Safety of MS Sharing on LAN over TCP/IP via NetBIOS and/or Direct SMB
Shalini Sampath Kumar at http://answers.microsoft.com/en-us/windows/forum/windows_7-security/ suggested I post this question over
here:
What is the safest recommended way to set up MS File and Printer Sharing on a LAN with both Windows 7 Pro and XP Pro machines? Does "Direct hosting of SMB over TCP/IP," help? What about setting a "Scope ID" (or did that go out
with Windows NT)?
Background: I've been trained to be paranoid about NetBIOS over TCP/IP. Right now I have only XP Pro machines on my peer-to-peer workgroup LAN (behind a NAT router and with Simple File Sharing turned off), on which File and Printer Sharing has been
unbound from TCP/IP and bound to NetBEUI instead, so I feel fairly safe. Port scanning by ShieldsUp doesn't see any ports through the router, open or closed -- in other words, it appears to be "stealthed," for what that's worth. With
NetBIOS disabled on all computers inside the LAN, however, can I perform a valid test of what will happen when File and Printer Sharing is re-bound to TCP/IP?
My New Problem: I'm planning to add Window 7 Pro machines, for which NetBEUI isn't an option, and then to transition entirely to Win7 before XP goes off extended support in April. I will still use a peer-to-peer architecture with password-protected
sharing turned on (no HomeGroup). It appears that I can still get rid of NetBIOS (and WINS) in favor of "Direct hosting of SMB over TCP/IP," which sounds safer. Apparently then only port 445 will be vulnerable instead of ports 137-139.
In any case I want to do everything I can to protect my file-sharing port(s) from the Internet (e.g., from anyone who might break into my LAN either by making a wireless connection or by hacking the router itself). Can anybody give a clear set of steps
to change sharing from NetBIOS (which I would like to disable entirely) to direct hosting of SMB and to verify that I'm protected as well as possible?
I will have to completely revamp the network-file-sharing configuration of my XP machines as soon as the first Win7 machine goes on line (and possibly tweak the configuration of Win7 as well), perhaps as early as this week. I want to do this in the way that
maximizes security to the extent possible. Thanks in advance more details and guidance on this topic! -- JCW2
P.S. -- These computers are all laptops and will be used away from my home LAN -- another reason for paranoia about File and Printer Sharing. I realize that Windows 7 provides an easy way to disable F&PS by selecting any new network location as
"public," but XP does not (as far as I know). Fixing that will take more effort and be harder to remember... -- JCW2
Removing the NetBIOS transport has several advantages compared to NetBIOS over TCP, you can find detailed infromation in the following KB
Direct hosting of SMB over TCP/IP
http://support.microsoft.com/kb/204279/en-us
Yolanda
TechNet Community Support
Hi again -- I think I'm slowly catching up with you. Following from my previous message...
Somebody on another forum mentioned creating "Hosts" files on each computer to substitute for the DNS server that I don't have on my workgroup. This is intriguing if I can figure out how to set it up. (I've heard it said that taking control of
your "Hosts" file is a good safety precaution anyhow, since it is a frequent target of hackers trying to divert legitimate Web requests to their own malicious sites.) Does anybody have tips and/or references that would help me accomplish the name resolution
there?
Finally, what functionality do I really lose by going the Direct-Hosting-of-SMB-with-Hosts-file (or drive mapping) route as opposed to using NetBIOS over TCP/IP? Granted, any new machine added to the network would also have to be added to all the "Hosts"
files (or mapped to a new drive letter) on each machine; but given that I already have to add it to the MAC filter and assign it a DHCP reservation in my router, this isn't a heavy burden for something that doesn't happen often. Would everything then
work the same as if NetBIOS were providing the name resolution?
One missing piece that I see so far -- it's not obvious how this same trick would apply to printer sharing (although I'm not using that feature right now anyhow). Could this be handled seamlessly through the "Hosts" file as well?
Thanks and Best Regards to All -- JCW2
Similar Messages
-
I have shared my icalendars with family members via icloud and now my calendar on my computer has been stuck saying "Moving calendars to server account" for literally 5 days. What do I do?
Hi, Confused As Always CB.
Thank you for visiting Apple Support Communities.
Hopefully I can help resolve this issue for you. Try removing the preference to sync calendar events in iCloud preferences. Once this is down enable the preference again and see if this resolves the issue.
Turn iCloud Calendars off and back on:
Quit Calendar (or iCal).
Choose Apple () menu > System Preferences, then select iCloud.
Deselect the checkbox next to Calendars.
Close System Preferences and wait about a minute.
Open System Preferences and select iCloud.
Replace the checkmark next to Calendars.
Close System Preferences.
Open Calendar (or iCal) and test to see if the issue is resolved.
Restart your computer. This may sound simple, but it reinitializes your network and application settings and can frequently resolve issues.
If the issue persists, try all remaining steps in the article below.
iCloud: Troubleshooting iCloud Calendar
http://support.apple.com/kb/TS3999
Regards,
Jason H. -
Modbus RTU over TCP (Simex Transmitte​r and Advantech Server)
Hey Guys,
somehow i am not able to get a connection over TCP IP using RTU Mode (reading values) from a transmitter which is hooked up to an advantech EKI 1542 Server. The Port is configured as an RS 485.
i am using the modbus library and i tried to adjust the MB serial read holding registers vi to accept a TCP IP Socket input instead of an INSTR. Do you have any suggestions?
Thanks a lot for the forum support!Hi Christo and welcome to NI Forums!
Is this the ModBus library you are using? If so, I'd recomend to check out the newer, object based library available here. It has a more straightforward setup, especially for using TCP connections. You'll find an example VI for using a master, as well as a slave device, and these you'll be able to use right away without much modification. The code'll look like:
Please test your device communication using this library.
Kind regards:
Andrew Valko
NI Hungary
Andrew Valko
National Instruments Hungary -
How to send joystick data over TCP connection
Hi all,
I am a long time Labview discussion forum user for learning, but this is my first time posting a question, I hope somebody can help me!
In the attached VI I am trying to send data from a joystick over a TCP connection. I can send data fine using the TCP examples (in fact the majority of my VI is just a copy of the example). However I am to the point where I do not know how to send all the data necessary (3 axis data, 12 buttons, and the POV data) over TCP. Strings, clusters, and arrays were never my strong suite and converting between them is a nightmare for me.
Basically I am trying to send each axis data (X,Y, and Z), button data (12 buttons), and POV data (the POV data will be calculated to adjust the position of a camera, so the immediate data is not important, I will add functions to add the change in the button movements to write a standing position for two servos [pan and tilt], for which that I will need to send over the TCP connection) over the TCP connection to control various cameras and motors. I don't know if it is posible to send that much data over a TCP connection in one write VI through a string, and also how to separate the string on the other side in order to control the client VI.
Again, the actual TCP communication I get, and can operate fine, just formatting all the data into a string (or whatever is required) so that I can unpack on the other side is the issue here.
Another question I have (not impotant to get the program running just might make it easier on me) is can a TCP server (which sends the data to the client) also recieve data back from the client on the same port ( for example sensor data and digital positions [on,off])? Or do I need to set up two TCP communication loops with the first client acting as the server on a different port than the first, which then sends the data to the original server, which also has a client TCP configuration in another loop? I hope this makes sense...
One final question.....I already have a solution to this but using labview for the entirety of this project would be nice. I use skype to stream 1080p video from a webcam to my computer so I can view live feed. Can labview do this? This would be awesome if so, I am just not sure if the communication protocols in use could support real time (or as close as possible to streaming) for 1080p video.
Thanks all in advance for your help,
Physicsnole
Attachments:
cameraserver.vi 24 KB
cameraclient.vi 18 KBPhysicsnole wrote:
In the attached VI I am trying to send data from a joystick over a TCP connection. I can send data fine using the TCP examples (in fact the majority of my VI is just a copy of the example). However I am to the point where I do not know how to send all the data necessary (3 axis data, 12 buttons, and the POV data) over TCP. Strings, clusters, and arrays were never my strong suite and converting between them is a nightmare for me.
Well, you cast the axis info cluster to a string, but then you cast it back to an array of DBL. Thatr's not compatible. You should probably cast it back to an "axis info" cluster of exactly the same type. Go the the other VI and right-click the cluster wire to create a constant. Now move that diagram cluster constant to the other VI and use it as type.
Your default ports don't seem to match. You seem to have client and server roles confused. In the sever you create a listener, but then you start sending packets, even though no connection is established. The connection needs to be initiated by the client.
Your client stops the loop the first time a timeout is encountered. Shouldn't that be more permanent? Also, please retain code clarity and avoid unecessary complexities. For example, replace the "not or" with a plain "or" and change the loop to "stop if true"
Physicsnole wrote:
Basically I am trying to send each axis data (X,Y, and Z), button data (12 buttons), and POV data (the POV data will be calculated to adjust the position of a camera, so the immediate data is not important, I will add functions to add the change in the button movements to write a standing position for two servos [pan and tilt], for which that I will need to send over the TCP connection) over the TCP connection to control various cameras and motors. I don't know if it is posible to send that much data over a TCP connection in one write VI through a string, and also how to separate the string on the other side in order to control the client VI.
You can send as much as you want. The casting to/from string is the same as described above.
Physicsnole wrote:
Another question I have (not impotant to get the program running just might make it easier on me) is can a TCP server (which sends the data to the client) also recieve data back from the client on the same port ( for example sensor data and digital positions [on,off])? Or do I need to set up two TCP communication loops with the first client acting as the server on a different port than the first, which then sends the data to the original server, which also has a client TCP configuration in another loop? I hope this makes sense..
The primary function of a "server" is to wait for a connection and then communicate with the client once a conenction is established. An established TCP/IP connection is fully two-way and both sides can send and receive.
LabVIEW Champion . Do more with less code and in less time . -
Connecting to labview over TCP/IP port
I have got an undocumented project to maintain, it has a Java UI code, which connects with some component of LABVIEW over
TCP/IP Port = 1234
and over this port it sends commands for clear, get, set
I need links for understanding the component from LABVIEW which is been accessed over port 1234
I have installed LABVIEW Run time 2013, and do not know which PROCESS the Java code is trying to connect over TCP/IP, and I do not see any of the RT processes binding to port 1234.
Any pointers/links would certainly help me!
Thanks,
-VikrantCan you define what you mean by "component of LabVIEW"?
The LabVIEW runtime engine is just a required component to run any custom build LabVIEW executable or dll. So, what is it?
You also mention RT processes. Does this run on an RT system? What is running where? If you are connecting to a remove LabVIEW RT system that runs a service on port 1234, you don't need LabVIEW or a run time engine at all on the local side.
At this time we don't have any useful information from you. Please be significantly more detailed! Thanks.
LabVIEW Champion . Do more with less code and in less time . -
Unable to Access Remote LAN over IPSec VPN
I have a Cisco ASA 5540 setup with Remote Access VPN for users. Suddenly no one can access the remote LAN over VPN. Below is my config:
ASA Version 7.0(8)
hostname DC2ASA
domain-name yorktel.com
enable password d2XdVlFOzleWlH1j encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
interface GigabitEthernet0/0
description outside/savvis
nameif outside
security-level 0
ip address 216.33.198.4 255.255.255.0 standby 216.33.198.5
interface GigabitEthernet0/1
description inside
nameif inside
security-level 100
ip address 10.203.204.1 255.255.254.0 standby 10.203.204.2
interface GigabitEthernet0/2
nameif insidesan
security-level 100
ip address 10.203.206.1 255.255.254.0 standby 10.203.206.2
interface GigabitEthernet0/3
description LAN/STATE Failover Interface
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
ftp mode passive
object-group service FileMaker tcp-udp
port-object range 16000 16001
access-list outside-in extended permit ip 65.123.204.0 255.255.254.0 216.33.198.0 255.255.255.0 log
access-list outside-in extended permit ip 216.33.198.0 255.255.255.0 216.33.198.0 255.255.255.0 log
access-list outside-in extended permit icmp 216.33.198.0 255.255.255.0 216.33.198.0 255.255.255.0 log
access-list outside-in extended permit icmp any any
access-list outside-in extended permit icmp any any echo
access-list outside-in extended permit ip any host 216.33.198.22 inactive
access-list outside-in extended permit tcp any host 216.33.198.19
access-list outside-in extended permit udp any host 216.33.198.19
access-list outside-in extended permit ip any host 216.33.198.19
access-list outside-in extended permit tcp any host 216.33.198.10 eq 3389
access-list outside-in extended permit tcp any host 216.33.198.10 eq ftp inactive
access-list outside-in extended permit tcp any host 216.33.198.10 eq ftp-data inactive
access-list outside-in extended permit tcp any host 216.33.198.10 eq ssh inactive
access-list outside-in extended permit tcp any host 216.33.198.19 eq www
access-list outside-in extended permit tcp any host 216.33.198.19 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.19 eq https
access-list outside-in extended permit tcp any host 216.33.198.19 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.19 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.19 eq smtp
access-list outside-in extended permit tcp any host 216.33.198.19 eq pop3
access-list outside-in extended permit tcp any host 216.33.198.19 eq 587
access-list outside-in extended permit tcp any host 216.33.198.16 eq www
access-list outside-in extended permit tcp any host 216.33.198.16 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.16 eq https
access-list outside-in extended permit tcp any host 216.33.198.16 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.16 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.16 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.16 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.16 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.16 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.38 eq www
access-list outside-in extended permit tcp any host 216.33.198.38 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.38 eq https
access-list outside-in extended permit tcp any host 216.33.198.38 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.38 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.38 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.38 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.38 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.38 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.25 eq www
access-list outside-in extended permit tcp any host 216.33.198.25 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.25 eq https
access-list outside-in extended permit tcp any host 216.33.198.25 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.25 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.25 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.25 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.25 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.25 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.22 eq www
access-list outside-in extended permit tcp any host 216.33.198.22 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.22 eq https
access-list outside-in extended permit tcp any host 216.33.198.22 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.22 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.22 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.22 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.22 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.22 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.17 eq www
access-list outside-in extended permit tcp any host 216.33.198.17 eq rtsp
access-list outside-in extended permit udp any host 216.33.198.17 eq 5005
access-list outside-in extended permit tcp any host 216.33.198.17 eq 1755
access-list outside-in extended permit udp any host 216.33.198.17 eq 1755
access-list outside-in extended permit tcp any host 216.33.198.17 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.17 eq https
access-list outside-in extended permit tcp any host 216.33.198.17 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.17 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.17 eq 989
access-list outside-in extended permit tcp any host 216.33.198.17 eq 990
access-list outside-in extended permit tcp any host 216.33.198.24 eq www
access-list outside-in extended permit tcp any host 216.33.198.24 eq rtsp
access-list outside-in extended permit udp any host 216.33.198.24 eq 5005
access-list outside-in extended permit tcp any host 216.33.198.24 eq 1755
access-list outside-in extended permit udp any host 216.33.198.24 eq 1755
access-list outside-in extended permit udp any host 216.33.198.24
access-list outside-in extended permit tcp any host 216.33.198.24 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.24 eq https
access-list outside-in extended permit tcp 209.67.5.96 255.255.255.224 any inactive
access-list outside-in extended permit udp 209.67.5.96 255.255.255.224 any inactive
access-list outside-in extended permit udp any host 216.33.198.17 inactive
access-list outside-in extended permit tcp any host 216.33.198.18 eq 1433
access-list outside-in extended permit tcp any host 216.33.198.18 eq 1434
access-list outside-in extended permit tcp any host 216.33.198.100 eq www
access-list outside-in extended permit tcp any host 216.33.198.101 eq www
access-list outside-in extended permit tcp any host 216.33.198.102 eq www
access-list outside-in extended permit tcp any host 216.33.198.103 eq www
access-list outside-in extended permit tcp any host 216.33.198.104 eq www
access-list outside-in extended permit tcp any host 216.33.198.105 eq www
access-list outside-in extended permit tcp any host 216.33.198.106 eq www
access-list outside-in extended permit tcp any host 216.33.198.107 eq www
access-list outside-in extended permit tcp any host 216.33.198.108 eq www
access-list outside-in extended permit tcp any host 216.33.198.109 eq www
access-list outside-in extended permit tcp any host 216.33.198.110 eq www
access-list outside-in extended permit tcp any host 216.33.198.100 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.101 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.102 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.103 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.104 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.105 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.106 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.107 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.108 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.109 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.110 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.100 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.101 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.102 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.103 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.104 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.105 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.106 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.107 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.108 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.109 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.110 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.100 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.101 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.102 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.103 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.104 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.105 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.106 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.107 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.108 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.109 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.110 eq ftp-data
access-list outside-in extended permit tcp host 12.71.134.4 any
access-list outside-in extended permit udp host 12.71.134.4 any
access-list outside-in remark Allow Mark to access remote desktop from home office.
access-list outside-in extended permit tcp host 96.255.220.240 any
access-list outside-in remark Allow Mark to access remote desktop from home office.
access-list outside-in extended permit udp host 96.255.220.240 any
access-list outside-in extended permit tcp host 67.81.54.83 any
access-list outside-in remark Allow Chris to access remote desktop from home office.
access-list outside-in extended permit tcp host 100.1.41.196 any
access-list outside-in remark Allow Chris to access remote desktop from home office.
access-list outside-in extended permit udp host 100.1.41.196 any
access-list outside-in extended permit udp host 67.81.54.83 any
access-list outside-in remark Allow Jim Johnstone to remote in from home office.
access-list outside-in extended permit tcp host 96.225.44.46 any
access-list outside-in remark Allow Jim Johnstone to remote in from home office.
access-list outside-in extended permit udp host 96.225.44.46 any
access-list outside-in extended permit tcp host 64.19.183.67 any
access-list outside-in extended permit udp host 64.19.183.67 any
access-list outside-in remark Allow Steve Fisher to remote in from home office.
access-list outside-in extended permit tcp host 173.67.0.16 any
access-list outside-in remark Allow Steve Fisher to remote in from home office.
access-list outside-in extended permit udp host 173.67.0.16 any
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 eq 3389
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 eq ftp-data
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 eq ftp
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 eq www
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 eq https
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 inactive
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit udp any host 216.33.198.20 inactive
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit ip any host 216.33.198.20 inactive
access-list outside-in remark Allow remote desktop connections to ftp.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.19 eq 3389 inactive
access-list outside-in remark Allow remote desktop connections to BMS-TV
access-list outside-in extended permit tcp any host 216.33.198.21 eq 3389
access-list outside-in remark Allow remote desktop connections to BMS-TV
access-list outside-in extended permit tcp any host 216.33.198.21 eq www
access-list outside-in remark Allow remote desktop connections to BMS-TV
access-list outside-in extended permit tcp any host 216.33.198.21 eq https
access-list outside-in extended permit tcp any host 216.33.198.21 eq 8080
access-list outside-in remark Allow remote desktop connections to BMS-TV
access-list outside-in extended permit tcp any host 216.33.198.21 eq ftp
access-list outside-in remark Allow remote desktop connections to BMS-TV
access-list outside-in extended permit tcp any host 216.33.198.21 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.19 eq 3306
access-list outside-in extended permit udp any host 216.33.198.19 eq 3306
access-list outside-in remark Allow remote desktop connections to ftp.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.23 eq 3389
access-list outside-in remark Allow remote desktop connections to ftp.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.23 eq ftp
access-list outside-in remark Allow remote desktop connections to ftp.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.23 eq www
access-list outside-in remark Allow remote desktop connections to ftp.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.23 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.18 eq 3389 inactive
access-list outside-in extended permit tcp any host 216.33.198.17 inactive
access-list outside-in extended permit ip any host 216.33.198.17 inactive
access-list outside-in extended permit tcp any host 216.33.198.18 inactive
access-list outside-in extended permit udp any host 216.33.198.17 eq 554
access-list outside-in extended permit udp any host 216.33.198.24 eq 554
access-list outside-in remark Allow any access from Treasury
access-list outside-in extended permit tcp host 64.241.196.50 any
access-list outside-in remark Allow any access from Treasury
access-list outside-in extended permit udp host 64.241.196.50 any
access-list outside-in remark Allow any access from Treasury
access-list outside-in extended permit ip host 64.241.196.50 any
access-list outside-in extended permit tcp any host 216.33.198.26 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.26 eq www
access-list outside-in extended permit tcp any host 216.33.198.26 eq https
access-list outside-in extended permit tcp any host 216.33.198.27 eq https
access-list outside-in extended permit tcp any host 216.33.198.27 eq www
access-list outside-in extended permit tcp any host 216.33.198.27 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.27 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.27 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.27 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.27 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.27 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.27 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.26 eq ftp inactive
access-list outside-in extended permit tcp any host 216.33.198.26 eq ssh inactive
access-list outside-in extended permit tcp any host 216.33.198.28 eq 81
access-list outside-in extended permit tcp any host 216.33.198.28 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.28 eq www
access-list outside-in extended permit tcp any host 216.33.198.28 eq ssh
access-list outside-in extended permit tcp any host 216.33.198.29 eq www
access-list outside-in extended permit tcp any host 216.33.198.28 eq 3389
access-list outside-in extended permit tcp any host 216.33.198.29 eq ssh
access-list outside-in extended permit tcp any host 216.33.198.30 eq ssh
access-list outside-in extended permit tcp any host 216.33.198.31 eq ssh
access-list outside-in extended permit tcp any host 216.33.198.20 object-group FileMaker
access-list outside-in extended permit tcp any host 216.33.198.20 eq 5003
access-list outside-in extended permit udp any host 216.33.198.20 eq 5003
access-list outside-in extended permit tcp any host 216.33.198.33 eq www
access-list outside-in extended permit tcp any host 216.33.198.33 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.33 eq https
access-list outside-in extended permit tcp any host 216.33.198.33 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.33 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.33 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.33 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.33 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.33 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.34 eq www
access-list outside-in extended permit tcp any host 216.33.198.34 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.34 eq https
access-list outside-in extended permit tcp any host 216.33.198.34 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.34 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.34 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.34 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.34 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.34 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.36 eq www
access-list outside-in extended permit tcp any host 216.33.198.36 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.36 eq https
access-list outside-in extended permit tcp any host 216.33.198.36 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.36 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.36 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.36 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.36 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.36 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.37 eq www
access-list outside-in extended permit tcp any host 216.33.198.37 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.37 eq https
access-list outside-in extended permit tcp any host 216.33.198.37 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.37 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.37 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.37 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.37 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.37 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.39 eq www
access-list outside-in extended permit tcp any host 216.33.198.39 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.39 eq https
access-list outside-in extended permit tcp any host 216.33.198.39 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.39 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.39 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.39 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.39 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.39 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.41 eq 3389
access-list outside-in extended permit tcp any host 216.33.198.41 eq www
access-list outside-in extended permit tcp any host 216.33.198.41 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.41 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.41 eq https
access-list outside-in extended permit tcp any host 216.33.198.41 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.42 eq 3389
access-list outside-in extended permit tcp any host 216.33.198.42 eq www
access-list outside-in extended permit tcp any host 216.33.198.42 eq https
access-list outside-in extended permit tcp any host 216.33.198.42 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.42 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.42 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.28
access-list inside-out extended permit tcp any host 216.33.198.17 eq rtsp
access-list inside-out extended permit udp any host 216.33.198.17 eq 5004
access-list inside-out extended permit udp any host 216.33.198.17 eq 5005
access-list inside-out extended permit tcp any host 216.33.198.17 eq 1755
access-list inside-out extended permit udp any host 216.33.198.17 eq 1755
access-list rtsp-acl extended deny tcp any host 216.33.198.17 eq rtsp
access-list rtsp-acl extended permit tcp any any eq rtsp
access-list inside_nat0_outbound extended permit ip 10.203.204.0 255.255.255.0 10.203.204.0 255.255.255.192
access-list inside_nat0_outbound extended permit ip any 10.203.204.48 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 10.203.204.0 255.255.255.192
access-list inside_nat0_outbound extended permit ip host 10.203.204.19 10.203.204.32 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.203.204.0 255.255.255.0 192.168.250.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.203.204.0 255.255.255.0 192.168.252.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 10.203.204.144 255.255.255.240
access-list inside_nat0_outbound extended permit ip host 216.33.198.33 165.89.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip host 216.33.198.19 165.89.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip host 216.33.198.17 165.89.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip host 216.33.198.24 165.89.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip host 216.33.198.20 any inactive
access-list inside_nat0_outbound extended permit ip 216.33.198.0 255.255.255.0 165.89.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip any 10.203.204.48 255.255.255.248
access-list inside_nat0_outbound extended permit ip any 216.33.198.56 255.255.255.248
access-list dc2vpn_splitTunnelAcl standard permit 10.203.204.0 255.255.255.0
access-list dc2vpn_splitTunnelAcl standard permit 192.168.250.0 255.255.255.0
access-list dc2vpn_splitTunnelAcl standard permit 192.168.252.0 255.255.255.0
access-list dc2vpn_splitTunnelAcl standard permit any
access-list outside_map standard permit any
access-list Split_Tunnel_List standard permit 10.203.204.0 255.255.255.0
access-list test_splitTunnelAcl standard permit any
access-list outside_access_out extended permit tcp any host 12.71.134.75 inactive
access-list outside_in extended permit tcp host 12.71.134.75 any eq smtp
access-list outside_nat0_inbound extended permit ip host 216.33.198.21 host 165.89.130.31
access-list outside_nat0_inbound extended permit ip host 216.33.198.21 host 165.89.18.102
access-list outside_nat0_inbound extended permit ip host 216.33.198.21 host 165.89.18.103
access-list outside_nat0_inbound extended permit ip host 216.33.198.21 host 165.89.18.104
access-list outside_nat0_inbound extended permit ip 216.33.198.0 255.255.255.0 165.89.0.0 255.255.0.0
access-list outside_cryptomap_80 extended permit ip 10.203.204.0 255.255.255.0 192.168.250.0 255.255.255.0
access-list outside_cryptomap_60 extended deny ip host 216.33.198.33 165.89.0.0 255.255.0.0
access-list outside_cryptomap_60 extended deny ip host 216.33.198.19 165.89.0.0 255.255.0.0
access-list outside_cryptomap_60 extended deny ip host 216.33.198.17 165.89.0.0 255.255.0.0
access-list outside_cryptomap_60 extended deny ip host 216.33.198.24 165.89.0.0 255.255.0.0
access-list outside_cryptomap_60 extended permit ip 216.33.198.0 255.255.255.0 165.89.0.0 255.255.0.0
access-list outside_cryptomap_100 extended permit ip 10.203.204.0 255.255.255.0 192.168.252.0 255.255.255.0
access-list dc2vpntest_splitTunnelAcl standard permit 10.203.204.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
logging ftp-bufferwrap
logging ftp-server 10.203.204.10 logs asa ****
mtu outside 1500
mtu inside 1500
mtu insidesan 1500
mtu management 1500
ip local pool vpnpool 10.203.204.60-10.203.204.65 mask 255.255.255.0
failover
failover lan unit secondary
failover lan interface failover GigabitEthernet0/3
failover polltime unit msec 999 holdtime 3
failover polltime interface 5
failover link failover GigabitEthernet0/3
failover interface ip failover 172.16.100.1 255.255.255.252 standby 172.16.100.2
monitor-interface outside
monitor-interface inside
monitor-interface insidesan
no monitor-interface management
icmp permit 65.123.204.0 255.255.254.0 outside
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
nat-control
nat (outside) 0 access-list outside_nat0_inbound outside
nat (inside) 0 access-list inside_nat0_outbound
static (inside,outside) 216.33.198.10 10.203.204.10 netmask 255.255.255.255
static (inside,outside) 216.33.198.11 10.203.204.11 netmask 255.255.255.255
static (inside,outside) 216.33.198.12 10.203.204.12 netmask 255.255.255.255
static (inside,outside) 216.33.198.13 10.203.204.13 netmask 255.255.255.255
static (inside,outside) 216.33.198.14 10.203.204.14 netmask 255.255.255.255
static (inside,outside) 216.33.198.15 10.203.204.15 netmask 255.255.255.255
static (inside,outside) 216.33.198.16 10.203.204.16 netmask 255.255.255.255
static (inside,outside) 216.33.198.17 10.203.204.17 netmask 255.255.255.255
static (inside,outside) 216.33.198.18 10.203.204.18 netmask 255.255.255.255
static (inside,outside) 216.33.198.19 10.203.204.19 netmask 255.255.255.255
static (inside,outside) 216.33.198.20 10.203.204.20 netmask 255.255.255.255
static (inside,outside) 216.33.198.21 10.203.204.21 netmask 255.255.255.255
static (inside,outside) 216.33.198.22 10.203.204.22 netmask 255.255.255.255
static (inside,outside) 216.33.198.23 10.203.204.23 netmask 255.255.255.255
static (inside,outside) 216.33.198.24 10.203.204.24 netmask 255.255.255.255
static (inside,outside) 216.33.198.25 10.203.204.25 netmask 255.255.255.255
static (inside,outside) 216.33.198.26 10.203.204.26 netmask 255.255.255.255
static (inside,outside) 216.33.198.27 10.203.204.27 netmask 255.255.255.255
static (inside,outside) 216.33.198.28 10.203.204.28 netmask 255.255.255.255
static (inside,outside) 216.33.198.29 10.203.204.29 netmask 255.255.255.255
static (inside,outside) 216.33.198.30 10.203.204.30 netmask 255.255.255.255
static (inside,outside) 216.33.198.31 10.203.204.31 netmask 255.255.255.255
static (inside,outside) 216.33.198.32 10.203.204.32 netmask 255.255.255.255
static (inside,outside) 216.33.198.33 10.203.204.33 netmask 255.255.255.255
static (inside,outside) 216.33.198.34 10.203.204.34 netmask 255.255.255.255
static (inside,outside) 216.33.198.35 10.203.204.35 netmask 255.255.255.255
static (inside,outside) 216.33.198.36 10.203.204.36 netmask 255.255.255.255
static (inside,outside) 216.33.198.37 10.203.204.37 netmask 255.255.255.255
static (inside,outside) 216.33.198.38 10.203.204.38 netmask 255.255.255.255
static (inside,outside) 216.33.198.39 10.203.204.39 netmask 255.255.255.255
static (inside,outside) 216.33.198.40 10.203.204.40 netmask 255.255.255.255
static (inside,outside) 216.33.198.41 10.203.204.41 netmask 255.255.255.255
static (inside,outside) 216.33.198.42 10.203.204.42 netmask 255.255.255.255
static (inside,outside) 216.33.198.43 10.203.204.43 netmask 255.255.255.255
static (inside,outside) 216.33.198.44 10.203.204.44 netmask 255.255.255.255
static (inside,outside) 216.33.198.45 10.203.204.45 netmask 255.255.255.255
static (inside,outside) 216.33.198.46 10.203.204.46 netmask 255.255.255.255
static (inside,outside) 216.33.198.47 10.203.204.47 netmask 255.255.255.255
static (inside,outside) 216.33.198.48 10.203.204.48 netmask 255.255.255.255
static (inside,outside) 216.33.198.49 10.203.204.49 netmask 255.255.255.255
static (inside,outside) 216.33.198.50 10.203.204.50 netmask 255.255.255.255
static (inside,outside) 216.33.198.51 10.203.204.51 netmask 255.255.255.255
static (inside,outside) 216.33.198.52 10.203.204.52 netmask 255.255.255.255
static (inside,outside) 216.33.198.53 10.203.204.53 netmask 255.255.255.255
static (inside,outside) 216.33.198.54 10.203.204.54 netmask 255.255.255.255
static (inside,outside) 216.33.198.55 10.203.204.55 netmask 255.255.255.255
static (inside,outside) 216.33.198.56 10.203.204.56 netmask 255.255.255.255
static (inside,outside) 216.33.198.57 10.203.204.57 netmask 255.255.255.255
static (inside,outside) 216.33.198.58 10.203.204.58 netmask 255.255.255.255
static (inside,outside) 216.33.198.59 10.203.204.59 netmask 255.255.255.255
static (inside,outside) 216.33.198.60 10.203.204.60 netmask 255.255.255.255
static (inside,outside) 216.33.198.61 10.203.204.61 netmask 255.255.255.255
static (inside,outside) 216.33.198.62 10.203.204.62 netmask 255.255.255.255
static (inside,outside) 216.33.198.63 10.203.204.63 netmask 255.255.255.255
static (inside,outside) 216.33.198.64 10.203.204.64 netmask 255.255.255.255
static (inside,outside) 216.33.198.65 10.203.204.65 netmask 255.255.255.255
static (inside,outside) 216.33.198.66 10.203.204.66 netmask 255.255.255.255
static (inside,outside) 216.33.198.67 10.203.204.67 netmask 255.255.255.255
static (inside,outside) 216.33.198.68 10.203.204.68 netmask 255.255.255.255
static (inside,outside) 216.33.198.69 10.203.204.69 netmask 255.255.255.255
static (inside,outside) 216.33.198.70 10.203.204.70 netmask 255.255.255.255
static (inside,outside) 216.33.198.71 10.203.204.71 netmask 255.255.255.255
static (inside,outside) 216.33.198.100 10.203.204.100 netmask 255.255.255.255
static (inside,outside) 216.33.198.101 10.203.204.101 netmask 255.255.255.255
static (inside,outside) 216.33.198.102 10.203.204.102 netmask 255.255.255.255
static (inside,outside) 216.33.198.103 10.203.204.103 netmask 255.255.255.255
static (inside,outside) 216.33.198.104 10.203.204.104 netmask 255.255.255.255
static (inside,outside) 216.33.198.105 10.203.204.105 netmask 255.255.255.255
static (inside,outside) 216.33.198.106 10.203.204.106 netmask 255.255.255.255
static (inside,outside) 216.33.198.107 10.203.204.107 netmask 255.255.255.255
static (inside,outside) 216.33.198.108 10.203.204.108 netmask 255.255.255.255
static (inside,outside) 216.33.198.109 10.203.204.109 netmask 255.255.255.255
static (inside,outside) 216.33.198.110 10.203.204.110 netmask 255.255.255.255
static (inside,outside) 216.33.198.111 10.203.204.111 netmask 255.255.255.255
static (inside,outside) 216.33.198.112 10.203.204.112 netmask 255.255.255.255
static (inside,outside) 216.33.198.113 10.203.204.113 netmask 255.255.255.255
static (inside,outside) 216.33.198.114 10.203.204.114 netmask 255.255.255.255
static (inside,outside) 216.33.198.115 10.203.204.115 netmask 255.255.255.255
static (inside,outside) 216.33.198.116 10.203.204.116 netmask 255.255.255.255
static (inside,outside) 216.33.198.117 10.203.204.117 netmask 255.255.255.255
static (inside,outside) 216.33.198.118 10.203.204.118 netmask 255.255.255.255
static (inside,outside) 216.33.198.119 10.203.204.119 netmask 255.255.255.255
static (inside,outside) 216.33.198.120 10.203.204.120 netmask 255.255.255.255
static (inside,outside) 216.33.198.121 10.203.204.121 netmask 255.255.255.255
static (inside,outside) 216.33.198.122 10.203.204.122 netmask 255.255.255.255
static (inside,outside) 216.33.198.123 10.203.204.123 netmask 255.255.255.255
static (inside,outside) 216.33.198.124 10.203.204.124 netmask 255.255.255.255
static (inside,outside) 216.33.198.125 10.203.204.125 netmask 255.255.255.255
static (inside,outside) 216.33.198.126 10.203.204.126 netmask 255.255.255.255
static (inside,outside) 216.33.198.127 10.203.204.127 netmask 255.255.255.255
static (inside,outside) 216.33.198.128 10.203.204.128 netmask 255.255.255.255
static (inside,outside) 216.33.198.129 10.203.204.129 netmask 255.255.255.255
static (inside,outside) 216.33.198.130 10.203.204.130 netmask 255.255.255.255
static (inside,outside) 216.33.198.131 10.203.204.131 netmask 255.255.255.255
static (inside,outside) 216.33.198.132 10.203.204.132 netmask 255.255.255.255
static (inside,outside) 216.33.198.133 10.203.204.133 netmask 255.255.255.255
static (inside,outside) 216.33.198.134 10.203.204.134 netmask 255.255.255.255
static (inside,outside) 216.33.198.135 10.203.204.135 netmask 255.255.255.255
static (inside,outside) 216.33.198.136 10.203.204.136 netmask 255.255.255.255
static (inside,outside) 216.33.198.137 10.203.204.137 netmask 255.255.255.255
static (inside,outside) 216.33.198.138 10.203.204.138 netmask 255.255.255.255
static (inside,outside) 216.33.198.139 10.203.204.139 netmask 255.255.255.255
static (inside,outside) 216.33.198.140 10.203.204.140 netmask 255.255.255.255
static (inside,outside) 216.33.198.141 10.203.204.141 netmask 255.255.255.255
static (inside,outside) 216.33.198.142 10.203.204.142 netmask 255.255.255.255
static (inside,outside) 216.33.198.143 10.203.204.143 netmask 255.255.255.255
static (inside,outside) 216.33.198.144 10.203.204.144 netmask 255.255.255.255
static (inside,outside) 216.33.198.145 10.203.204.145 netmask 255.255.255.255
static (inside,outside) 216.33.198.146 10.203.204.146 netmask 255.255.255.255
static (inside,outside) 216.33.198.147 10.203.204.147 netmask 255.255.255.255
static (inside,outside) 216.33.198.148 10.203.204.148 netmask 255.255.255.255
static (inside,outside) 216.33.198.149 10.203.204.149 netmask 255.255.255.255
static (inside,outside) 216.33.198.150 10.203.204.150 netmask 255.255.255.255
static (inside,outside) 216.33.198.151 10.203.204.151 netmask 255.255.255.255
static (inside,outside) 216.33.198.152 10.203.204.152 netmask 255.255.255.255
static (inside,outside) 216.33.198.153 10.203.204.153 netmask 255.255.255.255
static (inside,outside) 216.33.198.154 10.203.204.154 netmask 255.255.255.255
static (inside,outside) 216.33.198.155 10.203.204.155 netmask 255.255.255.255
static (inside,outside) 216.33.198.156 10.203.204.156 netmask 255.255.255.255
static (inside,outside) 216.33.198.157 10.203.204.157 netmask 255.255.255.255
static (inside,outside) 216.33.198.158 10.203.204.158 netmask 255.255.255.255
static (inside,outside) 216.33.198.159 10.203.204.159 netmask 255.255.255.255
static (inside,outside) 216.33.198.160 10.203.204.160 netmask 255.255.255.255
static (inside,outside) 216.33.198.161 10.203.204.161 netmask 255.255.255.255
static (inside,outside) 216.33.198.162 10.203.204.162 netmask 255.255.255.255
static (inside,outside) 216.33.198.163 10.203.204.163 netmask 255.255.255.255
static (inside,outside) 216.33.198.164 10.203.204.164 netmask 255.255.255.255
static (inside,outside) 216.33.198.165 10.203.204.165 netmask 255.255.255.255
static (inside,outside) 216.33.198.166 10.203.204.166 netmask 255.255.255.255
static (inside,outside) 216.33.198.167 10.203.204.167 netmask 255.255.255.255
static (inside,outside) 216.33.198.168 10.203.204.168 netmask 255.255.255.255
static (inside,outside) 216.33.198.169 10.203.204.169 netmask 255.255.255.255
static (inside,outside) 216.33.198.170 10.203.204.170 netmask 255.255.255.255
static (inside,outside) 216.33.198.171 10.203.204.171 netmask 255.255.255.255
static (inside,outside) 216.33.198.172 10.203.204.172 netmask 255.255.255.255
static (inside,outside) 216.33.198.173 10.203.204.173 netmask 255.255.255.255
static (inside,outside) 216.33.198.174 10.203.204.174 netmask 255.255.255.255
static (inside,outside) 216.33.198.175 10.203.204.175 netmask 255.255.255.255
static (inside,outside) 216.33.198.176 10.203.204.176 netmask 255.255.255.255
static (inside,outside) 216.33.198.177 10.203.204.177 netmask 255.255.255.255
static (inside,outside) 216.33.198.178 10.203.204.178 netmask 255.255.255.255
static (inside,outside) 216.33.198.179 10.203.204.179 netmask 255.255.255.255
static (inside,outside) 216.33.198.180 10.203.204.180 netmask 255.255.255.255
static (inside,outside) 216.33.198.181 10.203.204.181 netmask 255.255.255.255
static (inside,outside) 216.33.198.182 10.203.204.182 netmask 255.255.255.255
static (inside,outside) 216.33.198.183 10.203.204.183 netmask 255.255.255.255
static (inside,outside) 216.33.198.184 10.203.204.184 netmask 255.255.255.255
static (inside,outside) 216.33.198.185 10.203.204.185 netmask 255.255.255.255
static (inside,outside) 216.33.198.186 10.203.204.186 netmask 255.255.255.255
static (inside,outside) 216.33.198.187 10.203.204.187 netmask 255.255.255.255
static (inside,outside) 216.33.198.188 10.203.204.188 netmask 255.255.255.255
static (inside,outside) 216.33.198.189 10.203.204.189 netmask 255.255.255.255
static (inside,outside) 216.33.198.190 10.203.204.190 netmask 255.255.255.255
static (inside,outside) 216.33.198.191 10.203.204.191 netmask 255.255.255.255
static (inside,outside) 216.33.198.192 10.203.204.192 netmask 255.255.255.255
static (inside,outside) 216.33.198.193 10.203.204.193 netmask 255.255.255.255
static (inside,outside) 216.33.198.194 10.203.204.194 netmask 255.255.255.255
static (inside,outside) 216.33.198.195 10.203.204.195 netmask 255.255.255.255
static (inside,outside) 216.33.198.196 10.203.204.196 netmask 255.255.255.255
static (inside,outside) 216.33.198.197 10.203.204.197 netmask 255.255.255.255
static (inside,outside) 216.33.198.198 10.203.204.198 netmask 255.255.255.255
static (inside,outside) 216.33.198.199 10.203.204.199 netmask 255.255.255.255
static (inside,outside) 216.33.198.200 10.203.204.200 netmask 255.255.255.255
access-group outside-in in interface outside
route outside 0.0.0.0 0.0.0.0 216.33.198.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy test internal
group-policy test attributes
dns-server value 10.203.204.14 10.203.204.15
split-tunnel-policy tunnelspecified
split-tunnel-network-list value test_splitTunnelAcl
default-domain value yorkmedia.local
webvpn
group-policy tunneltest internal
group-policy tunneltest attributes
dns-server value 10.203.204.14 4.2.2.2
default-domain value yorkmedia.local
webvpn
group-policy testpol internal
group-policy testpol attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelall
split-tunnel-network-list value dc2vpn_splitTunnelAcl
webvpn
group-policy aes internal
group-policy aes attributes
dns-server value 10.203.204.14 10.203.204.15
vpn-tunnel-protocol IPSec
group-lock value aestest
webvpn
group-policy grouptest internal
group-policy grouptest attributes
dns-server value 10.203.204.14 4.2.2.2
default-domain value yorkmedia.local
webvpn
group-policy dc2vpntest internal
group-policy dc2vpntest attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value dc2vpntest_splitTunnelAcl
webvpn
group-policy dc2vpn internal
group-policy dc2vpn attributes
dns-server value 10.203.204.14 10.203.204.15
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value dc2vpn_splitTunnelAcl
webvpn
group-policy BMSTV internal
group-policy BMSTV attributes
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout none
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout none
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
client-firewall none
client-access-rule none
webvpn
username mmaxey password zSSKHLc.gx8szpy2 encrypted privilege 15
username mmaxey attributes
vpn-group-policy dc2vpn
webvpn
username jjohnstone password qElIg/rYW4OoTIEP encrypted privilege 15
username jjohnstone attributes
vpn-group-policy dc2vpntest
webvpn
username sragona password ZgCBom/StrITlFdU encrypted
username sragona attributes
vpn-group-policy dc2vpn
webvpn
username admin password 5zvQXQPrcnyHyGKm encrypted
username seng password PP8UcINDKi7BSsj2 encrypted
username seng attributes
vpn-group-policy dc2vpn
webvpn
username chauser password I3OIxCe8FBONQlhK encrypted
username chauser attributes
vpn-group-policy dc2vpn
webvpn
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http 65.123.204.0 255.255.254.0 outside
http 0.0.0.0 0.0.0.0 outside
http 10.203.204.0 255.255.254.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set pfs group7
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-256-SHA
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto map outside_map 60 match address outside_cryptomap_60
crypto map outside_map 60 set peer 165.89.240.1
crypto map outside_map 60 set transform-set ESP-3DES-SHA
crypto map outside_map 60 set security-association lifetime seconds 28800
crypto map outside_map 60 set security-association lifetime kilobytes 4608000
crypto map outside_map 80 match address outside_cryptomap_80
crypto map outside_map 80 set pfs
crypto map outside_map 80 set peer 64.19.183.67
crypto map outside_map 80 set transform-set ESP-3DES-SHA
crypto map outside_map 80 set security-association lifetime seconds 28800
crypto map outside_map 80 set security-association lifetime kilobytes 4608000
crypto map outside_map 100 match address outside_cryptomap_100
crypto map outside_map 100 set pfs
crypto map outside_map 100 set peer 64.241.196.50
crypto map outside_map 100 set transform-set ESP-3DES-SHA
crypto map outside_map 100 set security-association lifetime seconds 28800
crypto map outside_map 100 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption aes-256
isakmp policy 30 hash sha
isakmp policy 30 group 5
isakmp policy 30 lifetime 86400
isakmp policy 50 authentication pre-share
isakmp policy 50 encryption aes-256
isakmp policy 50 hash sha
isakmp policy 50 group 7
isakmp policy 50 lifetime 86400
isakmp nat-traversal 20
isakmp ipsec-over-tcp port 10000
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group dc2vpn type ipsec-ra
tunnel-group dc2vpn general-attributes
address-pool vpnpool
default-group-policy dc2vpn
tunnel-group dc2vpn ipsec-attributes
pre-shared-key *
tunnel-group test type ipsec-ra
tunnel-group test general-attributes
default-group-policy test
tunnel-group test ipsec-attributes
pre-shared-key *
tunnel-group 165.89.240.1 type ipsec-l2l
tunnel-group 165.89.240.1 general-attributes
default-group-policy BMSTV
tunnel-group 165.89.240.1 ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 3600 retry 2
tunnel-group 64.19.183.67 type ipsec-l2l
tunnel-group 64.19.183.67 ipsec-attributes
pre-shared-key *
tunnel-group 64.241.196.50 type ipsec-l2l
tunnel-group 64.241.196.50 ipsec-attributes
pre-shared-key *
isakmp keepalive disable
tunnel-group dc2vpntest type ipsec-ra
tunnel-group dc2vpntest general-attributes
default-group-policy dc2vpntest
tunnel-group dc2vpntest ipsec-attributes
pre-shared-key *
tunnel-group aestest type ipsec-ra
tunnel-group aestest general-attributes
address-pool vpnpool
default-group-policy aes
tunnel-group aestest ipsec-attributes
pre-shared-key *
tunnel-group TunnelGroup1 type ipsec-ra
tunnel-group TunnelGroup1 general-attributes
address-pool vpnpool
telnet 10.203.204.10 255.255.255.255 inside
telnet timeout 5
ssh 65.123.204.0 255.255.254.0 outside
ssh 10.203.204.0 255.255.254.0 inside
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
class-map rtsp-traffic
match access-list rtsp-acl
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
class rtsp-traffic
inspect rtsp
service-policy global_policy global
tftp-server inside 10.203.204.10 dc2asa01/config
Cryptochecksum:6d74d3994ea6764893c420f477568aac
: endYou have three site-site VPNs and a remote access VPN setup. so the statement "Suddenly no one can access the remote LAN over VPN. " is a bit ambiguous in that context.
From which source to what destination is not working for you? -
Sharing internet connection over bluetooth
i have 2 computers less than 10 metres apart, one of which is connected to the internet broadband. the solution for sharing the connection wirelessly with this particular setup is rather expensive.
i was wondering if it would be possible to share the internet connection on the computer that has it over bluetooth with the other computer.
i read an archived response suggesting that it was. can someone confirm?
just to be clear:
i hoping to have 2 computers bluetooth connected the second of which will be able to connect to the internet via the 1st computers connection.While it is not explicitly supported by OS X, both machines can be configured to do this. For lots of reasons, I don't think that this is a good idea. Your Bluetooth link is so slow compared to either a wireless—or even much faster terrestrial—ethernet link, that it's not worth the effort to enable this service.
Save yourself a great deal of grief and disappointment, and get ahold of a relatively inexpensive ethernet gateway [wired or wireless] and set up a small local area network. You will be far more secure, and enjoy a far better level of performance than you would see if you attempted to create a Bluetooth LAN.
That said, here is a set of instructions for enabling internet sharing using Terminal commands. It's paraphrased from…
http://www.macgeekery.com/hacks/pppoverbluetooth
In the Bluetooth preference pane's sharing tab, make a new Serial Port Service and name it bt-ppp and make it an RS-232 device. If it's on, disable internet sharing in the Sharing prefpane. Then create the following script [shown below.]
The script starts pppd on the new Bluetooth serial device you've created, then sets up IP forwarding, NAT, and the like. The en0 can be replaced with en1 if your primary net connection is AirPort. You can change the IP listed to something appropriate for your network, as well. If you put it in the range of IPs you're already using for your home network, natd is smart enough to work as a router instead of a gateway. Run as root, but—for the love of all that is holy and just—use sudo instead of su.
This is the script you must run in terminal:
/usr/sbin/pppd /dev/tty.bt-ppp 115200 noauth local passive proxyarp asyncmap 0 silent persist :10.1.1.25 &
/usr/sbin/sysctl -w net.inet.ip.forwarding=1
/usr/sbin/natd -same_ports -use_sockets -log -deny_incoming -interface en0
/sbin/ipfw add divert natd ip from any to any via en0
If you are unfamiliar with issuing commands from the Terminal or are not familiar with what these unix commands mean, I would suggest that you proceed very cautiously, and do more research before attempting this. -
Does Home Sharing only work over wi-fi?
This may seem like an odd question, but I think it may be the root of my problem. I have a network that uses three Devolo mains network extenders in various rooms (the house has very thick walls). All three Devolo mains plugs connect (via the ring main) to the router. An iMac, laptops, an Apple TV, iPhones, etc each connect wirelessly to these very happily.
However, no two computers (say an MBA and an iMac) in the same room, or different rooms, can 'see' the other in the normal way - i.e. by having the other device appear in the left hand pane of the finder window. They can, however, if I enter the IP address of the other machine manually. So this is irritating but not insurmountable.
What does appear insurountable though is that, in a similar way, iTunes cannot 'see' any shared libraries across the network. Because of the issue described above, I had assumed that both problems were probably being caused by some sort of issue with the way the Devolo boxes are configured. But then I realised that, even though each device is connecting wirelessly to the Devolo boxes, I don't actually have a wi-fi network in the same sense that I would if I had an Airport-based system...and if Home Sharing only works over wi-fi, this might explain why it doesn't work for me.
Apologies for the rambling question, but given the increasing popularity of these mains network-extender boxes, I feel I can't be alone in experiencing these issues. Can anyone shed any light?The quick answer to your question is no, for example Home Sharing works over Ethernet as well. Strictly speaking Wi-Fi is not required and iTunes doesn't care either way.
However, I understand that the Devolo mains adapters have problems coping with this. If I had to guess, the problem might be an inability to carry the required bandwidth. The reason for this is that Airtunes is fairly demanding of bandwidth and if your wireless network's performance is degraded due to any number of variables, Airtunes is the first to suffer.
You didn't say what kind of computer or OS you are using but Home Sharing uses TCP port 3689 and UDP ports 123 and 5353 to communicate with shared iTunes libraries. Those ports need to be configured in whatever firewall or security settings you may be using. If you are certain you have those ports open on your shared computers then concentrate on the Devolo adapters. Perhaps they are in need of a firmware update or modification of some configuration setting. -
Curious NetBios over TCP/IP issues and Windows SMB shares
Hi all.
I've got two Win 2003 R2 SP2 member servers on our AD domain. Each has shared network folders on them which are accessed by both Windows and Mac users.
Both servers - lets call them ALPHA and BETA - are identically setup: same hardware, configuration etc. but exist on different subnets.
Alpha has never had a problem with Mac clients connecting to any of its shares.
Beta has, up until recently, only ever had Windows clients, but now has a couple of Snow Leopard Mac clients. When a Mac client attempts to connect via SMB or CIFS to any share on Beta - they get the prompt to authenticate and then "Connection Failed. There was an error connecting to the server Beta. Check the server name or IP address and then try again". Of course the same thing happens when I try to connect by IP.
Curiously, the only way I can get Mac clients to connect to shares on Beta is to go into the network adapter settings on Beta, advanced, WINS and then disable NetBios over TCP/IP. Unfortunatley this breaks some unrelated stuff and I eventually have to go back in and set NetBios back to Default (enabled) and the whole thing screws up again in a few hours time again for my beloved Mac users.
The other server Alpha never gives me any problem with Mac clients, and as I say, they are setup identically. I have been testing this with 10.6.3 clients, not sure if my 10.5 or 10.4 clients are affected.
Can anyone offer some suggestions as to why my shares aren't accessible to my Mac clients on both servers?Generally it is the browser service that populates network neighborhood. This technology is no longer used with newer OS like server 2008, windows 7/8.
Description of the Microsoft Computer Browser Service
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. -
Multi Thread Server over TCP/IP
Multi Thread Server over TCP/IP. Does it work?
In my box it works only over IPC protocol.
nullS C Maturi (guest) wrote:
: Mark Malakanov (guest) wrote:
: : Multi Thread Server over TCP/IP. Does it work?
: : In my box it works only over IPC protocol.
: Mark,
: Multi threaded server over TCP/IP will not work with
: the current distribution of Oracle 8.0.5 on Linux.
: This is corrected and a patch would be released soon.
: Maturi
tcp 0 0 bock.nettek-ll:listener bock.nettek-
llc.co:4196 ESTABLISHED
tcp 0 0 bock.nettek-llc.co:4196 bock.nettek-
ll:listener ESTABLISHED
(I have serveral of these)
TNS Ping Utility for Linux: Version 8.0.5.0.0 - Production on 07-
JAN-99 18:45:52
(c) Copyright 1997 Oracle Corporation. All rights reserved.
Attempting to contact (ADDRESS=(PROTOCOL=TCP)(HOST=localhost)
(PORT=1521))
OK (440 msec)
...and from my install log you see that I selected MTS:
-[ YESNO
Q> Would you like MTS (Multi-Threaded Server) configured
and the SQL*Net$
A> TRUE
Please explain? Will TCP/IP MTS work via the loopback adapter
only? So far I have not tried a remote TCP/IP connection.
-STEVEl
null -
Can I render a Flash frame as a bitmap and send it over TCP/IP?
I want to draw some combination of bitmaps, flash shapes, vectors, text etc and draw them programmatically into my movie using ActionScript, and then get every "rendered" pixel of my movie (at 100% view) into an array that I send to another program over TCP/IP. Can anyone help me here?
The first part of the question is if its possible to render a frame that is a collection of Flash elements as a bitmap? I know that I can iterate through a bitmap and get every pixel using the getPixel method but I'm trying to access the final rendered frame displayed on my screen, including, as I said Flash shapes and text.
The second question is what would be the best way to send this "video frame" over TCP/IP? Would I use an XML socket connection? That is the only way I know how to send data out of Flash over TCP/IP but I don't know if it is the only way - the help page says the data needs to be formatted as XML, which seems unwieldly for this application.
I'm doing this now by using Max/MSP/Jitter to do a screen capture the size and location of my Flash movie and then send out the resulting matrix using a "jit.net.send" object (which lets you send frames of video over TCP/IP), but this is too clumsy for the installation I am building.
Any help would be greatly appreciated!
-bobThanks! That was exactly what I was looking for in the first half of the question. And I guess the draw() method works in AS2 as well as AS3. I will test it but from what I understand, I can use a Bitmap as kind of my bottom-level container, then create (in ActionScript) a movie clip that can contain other movie clips or drawing API commands or whatever, animate these various elements then finally draw() them into the bitmap. I see that in AS3 I can even use getPixels or getVector to capture the full "video frame" in one line of code.
Thanks rothrock, for the helpful links. My application is kind of unusual, in that I'm sending "video" data to a proprietary LED controller box for display on a low resolution LED display. I connect to the box over TCP/IP and send it "frames of video" 20 times a second. I got this to work with this other content and software (Max/MSP/Jitter) and I want to see how I could capture all the rendered pixel data in successive frames of Flash animation, format it properly, then send it over TCP/IP to this controller box. Don't really now enough about the various flavors of TCP/IP connections to figure out how to do this in Flash, and I know there are security limitations built in to Flash that have to be worked around. But my movies are small (say 96 pixels by 72 pixels) and I need to send uncompressed data directly to my controller box, so these interesting links showing how to use server-side scripts to create jpgs or pngs are probably not going to help me. I will hopefully find a higher-level programmer than myself to work this out, and I think some of the techniques here will hopefull prove to be helpful.
Thanks again for your help! -
LAN with TCP/IP doesn't work
Hello,
I have a problem with my laptop IdeaPad S10e 4187-5PG: LAN with TCP/IP doesn't work, after I have updated all the drivers to the latest ones form the Lenovo site (except BIOS update). I tried to check if LAN worksby sending a ping to the IP address and that is OK, but when Isend a ping to the default gateway it failes. A ping to the DNS server also fails.Could you please help me because I tried everythinh and I can't getthe LAN to work.
Thank you very muchPerhaps you could describe you network in a little more detail.
Is this a Workgroup home network or are you connected to a Domain server?
If this is a workgroup are you connecting to the internet via a cable or DSL router?
Do other computers on your network connect OK?
Has your S10e ever worked properly on the network?
Are you connecting via a wireless access point or LAN cable?
What do you Ping on and from where?
Can you Ping OK on another networked computer?
Open up a DOS Prompt (aka command prompt, DOS Box). and type IPCONFIG /ALL <enter>. Do you get a compatible IP address and subnet mask? You should also get the gateway IP address. -
Connecting to non-secure listener port over TCPS
Hi,
I am trying to connect to non-SSL port over TCPS.
When I use tnsping, it hangs.
When I do an OCIServerAttach, it hangs.
Client is 10.2
And Database server is 9.2 and higher..
Any way I can find out why this is happening??
-HarshaMaybe I'm not getting the point, but when you do not use SSL on this port, why do you want to use TCPS. Wouldn't TPC be a better choice?
cu
Andreas -
SSL Connection over TCP using SSLSocketFactory to remote C++ Server
Hi.
Despite my traversing through the archives, I could not find a
solution to my problem. So hopefully, that would mean i have a simple
isolated, and FIXABLE problem :-)
My web application running under Weblogic 7.01 as a servlet needs to
connect to a remote server using SSL over tcp.
The server is a C++ app using openssl libraries to serve up a
self-signed certificate.
The code fragments to do so look like this:
SSLSocketFactory sf =
(SSLSocketFactory)SSLSocketFactory.getDefault();
connection = sf.createSocket(host, port);
output.write(...)
output.flush();
Upon the flush, I get the following error:
java.io.IOException: Write Channel Closed, possible SSL handshaking or
trust failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:125)
at java.io.DataOutputStream.flush(DataOutputStream.java:99)
My guess is that its complaining about not trusting the certificate
being sent back by the server.
I typically use JSSE for this application when running within other
appservers, and
this application has no problems. But because i've run into issues
with using JSSE in WL7.01 (another topic
for another day), I'm using the default WL ssl library.
I have set weblogic.security.SSL.trustedCAKeyStore=d:\bea\weblogic700\server\lib\cacerts,
and imported my
certificate into that cacerts file. This doesn't seem to fix my
problem. Is there another truststore
that my webapp may rely on? Where within the admin console can I
figure this out?
Or am I on the wrong track here?
Also, if its any clue, elsewhere within the same application, I make
https requests to another
web app running under the same weblogic server - and that is fine - I
use the URLConnection class in those cases.
Any help is much appreciated!
Thanks
EdHi,
Can you show us the stacktrace?
/Kaj -
How could I create a Compliance Settings that enforces NetBIOS over TCP/IP?
Hello Everyone,
I need to be able to enforce NetBIOS over TCP/IP on some collections. I've created a batch script with one line that disable NetBIOS over TCP/IP but I also need to make sure this is enforced. How could I do the enforcement using Compliance Settings?
This is the line I use to disable it;
"wmic nicconfig where (TcpipNetbiosOptions!=Null and TcpipNetbiosOptions!=2) call SetTcpipNetbios 2"
Thank you everyone in advance for any helpI could probably help you with a CI for discovery and remediation, but I need (or you need to define) an additional parameter.
If I were to run this as a powershell discovery script:
$adapter=(gwmi win32_networkadapterconfiguration | where {$_.ipenabled -eq "1"})
Foreach ($nic in $adapter) {
write-host $nic.TcpIPNetBiosOptions
what's echo'd out (in my testing) is a 0, a 1 , or a 2.
0 means "default--use what your dhcp is offering"
1 = enabled
2 = disabled.
So... from your standpoint... is a 0 or 1, (either one) acceptable? or is only a value of 1, a hard-coded at the client (not whatever the default is from dhcp) the only acceptable value?
fyi, the remediation script, if 1 is the only acceptable answer, would probably be this:
$adapter=(gwmi win32_networkadapterconfiguration | where {$_.ipenabled -eq "1"})
Foreach ($nic in $adapter) {
$adapter.settcpipnetbios(1)
Standardize. Simplify. Automate.
Maybe you are looking for
-
I am developing a vendor aging report from 0FIAP_O03 . I want to know what are the BW objects that I should look for : 1. Actual payment date 2. Payment amount
-
WVC54GCA. Seutp utility can't locate camera on network
I just bought the camera today. Went through each step of the setup. When I connect the camera, blue light flashes and then becomes steady. But then I get a message that says "The setup utility was unabel to locate the wireless-g internet home mon
-
Dear all, My webdynpro dc's have dependencies to deprecated dc's: - tc/bl/jfrc/api - tc/bl/exception/lib I replaced the tc/bl/jrfc/api with tc/bl/jco/api (via CTRL+1) and this seems to be ok. The other one, tc/bl/exception/lib , it has the info that
-
Using 'my image garden' on new retina macbook pro....
canon printer: pixma mg5420 i downloaded 'my image garden' the other day---thought i would give it a whirl with my new mac. i scanned approx a dozen photos and all was well. next thing i knew, the pics seem to be gone from 'my image garden'. i looke
-
Hi, I'm very new to MW and user guide is helping me in setting up the tool. I wanted to understand that , during Defining Node, we have to provide detail of 11i instance and R12 instance. I can understand that we have APPL_TOP, iAS Home, 806 HOME, Co