[resolved] Cannot access particular site

Similar Messages

• I cannot access a site I use often as a403 error occurs. How do I resolve

  I cannot access a site I use often as a 403 error occurs. How do I resolve?

  You need to contact the website and tell them to upgrade their security protocols. Especially the following:
  * The site uses SSLv3, meaning it's vulnerable to the well known POODLE attack. https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
  * The site uses RC4, which is insecure.
  * The site does not support TLS 1.2, which is recommended.
  You can see a full list of all the problems with the website at https://www.ssllabs.com/ssltest/analyze.html?d=secure.crbonline.gov.uk
  It very soon will not work in Google Chrome either, so it's in the website's best interest to update ASAP (besides protecting their users from having all their data and information stolen)

• VPN Clients cannot access remote site

  Hey there,
  I am pretty new in configuring Cisco devices and now I need some help.
  I have 2 site here:
  site A
  Cisco 891
  external IP: 195.xxx.yyy.zzz
  VPN Gateway for Remote users
  local IP: VLAN10 10.133.10.0 /23
  site B
  Cisco 891
  external IP: 62.xxx.yyy.zzz
  local IP VLAN10 10.133.34.0 /23
  Those two sites are linked together with a Site-to-Site VPN. Accessing files or ressources from one site to the other is working fine while connected to the local LAN.
  I configured VPN connection with Radius auth. VPN clients can connect to Site A, get an IP adress from VPN Pool (172.16.100.2-100) and can access files and servers on site A. But for some reason they cannot access ressources on site B. I already added the site B network to the ACL and when connecting with VPN it shows secured routes to 10.133.10.0 and 10.133.34.0 in the statistics. Same thing for other VPN Tunnels to ERP system.
  What is missing here to make it possible to reach remote sites when connected through VPN? I had a look at the logs but could not find anything important.
  Here is the config of site A
  Building configuration...
  Current configuration : 24257 bytes
  version 15.2
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname Englerstrasse
  boot-start-marker
  boot config usbflash0:CVO-BOOT.CFG
  boot-end-marker
  aaa new-model
  aaa group server radius Radius-AD
  server 10.133.10.5 auth-port 1812 acct-port 1813
  aaa authentication login default local
  aaa authentication login ciscocp_vpn_xauth_ml_2 group Radius-AD local
  aaa authorization exec default local
  aaa authorization network ciscocp_vpn_group_ml_2 local
  aaa session-id common
  clock timezone Berlin 1 0
  clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
  crypto pki trustpoint TP-self-signed-27361994
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-27361994
  revocation-check none
  rsakeypair TP-self-signed-27361994
  crypto pki trustpoint test_trustpoint_config_created_for_sdm
  subject-name [email protected]
  revocation-check crl
  crypto pki certificate chain TP-self-signed-27361994
  certificate self-signed 01
    30820227 30820190 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 32373336 31393934 301E170D 31323038 32373038 30343238
    5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
    2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D323733 36313939
    3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B709
    64CE1874 BF812A9F 0B761522 892373B9 10F0BB52 6263DCDB F9877AA3 7BD34E53
    BCFDA45C 2A991777 4DDC7E6B 1FCEE36C B6E35679 C4A18771 9C0F871F 38310234
    2D89A4FF 37B616D8 362B3103 A8A319F2 10A72DC7 490A04AC 7955DF68 32EF9615
    9E1A3B31 2A1AB243 B3ED3E35 F4AAD029 CDB1F941 5E794300 5C5EF8AE 5C890203
    010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304
    18301680 14D0F5E7 D3A9311D 1675AA8F 38F064FC 4D04465E F5301D06 03551D0E
    04160414 D0F5E7D3 A9311D16 75AA8F38 F064FC4D 04465EF5 300D0609 2A864886
    F70D0101 05050003 818100AB 2CD4363A E5ADBFB0 943A38CB AC820801 117B52CC
    20216093 79D1F777 2B3C0062 4301CF73 094B9CA5 805F585E 04CF3301 9B839DEB
    14A334A2 F5A5316F C65EEF21 0B0DF3B5 F4322440 F28B984B E769876D 6EF94895
    C3D5048A A4E2A180 12DF6652 176942F8 58187D7B D37B1F1A 4DDD7AE9 5189F9AF
    AF3EF676 26AD3F31 D368F5
        quit
  crypto pki certificate chain test_trustpoint_config_created_for_sdm
  no ip source-route
  ip auth-proxy max-login-attempts 5
  ip admission max-login-attempts 5
  no ip bootp server
  no ip domain lookup
  ip domain name yourdomain.com
  ip inspect log drop-pkt
  ip inspect name CCP_MEDIUM appfw CCP_MEDIUM
  ip inspect name CCP_MEDIUM ftp
  ip inspect name CCP_MEDIUM h323
  ip inspect name CCP_MEDIUM sip
  ip inspect name CCP_MEDIUM https
  ip inspect name CCP_MEDIUM icmp
  ip inspect name CCP_MEDIUM netshow
  ip inspect name CCP_MEDIUM rcmd
  ip inspect name CCP_MEDIUM realaudio
  ip inspect name CCP_MEDIUM rtsp
  ip inspect name CCP_MEDIUM sqlnet
  ip inspect name CCP_MEDIUM streamworks
  ip inspect name CCP_MEDIUM tftp
  ip inspect name CCP_MEDIUM udp
  ip inspect name CCP_MEDIUM vdolive
  ip inspect name CCP_MEDIUM imap reset
  ip inspect name CCP_MEDIUM smtp
  ip cef
  no ipv6 cef
  appfw policy-name CCP_MEDIUM
    application im aol
      service default action allow alarm
      service text-chat action allow alarm
      server permit name login.oscar.aol.com
      server permit name toc.oscar.aol.com
      server permit name oam-d09a.blue.aol.com
      audit-trail on
    application im msn
      service default action allow alarm
      service text-chat action allow alarm
      server permit name messenger.hotmail.com
      server permit name gateway.messenger.hotmail.com
      server permit name webmessenger.msn.com
      audit-trail on
    application http
      strict-http action allow alarm
      port-misuse im action reset alarm
      port-misuse p2p action reset alarm
      port-misuse tunneling action allow alarm
    application im yahoo
      service default action allow alarm
      service text-chat action allow alarm
      server permit name scs.msg.yahoo.com
      server permit name scsa.msg.yahoo.com
      server permit name scsb.msg.yahoo.com
      server permit name scsc.msg.yahoo.com
      server permit name scsd.msg.yahoo.com
      server permit name cs16.msg.dcn.yahoo.com
      server permit name cs19.msg.dcn.yahoo.com
      server permit name cs42.msg.dcn.yahoo.com
      server permit name cs53.msg.dcn.yahoo.com
      server permit name cs54.msg.dcn.yahoo.com
      server permit name ads1.vip.scd.yahoo.com
      server permit name radio1.launch.vip.dal.yahoo.com
      server permit name in1.msg.vip.re2.yahoo.com
      server permit name data1.my.vip.sc5.yahoo.com
      server permit name address1.pim.vip.mud.yahoo.com
      server permit name edit.messenger.yahoo.com
      server permit name messenger.yahoo.com
      server permit name http.pager.yahoo.com
      server permit name privacy.yahoo.com
      server permit name csa.yahoo.com
      server permit name csb.yahoo.com
      server permit name csc.yahoo.com
      audit-trail on
  parameter-map type inspect global
  log dropped-packets enable
  multilink bundle-name authenticated
  redundancy
  ip tcp synwait-time 10
  class-map match-any CCP-Transactional-1
  match dscp af21
  match dscp af22
  match dscp af23
  class-map match-any CCP-Voice-1
  match dscp ef
  class-map match-any sdm_p2p_kazaa
  match protocol fasttrack
  match protocol kazaa2
  class-map match-any CCP-Routing-1
  match dscp cs6
  class-map match-any sdm_p2p_edonkey
  match protocol edonkey
  class-map match-any CCP-Signaling-1
  match dscp cs3
  match dscp af31
  class-map match-any sdm_p2p_gnutella
  match protocol gnutella
  class-map match-any CCP-Management-1
  match dscp cs2
  class-map match-any sdm_p2p_bittorrent
  match protocol bittorrent
  policy-map sdm-qos-test-123
  class class-default
  policy-map sdmappfwp2p_CCP_MEDIUM
  class sdm_p2p_edonkey
  class sdm_p2p_gnutella
  class sdm_p2p_kazaa
  class sdm_p2p_bittorrent
  policy-map CCP-QoS-Policy-1
  class sdm_p2p_edonkey
  class sdm_p2p_gnutella
  class sdm_p2p_kazaa
  class sdm_p2p_bittorrent
  class CCP-Voice-1
    priority percent 33
  class CCP-Signaling-1
    bandwidth percent 5
  class CCP-Routing-1
    bandwidth percent 5
  class CCP-Management-1
    bandwidth percent 5
  class CCP-Transactional-1
    bandwidth percent 5
  class class-default
    fair-queue
    random-detect
  crypto ctcp port 10000
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp key REMOVED address 62.20.xxx.yyy 
  crypto isakmp key REMOVED address 195.243.xxx.yyy
  crypto isakmp key REMOVED address 195.243.xxx.yyy
  crypto isakmp key REMOVED address 83.140.xxx.yyy  
  crypto isakmp client configuration group VPN_local
  key REMOVED
  dns 10.133.10.5 10.133.10.7
  wins 10.133.10.7
  domain domain.de
  pool SDM_POOL_2
  acl 115
  crypto isakmp profile ciscocp-ike-profile-1
     match identity group VPN_local
     client authentication list ciscocp_vpn_xauth_ml_2
     isakmp authorization list ciscocp_vpn_group_ml_2
     client configuration address respond
     virtual-template 1
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA4 esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA11 esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA5 esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-SHA1 esp-des esp-sha-hmac
  crypto ipsec profile CiscoCP_Profile1
  set transform-set ESP-3DES-SHA11
  set isakmp-profile ciscocp-ike-profile-1
  crypto map SDM_CMAP_1 1 ipsec-isakmp
  description Tunnel to62.20.xxx.xxx
  set peer 62.20.xxx.xxx
  set transform-set ESP-3DES-SHA
  match address 105
  crypto map SDM_CMAP_1 2 ipsec-isakmp
  description Tunnel to195.243.xxx.xxx
  set peer 195.243.xxx.xxx
  set transform-set ESP-3DES-SHA4
  match address 107
  crypto map SDM_CMAP_1 3 ipsec-isakmp
  description Tunnel to83.140.xxx.xxx
  set peer 83.140.xxx.xxx
  set transform-set ESP-DES-SHA1
  match address 118
  interface Loopback2
  ip address 192.168.10.1 255.255.254.0
  interface Null0
  no ip unreachables
  interface FastEthernet0
  switchport mode trunk
  no ip address
  spanning-tree portfast
  interface FastEthernet1
  no ip address
  spanning-tree portfast
  interface FastEthernet2
  no ip address
  spanning-tree portfast
  interface FastEthernet3
  no ip address
  spanning-tree portfast
  interface FastEthernet4
  description Internal LAN
  switchport access vlan 10
  switchport trunk native vlan 10
  no ip address
  spanning-tree portfast
  interface FastEthernet5
  no ip address
  spanning-tree portfast
  interface FastEthernet6
  no ip address
  spanning-tree portfast
  interface FastEthernet7
  no ip address
  spanning-tree portfast
  interface FastEthernet8
  description $FW_OUTSIDE$$ETH-WAN$
  ip address 62.153.xxx.xxx 255.255.255.248
  ip access-group 113 in
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat outside
  ip inspect CCP_MEDIUM out
  no ip virtual-reassembly in
  ip verify unicast reverse-path
  duplex auto
  speed auto
  crypto map SDM_CMAP_1
  service-policy input sdmappfwp2p_CCP_MEDIUM
  service-policy output CCP-QoS-Policy-1
  interface Virtual-Template1 type tunnel
  ip unnumbered FastEthernet8
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile CiscoCP_Profile1
  interface GigabitEthernet0
  no ip address
  shutdown
  duplex auto
  speed auto
  interface Vlan1
  no ip address
  interface Vlan10
  description $FW_INSIDE$
  ip address 10.133.10.1 255.255.254.0
  ip access-group 112 in
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip nat inside
  ip virtual-reassembly in
  interface Async1
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  encapsulation slip
  ip local pool SDM_POOL_1 192.168.10.101 192.168.10.200
  ip local pool VPN_Pool 192.168.20.2 192.168.20.100
  ip local pool SDM_POOL_2 172.16.100.2 172.16.100.100
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip forward-protocol nd
  ip nat inside source route-map SDM_RMAP_1 interface FastEthernet8 overload
  ip route 0.0.0.0 0.0.0.0 62.153.xxx.xxx
  ip access-list extended VPN1
  remark VPN_Haberstrasse
  remark CCP_ACL Category=4
  permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
  ip radius source-interface Vlan10
  access-list 1 remark INSIDE_IF=Vlan1
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 10.10.10.0 0.0.0.7
  access-list 23 remark CCP_ACL Category=17
  access-list 23 permit 195.243.xxx.xxx
  access-list 23 permit 10.133.10.0 0.0.1.255
  access-list 23 permit 10.10.10.0 0.0.0.7
  access-list 100 remark CCP_ACL Category=4
  access-list 100 permit ip 10.133.10.0 0.0.1.255 any
  access-list 101 remark CCP_ACL Category=16
  access-list 101 permit udp any eq bootps any eq bootpc
  access-list 101 deny   ip 10.10.10.0 0.0.0.255 any
  access-list 101 permit icmp any any echo-reply
  access-list 101 permit icmp any any time-exceeded
  access-list 101 permit icmp any any unreachable
  access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
  access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
  access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
  access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
  access-list 101 deny   ip host 255.255.255.255 any
  access-list 101 deny   ip any any
  access-list 102 remark auto generated by CCP firewall configuration
  access-list 102 remark CCP_ACL Category=1
  access-list 102 deny   ip 10.10.10.0 0.0.0.7 any
  access-list 102 permit icmp any host 62.153.xxx.xxx echo-reply
  access-list 102 permit icmp any host 62.153.xxx.xxx time-exceeded
  access-list 102 permit icmp any host 62.153.xxx.xxx unreachable
  access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
  access-list 102 deny   ip 172.16.0.0 0.15.255.255 any
  access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
  access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
  access-list 102 deny   ip host 255.255.255.255 any
  access-list 102 deny   ip host 0.0.0.0 any
  access-list 102 deny   ip any any log
  access-list 103 remark auto generated by CCP firewall configuration
  access-list 103 remark CCP_ACL Category=1
  access-list 103 remark IPSec Rule
  access-list 103 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
  access-list 103 remark IPSec Rule
  access-list 103 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
  access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
  access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
  access-list 103 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
  access-list 103 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
  access-list 103 remark IPSec Rule
  access-list 103 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
  access-list 103 remark IPSec Rule
  access-list 103 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
  access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
  access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
  access-list 103 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
  access-list 103 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
  access-list 103 permit udp any host 62.153.xxx.xxx eq non500-isakmp
  access-list 103 permit udp any host 62.153.xxx.xxx eq isakmp
  access-list 103 permit esp any host 62.153.xxx.xxx
  access-list 103 permit ahp any host 62.153.xxx.xxx
  access-list 103 permit udp host 194.25.0.60 eq domain any
  access-list 103 permit udp host 194.25.0.68 eq domain any
  access-list 103 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
  access-list 103 deny   ip 10.10.10.0 0.0.0.7 any
  access-list 103 permit icmp any host 62.153.xxx.xxx echo-reply
  access-list 103 permit icmp any host 62.153.xxx.xxx time-exceeded
  access-list 103 permit icmp any host 62.153.xxx.xxx unreachable
  access-list 103 deny   ip 10.0.0.0 0.255.255.255 any
  access-list 103 deny   ip 172.16.0.0 0.15.255.255 any
  access-list 103 deny   ip 192.168.0.0 0.0.255.255 any
  access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
  access-list 103 deny   ip host 255.255.255.255 any
  access-list 103 deny   ip host 0.0.0.0 any
  access-list 103 deny   ip any any log
  access-list 104 remark CCP_ACL Category=4
  access-list 104 permit ip 10.133.10.0 0.0.1.255 any
  access-list 105 remark CCP_ACL Category=4
  access-list 105 remark IPSec Rule
  access-list 105 permit ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
  access-list 106 remark CCP_ACL Category=2
  access-list 106 remark IPSec Rule
  access-list 106 deny   ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
  access-list 106 remark IPSec Rule
  access-list 106 deny   ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
  access-list 106 remark IPSec Rule
  access-list 106 deny   ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
  access-list 106 remark IPSec Rule
  access-list 106 deny   ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
  access-list 106 remark IPSec Rule
  access-list 106 deny   ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
  access-list 106 permit ip 10.10.10.0 0.0.0.7 any
  access-list 106 permit ip 10.133.10.0 0.0.1.255 any
  access-list 107 remark CCP_ACL Category=4
  access-list 107 remark IPSec Rule
  access-list 107 permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
  access-list 107 remark IPSec Rule
  access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
  access-list 108 remark Auto generated by SDM Management Access feature
  access-list 108 remark CCP_ACL Category=1
  access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq telnet
  access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 22
  access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq www
  access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 443
  access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq cmd
  access-list 108 deny   tcp any host 10.133.10.1 eq telnet
  access-list 108 deny   tcp any host 10.133.10.1 eq 22
  access-list 108 deny   tcp any host 10.133.10.1 eq www
  access-list 108 deny   tcp any host 10.133.10.1 eq 443
  access-list 108 deny   tcp any host 10.133.10.1 eq cmd
  access-list 108 deny   udp any host 10.133.10.1 eq snmp
  access-list 108 permit ip any any
  access-list 109 remark CCP_ACL Category=1
  access-list 109 permit ip 10.133.10.0 0.0.1.255 any
  access-list 109 permit ip 10.10.10.0 0.0.0.7 any
  access-list 109 permit ip 192.168.10.0 0.0.1.255 any
  access-list 110 remark CCP_ACL Category=1
  access-list 110 permit ip host 195.243.xxx.xxx any
  access-list 110 permit ip host 84.44.xxx.xxx any
  access-list 110 permit ip 10.133.10.0 0.0.1.255 any
  access-list 110 permit ip 10.10.10.0 0.0.0.7 any
  access-list 110 permit ip 192.168.10.0 0.0.1.255 any
  access-list 111 remark CCP_ACL Category=4
  access-list 111 permit ip 10.133.10.0 0.0.1.255 any
  access-list 112 remark CCP_ACL Category=1
  access-list 112 permit udp host 10.133.10.5 eq 1812 any
  access-list 112 permit udp host 10.133.10.5 eq 1813 any
  access-list 112 permit udp any host 10.133.10.1 eq non500-isakmp
  access-list 112 permit udp any host 10.133.10.1 eq isakmp
  access-list 112 permit esp any host 10.133.10.1
  access-list 112 permit ahp any host 10.133.10.1
  access-list 112 permit udp host 10.133.10.5 eq 1645 host 10.133.10.1
  access-list 112 permit udp host 10.133.10.5 eq 1646 host 10.133.10.1
  access-list 112 remark auto generated by CCP firewall configuration
  access-list 112 permit udp host 10.133.10.5 eq 1812 host 10.133.10.1
  access-list 112 permit udp host 10.133.10.5 eq 1813 host 10.133.10.1
  access-list 112 permit udp host 10.133.10.7 eq domain any
  access-list 112 permit udp host 10.133.10.5 eq domain any
  access-list 112 deny   ip 62.153.xxx.xxx 0.0.0.7 any
  access-list 112 deny   ip 10.10.10.0 0.0.0.7 any
  access-list 112 deny   ip host 255.255.255.255 any
  access-list 112 deny   ip 127.0.0.0 0.255.255.255 any
  access-list 112 permit ip any any
  access-list 113 remark CCP_ACL Category=1
  access-list 113 remark IPSec Rule
  access-list 113 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
  access-list 113 remark IPSec Rule
  access-list 113 permit ip 10.60.16.0 0.0.0.255 192.168.10.0 0.0.1.255
  access-list 113 remark IPSec Rule
  access-list 113 permit ip 10.60.16.0 0.0.0.255 10.133.10.0 0.0.1.255
  access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq non500-isakmp
  access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq isakmp
  access-list 113 permit esp host 83.140.100.4 host 62.153.xxx.xxx
  access-list 113 permit ahp host 83.140.100.4 host 62.153.xxx.xxx
  access-list 113 permit ip host 195.243.xxx.xxx host 62.153.xxx.xxx
  access-list 113 permit ip host 84.44.xxx.xxx host 62.153.xxx.xxx
  access-list 113 remark auto generated by CCP firewall configuration
  access-list 113 permit udp host 194.25.0.60 eq domain any
  access-list 113 permit udp host 194.25.0.68 eq domain any
  access-list 113 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
  access-list 113 permit udp host 194.25.0.60 eq domain host 62.153.xxx.xxx
  access-list 113 permit udp any host 62.153.xxx.xxx eq non500-isakmp
  access-list 113 permit udp any host 62.153.xxx.xxx eq isakmp
  access-list 113 permit esp any host 62.153.xxx.xxx
  access-list 113 permit ahp any host 62.153.xxx.xxx
  access-list 113 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
  access-list 113 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
  access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
  access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
  access-list 113 remark IPSec Rule
  access-list 113 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
  access-list 113 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
  access-list 113 remark IPSec Rule
  access-list 113 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
  access-list 113 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
  access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
  access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
  access-list 113 remark IPSec Rule
  access-list 113 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
  access-list 113 remark Pop3
  access-list 113 permit tcp host 82.127.xxx.xxx eq 8080 host 62.153.xxx.xxx
  access-list 113 remark Pop3
  access-list 113 permit tcp any eq pop3 host 62.153.xxx.xxx
  access-list 113 remark SMTP
  access-list 113 permit tcp any eq 465 host 62.153.xxx.xxx
  access-list 113 remark IMAP
  access-list 113 permit tcp any eq 587 host 62.153.xxx.xxx
  access-list 113 deny   ip 10.133.10.0 0.0.1.255 any
  access-list 113 deny   ip 10.10.10.0 0.0.0.7 any
  access-list 113 permit icmp any host 62.153.xxx.xxx echo-reply
  access-list 113 permit icmp any host 62.153.xxx.xxx time-exceeded
  access-list 113 permit icmp any host 62.153.xxx.xxx unreachable
  access-list 113 deny   ip 10.0.0.0 0.255.255.255 any
  access-list 113 deny   ip 172.16.0.0 0.15.255.255 any
  access-list 113 deny   ip 192.168.0.0 0.0.255.255 any
  access-list 113 deny   ip 127.0.0.0 0.255.255.255 any
  access-list 113 deny   ip host 255.255.255.255 any
  access-list 113 deny   ip host 0.0.0.0 any
  access-list 113 deny   ip any any log
  access-list 114 remark auto generated by CCP firewall configuration
  access-list 114 remark CCP_ACL Category=1
  access-list 114 deny   ip 10.133.10.0 0.0.1.255 any
  access-list 114 deny   ip 10.10.10.0 0.0.0.7 any
  access-list 114 permit icmp any any echo-reply
  access-list 114 permit icmp any any time-exceeded
  access-list 114 permit icmp any any unreachable
  access-list 114 deny   ip 10.0.0.0 0.255.255.255 any
  access-list 114 deny   ip 172.16.0.0 0.15.255.255 any
  access-list 114 deny   ip 192.168.0.0 0.0.255.255 any
  access-list 114 deny   ip 127.0.0.0 0.255.255.255 any
  access-list 114 deny   ip host 255.255.255.255 any
  access-list 114 deny   ip host 0.0.0.0 any
  access-list 114 deny   ip any any log
  access-list 115 remark VPN_Sub
  access-list 115 remark CCP_ACL Category=5
  access-list 115 permit ip 10.133.10.0 0.0.1.255 172.16.0.0 0.0.255.255
  access-list 115 permit ip 10.133.34.0 0.0.1.255 172.16.0.0 0.0.255.255
  access-list 115 permit ip 10.133.20.0 0.0.0.255 any
  access-list 116 remark CCP_ACL Category=4
  access-list 116 remark IPSec Rule
  access-list 116 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
  access-list 117 remark CCP_ACL Category=4
  access-list 117 remark IPSec Rule
  access-list 117 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
  access-list 118 remark CCP_ACL Category=4
  access-list 118 remark IPSec Rule
  access-list 118 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
  access-list 118 remark IPSec Rule
  access-list 118 permit ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
  no cdp run
  route-map SDM_RMAP_1 permit 1
  match ip address 106
  control-plane
  mgcp profile default
  line con 0
  transport output telnet
  line 1
  modem InOut
  speed 115200
  flowcontrol hardware
  line aux 0
  transport output telnet
  line vty 0 4
  session-timeout 45
  access-class 110 in
  transport input telnet ssh
  line vty 5 15
  access-class 109 in
  transport input telnet ssh
  scheduler interval 500
  end

  The crypto ACL for the site to site vpn should also include the vpn client pool, otherwise, traffic from the vpn client does not match the interesting traffic for the site to site vpn.
  On Site A:
  should include "access-list 107 permit ip 172.16.100.0 0.0.0.255 10.133.34.0 0.0.1.255"
  You should also remove the following line as the pool is incorrect:
  access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
  On Site B:
  should include: permit ip 10.133.34.0 0.0.1.255 172.16.100.0 0.0.0.255"
  NAT exemption on site B should also be configured with deny on the above ACL.

• Cannot access web site hosted on Azure VM

  I have created Windows Server 2012R2 VM and after creating VM I have installed IIS and hosted my site and found it is working fine inside the VM.
  Then I have added HTTP end point to my VM from azure portal. After creating http end point I cannot access my web site using MyHostName.cloudapp.net.
  Can you help me why http end point is not working?
  Then I have crated VM with template and there I have defined HTTP endpoint before creating VM.
  Finally I found that if I create end point before creating VM then it works fine and if I create endpoint after creating VM then it doesn’t work.
  Can you kindly help me to solve this issue (so that end point works properly after creating VM)?
  Hasibul Haque,MCC2011,MCPD hasibulhaque.com

  Hi,
  You can check the port you bind for the website in IIS and make sure you have created endpoint with the correct port. You can also install Telnet client on your local computer and run "telnet xxx.cloudapp.net public_port_in_endpoint" at the command
  prompt to see it works.
  Have you enable SSL on the website hosted on Azure VM? If yes, please also create an endpoint with port 443 and open that port in Windows Firewall on the VM.
  Best regards,
  Susie
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Sharepoint foundation 2013 : After doing backup cannot access the site "Sorry, this site hasn't been shared with you"

  I am using SharePoint Foundation 2013 , i have backed up the site using powershell with the following command:
  -backup-spsite -identity http://dmsserver/sites/demo/ -path C:\SPSiteBackup.bak
  After backup finished, i can't access the site, the message "Sorry, this site hasn't been shared with you" appears, even the site administrator collection is configured coorectly, with the  Administrator account.
  Whats the problem?
  Please Advice.

  Hi husseinsa,
  According to your description, my understanding is that you could not access the site after backing up the site collection in SharePoint 2013 Foundation.
  Could you access other sites at the same site collection?
  Let’s do a troubleshooting for this issue:
  Please delete the IE cache:  IE options->General->Delete, select all checkboxes, and click Delete.
  Go to CA->Application Management->Manage web applications, select the web application which hosts the problematic site .
  Click Permisson Policy, make sure there are not any deny policies for site collection administrator and site collection auditor.
  Back to the web application list page, click User Policy, check whether there are any user policies for denying permissions.
  Change the site collection administrator or add a secondary site collection administrator in CA, then use the new site collection administrator to log in the site, compare the result.
  Open IIS, expand the server, and click application pools.
  Find the problematic web application pool, make the identity of the pool is correct, then do an IISRESET, compare the result.
  If this issue still exists, please check the log file to find more information about this issue. The path of the log file is
  : C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS.
  Or you can use Event Viewer(Start->Run->event viewer) to find the log.
  I hope this helps.
  Thanks,
  Wendy
  Wendy Li
  TechNet Community Support

• Where are the keychains? I cannot access two sites

  It has been two wks now that I am unable to get my web mail, and do my banking. I am able to access other sites with no problem.
  They just will not load. My Internet provider was of no help, even though they tried several different URLs to help me access their site (Sympatico).
  I found, in this site, somebody with a similar problem who solved it by trashing the keychains from the library folder.
  My keychains folder is empty! I can find nothing to trash.
  Can somebody help please.

  Bring up the Keychain app /Application/Utilities/Keychain Access.app navigate to your site's info and delete them. That should remove it from the keychain.

• I cannot access ftp sites even after loading "Seahorse/fireFTP". What do I do next?

  I need to access and upload info to an ftp site but I get an error message each time I do. It doesn't work in IE either. How can I access the site

  ... I really can't afford to go back and re-buy all this music (which I shouldn't have to do in the first place).
  No you shouldn't. Bear in mind, though, that Apple has set this up as a user-to-user board so all we can do here is try to help you figure out why the authorization procedure isn't working correctly for your new computer.
  There have been a variety of issues reported with iTunes and Windows Vista, some I believe related to the authorization procedure. So the first thing I'd do is make sure you've downloaded and installed iTunes 7.1 which was just released yesterday.
  That may solve your problem. If not, click on the Review Authorization Count link in the Why can't I authorize one of my computers? section of this Apple Support page and let us know how many authorizations you're using.
  Be patient and we should be able to figure this out.

• Cannot access some sites in either Firefox or Safari

  I'm not sure when this began, but last month I tried to go to Ebay in both Safari and and Firefox and neither would find the site.
  Here's what I'm using:
  MacPro Desktop 2 x 2.8GHz, Quad-core Intel Xeon
  8GB memory
  Snow Leopard 10.6.8
  My network is set to 'Automatic' Using DHCP
  I have a FIOS router and have no firewall or security setting on my Mac
  I tried to get to Ebay using a proxy on the same computer and it went to the site. I tried also on my laptop that uses Leopard and the same FIOS router and was able to get the the Ebay site. I go to many sites including email, just fine on my desktop MacPro. A few sites will access some times and other times won't. Ebay never accesses on my MacPro, so this seems to be my test site.
  I'm guessing something got changed in my network setting with an upgrade, but not sure what to change under network settings.
  Anyone had a similar problem, or know what I need to do?

  ghi2 wrote:
  Thanks, I am my own profesional as I've owned Mac since the Plus. It is probably the Mac as the router also feeds my other computers and they work fine. I just put in Google DNS 8.8.8.8 & 8.8.4.4 and it seems to be working okay, but I guess the Trojan can proably attck these too. Is there a virus app for these trojans?
  Let me start by saying that I doubt that either of the following possibilities are what you are suffering, but mention them just in case. I would expect to see you suffering several other symptoms associated with them.
  I can't figure out how the DNSChanger Trojan is able to do anything now as the perpatrators are behind bars awaiting extradition and the FBI is operating their servers as normal DNS's for at least another week and possibly until July. Never-the-less, I have seen a very few confirmed cases here in the forum. The fastest way to find out is to go to http://dns-ok.us/ and look for green. If it's red open the FBI document linked for the fix. MacScan did provide a fix for this, but I'm not certain that it removed all versions. I've recently read that one version actually changed the router settings as opposed to your Mac, so you might want to double-check there, as well.
  But there is another possibility. One user who was infected on Feb 22nd with the Flashback.G or higher Trojan reported Google redirects associated with it. Iomega has yet to confirm this, but they have been working with that individual and may be in a position to confirm something shortly. To check for this malware open the Terminal app (in /Applications/Utilities/) then copy and paste "defaults read ~/.MacOSX/environment" without the quotes, hit return and if you see something about "DYLD_INSERT_LIBRARIES" then you are infected. Paste the results here for instructions. If it doesn't find the file or says something else, then that isn't your problem.
  The MacScan's "Spyware" application is still alive and well. They just updated their definitions yesterday for what they are calling Flashback Trojan 3.0, so it may be capable of finding the latest of these, but I'm not certain. MacScan does have a reputation of sounding "False Alarms", so don't panic and start deleting things without confirmation.

• Cannot access iWeb site

  Yesterday I posted several different pages using iWeb. Today, when I try to post I get a 404 error and the typical orange screen indicating why I cannot see anything. I have a active .mac account. It worked yesterday but today it will not load the pages I am uploading?

  The problem seems to have disappeared...just tried again and the site is posted.

• I'm getting "This area is forbidden" for a real estate site I have been using for years. I cannot access the site. What is up?

  http://armls.flexmls.com

  Clear the cache and the cookies from sites that cause problems.
  * "Clear the Cache": Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
  * "Remove the Cookies" from sites causing problems: Tools > Options > Privacy > Cookies: "Show Cookies"

• Restarted Firefox and now cannot access some sites

  I restarted Firefox and it has given me a text only version of Facebook saying it's an untrusted connection.

  You can try these steps in case of issues with web pages:
  You can reload web page(s) and bypass the cache to refresh possibly outdated or corrupted files.
  *Hold down the Shift key and left-click the Reload button
  *Press "Ctrl + F5" or press "Ctrl + Shift + R" (Windows,Linux)
  *Press "Command + Shift + R" (Mac)
  Clear the cache and remove cookies only from websites that cause problems.
  "Clear the Cache":
  *Firefox/Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
  "Remove Cookies" from sites causing problems:
  *Firefox/Tools > Options > Privacy > "Use custom settings for history" > Cookies: "Show Cookies"
  Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem.
  *Switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance
  *Do NOT click the Reset button on the Safe Mode start window
  *https://support.mozilla.org/kb/Safe+Mode
  *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes
  Check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
  Check out why the site is untrusted and click "Technical Details" to expand this section.
  If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
  You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
  *Click the link at the bottom of the error page: "I Understand the Risks"
  Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
  *Click the "View..." button and inspect the certificate and check who is the <b>issuer of the certificate</b>.
  You can see more Details like intermediate certificates that are used in the Details pane.
  If <b>"I Understand the Risks"</b> is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
  *Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
  *Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate.

• Cannot access web sites

  Safari for some time , When i click on links like this
  https://discussions.apple.com/community/mac_os/safari
  And even face book, some times,Pixoto   and other sites Will not opem . if I cut and past into google chrome Like I am using now, the page opens,
  In safari it can't open the server .
  HELP! please

  Done all that, Done re set, Even this page fist would not open, Lists the same, . My tablet no problem.
  I noted some of the e mails wiill not fully open iether, So its something somewhere, but not the internet,
  Im going to try a re set, .
  Any other sugestions are welcome.

• I cannot access my Site 2 (of 2 sites) even when I enter the PW for Site 2

  I have created Site 1 and Site 2. I have made both 'private' by having the same UserName but a different PW for each.
  When entering Username and PW for the second site I always go straight to Site 1. I have tried everything but still I go only to Site 1 every time.
  Can anyone see what I may be doing wrong ?
  Thanks for any help
  DL2

  the two sites also have two different addresses:
  site 1: http://web.mac.com/USERNAME/iWeb/Site1Name
  site 2: http://web.mac.com/USERNAME/iWeb/Site2Name
  you can choose which to come first when you enter http://web.mac.com/USERNAME by moving the site at the first position in the "site-organizer" in iWeb!
  Hope this helps,
  max

• Cannot access Flex sites by URL

  Hi,
  I have recently been moving some Flex apps onto a new server,
  now the problem I'm having is that any Flex app that uses Remoting
  is only available via the IP address. When I call the site via the
  URL I create in IIS i always get this error message:
  mx.rpc::Fault)#0
  errorID = 0
  faultCode = "Server.Processing"
  faultDetail = (null)
  faultString = "java.lang.NullPointerException"
  message = "faultCode:Server.Processing
  faultString:'java.lang.NullPointerException' faultDetail:'null'"
  name = "Error"
  rootCause = (null)
  Now when I call the same site via the IP address I don't get
  an error message and the site works. I've been researching this
  problem and asked other people about this and it seems that the
  problem has to do with the service-config.xml file, so I've checked
  my service-config.xml file and the endpoint entries are fine, e.g:
  <endpoint uri="
  http://{server.name}:{server.port}{context.root}/flex2gateway/cfamfpolling"
  class="flex.messaging.endpoints.AMFEndpoint"/>
  Which seems fine, I've also put a crossdomain policy file in
  the root of my app and that's not fixing the problem. So I'm stuck
  for ideas.
  Can anyone shed so light and ideas and what to check to solve
  this problem?
  Thanks
  Stephen

  Which normally means your file manager does not understand the NFS protocol directly.
  May I ask why you try to do this when you could just as easily browse /mnt/video?
  You can define network shares to be mounted in fstab just like a regular local partition.

• After downloadling Flash player 16 for windows 7 I cannot access a site I usually do?

  I get the message that it is not capatable and do not understand why I keep getting this message as I do not know what to do now???

  To give you any useful advice, I'm going to need to know more about your computer and browser:
  https://forums.adobe.com/message/5249945#5249945