Rules for VPN UP/DOWN

Similar Messages

• What Are the Exact Basic rules for Replying a Thread...... -:)   @};-

  Hi Experts,
  After Looking into the forums many days I had a small conclusion about forums,
  SAP Forums are better place I have seen for getting a goo dhelp & Knowledge...
  Why can't we make it a BEST Place.
  This is just a small doubt which I would like to clear myself first,
  I have seen many users In the forums asking for a Basic Questions
  When cleared, But still they want to have a Spoon feeding with a Sample Code.
  When Sample Code Given they will provide the original code and requests for Modifications.
  These always looks to me as crazy.
  I have seen somelong time agin by moderators posting that In SCN there will be no SPOON FEEDING.
  I am not sure whether if still this Rule AVAILABLE or NOT.
  Ok if the task is really difficult let them ask again and again,
  And it was not replied, let them repost, I agree with them.
  And How about a User Registered in SDN very long back and asking for a silly question in below thread,
  [Sendin Email to the recipent list -Need correct FM |Getting the address from shipto partner of Bil. item not directly from C.ma]
  This is one more example, really funny, The thread poster needs the solution at any cost, he doesn't require and Suggetions,,, {He Only needs Solution}
  [Radio Buttons |Radio Buttons;
  [Turning Off Debugger |Turning Off Debugger;
  [Regarding Amount in words|Regarding Amount in words;
  There are 100's of threads like this....Everyone knows this facts.
  Check this who answered this one and who replied correct answer, who copied, finally who was rewarded...!
  [how to validate POsting period |Re: how to validate POsting period]
  Now My Real Problem is....!
  User is always intelligent, Only the weakness is in Contributor, trying to help them,..,
  And I openly say that Someone requesting for basic help is not DUMB, But the Contributor replying forgets
  the basic rules " Why Contributing ?"
  According to me It's not the Requestor to see Rules & Requlations before posting the threads,
  But its responsibilty for the Contributing person to see th Rules & Requlations before replying the threads,
  If we follow the rules and stand on a single word or rule or anything there will be Good Result.
  Major Problem is in US not anyone else.
  Example Some one saying search in the forum,,, then please no replies after that...
  But we are very pity hearted again we post the solution,,,
  But it is not at all enough(for cintribtor's)... they will copy the solution and post again by slight Modifications,
  And Some users are having 500,600,700,800 Posts with 0 points, registered long long back.
  They are completly dependent on forums,,, As they goto office and as they eat, The same they open forums and ask Queries...
  They will never realize what they are doing,, and we will never let them improve better...
  Finally Lets Discuss About this and Correct & Suggest me if I am wrong,
  Is my thoughts are going in the right way or not I am not even sure... Please Aslo Correct me if I did any mistakes.
  Thanks & regards,
  Dileep .C
  Edited by: Dileep Kumar Chinnaiah on Apr 29, 2009 12:33 PM
  Title Changed Form
  "What to do when someone asking for Basic Questions" to "What Are the Exact Basic rules for Replying a Threads...... "

  Hi Stephen,
  Very useful Information,
  First tell me a little something about my self...
  After completion of my certification(as a fresher) I was down the streets hunting the job,
  with the insufficient knowledge and being a non-experienced person, I never got one.
  And mean while when I got my "S-UserID", I used to be proud, To say frankly, I registerd in SDN & SAP all at a time, without even knowing what I can do there..,
  When I got a job afterwords I was doing the job and never seen SDN page for many months,
  when I came to know that of we have doubts we can post at SDN. then started requesting help,
  I posted only a little, I didnot got the proper response. on that day I decided,
  still there are some places where we cannot get help on time and there will be people waiting to get help,
  Why cant I put some of my efforts to help others.
  Then I searched some topic by Topic in SDN topic by Topic I used to read threads just for knowledge.
  when I feel my self comfort for contributing, I started contibuting...!
  If you haven't read it, take a look first, so you can understand where things are now.
  I dont know where things are now. But these in this thread I mentioned clearly what I seen from the day I started contributing.
  I searched with the terms of 'Rules for replying', The results are not as I expected, and this link has subject as
  "O SDN, where art thou?" So it dosent hit my in the list.
  Like everybody until a certain stage I am also rushing for points.
  But I most cases I never tried to copy paste answers. If I done some then that is just to point it myself some day,
  I have no hopes or no intrest on the points...! This was discussed with Rob & Matt, at my inital contribution where my points are 36.
  From that day till date I have changed a lot to myself.
  Everyone cannot change like me because they are not like me & And I dont even expect that...!
  I will be online almost 6-8Hrs a day, Not even getting intrest to see the forums just because of the co-contributors.
  My only point is I am just requesting to a co-contributor,
  Clearly In a example : Lets say contributor has replied to a thread, and if you know that is a correct solution,
  please dont reply any more, If you have a better solution than that, then only reply,
  Even there is one reply in the thread not a matter, if correct answer leave that query.
  If still error persists, Show up with your Idea's...
  Dont let down the contributor, by copying his reply and editing and pasting(edit only if incorrect).
  I am just looking for this one exactly to circulate between ourselfs.
  For this we a little support from moderators to circulate(may be as a rule or may be as a mail to them)
  You may say again how many mails we have to send, It dosent matter, one mail to one person one time,
  and +ve factors will show up definetly.
  A real contributor always understand what I am talking about, but some one who hunts for points will never.
  I am really sorry if I am troubling with my doubts & requests,
  If so, Pleae forgive me,,
  Thanks & regards,
  Dileep .C

• CAS SSO not working for VPN Group

  Hello,
  I am trying to get SSO working for a CAS/CAM in a inband virtual gateway for VPN users coming in off a ASA5520. There are two VPN groups each with its own group policy and tunnel group. One group uses a Windows IAS Radius Server and the other a token based RADIUS RSA device.
  Users use the AnyConnect client to connect to the ASA where they are dumped into a vlan. SSO works for the group that uses the Winodws radius server. On the CAS the Cisco VPN Auth server has the Unauthenticated Group as the default group, and then I use mapping rules (Framed_IP_Address) to get the different vpn groups into the right roles. This works for the one group, but since SSO is not working on the second group the CAS never gets the chance to assign them into the correct role.
  The only thing I got is this from the ASA:
  AAA Marking RADIUS server billybob in aaa-server group cas_accounting as ACTIVE
  AAA Marking RADIUS server billybob in aaa-server group cas_accounting as FAILED
  I am so close but cant call this done yet....

  Hey Faisel,
  Thanks for the question.
  This is the stange thing. For days Group A (Windows Radius Server) was working and Group B (RSA Radius Server)  would not work. Then for some reason I had to reboot the CAS and BOOM...Group B started working and Group A STOPPED working.
  So on the ASA I now get these:
  AAA Marking RADIUS server cas2-hvn-3515 in aaa-server group cas_accounting2 as ACTIVE
  AAA Marking RADIUS server cas2-hvn-3515 in aaa-server group cas_accounting2 as FAILED
  Where cas_accounting2 is the AAA server group for Group A
  On the ASA I can see that the FW sends a packet to the cas:
  "send pkt cas2-hvn-3515/1813"
  but the FW never gets an answer back from the CAS for Group A whereas with Group B I can see the response from the CAS.
  "rad_vrfy() : response message verified"
  What can I look for in the CAS logs to see where the problem is. I will try and setup a packet capture on the CAS and debug it too.

• Port forwarding not working for VPN

  Hi there,
  I am at a loss as to what I am doing wrong with regards to setting up a VPN. I admit this is all completely new territory for me, and I am learning as I go along, so may have overlooked something very obvious.
  I have openned up the VPN ports on the router (500, 1701, 4500 - UDP; 1723 - TCP), and can confirm from the logs that they are letting traffic in ok.
  So that leaves the server itself - testing using an open port checking tool confirms all ports I have open in the router firewall, and active and accessible on the server, except the VPN ports and service, are indeed open and accessible.
  The VPN service is running, and I have ensured the services are available within the firewall service for 'all', and all services available for the 192.168.1.xxx range.
  I have indicated that the VPN should use the range - 10.0.0.1 to 200
  The DNS and DHCP services on the server are running. At the domain resgitsrar, I have indicated that the subdomain I am using to access the server and its services via the web should point to the static IP I have from the ISP.
  I should mention that if I use the local IP address of the server, I can connect ok, it is only when I use the static IP that I am unable to connect.
  Every other port opens up successfully - FTP (21), Web (80/443), etc - just not the ones for the VPN, so I assume there is some sort of conflict between or within the the VPN/DHCP/DNS services or with the VPN service itself.
  Any advice and potential solutions would be greatly appreciated, as I have spent quite a bit of time trying to figure this one out by myself.
  Thanks in advance, and I hope to hear from folk soon.
  Chris

  OK - here's how my router is configured:
  NAT (Type = Destination) Public IP address to VPN Server IP address (I had a problem when I didn't have the NAT Type set properly)
  I have a separate public IP address reserved for VPN traffic, but that's not necessary if you set up the order of the rules on your router properly. It's just easier to have a separate IP address.
  These are the ports I have open:
  UDP - 500
  UDP - 1701
  TCP - 1723
  TCP - 3283
  UDP - 3283
  UDP - 4500
  TCP - 5900
  TCP - 5988
  I have these ports open to accomodate remoting in via Apple Remote Desktop.
  However, since Mavericks, I can't use ARD anymore. But I can use Back to My Mac and Screen Sharing (go figure!) to get to my server and then from the server I can use ARD within the network.
  Don't know if that helps or not, but it works for me.

• Can I use ISE IPN without posture for VPN with Base license only?

  I'm looking at ISE licensing, and both Base and Advanced licenses have VPN listed. I could not find any document that provides guideline for VPN implementation using ISE Base license only.
  1. Can I use ISE IPN (Inline Posture Node) functionality without posture assessment with ISE Base license only? (I know it has to be ISE hardware appliance, and I know that Posture assessment requires ISE Advanced license.)
  2. Do I have to use IPN for VPN deployment using ISE as the Radius server?
  3. If I do not have to use IPN for VPN, can I use ISE for Authentication and Authorization in the same way as I use ACS?
  Thanks,
  Val Rodionov

  Val,
  There is no need to consider IPN if you are not using posturing. You can use ISE much like ACS for radius authentication for vpn users.
  If posturing is down the road and your hope is to have an architecture in place and license later, then I am sure that you can use the ipn with base licensing, however I would strongle recommend working with the PDI (for partners) for help and confirmation.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• Rules for iMovie/FCE/iDVD

  Reading through many posts seems I find some general rules of thumb not found elsewhere. Thanks in advance for all comments.
  For serious video editing work and creation an external firewire HDD is needed, mainly to avoid dropped frames in either FCE or iMovie (iM). The new 20" iMac and external HDD (with 2 firewire connections, for the input device (DV camcorder or DV/SVHS deck) and to the iMac) should be able to run either FCE/iM.
  I just did a 45 min project in iM with no noted dropped frames but likely would in much longer projects if I don't get the external drive?
  Audio bit rate. Advice I read for iM is that without 16 bit audio the audio gets out of sync in long projects--does FCE also need 16 instead of 12? Not knowing this need, I've recorded a number of projects (with a DV deck and a DV camcorder) in 12--can I capture to the iMac/external HDD in 16 if I'm playing from a source tape that's 12?
  Chapter Markers. Seems there are "Rules for Chapter Markers" that I won't repeat here but suspect they apply to both FCE/iM when used with iDVD. Do those rules apply when you use DVDStudio instead of iDVD? One rule I haven't seen yet is that one should likely not use the apply chapter markers option in iDVD as it could apply a marker that violates the "rules" and cause strange results in the DVD when played, right?
  Any other rules or concerns I've missed--perhaps always max out on RAM even if its rather costly? What other basic tips or secrets should I know for editing with these products?
  Dale

  "..The new 20" iMac and external HDD (with 2 firewire connections, for the input device (DV camcorder or DV/SVHS deck) and to the iMac) should be able to run either FCE/iM.."
  This may not be true if you're trying to connect a Canon camcorder to the Mac at the same time as an external hard disc: Canons like to have the FireWire circuit all to themselves, and so you may need to do it in two steps with a Canon ..capture to the internal hard disc, then unplug the Canon, plug in the external disc and transfer the movie clips across to the external, and then use that for editing. This doesn't affect Sonys, which happily work with other FW devices connected to the system. I don't know about Panasonics and other brands (..I haven't tried my Panny with an external disc connected, and am in too much of a hurry at the moment to try it. Maybe later today..)
  "..can I capture to the iMac/external HDD in 16 if I'm playing from a source tape that's 12?.."
  No ..FireWire's a digital connection system, so what goes in at one end (..12-bit source tape..) is exactly what's captured at the other end (..iMac/external HDD in 16..)
  One way to convert would be to play your source video into another camcorder through analogue (RCA) connections, with the 2nd camcorder set to record in 16-bit ..or use some other device which accepts an analogue signal IN, and provides a digital signal OUT. That'll recapture the sound in 16-bit, and it can then be transferred into your Mac in 16-bit. But the video may be degraded a little, and it's rather long-winded.
  It may be that, once imported as 12-bit, GarageBand can convert 12-bit audio into 16-bit ..I don't know: I'm not that familiar with GarageBand, sorry..
  Just try testing your 12-bit audio in iMovie or FCE first ..some people have no difficulties with it ..others do. (..That may depend on whether you're using only your original 12-bit audio, or if you're also trying to mix it with 16-bit audio within the movie project..)
  However, note that - once again - Canons are quirky. Because of the way that their own particular internal 12-bit timing runs, Canon-shot 12-bit tapes may give the audio drifting out-of-sync a little on single clips which are longer than 20 minutes. This shouldn't be apparent on ordinary short clips, but if you've shot, say, a school play or concert as a single take on a Canon in 12-bit audio mode, the audio may slowly go out of sync after 20 mins, and would need correcting in iMovie or FCE.
  Can't comment on Chapter Markers in DVD Studio vs. iDVD ..I've never had any trouble with Chapter Markers.
  "..always max out on RAM.." ..more RAM usually helps; the most noticeable improvement is when jumping up from, say, 256MB to anything above that. The next jump, from 512MB to 1GB is also useful, but doesn't provide such a spectacular improvement as that first increase. More RAM generally means that your Mac has less need to swap things from RAM to "virtual memory" on your hard disc, so less "disc thrashing" as material's repeatedly swapped back and forth, and greater speed of access if you're not constantly reading to and writing from the hard disc.
  Fitting a second internal disc, in Macs which can take it, and putting your movie project on that ..or on an external disc, as you suggest.. also relieves "disc thrashing" and any instances of the OS trying to get access to the hard disc at the same time as the movie program wants access.
  To stop any delays in accessing an external hard disc, as soon as you've reformatted it to 'Mac OS Extended' (..using Disk Utility..) then open System Prefs, and the 'Spotlight' preference, and then click the 'Privacy' tab, and drag the external disc's icon into the big square space which is labelled "Prevent Spotlight from searching these locations". That stops Spotlight indexing every video clip which you import onto the external disc, which can slow down disc access.
  The cup-of-tea icon is a good thing to click on every now and again, in both iMovie and FCE. That lets you stop editing for a while, have tea and biscuits, and come back refreshed, with new ideas..!

• OADP settings for MSS Services - Define Rules for Object Selection

  Hi
  Our client wants to extend MSS to all managers, and to begin with want option of "Only B002 Relationship" in drop down of Team Calendar.
  I have tried all standard options but unable to find a suitable rule(Define Rules for Object Selection) which would restrict the list of employee to only B002 Relationship of Manager.
  Any ideas on how to achieve it?
  Regards
  Yash

  Hello Yash,
  I think first concern here should be to make things work at your end...thus I am not focusing on your evaluation path...that you have set....
  Just to kick off things so that they start work for you.....
  you need to set the evaluation path as I have mentioned in my earlier reply....
  These evaluation paths have been working for me...
  To correct yours as per mine you need to set
  ZB2 as
  10 S B 002 Is Line superior of * S
  and set
  ZB3 as
  20 S A 008 Holder * *
  Now if still things does not work then...you need to check the Tcode PPOM_OLD and see if the correct reporting relationship (B002) exists for the logged in user.....
  These evaluation paths are very confusing for me.....and so I am not trying to correct what you have set in ZB2 and ZB3....
  And also note that there can be more then 1 way to achieve your goal with evaluation paths.....
  Yash here on we will focus on this thread only.......Let Upendra clear his doubts with that thread.....right..?
  Object and Data Provider evaluation path to get subordinates.
  Edited by: Saurabh Agarwal on Jul 24, 2011 7:44 AM

• REMSH unix command issues when adding rule for port 514

  Has anyone experienced any issues with Unix systems when adding rules to WAAS for port 514? This is the port RCOPY uses and is not handled by WAAS by default. We created a rule for port 514 but when we implement any type of optimization (even TFO Only) we start having problems with REMSH. This is used in one of our production scripts that normally take 10 minutes to run. When we apply the rule for port 514 the time goes as high as 45 minutes.
  We wrote a test script that uses just the REMSH command and with out the 514 rule works fine but with the 514 rule goes down the tubes.
  Just to add a little more information, I do not see an entry under Monitor/ Connection Statistics with the servers in question when the test script is running so am not sure where to go from here. I know there is a way to do a TCP capture from the WAAS so figure that will be the next step to see what is causing the issues.
  Thoughts?? Ideas?? Suggestions??

  Well TAC came back with a answer. They found other people with the same issue.
  "It was found that the applications always used the same source and destination TCP ports. WAAS has the first connection in a "WAIT-CLOSE" state so when the next packet comes in with the same ports it is dropped." , "A defect was opened for this issue, but has not been fixed yet."
  He wanted us to do a packet capture but after finding these other tickets decided it would be a waste of time and only tell us we are having a similar issue as others.
  Still waiting on a suggested work around or a patch, 4.15 is suppose to come out soon but haven't heard if it will fix the problem.
  With the new information I don't think even putting 514 in pass-through will fix the issue.
  I will let you know if I hear anything else.

• Advices & rules for package hierarchy

  Hi,
  I developing a new project and I'll use packages for the first time. (My company doesn't have rules for package)
  I would like to know the gereral rules for creating a good hierarchy.
  i'm thinking of something like:
  com.mycompany.myproject.form
  com.mycompany.myproject.dialog
  com.mycompany.myproject.sql
  com.mycompany.myproject.dataobjects
  com.mycompany.myproject.table
  com.mycompany.myproject.tree
  Should I use also packages like com.mycompany.table for generals stuff like table models that could be of use for others projects ?
  Is this a good idea ? Do you have any suggestions ?

  I am not aware of any hard and fast rules for packaging. There are some things I keep in mind when I setup hierarchies though:
  1) The "standard" (more common than standard) is your businesses internet address reversed. So for instance, if you are www.foo.com, your packages would start out with "com.foo". Some people leave off the "com" part as well, so you would have "foo". I don't like this however as more and more companies reserve "*.net" and "*.com" and "*.org" etc addresses. Leave the top level domain on there. This is mostly just for namespace sake, so you don't get two pieces of code from two different companies with the same name.
  2) Is this the only product your company produces? OR will this be the only product your company produces? If the answer is no, you may want to put the product name next, so now we have "com.foo.product1". This will allow you to build nice, clash safe hierarchies.
  3) Most products are broken down into a number of projects or modules. Sometimes its a good idea to divide the package structure with this information. So now we have "com.foo.product1.module1", "com.foo.product1.module2" etc.
  4) If its an enterprise application (multitiered, J2EE, etc), I personally like to divide the code into tiers. It makes building easier and packaging for deployment much more intuitive. You might have web tier code, database tier code, application tier code, code common to all tiers etc. So now we have "com.foo.product1.module1.app" and "com.foo.product1.module1.web", etc. If its not an enterprise multi-tiered application, skip this step.
  5) Now within the hierarchy we have built up, its pretty much up to you to logically divide your code.
  6) It is now possible to "push" code up to certain levels to make it available to other projects/products/tiers. If you develop a nice data structure that you think might be useful to other products your company is developing, move the data structure up to an appropriate level to make it available to all products. For instance, "com.foo.structures.AwesomeStructure", instead of "com.foo.product1.structures.AwesomeStructure".
  7) Products and projects should not import outside of their "scope". This prevents cross project dependency and cross product dependency. If another project or product needs to import something outside its scope then the code should be moved to a more common place to make it available.
  Some will call this overly anal, but it has worked well for me for a few years. Hopefully others can provide you with more tips.
  Hope this helps.

• Wake for VPN?

  This is a little bit of a strange scenario. I have an iMac which I would like to set up as a VPN server to allow my iPad to access the network whilst I am away from home. I have set up the VPN network (pptp) and everything works as it should. The only problem is that I would rather not have to leave the iMac on all the time and waste power for the odd occasion when I need to join my home network from elsewhere. I have an airport express router, and the iMac is connected by wifi. Wake on Demand works for some services such as VNC, but not for VPN. Is there a way to get my iMac to wake on demand for an incoming VPN connection? The only solution I have now is to wake the iMac by initiating a VNC connection, (ports 5900 and 1723 are forwarded on the airport)  then connecting to the VPN once awoken, but this strikes me as rather inelegant!
  Thanks for your help!

  This is demonstrated not to be the case by the fact that the iMac can wake up and receive a VNC connection without timing out. I am aware that in a typical environment a server would never sleep or power down except for certain software/hardware maintenance, and only at a time convenient to its clients. However this is why this is such a strange scenario. This is my home computer, and as such I would rather not have it consuming power and spinning the fans 24/7 (however small the power consumption and noise are respectively) for the rare occasion when I may need it remotely. This has lead me to search for another solution using wake on demand. I have found that certain services can be advertised by bonjour by using dns-sd. I have also found the following website listing the service types supported: http://www.dns-sd.org/ServiceTypes.html. However, there is no mention of pptp. It is at this point that I am stuck, and any assistance in this matter would be greatly appreciated!

• Tiger Server firewall issues - forwarding protocol 47 (GRE) for VPN access

  Hi everybody,
  I'm trying to allow VPN access to my Mac Pro running 10.4.10 Server. I've allowed the TCP and UDP ports, but the sticking point is this: the client tries to connect but I get a bunch of these in the firewall log:
  Deny P:47 xxx.xxx.xxx.xxx(address initiating VPN) 10.0.100.222(MacPro local address) in via en0
  After doing some research I figured I needed to allow protocol 47 (GRE) and so tried to add a rule via the "Advanced" tab for firewalls in server manager. I click the + button, select allow, leave the other field, select GRE, and then select from:any and to:any and the in dropdown. When I try to save and activate the rule, however, it complains that there is an error and that all subsequent rules are skipped. I've tried all the possible variations (within my parameters, of course) but it won't work.
  Manually inspecting the /etc/ipfw file shows the rule added but without a specification for the GRE or protocol 47 part. i.e.:
  add 1050 allow from any to any in
  (This looks a little like a server manager bug to me, but I digress)
  So I tried manually editing the file in /etc/ipfilter but no joy.
  Being somewhat new to OSX I am getting flustered. Am I completely misunderstanding something here? While a search on "VPN GRE firewall" turns up about million hits, none seem applicable to my situation. Thanks in advance.

  Try using the "Services" tab, selecting "any" (for example) and configuring the rule there.
  The "Advanced" section will allow you to add rules that don't already exist, but there is already a rule for GRE so that might, possibly have something to do with the error you're getting.

• What are the rules for keeping things running smoothly

  As my iMac is now a month old and has been burdened with a number of trials, shareware demo, open source, video tutorials and general clutter; what are the basic rules for keeping things running smoothly? My 'log in' is certainly a lot slower although I don't have any apps loading and finder has become much slower with less spring in it's tail. Are there any caches etc that need dealing with? I'm afraid to say I was a bit of a pro at hammering my windows setups till they came to a stand still and I can't bare to see the Mac going the same way. Have I got to be ruthless and limit the number of apps I have installed? The quality of what is available just on apple.com makes it hard for a software addict to stop downloading Any help or just a reality check would be much appreciated....rob

  Hello,
  Mac Maintenance Quick Assist: http://support.apple.com/kb/HT1147
  Great advice here from, "Klaus1" regarding a clutter free Desktop: http://discussions.apple.com/thread.jspa?messageID=7668937#7668937
  Mac Tune-up: 34 Software Speedups
  http://www.macworld.com/article/49489/2006/02/software
  Tuning Mac OS X Performance
  http://www.thexlab.com/faqs/performance.html
  The Top 7 Free Utilities To Maintain A Mac.
  http://mac360.com/index.php/mac360/comments/thetop_7_free_utilities_to_maintain_amac/
  Mac OS X: System maintenance
  http://discussions.apple.com/thread.jspa?messageID=607640
  A good disk utility to empty caches: http://www.apple.com/downloads/macosx/systemdiskutilities/onyx.html
  Use Onyx once a week, run the Maintenance and Cleaning scripts and that will help speed your Mac up pronto.
  Run Disk Utility (Applications/Utilities) once a week and Repair Disk Permissions:
  Launch Disk Utility. Select MacintoshHD in the panel on the left, select FirstAid, then click: Repair Disk Permissions. Quit DU when it's finished and reboot.
  *Tip... very important: Run Disk Utility BEFORE and AFTER all software updates. That will save you headaches down the road.
  You do not need to limit the number of apps installed but one thing to bear in mind. A Mac needs a minimum of 10% available disk space just to boot and it's all too easy fill up a drive and before you know it, you can't open apps, or they open and freeze up, or you can't install software. A good way to keep an eye on available space: Right or control click the MacintoshHD icon on your Desktop, then click: Get Info. In the Get Info window, click the black arrow next to: General so it faces down. You will see: Capacity and Available ... Best best is to always have 15% free drive space.
  Back up your important data every day. If you have a system failure and need to either do an Archive and Install or completely wipe the drive and reinstall your system software, you'll be glad you did.
  Get an external Firewire drive at least equal in size to the internal hard drive and make (and maintain) a bootable clone/backup. You can make a bootable clone using the Restore option of Disk Utility. You can also make and maintain clones with good backup software.
  Retrospect Desktop (Commercial - not yet universal binary) http://www.dantz.com/
  Carbon Copy Cloner (Donationware) http://www.bombich.com/software/ccc.html
  SuperDuper! (Commercial) http://www.shirt-pocket.com/SuperDuper/SuperDuperDescription.html
  I hope I didn't inundate you with too much too soon, but just do maintenance, keep your Desktop clutter free, and back up your files daily. Once you get into the habit of doing this, it only takes a few minutes a day.
  Carolyn
  Message was edited by: Carolyn Samit

• Entering Correct info for VPN connection

  please suggest the correct configuration for entering information in order for my laptop to connect via VPN to my newly installed Leopard Server software. On my laptop, I have entered the following info on the System Preferences> network tab...
  Configuration: Default
  Server Address: 76.173.xx.xxx (my public IP address - do I need anything else?)
  Account name: XXXXXX (same as the account name in Server)
  under Authentication Settings, my password is fine and my shared secret is the same as on the Server.
  Am I entering in everything correctly? i am most concerned as to how the server address is supposed to be written. thanks!!

  Hi
  If Appletalk is enabled server side and you simply enter the IP address afp is assumed as the protocol to be used. If you prefer the extra effort involved in typing afp:// followed by the IP address you can use that as well. If you want to use the smb service rather than afp simply type smb://followed by the IP address. The same thing applies to ftp services. The Finder supports reads only for ftp services.
  If you are using VPN services you simply type in the private IP (LAN-side) address of the server rather than the public IP (WAN-side) address. Once a VPN connection has been established, the remote client behaves as if it is on the same LAN.
  You can make a connection using the Public WAN address if you enable port forwarding to a single LAN IP address for services you are interested in. For example if you wanted to access your server remotely using afp you configure your router to forward requests for port 548 to the internal IP address of your server. You can use this method for as many services you like as well as how many your router supports. Most commercially available routers support 10-20. Depending on the router you may have to configure an appropriate firewall rule as well. When faced with that it makes more sense to use a single VPN connection.
  I may be in danger of teaching granny to suck eggs but for what its worth for VPN connections to work successfully the remote client’s private IP address has to be different from the host site. For example if the remote site is on 192.168.1.x/24 as is the server then you won’t establish a connection. As far as the remote site is concerned its already connected to that network, why look elsewhere? 192.168.1.x/24 to 192.168.2.x/24 or 10.10.10.x/24 to 192.168.0.x/24 should result in successful VPN connections.
  For a list or IP addresses reserved for private use:
  http://www.iana.org/faqs/abuse-faq.htm#SpecialUseAddresses
  Hope this helps, Tony

• Restrict Date rule selection from drop down

  Hi all,
  I am using date type srv_cust_beg and srv_cust_end.
  For date type srv_cust_beg i have assigned date rule Today+time.
  For date type srv_cust_end i have not assigned any date rule as consultant should fill this manually.
  My requirement is that consultant should enter the dates manually and they should not select the date rule from the drop down for srv_cust_end.
  For the date type srv_cust_end, we can see todaytime date rule from drop down as this date rule is assigned to srv_cust_beg.
  Is there any possiblity to restict the drop down selection?
  Regards,
  Raj

  Hi,
  The drop down is due to the Date Rule assigned to your Date Profile.
  Since all those 3 date rules are assigned to your Date Profile, you are seeing all those 3 date rules in the drop down.
  Thx,
  Waseem.

• How to get ALL values as default for  a drop down box in JSF

  Hi,
  I have a drop down box in JSF page which retrieves values from LOVCache.java. I have values like Company, Client, User, ALL in the drop down box.
  By default blank value is selected for the drop down box. I want to make ALL(which retrieves data for all the values) as default value for the drop down box.
  Could any body help me? Any help must be appreciated.
  Thanks,
  Aseet

  Thanks Nikhil. But I am fetching the values from the LOVCache.java.
  I am using <af:selectManyChoice>. Is there any way I can use LOVCache.java value for selecting default values instead of hard coding?
  I mean to say can I write
  unselectedLabel="#{LOVCache.entityTypeSelectionList.anyValue}"
  where LOVCache.entityTypeSelectionList is used to populate the drop down box.
  Regards,
  Aseet