Setting up a VoIP extension on a local network.

Similar Messages

• HT1751 I need to set up iTunes to run on my local network, independent of the internet because of a bad internet connection.

  I have Hughes Net, for internet. Due to this, iTunes in the cloud, does not operate for us. I need to put my music on a local drive, and create a network drive, to use iTunes, while at home. (I'm still not sure about how I'll handle the music on our iPhones). I have a current AirPort Extreme, (802.11ac), and I have a 64gb flash drive, as well as a 1.5TB external SATA drive, that can be used. I'd like to NOT have to keep the MacBook Pro powered on all the time, but would still like to play music, through/on my iPads and iPhones, while at home.
  How can I set this up, to run, independent of the cruddy internet service, which won't allow me to stream a single song, without stopping to buffer, for multiple long periods, during one song?

  itunes can share music over the network without an internet connection, but you will need a computer running itunes powered on to be able to share it (setup in itunes by going to file (windows) or itunes (mac) > preferences > sharing)
  if you just want to setup a network attached storage drive for the network that holds all the music that would be done independently of itunes and you would need a compatible NAS drive (I don't believe the airport is technically a nas drive but you could ask that section of support communities as well https://discussions.apple.com/community/wireless/airport)

• Can't screen share on local network

  Hi folks,
  Seems like lots of problems are to be had with the iChat screen sharing. I've been looking through here and tried several options, but I don't seem to be able to get this working.
  My MacPro 2x2.66 is sitting in the DMZ of my DSL Router and a brand new iMac is sitting behind the router's firewall, but on the same network. Both are running updated versions of Leopard. I've followed the instructions for NAT port forwarding on the router found here:
  http://web.mac.com/valsjo/personal/Start/Entries/2007/12/8iChat_screen_sharing_problemsolved.html
  and also made the necessary changes to the Apple firewall (although I actually just have "accept all incoming connections" checked rather than listing iChat and my many other apps individually).
  These two computers can't seem to screen share, however, with the dreaded "Screen sharing could not be established" error. Why is this happening when I'm on the same LAN?
  Video chat appears to have similar problems.
  Thanks for your input,
  Aaron Genest

  Have you tried Bonjour for screen sharing on your local network?
  It works without problems on my local network, these are the settings that work for me:
  Enable Bonjour messaging in iChat preferences>select use Bonjour instant messaging.
  With iChat open select "enable screen sharing" from the top menu>video
  In order to get it to work on my local network I had to disable screen sharing in Apple menu>System preferences>sharing.
  The firewall settings are set to specifically allow the iChat application.
  These settings should be set on all Mac's on your local network you wish to use iChat screen sharing with.
  It might not work with a mac that has the file vault feature enabled.
  My router settings are in default.

• Snow and setting priority for voip voice packets?

  I have an engine Voice Box 2 connected to my dual ethernet base station, for voip phone calls using a 1500kbps broadband connection. It all works fine, except sometimes the voice quality of phone calls isn't good - drop-outs occur. Engin support tells me there is a way to configure an airport BS to give priority to voice packet data over other internet data data, and this will improve the voice quality.
  Is this possible with a snow BS, and if so how do I do it?

  OK, Duane and anyone else. My question has been answered via telephone from Apple Australia, on Thursday 22 Feb 2007 at local time 9.01 pm. The answer is: There is no way that any version of an Airport BS can be set to prioritize voip voice packets over other internet packets of data.
  Apple Supporters in other countries may disagree (not a surprise). I've been a Mac user since the first 1984 64K Mac, and I've not been too impressed with Apple phone service during the last 20+ years, so if another Apple tech elsewhere comes up with a different answer I would not be at all surprised.
  So, first premise is my voip provider gave me incorrect info. Second one is maybe someone else gave them the incorrect info. One guess and no prizes as to whom this may have been.
  Bigger surprise is that Apple seems oblivious to how popular voip phone is going to be in the immediate future, and that Mac users are likely to receive inferior quality voice quality and have no way to improve this by tweaking their Airports.

• Configuring Cisco ASA for site to site VPN ( Issue with setting up local network)

  OK, so our primary firewall is a checkpoint gateway. Behind that we have a cisco ASA for vpn users. I have a project at the moment where we need to connect to another company using site to site VPN through the cisco ASA, as the checkpoint gateway is unable to establish a permanent tunnel with the other companies Cisco ASA.
  What would be the best practise for setting up the local network on my side? Create the network on the ASA and then use a L2 vlan to connect to the Core switch? 
  Setup a L3 interface on the core switch and point it towards the checkpoint gateway which would then point to the ASA?
  When you have to select your local network through the site to site wizard do you have to put the inside network address of the ASA?
  Our network is setup like this: Access layer switch > Core 6500 Switch > Checkpoint-Firewall > Internet
  The ASA is connected to a checkpoint sub interface
  Any help would be beneficial as im new to cisco ASAs 
  Thanks
  Mark

  Mark
  If we understood more about your environment we might be able to give you better answers. My initial reaction was similar to the suggestion from Michael to use a L2 vlan. But as I think a bit more my attention is drawn to something that you mention in the original post. The ASA is there for VPN users. If the VPN users need to access your internal network then you probably already have something configured on the ASA that allows access to the internal network. Perhaps that same thing might provide access for your site to site VPN?
  HTH
  Rick

• How to set up with cacheing DNS for local network?

  Our new Lion Server has a static IP Address pointed to over the internet by our registrar's zone file. Planning the Lion Server installation process with the intent of hosting Web, Mail and Open Directory services to a small number of users who are nearly all located off-site. I do also want Lion Server to be a caching DNS Server and DHCP authority on the local network to replace what dnsmasq does on our current Linux server.
  I am looking forward to offloading some of the lower level Linux administration tasks and putting myself in the hands of the Lion Server Setup Assistant and Server App :-) but at the same time don't understand some of  its assumptions and fear having to spend a lot of time experimenting and re-installing.
  So, specifically, I want the Server App to know that my Lion Server has a "Host Name for the Internet" but that the DNS it sets up will not be the DNS for my zone - I will be managing that through my registrar's interfaces.
  Second problem is my fnot understanding what name space devices on the local network will / should use. e.g.  The Linux server will be available for backups etc  on the local intranet (and optionally have a static ip address on the Internet) but MacBooks, PCs, iPads and iPhones will be served ip addresses by the Lion Server's DHCP. So will / should these dynamic devices have their machine names fully qualified by our domain name with RFC 1918 style ip addresses or something like .local?  How do I tell this to Lion's Server App / Setup Assistant? How easy is it to update these initial settings later?

  You do indeed need to have a master zone on lion server.  There's no way to get around that since Open Directory depends on Kerberos and Kerberos depends on the DNS.  LS scripts may see that the rDNS record exists, but I highly doubt that it'll auto configure everything for you... and given the number of possible variables, I bet that even if it worked something would need additional tweaking.
  Sounds like an interesting lab excersize.  You should try it on a test server!
  Again... you just need to folow the set up procedure that Lion Server presents you with. 
  It won't be smart enough to see your external records and use them to configure a key distribution center for your OD. 
  As far as your caching needs...  Could you set up your DHCP server to set the DNS server setting to show your internal server as the first hit, and your external as the second?  That way when the client requests a resolution it'll not get a hit on your local server but will from the external? 
  The question then is how long will it wait for a response from the first server?  Or will the first server respond with "I don't know" sending the client immediately to the second.
  The server set up that I have works similarly.  I have an internal master DNS that is replicated to a secondary.  The first DNS has an A record (community.server.com) that points to the INTERNAL ip address of the secondary server that's also running the web service.  The first server is running DHCP.  It tells the clients to use the first and second servers as it's DNS lookup. 
  Now...  Externally, my registrar hosts an A record for community.server.com that points to the external IP address of my router which then forwards the request to the proper port on the internal network.
  This way, the local clients internally look up and get a response locally when they go for community.server.com.  Externally, clients that look up community.server.com get the external connection to the router in my school.
  Yikes...  I fear that this is as clear as mud!
  -Graham

• How to set default .PDF file extension for Form Downloads

  I am trying to find a way of setting the PDF file extension when I download forms.
  I author the forms under a Plus subscription and am then downloading the forms under a basic subscription Collaborator account (diffrent person)
  If I don't include .pdf as the file type when downloading a form with a unique name as the Collaborator, it downloads without a file extension.
  Remembering to continually add the pdf file extension is a pain so I'm hoping there is away of setting this as a defaulet for my 'collaborator' account ?

  Firstly, apologies for multiple posts, I received messages saying my comment hadn't posted and also checked my history before re-submitting.
  Okay, the process is
  1. Log in as the Author account and I can rename the file without having to set the extension
  2. Log in as the Collaboartor account - same PC, browser etc and it doesn't save with a default file extension; HOWEVER, I have done this whilst also being logged in on a diffrent browser as the Author
  3 I have just tried logging out as Author and only being in as the collaborator and the form downloaded with a default PDF.
  4. I had someone else log in as the collaborator from thei PC and browser whilst I was still signed inunder my author account and again they were unable to save as PDF by default
  This has me wondering if there is anything at play when you've got multiple Users?

• Unable to set Raid5 device read_ahead_kb value with rc.local

  In my rc.local I have two commands
  echo 16384 > /sys/block/md0/md/stripe_cache_size
  echo 1024 > /sys/block/md0/queue/read_ahead_kb
  The first command works properly, but the second command does not.
  cat /sys/block/md0/md/stripe_cache_size
  16384
  cat /sys/block/md0/queue/read_ahead_kb
  128
  However, I can run the command manually after my system has booted up and it works as expected
  echo 1024 > /sys/block/md0/queue/read_ahead_kb
  cat /sys/block/md0/queue/read_ahead_kb
  1024
  I think there is only one possible explanation and that is that something on my system is setting read_ahead_kb to 128 sometime after rc.local has been run during bootup.
  However I never set anything to do that, so I have no idea what is doing it or how I can stop it from happening.
  Does anyone have any troubleshooting suggestions for me?
  I'm completely stumped.

  In my rc.local I have two commands
  echo 16384 > /sys/block/md0/md/stripe_cache_size
  echo 1024 > /sys/block/md0/queue/read_ahead_kb
  The first command works properly, but the second command does not.
  cat /sys/block/md0/md/stripe_cache_size
  16384
  cat /sys/block/md0/queue/read_ahead_kb
  128
  However, I can run the command manually after my system has booted up and it works as expected
  echo 1024 > /sys/block/md0/queue/read_ahead_kb
  cat /sys/block/md0/queue/read_ahead_kb
  1024
  I think there is only one possible explanation and that is that something on my system is setting read_ahead_kb to 128 sometime after rc.local has been run during bootup.
  However I never set anything to do that, so I have no idea what is doing it or how I can stop it from happening.
  Does anyone have any troubleshooting suggestions for me?
  I'm completely stumped.

• Local Network User with Local Only or Services Only Home Folder Setting

  Hi all,
  According to the OS X Server Advanced Administration Guide, under the "Choose a user’s home folder location" section, "If you choose Local Only, the user won’t have a home folder on the server and can’t log in using the account information stored on the server."  However, when I create a Local Network User account with a "Local Only" home folder, Server.app creates a home folder in that user's name in the User's directory of the Server itself.  According to the documentation that shouldn't happen, right?
  The documentation gives no mention to the "None - Services Only" setting for the Home Folder.  I will only be giving users access to DNS, File Sharing, NetInstall, Software Update and Profile Manager.  I believe all I need are "Local Network User" accounts.  However, the documentation confuses me on whether the Home Folder setting should be set to "Local Only" or "None - Services Only".  Can someone clarify this for me?
  Many Thanks!

  The idea is that a local home folder will get created, but the home folder will not be available to the outside world via services (e.g. Portable Home Directory). I don't believe anything in the services you provided requires a home folder. So, you should be able to get by with "None - Services Only".

• Can I set up a local network without being connected to internet?

  Can I set up a local network with Airport without being connected to internet?

  Yes. Your AirPort Express router, by default, will create an unsecured wireless network and does not need to be connected to the Internet to do so. Local clients can then connect to this wireless network and be able to "see" each other.

• I set my cRIO from 'DHCP' to 'link local' and lost contact with it.

  I set my cRIO from 'DHCP' to 'link local' and lost contact with it.
   I changed the setting at the placed labeled "2" to link local only, then I think I hit save at "3".  Then poof, I had no network contact with my cRIO.  
  I tried;
      Hitting the reset button
      Opening a closing MAX
      Going to safe mode
      Throwing the Reset IP switch 
      Power cycling the cRIO
      Running cat 5 cable directly from the Host to my target
  None of it worked, and I have no contact with my cRIO.
  This is what MAX looks like now.  How can I fix this?
  Solved!
  Go to Solution.

  Make sure to disable the firewall on your computer.
  Otherwise you can check through the steps in this documentation:
  http://digital.ni.com/public.nsf/allkb/ABE4BC247E8​AC9BC8625734E005CAB42
  Note specifically that one option is to read the console out from the target VIA the serial port will a null modem cable during boot and it will indicate what IP the system is using.
  Craig H. | CLA | Systems Engineer | National Instruments

• VPN Server with two router local network

  I just got a Mac Mini Server 2011 to set up as a home server. One of the main features I want to use is a VPN so I can access my files on my local network when I'm away from home. I live in Japan and I have a Japanese optical connection to the internet that runs through two boxes before I can use it in any form: some sort of modem, and a "gateway" which I literally just found out is also acting as a router and serving DHCP addresses. In addition, I have a 2TB Time Capsule that, until just recently, I had been using in the "Share a Public IP" mode because I didn't realize the gateway was also issuing DHCP addresses. I cannot simply plug my TC into the modem in place of the gateway - both are required to access the internet.
  Until today I had both routers using DHCP on the local networks they each created. Under that environment, I had finally configured Lion Server to file share (easy), manage network accounts (moderate), and serve Profile Manager (difficult). But despite my best efforts at mapping the ports on the Time Capsule, I just couldn't get the ports open using tools like canyouseeme.org, so the VPN was a no-go. That's when I realized the gateway could be a router too, so with some creative google searches, and extensive use of google translate, I was able to figure out how to open ports on the gateway. It does it pretty differently from the Time Capsule and other routers I've seen. It asks you define the host on the LAN (what i assume to be the target IP), the protocol (TCP vs. UDP), and then a range of ports for it to open. I plugged in the IP of the Time Capsule, opened all the UDP ports (since it was an option to just open all, and I figured 1) the TC would still protect my network and 2) it would just be a test), but I still couldn't see the ports as being open.
  So then I got desperate, and I switched the TC back to Bridge Mode, reconfigured the Server and my MBP (my client Mac) to the new IP addresses being served by the Japanese gateway, and tried again. I think I reconfigured the DNS settings in Server Admin properly to account for the change in IP, and then updated the services in Server.app, but now I can't even get to my server homepage (the apple placeholder page) using either its IP or its .private domain, and to make matters worse, I STILL can't seem to get the ports open (yes, I changed the port mapping to send it directly to the server IP as the target after the change).
  To add insult to injury, the wired ethernet connection I had been running from my TC to the MM Server is now reporting a cable unplugged (it's not), even when I plug it directly into the gateway, though I am able to connect wirelessly.
  Does anyone have any idea what's going on? Why can't I get these ports open? (By the way, I called my ISP and they said they aren't blocking any of the ones I'd want to use for VPN.)
  What is the *better* set up - using the TC as a second LAN, serving its own DHCP addresses, or using it in Bridge mode?
  Why did these changes sever my wired connection?
  I was getting even more problems (like loss of internet connectivity on all devices) using the TC in bridge mode, so I decided to go back to the dual network setup.

  Hello Eric,
  As I mentioned above.
  For external Internet access, I would create a Generation
  1 VM
  and use 2 Legacy Network Adapters for
  the Interfaces . Connect it to the External and Internal network, and then install VM Linux IPFire (How
  to install) and
  configure IPFire with RED and GREEN interface.
  You don't need router or any firewall.
  I have the same set-up that you are trying to do in your lab and it's working great.
  All my VMs / computers on the LAN have their gateway the Linux VM.
  Hope this help.
  Regards,
  Charbel Nemnom
  MCSA, MCSE, MCS, MCITP
  Blog: www.charbelnemnom.com
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Site-to-Site up but no ping for the local networks from both sides

  I have set the tunnel up between ASA 5505 and ASA 5510, but I can't ping the local networks of both ASAs.
  ASA 5505
  ASA Version 8.2(5)
  hostname ciscoasa
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  name 10.2.3.0 baghdad
  name 195.112.215.16 CyberiaNetwork
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  switchport access vlan 3
  interface Ethernet0/3
  switchport access vlan 3
  interface Ethernet0/4
  switchport access vlan 3
  interface Ethernet0/5
  switchport access vlan 3
  interface Ethernet0/6
  switchport access vlan 3
  interface Ethernet0/7
  switchport access vlan 3
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.3.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 81.90.22.188 255.255.255.248
  interface Vlan3
  no forward interface Vlan1
  nameif voice
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  ftp mode passive
  dns domain-lookup inside
  dns domain-lookup outside
  dns server-group DefaultDNS
  name-server 83.138.175.26
  name-server 50.56.16.2
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object-group service DM_INLINE_SERVICE_1
  service-object ip
  service-object tcp
  service-object icmp echo-reply
  service-object tcp eq h323
  access-list outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.1.3.0 255.255.255.0
  access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 10.1.3.0 255.255.255.0 192.168.1.0 255.255.255.0
  access-list outside_access_in extended permit icmp any any echo-reply
  access-list voice_access_in extended permit ip any any
  access-list voice_access_in extended permit ip 10.1.3.0 255.255.255.0 192.168.1.0 255.255.255.0
  access-list voice_nat0_outbound extended permit ip any any
  access-list voice_access_in_1 extended permit ip 10.1.3.0 255.255.255.0 any
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  mtu voice 1500
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any outside
  icmp permit any voice
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0 dns
  nat (voice) 0 access-list voice_nat0_outbound
  access-group outside_access_in in interface outside
  access-group voice_access_in_1 in interface voice control-plane
  access-group voice_access_in in interface voice
  route outside 0.0.0.0 0.0.0.0 81.90.22.185 1
  route outside 10.1.3.0 255.255.255.0 81.90.22.185 1
  route outside CyberiaNetwork 255.255.255.240 81.90.22.185 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  http 192.168.3.0 255.255.255.0 inside
  http CyberiaNetwork 255.255.255.240 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec security-association lifetime seconds 3600
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto map outside_map 20 match address outside_1_cryptomap
  crypto map outside_map 20 set pfs
  crypto map outside_map 20 set peer 195.112.215.19
  crypto map outside_map 20 set transform-set ESP-DES-SHA
  crypto map outside_map interface outside
  crypto ca trustpoint _SmartCallHome_ServerCA
  crl configure
  crypto ca certificate chain _SmartCallHome_ServerCA
  certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
      308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
      0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
      30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
      13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
      0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
      20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
      65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
      65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
      30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
      30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
      496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
      74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
      68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
      3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
      63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
      0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
      a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
      9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
      7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
      15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
      63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
      18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
      4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
      81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
      db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
      7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
      ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
      45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
      2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
      1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
      03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
      69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
      02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
      6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
      c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
      69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
      1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
      551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
      1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
      2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
      4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
      b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
      6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
      481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
      b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
      5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
      6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
      6c2527b9 deb78458 c61f381e a4c4cb66
    quit
  crypto isakmp identity address
  crypto isakmp enable outside
  crypto isakmp policy 5
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  management-access voice
  dhcpd auto_config outside
  dhcpd address 192.168.3.5-192.168.3.36 inside
  dhcpd auto_config outside vpnclient-wins-override interface inside
  dhcpd enable inside
  dhcprelay timeout 60
  vpnclient server 109.224.18.242
  vpnclient mode network-extension-mode
  vpnclient nem-st-autoconnect
  vpnclient vpngroup MGvilla password *****
  vpnclient username rami password *****
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  group-policy GroupPolicy2 internal
  group-policy GroupPolicy2 attributes
  vpn-tunnel-protocol IPSec
  tunnel-group 195.112.215.19 type ipsec-l2l
  tunnel-group 195.112.215.19 ipsec-attributes
  pre-shared-key *****
  isakmp keepalive disable
  prompt hostname context
  call-home reporting anonymous
  Cryptochecksum:fde05056fe6d738c0b99552721973ac6
  : end
  ASA 5510
  Result of the command: "sh run"
  : Saved
  ASA Version 8.2(1)
  hostname ciscoasa
  domain-name Luna
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  name 195.112.215.17 Cyberiaip
  name 82.146.160.65 RouterCyberia
  name 10.1.15.6 test
  name 10.1.5.20 server
  name 10.2.3.0 VILLA
  dns-guard
  interface Ethernet0/0
  nameif Cyberia
  security-level 0
  ip address 195.112.215.19 255.255.255.240
  interface Ethernet0/1
  nameif ServerVpn
  security-level 100
  ip address 10.1.5.234 255.255.255.0
  interface Ethernet0/2
  nameif VPN
  security-level 100
  ip address 10.1.3.198 255.255.255.0
  interface Ethernet0/3
  nameif Inside2
  security-level 100
  ip address 192.168.0.1 255.255.255.0
  interface Management0/0
  nameif management
  security-level 100
  ip address 192.168.2.1 255.255.255.0
  management-only
  ftp mode passive
  clock timezone EEST 2
  clock summer-time EEDT recurring last Sun Mar 0:00 last Sun Oct 0:00
  dns domain-lookup Cyberia
  dns domain-lookup ServerVpn
  dns domain-lookup Inside2
  dns server-group Backup
  name-server 8.8.8.8
  dns server-group DefaultDNS
  name-server 4.2.2.2
  domain-name Luna
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object-group service DM_INLINE_SERVICE_1
  service-object ip
  service-object icmp echo-reply
  object-group service DM_INLINE_SERVICE_2
  service-object tcp
  service-object icmp
  service-object tcp eq h323
  service-object ip
  service-object icmp echo-reply
  object-group service DM_INLINE_SERVICE_3
  service-object ip
  service-object tcp
  service-object icmp echo-reply
  service-object tcp eq h323
  object-group service DM_INLINE_SERVICE_4
  service-object ip
  service-object tcp
  service-object icmp echo-reply
  service-object tcp eq h323
  object-group service DM_INLINE_SERVICE_5
  service-object ip
  service-object icmp
  service-object tcp
  service-object icmp echo-reply
  service-object tcp eq h323
  access-list MGVoice_splitTunnelAcl standard permit 10.1.3.0 255.255.255.0
  access-list Cyberia_access_in extended permit object-group DM_INLINE_SERVICE_3 VILLA 255.255.255.0 10.1.3.0 255.255.255.0
  access-list Cyberia_access_in extended permit object-group DM_INLINE_SERVICE_4 192.168.1.0 255.255.255.0 10.1.3.0 255.255.255.0
  access-list server_splitTunnelAcl standard permit 10.1.5.0 255.255.255.0
  access-list Guardia_access_in extended permit object-group DM_INLINE_SERVICE_1 any any
  access-list Accounting_access_in extended permit icmp any any echo-reply
  access-list Voice_nat0_outbound extended permit ip 10.1.3.0 255.255.255.0 10.1.3.192 255.255.255.192
  access-list Voice_nat0_outbound extended permit ip 10.1.3.0 255.255.255.0 any
  access-list Cyberia_1_cryptomap extended permit ip 10.1.3.0 255.255.255.0 VILLA 255.255.255.0
  access-list VPN_nat0_outbound extended permit object-group DM_INLINE_SERVICE_5 any any
  access-list VPN_nat0_outbound extended permit ip 10.1.3.0 255.255.255.0 192.168.1.0 255.255.255.0
  access-list VPN_nat0_outbound extended permit ip 10.1.3.0 255.255.255.0 VILLA 255.255.255.0
  access-list VPN_nat0_outbound extended permit ip 10.1.3.0 255.255.255.0 10.1.3.192 255.255.255.192
  access-list VPN_nat0_outbound extended permit ip 10.1.3.0 255.255.255.0 10.1.3.224 255.255.255.224
  access-list Voice_splitTunnelAcl_5 standard permit 10.1.3.0 255.255.255.0
  access-list MGserver_splitTunnelAcl standard permit 10.1.5.0 255.255.255.0
  access-list ServerVpn_nat0_outbound extended permit ip 10.1.5.0 255.255.255.0 10.1.5.192 255.255.255.192
  access-list ServerVpn_nat0_outbound extended permit ip any any
  access-list ServerVpn_nat0_outbound extended permit ip 10.1.5.0 255.255.255.0 10.1.5.240 255.255.255.240
  access-list test_splitTunnelAcl standard permit 10.1.5.0 255.255.255.0
  access-list mgvoice_splitTunnelAcl standard permit 10.1.3.0 255.255.255.0
  access-list VPN_access_in extended permit object-group DM_INLINE_SERVICE_2 any any
  access-list VPN_nat0_outbound_1 extended permit ip 10.1.3.0 255.255.255.0 192.168.1.0 255.255.255.0
  access-list VPN_nat0_outbound_1 extended permit ip 10.1.3.0 255.255.255.0 VILLA 255.255.255.0
  access-list Cyberia_cryptomap_20 extended permit ip 10.1.3.0 255.255.255.0 192.168.1.0 255.255.255.0
  access-list Cyberia_access_in_1 extended permit ip 192.168.1.0 255.255.255.0 any
  access-list Cyberia_access_in_1 extended permit ip VILLA 255.255.255.0 any
  pager lines 24
  logging enable
  logging asdm informational
  logging from-address [email protected]
  logging rate-limit 50 15 level 4
  mtu Cyberia 1500
  mtu ServerVpn 1500
  mtu VPN 1500
  mtu Inside2 1500
  mtu management 1500
  ip local pool Vocie 10.1.3.235-10.1.3.245 mask 255.255.255.0
  ip local pool test 10.1.5.241-10.1.5.254 mask 255.255.255.0
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any Cyberia
  icmp permit any VPN
  asdm history enable
  arp timeout 14400
  global (Cyberia) 1 interface
  nat (VPN) 0 access-list VPN_nat0_outbound_1
  access-group Cyberia_access_in_1 in interface Cyberia control-plane
  access-group Cyberia_access_in in interface Cyberia
  access-group VPN_access_in in interface VPN
  router rip
  route Cyberia 0.0.0.0 0.0.0.0 Cyberiaip 1
  route VPN 0.0.0.0 0.0.0.0 10.1.3.2 2
  route Cyberia 81.90.22.184 255.255.255.248 Cyberiaip 1
  route Cyberia 192.168.1.0 255.255.255.0 Cyberiaip 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.2.0 255.255.255.0 management
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-AES128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ASA-IPSEC esp-des esp-sha-hmac
  crypto ipsec transform-set VILLA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set OFFICE esp-aes esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map Cyberia_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map Cyberia_map1 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map Lunasat_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map MAP-OUTSIDE 1 match address Cyberia_1_cryptomap
  crypto map MAP-OUTSIDE 1 set pfs
  crypto map MAP-OUTSIDE 1 set peer 109.224.18.242
  crypto map MAP-OUTSIDE 1 set transform-set VILLA
  crypto map MAP-OUTSIDE 1 set security-association lifetime seconds 3600
  crypto map MAP-OUTSIDE 20 match address Cyberia_cryptomap_20
  crypto map MAP-OUTSIDE 20 set pfs
  crypto map MAP-OUTSIDE 20 set peer 81.90.22.188
  crypto map MAP-OUTSIDE 20 set transform-set VILLA
  crypto map MAP-OUTSIDE 20 set security-association lifetime seconds 3600
  crypto map MAP-OUTSIDE 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map MAP-OUTSIDE interface Cyberia
  crypto ca server
  shutdown
  smtp from-address [email protected]
  crypto isakmp identity address
  crypto isakmp enable Cyberia
  crypto isakmp policy 5
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 28800
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  management-access VPN
  vpn load-balancing
  interface lbpublic Cyberia
  interface lbprivate ServerVpn
  threat-detection basic-threat
  threat-detection statistics port
  threat-detection statistics protocol
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  enable Cyberia
  enable VPN
  enable Inside2
  group-policy DfltGrpPolicy attributes
  vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
  group-policy server internal
  group-policy server attributes
  dns-server value 4.2.2.2 8.8.8.8
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value server_splitTunnelAcl
  group-policy Voice internal
  group-policy Voice attributes
  dns-server value 4.2.2.2 8.8.8.8
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value Voice_splitTunnelAcl_5
  nem enable
  client-firewall none
  group-policy MGserver internal
  group-policy MGserver attributes
  dns-server value 4.2.2.2 8.2.2.2
  vpn-tunnel-protocol IPSec l2tp-ipsec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value MGserver_splitTunnelAcl
  group-policy MGVoice internal
  group-policy MGVoice attributes
  dns-server value 4.2.2.2 8.8.8.8
  vpn-tunnel-protocol IPSec l2tp-ipsec svc
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value MGVoice_splitTunnelAcl
  group-policy mgvoice internal
  group-policy mgvoice attributes
  dns-server value 4.2.2.2 8.8.8.8
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value mgvoice_splitTunnelAcl
  username test password k83iXWPan0Gg1s04 encrypted privilege 0
  username test attributes
  vpn-group-policy Voice
  username guardiairaq password espwxXvOvtn.9lWp encrypted privilege 0
  username guardiairaq attributes
  vpn-group-policy server
  username George password Z/rrvuow9WD495rt encrypted privilege 0
  username George attributes
  vpn-group-policy Voice
  username Mohammad password WeG4Vh8yUivCpxGJ encrypted privilege 0
  username Mohammad attributes
  vpn-group-policy Voice
  username MohammadD password WeG4Vh8yUivCpxGJ encrypted privilege 0
  username MohammadD attributes
  vpn-group-policy server
  username Rami password Ap6uwufXoaDJPqK5 encrypted privilege 0
  username Rami attributes
  vpn-group-policy Voice
  username Ziad password JhgChsUSmHfac4nL encrypted privilege 0
  username Ziad attributes
  vpn-group-policy Voice
  username Rabih password spWUrnXW1ECf5.vf encrypted privilege 0
  username Rabih attributes
  vpn-group-policy Voice
  username Bassam password Us/9IhMANcKhz/ab encrypted privilege 0
  username Bassam attributes
  vpn-group-policy Voice
  username Peter password DqbletTihLO7nNEm encrypted privilege 0
  username Peter attributes
  vpn-group-policy Voice
  username server password vfxKzw279fclgSJI encrypted privilege 0
  username server attributes
  vpn-group-policy server
  username Walid password APoN6.aEe2870Ndh encrypted privilege 0
  username Walid attributes
  vpn-group-policy Voice
  username Walidserver password APoN6.aEe2870Ndh encrypted privilege 0
  username Walidserver attributes
  vpn-group-policy server
  username bernard password V/Fqxj2ERUtY84vU encrypted privilege 0
  username bernard attributes
  vpn-group-policy Voice
  username Vanity password 8v6Sr1IM6EXcsg20 encrypted privilege 0
  username Vanity attributes
  vpn-group-policy server
  username Hani password 0FhVusN7CyzoUnZ9 encrypted privilege 0
  username Hani attributes
  vpn-group-policy Voice
  username Ahmad password 1Vqu92EEjwYw4N.6 encrypted privilege 0
  username Ahmad attributes
  vpn-group-policy Voice
  username Elias password FEvweu59nheZBOqM encrypted privilege 0
  username Elias attributes
  vpn-group-policy Voice
  username Elie password Dm9wg5M.rlquePYM encrypted privilege 0
  username Elie attributes
  vpn-group-policy Voice
  username Charles password 0mvBLjD9oOlpXvWM encrypted privilege 0
  username Charles attributes
  vpn-group-policy Voice
  username Tony password k1lDmGM/jEHSwgiu encrypted privilege 0
  username Tony attributes
  vpn-group-policy Voice
  username Chadi password x4YJISOa3GY9pG0r encrypted privilege 0
  username Chadi attributes
  vpn-group-policy Voice
  username tonyb password sUb7eW6f55MDItCG encrypted privilege 0
  username tonyb attributes
  vpn-group-policy Voice
  username Tino password onkxSs5qbJYmlepW encrypted privilege 0
  username Tino attributes
  vpn-group-policy server
  username Rony password 37Hk2MJVRsiTwC11 encrypted privilege 0
  username Rony attributes
  vpn-group-policy Voice
  username AliA password 4T3JfuTi1E0msmx4 encrypted privilege 0
  username AliA attributes
  vpn-group-policy Voice
  username RonyG password 37Hk2MJVRsiTwC11 encrypted privilege 0
  username RonyG attributes
  vpn-group-policy server
  username Aldo password Cq/XUHIHnvc9Ke1x encrypted privilege 0
  username Aldo attributes
  vpn-group-policy Voice
  username Antoine password rJ4Y1txcY1fuURtk encrypted privilege 0
  username Antoine attributes
  vpn-group-policy Voice
  tunnel-group DefaultL2LGroup ipsec-attributes
  isakmp keepalive disable
  tunnel-group MGVoice type remote-access
  tunnel-group MGVoice general-attributes
  address-pool Vocie
  default-group-policy MGVoice
  tunnel-group MGVoice ipsec-attributes
  pre-shared-key *
  tunnel-group server type remote-access
  tunnel-group server general-attributes
  address-pool test
  default-group-policy server
  tunnel-group server ipsec-attributes
  pre-shared-key *
  tunnel-group mgvoice type remote-access
  tunnel-group mgvoice general-attributes
  address-pool Vocie
  default-group-policy mgvoice
  tunnel-group mgvoice ipsec-attributes
  pre-shared-key *
  tunnel-group 109.224.18.242 type ipsec-l2l
  tunnel-group 109.224.18.242 ipsec-attributes
  pre-shared-key *
  isakmp keepalive disable
  tunnel-group 81.90.22.188 type ipsec-l2l
  tunnel-group 81.90.22.188 ipsec-attributes
  pre-shared-key *
  isakmp keepalive disable
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map type inspect im MSNBlock
  parameters
  match service chat conference file-transfer games voice-chat webcam
    drop-connection log
  prompt hostname context
  Cryptochecksum:772d567a5ee1458daec08caad6009da9
  : end

  I have added the permit any any on the outside and vpn interfaces of both ASAs. I also change the source and destination of the nat exempt rule to any any.

• Network shares of folks not on my local network showing up

  Folks,
  Recently did a fresh install of Leopard on my macbook pro. I'm now finding that at random times, other folks' mac machines are appearing in my finder window (under the right-hand menus). Now none of these machines are on my local home network - in fact, after looking up county tax records, these machines belong to folks that live up to a radius of 3 miles away! Considering all my internet traffic flows through my home router and I block ALL ports except 80 (and a few other ports for my VOIP phone), I'm really concerned that I can see their machines and I'm guessing, they can see mine.
  When I navigate to their machines, thankfully I can only see their publicly shared folder which typically contains nothing, but from a security standpoint I'm concerned that the machines are even visible at all! Is anyone else experiencing this? I know that with Leopard, finding other macs on your local network is now a breeze, but surely finding macs on OTHER networks cannot be a feature! Ok - even if this is a feature, how do I turn it off? I don't want anyone NOT on my local lan even knowing my machine exists...

  kb1 - I know you're trying to help but let me make it very clear so there is no ambiguity. I'm actually very very anal when it comes to wireless security. Nothing is allowed on my network that isn't pre-set up in my mac address filter list. I regularly check access to my network by removing a laptop from my pre-approved list and clearing out its WPA credentials. Getting on my network without a physical connection would require cracking my WPA encryption AND mac address spoofing. Not an easy feat in a suburban neighborhood. My network is not allowing any unathorized access via the wireless capability of the router.
  I'm smart enough to know there is a **** of alot I don't know - therefore I am willing to concede that the Macbook's wireless card could be trying to make ad-hoc connections with other non-lan machines while it is connected to my infrastructure, but that in itself would seem like a bug to me, not a feature.

• Unable to hit URL's on my local network.

  I'm currently unable to hit websites residing in my test environment.  Security is tight and there is no way to open the proxy / FW to allow an external service to hit our test network.
  Is there a way I can download or buy BrowserLab so I may install this locally for me and my company to use for internal testing?
  Thanks,
  M

  Hi M,
  You can't download or install BL locally because all of the code we have in regards to taking screenshots resides on our servers "in the cloud". And trust me, you don't want to have to deal with all that server configuration and maintenance
  There are, however, a few other ways you can use BrowserLab to test sites that are behind a firewall. Your options are:
  Get your company IT to whitelist our egress IP addresses (216.104.220.193 & 192.150.3.7) so that our servers can reach into your network and see the pages.
  Use our Dreamweaver integration extension in CS5 to test local content. Install DW, set up your site, open up the BL extension, choose Preview Local Content and we'll upload the pages and assets to our servers so we can take screenshots there. Your assets will not be accessible to anyone but you and will be deleted within 5 minutes.
  Use Firefox, Firebug, and our BrowserLab for Firebug add-on to test local content in a similar way to what you can do with Dreamweaver in #2. You can find instructions and download links here: http://forums.adobe.com/thread/786305?tstart=0
  Hopefully one of those ways will work for you.
  Thanks,
  Mark