestamp
logging buffered informational
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 192.168.10.1-192.168.10.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any echo-reply inside
icmp permit any echo-reply outside
icmp permit any outside
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic AnyConnect-INET interface
object network INSIDE-HOSTS
nat (inside,outside) dynamic interface
access-group Internet_IN in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 10.10.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 10.10.10.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd update dns both
dhcpd address 10.10.10.25-10.10.10.50 inside
dhcpd dns 68.105.28.12 68.105.29.12 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy "Client Group" internal
group-policy "Client Group" attributes
wins-server none
dns-server value <removed>
vpn-tunnel-protocol ikev1 ikev2 ssl-client ssl-clientless
split-tunnel-policy tunnelall
default-domain value <removed>
split-dns value <removed>
webvpn
anyconnect ssl rekey time none
anyconnect ssl rekey method ssl
anyconnect ask none default anyconnect
username <removed> password <removed> privilege 15
username <removed> attributes
webvpn
anyconnect ask none default anyconnect
username <removed> password <removed> privilege 15
tunnel-group TunnelGroup1 type remote-access
tunnel-group TunnelGroup1 general-attributes
address-pool vpnpool
default-group-policy "Client Group"
tunnel-group TunnelGroup1 webvpn-attributes
group-alias ssl_group_users enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:943c1846a54a525f95905e6ebe313048
: endI found part of my problem. There wasn't nat (outside,outside) dynamic interface applyed to the AnyConnect object network. The other half of my question is still a mystery. How come the AnyConnect for Mobile is off by default on a base license when it's supposed to come with 2 AnyConnect mobile licenses installed?
-
How we can restrict remote user to access same URL?
HI,
We have two remote sites A and B.
Site-A --- Users accessing application by using this URL: http://frsys.abc.com.pk:7777/forms/frmservlet?config=sales
Site-B --- Users accessing application by using this URL: http://frsys.abc.com.pk:7777/forms/frmservlet?config=market
We want to restrict the users A and B, to access the login pages vise versa.
Regards.Hi,
I m not sure how the task would be achieved throughOAS.
But with the help of developer n DBA,we can restrict the users A and B, to access the login pages vise versa.
1) Create 2 tables in DB,one table which contains only user A and another only for user B
2) With the help of Developers,create inital login page(Userrname/Password) for both applications ie Site A and Site B
3) At Login page validate with the respective table created ie check whether the user is from table A or table B
Regards,
Fabian -
Using TMG to prevent non windows domain users from accessing internet
Hello!
I'm using Windows server 2008 and use it to run my company's Domain and I have a copy of TMG Server 2010
My question is if I installed the TMG on the my Domain server can I use it to prevent internet access for Non-Domain computers, and how it is done, I've looked around the internet but I couldn't find a way to do it so I thought I should ask here...
Basically can TMG stop non-domain computers from accessing the internet ?
thank you!Hi,
configure all clients to Webproxy clients and create Firewall policy rules which allows HTTP and HTTPS only for windows users and groups from your Active Directory
best regards Marc Grote - www.it-training-grote.de -
Read FAQs and still cant access internet
im working with a WRT54GR and i cant seem to connect to the internet anymore
i set up my router last night and everything was working fine
i downloaded and installed a few windows updates on my computer .. i took a personal phone call and when i got back to my laptop i couldnt connect to the internet anymore
now im recieving a strong signal from my router ..
.. my wireless client is telling me ive got a smooth connection not only to my router but to my internet as well .. and i still cant connect to the internet
.. i have read the FAQs and followed every instruction and still i have no connection .. according to the FAQs it should work .. but it doesnt
i just got done lowering the RTS threshold hoping that would fix my problems .. but still no
what do i do?
please helpMessage Edited by Pointblank510 on 11-12-200605:58 PM... seems like it
"Pinging webgod.linksys.com [66.161.11.20]with 32 bytes of data:
Reply from 66.161.11.20: bytes=32 time=37ms TTL=42
Reply from 66.161.11.20: bytes=32 time=37ms TTL=42
Reply from 66.161.11.20: bytes=32 time=37ms TTL=42
Reply from 66.161.11.20: bytes=32 time=37ms TTL=42
Ping statistics for 66.161.11.20:
Packets: Sent = 4, Recieved = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 37ms, Average = 27ms"
Maybe you are looking for
-
How to display a listView vertically with multi columns?
Hi, Refer to the sample HTML ListView item templates sample. If I want to display the listView (in scenario1.html) in three columns with vertical scroll bar, what should I do? I try to change 'layout' property of listView from 'GridLayout' to 'ListL
-
Hello, I have a hierarchy in BW (made of characteristics nodes) and i want to use that hierarchy in BW-BPS. But in BPS this hierarchy become one node hierarchy: <b><i>in BW</i></b>: <i>Total</i> .A ...1 ...2 ...3 .B ...2 .....22 ...3 ...4 .....41 <i>
-
Adding a breadcrumb for multiple image pages
I'm using a body class tag to highlight each page in the navigation when it loads (i.e., ".oneColFixCtrHdr photos" would change the Photos text in the nav bar from black to white when on that page). Is there also a way to do this with multiple pages
-
BOBJ thumbnail iview on Enterprise Portal
HI, I am trying to create the Thumbnail type of iview on portal to display all the dashboars on a single page. and when user clicks on a thumbnail the Dashboard should open in new window. Please guide me on how to create Thumbnail iview on Enterprise
-
Can not copy any text in an acrobat reader document
I can not copy any text in an Acrobat Reader document Response an internal error occurred. Please help