Setting up reverse telnet for 1900 witch access
Hey all - I set up a lab to mess around with at home. The switch is an ancient dinosaur, but still it gives me something to mess with.
Does the 1900 xswitch support a reverse telnet port? Anything I need to be aware of in configuring the line? I can telnet to the management port on the switch. I can attach a console cable and connect to the console port. I tried setting up a 2509 router with an Octal cable for access. It works for reverse telnet to my other Cisco routers, but I get "% Connection refused by remote host" when I try reverse telnet to the switch.
Help!
Thanks for the info. I verified the line:
Swi1900-A#sh line
RS-232 configuration:
9600 baud, 8 data bits, 1 stop bits, None parity
Autobaud: Enabled
Modem dialin: Enabled
Idle time-out: 0
Modem Init String:
Silent time: 0
Password Threshold: 3
I know on the routers I needed to configure login. I don't see that option when configuring console on the 1900.
1900 line options:
Swi1900-A(config)#line cons
Swi1900-A(config-line)#?
Line configuration commands:
autobaud Match remote baud-rate
databits Set number of data bits per character
exit Exit from line configuration mode
help Description of the interactive help system
modem Configure the modem control lines
no Negate a command or set its defaults
parity Set terminal parity
password-thresh Configure the maximum password threshold
silent-time Configure the silent time on login intrusion
speed Set transmit and receive speeds
stopbits Set asynch line stop bits
time-out Configure the line idle time-out period
The switch is running pretty ancient IOS. Do you know off-hand if I would need to configure login on the console port, and if that option is available on more recent IOS? I'm running:
Cisco Catalyst 1900/2820 Enterprise Edition Software
Version V9.00.05
Copyright (c) Cisco Systems, Inc. 1993-1999
Swi1900-A uptime is 1day(s) 08hour(s) 45minute(s) 07second(s)
cisco Catalyst 1900 (486sxl) processor with 2048K/1024K bytes of memory
Hardware board revision is 5
Upgrade Status: No upgrade currently in progress.
Config File Status: No configuration upload/download is in progress
15 Fixed Ethernet/IEEE 802.3 interface(s)
Base Ethernet Address: 00-04-27-A8-3E-80
Similar Messages
-
Setting apache reverse proxy for EP6SP2
Hi friends,
I want to set apache reverse proxy for EP6SP2. But after doing the following changes, it is showing the SAP J2EE Engine documentation page.
The following changes has been dont to httpd.conf:
NameVirtualHost 1.1.1.1:80
<VirtualHost 1.1.1.1:80>
ProxyRequests Off
ServerName ep6.xyz.com
ProxyPreserveHost On
proxyPass / http://ep6.xyz.com:50000/
proxyPassReverse / http://ep6.xyz.com:50000/
ErrorLog logs/base.80.error.log
CustomLog logs/base.80.custom.log common
</VirtualHost>
Help needed.
Regards,
NilzHi,
I have a problem with my proxy:
ssl.conf.in like
ProxyPass /irj http://debmsu06.server.###.de:50300/irj
ProxyPassReverse /irj http://debmsu06.server.###.de:50300/irj
RewriteRule ^/$ /irj/portal [R]
If I use URL:
https://bebuyer.###.de/ goto https://bebuyer.###.de/irj/portal
but if I use
https://bebuyer.###.de/irj/
I get the info:
https://bebuyer.###.de/irj/HTTPS:/bebuyer.###.de:443/irj/index.html
What is happened? How I can redirect to /irj/portal?
Of course I can use
http://debmsu06.server.###.de:50300/irj/
Could you please give me some tips?
Best Thanks!
Heren Zhou -
Setting up MX Record for External email Access
To All,
I'm having trouble getting mail sent from external users to email accounts setup on my internally hosted server.
I have setup my server in a Standard Configuration using the following format for my FQDN:
server.mydomain.com (not real name)
I have checked both Primary Zone and Reverse Zone and both check fine.
I can send and receive email, while connected within my local domain, between users I have setup on my server using the format:
[email protected]
I can send email from inside the network to an outside email account, but cannot receive email from any users outside.
I have POP, IMAP, and SMTP ports (110, 143, and 25, respectively) all forwarded to my server thru my AEBS.
Consulting the setup guides, I have found these references to editing the MX record to allow for external email access using the [email protected] format:
+"If you don’t want to use your server’s fully qualified DNS name for users’ email addresses, the+
+DNS service must also include an MX record for your server. For example, if your server’s DNS+
+name is myserver.example.com and you want to have email addresses like [email protected],+
+the DNS service needs an MX record for your server."+....from the Installation and Setup Worksheet, page 15.
also
+"If you want users to be able to send and receive mail over the Internet, make sure DNS+
+service is set up with the appropriate MX records for Mail service:+
+A. If you have an ISP that provides DNS service to your network, contact the ISP and+
+have the ISP set up MX records for you. Your ISP needs to know your mail server’s+
+DNS name (such as mail.example.com) and your server’s IP address."+...from the Mail Service Admin page 22.
My question is...how does the MX record need to be set up?
Like this?
10 @ mydomain.com
Thanks for your help,
SteveCamelot,
Thanks for replying.
1) What format do you want your users' email address in? (e.g. [email protected], >[email protected], [email protected], etc.)
I want my users to have a [email protected] email address.
I set up an A record as you suggested:
mail.mydomain.com A 1.2.3.4
My MX record was setup:
mydomain.com 10 mail.mydomain.com
However, I am still getting returned email from outside users. They are getting the following error:
+This is an automatically generated Delivery Status Notification+
+Delivery to the following recipient failed permanently:+
[email protected]
+Technical details of permanent failure:+
+Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 554 554 5.7.1 <[email protected]>: Relay access denied (state 14).+
Checking the Server Logs for IMAP I am getting these errors:
+Jan 21 12:11:34 server imap[44121]: AOD: user opts: get attributes for user: user failed with error: -14479+
+Jan 21 12:25:18 server imap[44236]: AOD: user opts: get attributes for user: user failed with error: -14479+
+Jan 21 12:31:46 server imap[44473]: AOD: user opts: get attributes for user: user failed with error: -14479+
+Jan 21 12:32:49 server imap[44499]: AOD: crypt authentication error: authentication failed for user: username (-14090)+
+Jan 21 12:37:06 server imap[44598]: AOD: user opts: get attributes for user: user failed with error: -14479+
+Jan 21 12:49:39 server imap[44520]: AOD: user opts: get attributes for user: user failed with error: -14479+
+Jan 21 13:01:51 server imap[45049]: AOD: user opts: get attributes for user: user failed with error: -14479+
+Jan 21 13:11:58 server imap[385]: AOD: user opts: get attributes for user: user failed with error: -14479+
When I try and use an online MX Record checker to check the MX record, it says the mail.mydomain.com record is invalid.
It's not until I change my MX record back to:
+@ 10 mydomain.com+
will the MX record show valid.
Network Utility scans show the following with the MX record set to @ 10 mydomain.com:
++; <<>> DiG 9.4.2-P2 <<>> mydomain.com mx +multiline +nocomments +nocmd +noquestion +nostats search+
++;; global options: printcmd++
++wekrugs.com. 3600 IN SOA server.mydomain.com. admin.mydomain.com. (++
++ 2009011900 ; serial++
++ 86400 ; refresh (1 day)++
++ 3600 ; retry (1 hour)++
++ 604800 ; expire (1 week)++
++ 3600 ; minimum (1 hour)++
++ )++
If I have it set up the way you suggested, the Network Utility and MX Checker reports that the NameServers don't respond to the entered MX record name.
Thanks again for your help,
Steve -
Set up reverse DNS for virtual mail hosting
I need a bit of server configuation advice.
I have a static IP and two public domains on a Snow Leopard server connected using NAT behind a firewall - with the necessary port forwarding to ensure all works.
1. abc.com is my primary domain on the server - server.abc.com
2. I have xyz.com set up as a virtual domain and also as a virtual mail host
This setup has worked well for a long time but I have found that emails to [email protected] are going missing. If I check my mx records using one of the web based tools it show an error on the reverse dns for server.xyz.com showing a reverse DNS of server.abc.com.
So the question - is it possible to have secondary 'virtual' DNS record on the server so reverse DNS works for the virtual mail host xyz.com? If not how do I handle the reverse DNS problem which i think is causing some external mail server to reject mail due to the inconsistency on the reverse DNS lookup?
Many thanks for any suggestionsSMTP requires a DNS A record.
A DNS A record is also known as a machine record.
A DNS A record inherently means that forward DNS and reverse DNS will match.
The forward translation translates the host name to the IP address.
The reverse translation translates the IP address to host name.
When the full translation produces the same host name, that's an A record.
DNS CNAME records are aliases, and are used for virtual hosts.
CNAME records inherently do not match the reverse DNS translations.
To get your configuration to work, your server must have an A record.
That means forward and reverse DNS will match.
Any of the virtual hosts within your mail server then all use an MX pointing at the A record host.
If you have your DNS hosted somewhere other than your ISP, then you'll need your ISP to set up a DNS PTR.
The DNS PTR is the reverse translation; address to name.
If you have your own DNS services within your network (as would be typical with a privately-addressed NAT'd network), set that up as a virtual host within SMTP.
Here is some related reading on external (public) DNS, as related to SMTP servers and such. -
How to set up reverse proxy to allow user access portal site from internet
Hi all,
I have installed 10g(10.1.2.0.2) AS on same machine(single IP for both mid and infra with different users respectively). there is a DMZ on which windows IIS is working through which we need to redirect the request to application server such that users access portal page from internet (within intranet all URLs are working fine). I have went through technet documentation where i found 3 ways : through this link
http://download.oracle.com/docs/cd/B14099_19/core.1012/b13998/variants.htm
Section 9.2.1.1, "Configuring OracleAS Web Cache as a Reverse Proxy"
Section 9.2.1.2, "Configuring the Oracle HTTP Server as a Reverse Proxy"
Section 9.2.1.3, "Configuring Internet Information Services as a Reverse Proxy"
I am confused to which option to use. Also i went through the metalink document 270160.1
Please help me which option to choose to do this.
Thanks.Hi Hozy,
May be it's too late, I am thinking to go in the same route for our sap portal access to external customers. Please can you share your experience , like what are the challenges have you faced? what is the complexity? what are all the resources we need to configure this?
I appreciate your feedback.
Thanks
Krish -
How to turn off "DEBUG SOURCE=cs Setting status to 304 for file=" in access.log
I see this entry in the log file every few seconds. How can I turn this OFF? I
can set the EnableLogfile to false but then I don't get any logs. We are running
WLS 5.1.
Regards,
Pat.Pat:
I dont see this string appearing anywhere in the src in any version of th
510 line (all Sp's included).
What version of 5.1? i.e. what SP?
Are you using extended log format? Did a developer write a custom elf logger
package?
What are the ELF headers at the top of the access.log?
Cheers
mbg
"Pat" <[email protected]> wrote in message
news:[email protected]..
>
I see this entry in the log file every few seconds. How can I turn thisOFF? I
can set the EnableLogfile to false but then I don't get any logs. We arerunning
WLS 5.1.
Regards,
Pat. -
Reverse Proxy for SharePoint 2013
Hi,
I need to setup SharePoint 2013 environment which needs to be accessible from mobile devices e.g. iPAD/Android, for reverse proxy, I am looking at apache or IIS ARR since UAG is going to be deprecated. So far any one setup apache (on
RHEL 6.x)
or IIS ARR(on W2K8R2) successfully as reverse proxy for SharePoint 2013 access? Is there any issue? and which SharePoint authentication method should be configured?
Must is be Form based authentication? As I read some articles it seems ARR supports Windows authentication. Thanks in advance.IIS ARR doesn't authenticate users, it is a pass-through (unlike UAG which can do auth or anon). Both IIS AAR and the new Web Proxy Role in Server 2012 R2 do not work with SharePoint 2013 Apps.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
How to set the connection parameters for SQL
How to set the connection parameters for SQL to access the MS Access database
Attachments:
Quick_SQL.vi 21 KB
Doc1.doc 45 KB
db1.mdb 112 KBRight-click the WINDOWS desktop, choose New->Microsoft Data Link. That will bring up a dialog that allows you to configure and test your database connection. You might connect to the Access database via ODBC or directly via Jet Engine. The Jet Enginge saves you the trouble of creating an ODBC connection on your PC. After you leave the dialog, the "data link" will show up on your desktop as text file. Open it and copy-paste the connection string to your VI.
This webpage is an excellent resource for connection strings: http://www.able-consulting.com/ADO_Conn.htm
If your application requires users to change the database connection at runtime, you can also include the dialog via ActiveX (MSDASC.IDataSourceLocator). -
IP address conflict help and setting up security code for access
Hi folks, I am about as non-technical as one can get. So I apologize in advance and thank you guys for your patience as everything you tell me will have to be spelled out for me.
Ques 1: I have one desk top computer with internet access through my cable TV provider. On it I have the Linksys WRT54G wireless router. We use two laptops.
Lately I've been getting an error message on my desktop saying there is an IP Address that is in conflict. My son often gets booted off line (on laptop) and so I'm guessing maybe it is his laptop that is in conflict. Please help me resolve this issue.
Quest 2: I would like to set up a security code for our wireless access so that other people will not be able to intrude upon our signal. Can someone walk me through this as well?
Thank you so much!
-Jen in NJThe most common reason to get two identical IP addresses, is if you are using fixed LAN IP addresses incorrectly on your system.
Do you already use any fixed LAN IP addresses? If so, please state what fixed LAN IP addresses you are using, and also state your DHCP server range.
Rules for using fixed LAN IP addresses on Linksys routers:
With Linksys routers, a fixed (static) LAN IP addresses must be assigned in the device that is using the address. So you need to enter the fixed address in the computer or printer, not in the router.
When using a Linksys router, any fixed LAN IP address must be outside the DHCP server range (typically 192.168.1.100 thru 192.168.1.149), and it cannot end in 0, 1, or 255.
Therefore any fixed LAN IP address would normally need to be in the range of
192.168.1.2 thru 192.168.1.99 or
192.168.1.150 thru 192.168.1.254
assuming you are still using the default DHCP server range.
Also, in the computer, when you set up a static LAN IP address, you would need to set the "Subnet mask" to 255.255.255.0 and the "Default Gateway" to 192.168.1.1 and "DNS server" to 192.168.1.1
It is also important that no two devices on your network be set to the same static LAN IP address.
Check all of your static LAN IP addresses. If you have violated any of the above rules for static LAN IP addresses, it could be the cause for your problem, and you should fix it before attempting any other router repairs or changes.
********* Wireless Security **********
Brfore proceeding with wireless security, you must get your IP address conflict problem solved. Please do the above first.
To set up wireless security, you must use a computer that is wired to the router.
Where to find the router settings: The router's login password is usually on one of the "Administration" pages. The other settings are all found in the "Wireless" or the "Security" section of the router's setup pages, located at 192.168.1.1
First, give your router a unique SSID. Don't use "linksys".
Make sure "SSID Broadcast" is set to "enabled".
Next, leave the router at its default wireless settings (except for the unique SSID), and then use your pc to connect wirelessly to the router. Test your wireless Internet connection and make sure it is working correctly. You must have a properly working wireless connection before setting up wireless security.
To implement wireless security, you need to do one step at a time, then verify that you can still connect your wireless computer to the router.
Next, encrypt your wireless system using the highest level of encryption that all of your wireless devices will support. Common encryption methods are:
WEP - poor (see note below)
WPA (sometimes called PSK, or WPA with TKIP) - good
WPA2 (sometimes called PSK2, or WPA with AES) - best
WPA and WPA2 sometimes come in versions of "personal" and "enterprise". Most home users should use "personal". Also, if you have a choice between AES and TKIP, and your wireless equipment is capable of both, choose AES. With any encryption method, you will need to supply a key (sometimes called a "password" ).
The wireless devices (computers, printers, etc.) that you have will need to be set up with the SSID, encryption method, and key that matches what you entered in the router.
Retest your system and verify that your wireless Internet connection is still working correctly.
And don't forget to give your router a new login password.
Picking Passwords (keys): You should never use a dictionary word as a password. If you use a dictionary word as a password, even WPA2 can be cracked in a few minutes. When you pick your login password and encryption key (or password or passphrase) you should use a random combination of capital letters, small letters, and numbers, but no spaces. A login password, should be 12 characters or more. WPA and WPA2 passwords should be at least 24 characters. Note: Your key, password, or passphrase must not have any spaces in it.
Most home users should have their routers set so that "remote management" of the router is disabled. If you must have this option enabled, then your login password must be increased to a minumum of 24 random characters.
One additional issue is that Windows XP requires a patch to run WPA2. The patch is located in SP3, so you will need SP3 to run WPA2 in Win XP. Vista already supports WPA2.
Note:
WEP is no longer recommended. The FBI has demonstrated that WEP can be cracked in just a few minutes using software tools that are readily available over the Internet. Even a long random character password will not protect you with WEP. You should be using WPA or preferably WPA2 encryption. -
Proxy Setting for Multiple WiFi Access Points
I'm getting ready to roll out 30 iPads in a school setting. They are going to be on a cart that teachers will be able to check out for class use, but will be returned to the computer lab each evening. This creates a problem.
Throughout the building, we have several WiFi access points - next year we will have an access point in each classroom. And of course we connect through a proxy server so that the district can block various wbsites. As I am setting up my iPad to connect to each access point, I have to set the proxy server address for the access point; I would really like to be able to simply say "This is my proxy server address and port for EVERY WiFi access point in the building." and be done with it. I haven't been able to find a way to do this -- it looks like I have to configure each access point individually.
Am I just missing something (I hope)?I suspect you have the D-Link set up to make its network an entirely new subnet using NAT.
If you setup the D-Link as a bridge to the network created by the Extreme, things may work properly.
You may need to refer to the D-Link documentation to find out the proper way to do this. -
I have set up an Apple ID for my child who is under 13. I did not get the steps to set up the password for the ID. How do I do that now. The family sharing has sent an email notification to the email by how do I access it to accept.
Thanks.Hey Lori,
You can set or change the password for an Apple ID by following the steps in this article -
Apple ID: Changing your password - Apple Support
Thanks for using Apple Support Communities.
Be well,
Brett L -
Setting Up Time Capsule for External Access
Hello all,
I am trying to set up my Time Capsule to be accessed without local Wi-Fi. I can use Back to My Mac to access the Time Capsule from my iMac, but not from my iPhone as Back to My Mac isn't intergrated into iOS. I use File Browser on my iPhone to access my TC from LAN, and it seems likely the TC can also be accessed through 4G using File Browser, too.
My first question is, can the Time Capsule be accessed through the internet (by port forwarding or something)?
Second question if the first is possible, how do I do so? (step by step instructions please)
I have the latest model of Time Capsule and AirPort Utility.
Thanks!
- NoahFilebrowser can be used to remotely access the TC.
There are instructions in the filebrowser website.. have you tried those?
http://www.stratospherix.com/support/gsw_timecapsule.php?page=6remote
The one area where I think you might have issues is global domain name.. as that has been problematic.
You really need a static public IP from your ISP for this to be successful.
See Tesserax doco on remote access especially the global domain instructions.
https://discussions.apple.com/docs/DOC-3413
There is a hugely better method BTW..
Buy a vpn router and substitute that for the Time Capsule.. which can then be bridged behind the router.
VPN client is built into iOS and every mainline OS available. It is robust and has far superior security.
Note carefully the method you are going to use with iphone is opening your TC to attack. They have hidden the SMB port, but in reality.. any hacker will one day do a port scan on you and find it open.. no matter what port it is translated to.. at that point your password will be the only thing stopping access to outsider.. and they can often get around that.. or mount Man in the Middle type attack, since passwords in SMB are not secure.
Not that I think a hacker is going to waste their time doing it.. but it is just so you know.. it is fundamentally wrong. -
Setting up my Mac for remote access
Hey! I'm trying to set up, what i guess is a VPN? I'm running a g4 with Mac OSX 10.3.9.
Is there a way i can set it up to give someone remote access to that computers files?I have the same problem. It must be somewhere in the computer, but I can't find it. I look forward to seeing responses to this problem.
Kelly -
Hi everyone,
it's probably just me but I have tried real hard to get a simple AnyConnect setup working in a lab environment on my ASA 5505 at home, without luck. When I connect with the AnyConnect client I get the error message "User not authorized for AnyConnect Client access, contact your administrator". I have searched for this error and tried some of the few solutions out there, but to no avail. I also updated the ASA from 8.4.4(1) to 9.1(1) and ASDM from 6.4(9) to 7.1(1) but still the same problem. The setup of the ASA is straight forward, directly connected to the Internet with a 10.0.1.0 / 24 subnet on the inside and an address pool of 10.0.2.0 / 24 to assign to the VPN clients. Please note that due to ISP restrictions, I'm using port 44455 instead of 443. I had AnyConnect working with the SSL portal, but IKEv2 IPsec is giving me a headache. I have stripped down certificate authentication which I had running before just to eliminate this as a potential cause of the issue. When running debugging, I do not get any error messages - the handshake completes successfully and the local authentication works fine as well.
Please find the current config and debugging output below. I appreciate any pointers as to what might be wrong here.
: Saved
ASA Version 9.1(1)
hostname ASA
domain-name ingo.local
enable password ... encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd ... encrypted
names
name 10.0.1.0 LAN-10-0-1-x
dns-guard
ip local pool VPNPool 10.0.2.1-10.0.2.10 mask 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif Internal
security-level 100
ip address 10.0.1.254 255.255.255.0
interface Vlan2
nameif External
security-level 0
ip address dhcp setroute
regex BlockFacebook "facebook.com"
banner login This is a monitored system. Unauthorized access is prohibited.
boot system disk0:/asa911-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup Internal
dns domain-lookup External
dns server-group DefaultDNS
name-server 10.0.1.11
name-server 75.153.176.1
name-server 75.153.176.9
domain-name ingo.local
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network LAN-10-0-1-x
subnet 10.0.1.0 255.255.255.0
object network Company-IP1
host xxx.xxx.xxx.xxx
object network Company-IP2
host xxx.xxx.xxx.xxx
object network HYPER-V-DUAL-IP
range 10.0.1.1 10.0.1.2
object network LAN-10-0-1-X
access-list 100 extended permit tcp any4 object HYPER-V-DUAL-IP eq 3389 inactive
access-list 100 extended permit tcp object Company-IP1 object HYPER-V-DUAL-IP eq 3389
access-list 100 extended permit tcp object Company-IP2 object HYPER-V-DUAL-IP eq 3389
tcp-map Normalizer
check-retransmission
checksum-verification
no pager
logging enable
logging timestamp
logging list Threats message 106023
logging list Threats message 106100
logging list Threats message 106015
logging list Threats message 106021
logging list Threats message 401004
logging buffered errors
logging trap Threats
logging asdm debugging
logging device-id hostname
logging host Internal 10.0.1.11 format emblem
logging ftp-bufferwrap
logging ftp-server 10.0.1.11 / asa *****
logging permit-hostdown
mtu Internal 1500
mtu External 1500
ip verify reverse-path interface Internal
ip verify reverse-path interface External
icmp unreachable rate-limit 1 burst-size 1
icmp deny any echo External
asdm image disk0:/asdm-711.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network obj_any
nat (Internal,External) dynamic interface
object network LAN-10-0-1-x
nat (Internal,External) dynamic interface
object network HYPER-V-DUAL-IP
nat (Internal,External) static interface service tcp 3389 3389
access-group 100 in interface External
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server radius protocol radius
aaa-server radius (Internal) host 10.0.1.11
key *****
radius-common-pw *****
user-identity default-domain LOCAL
aaa authentication ssh console radius LOCAL
http server enable
http LAN-10-0-1-x 255.255.255.0 Internal
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map External_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map External_map interface External
crypto ca trustpoint srv01_trustpoint
enrollment terminal
crl configure
crypto ca trustpoint asa_cert_trustpoint
keypair asa_cert_trustpoint
crl configure
crypto ca trustpoint LOCAL-CA-SERVER
keypair LOCAL-CA-SERVER
crl configure
crypto ca trustpool policy
crypto ca server
cdp-url http://.../+CSCOCA+/asa_ca.crl:44435
issuer-name CN=...
database path disk0:/LOCAL_CA_SERVER/
smtp from-address ...
publish-crl External 44436
crypto ca certificate chain srv01_trustpoint
certificate <output omitted>
quit
crypto ca certificate chain asa_cert_trustpoint
certificate <output omitted>
quit
crypto ca certificate chain LOCAL-CA-SERVER
certificate <output omitted>
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable External client-services port 44455
crypto ikev2 remote-access trustpoint asa_cert_trustpoint
telnet timeout 5
ssh LAN-10-0-1-x 255.255.255.0 Internal
ssh xxx.xxx.xxx.xxx 255.255.255.255 External
ssh xxx.xxx.xxx.xxx 255.255.255.255 External
ssh timeout 5
ssh version 2
console timeout 0
no vpn-addr-assign aaa
no ipv6-vpn-addr-assign aaa
no ipv6-vpn-addr-assign local
dhcpd dns 75.153.176.9 75.153.176.1
dhcpd domain ingo.local
dhcpd option 3 ip 10.0.1.254
dhcpd address 10.0.1.50-10.0.1.81 Internal
dhcpd enable Internal
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address LAN-10-0-1-x 255.255.255.0
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
dynamic-filter use-database
dynamic-filter enable interface Internal
dynamic-filter enable interface External
dynamic-filter drop blacklist interface Internal
dynamic-filter drop blacklist interface External
ntp server 128.233.3.101 source External
ntp server 128.233.3.100 source External prefer
ntp server 204.152.184.72 source External
ntp server 192.6.38.127 source External
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
ssl trust-point asa_cert_trustpoint External
webvpn
port 44433
enable External
dtls port 44433
anyconnect image disk0:/anyconnect-win-3.1.02026-k9.pkg 1
anyconnect profiles profile1 disk0:/profile1.xml
anyconnect enable
smart-tunnel list SmartTunnelList1 mstsc mstsc.exe platform windows
smart-tunnel list SmartTunnelList1 putty putty.exe platform windows
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
webvpn
anyconnect profiles value profile1 type user
username write.ingo password ... encrypted
username ingo password ... encrypted privilege 15
username tom.tucker password ... encrypted
class-map TCP
match port tcp range 1 65535
class-map type regex match-any BlockFacebook
match regex BlockFacebook
class-map type inspect http match-all BlockDomains
match request header host regex class BlockFacebook
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 1500
id-randomization
policy-map TCP
class TCP
set connection conn-max 1000 embryonic-conn-max 1000 per-client-max 250 per-client-embryonic-max 250
set connection timeout dcd
set connection advanced-options Normalizer
set connection decrement-ttl
policy-map type inspect http HTTP
parameters
protocol-violation action drop-connection log
class BlockDomains
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect dns preset_dns_map dynamic-filter-snoop
inspect http HTTP
service-policy global_policy global
service-policy TCP interface External
smtp-server 199.185.220.249
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command vpn-sessiondb
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command service-policy
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:41a021a28f73c647a2f550ba932bed1a
: end
Many thanks,
IngoHi Jose,
here is what I got now:
ASA(config)# sh run | begin tunnel-group
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool VPNPool
authorization-required
and DAP debugging still the same:
ASA(config)# DAP_TRACE: DAP_open: CDC45080
DAP_TRACE: Username: tom.tucker, aaa.cisco.grouppolicy = DfltGrpPolicy
DAP_TRACE: Username: tom.tucker, aaa.cisco.username = tom.tucker
DAP_TRACE: Username: tom.tucker, aaa.cisco.username1 = tom.tucker
DAP_TRACE: Username: tom.tucker, aaa.cisco.username2 =
DAP_TRACE: Username: tom.tucker, aaa.cisco.tunnelgroup = DefaultWEBVPNGroup
DAP_TRACE: Username: tom.tucker, DAP_add_SCEP: scep required = [FALSE]
DAP_TRACE: Username: tom.tucker, DAP_add_AC:
endpoint.anyconnect.clientversion="3.1.02026";
endpoint.anyconnect.platform="win";
DAP_TRACE: Username: tom.tucker, dap_aggregate_attr: rec_count = 1
DAP_TRACE: Username: tom.tucker, Selected DAPs: DfltAccessPolicy
DAP_TRACE: Username: tom.tucker, DAP_close: CDC45080
Unfortunately, it still doesn't work. Hmmm.. maybe a wipe of the config and starting from scratch can help?
Thanks,
Ingo -
Hi,
I am trying to set up a reverse telnet from a Router's Aux port to WAE694's console port.., but failed..
Here is the log,
2012 Jun 4 02:39:56 HOCLWAAStest1 PAM_unix[6051]: %WAAS-UNKNOWN-3-899999: ### pam_unix: pam_sm_authenticate bad username [ 2012, DECEMBER 21 ] (wired time)
2012 Jun 4 02:39:47 HOCLWAAStest1 PAM_unix[6017]: %WAAS-UNKNOWN-1-899999: ### pam_unix: _unix_verify_password check pass; user unknown
2012 Jun 4 02:39:47 HOCLWAAStest1 login[6017]: %WAAS-UTILLIN-5-801060: Access has been denied for user 'Username: ' from 'localhost': Invalid local user.
The username and password are verified by console in this 694 directily.. By looking at the log, the user is 'Username:' and not be the real one 'admin' which I put in..
thanks
RyanAgain,
Below is the login info,
#telnet 1.1.1.1 2001
Trying 1.1.1.1, 2001 ... Open
2012, DECEMBER 21
User Access Verification
Username:
Username: admin
Password:
Rejected
Username: admin
Password:
Rejected
[Connection to 1.1.1.1 closed by foreign host]
Wired time since the WAE'S clock is good.. By the way, ther version is 4.4.7... Thanks in Advance..
Maybe you are looking for
-
on a windows xp64 / service pk 2...keeps telling me to install a 32 bit configureation...when i do, it tells me to instlall a 64bit installation---back and forth nothing seems to work
-
Disable Change password on first time login in portal
Hi Experts, This question is with regard to the UME user. Portal asks its users to change the password on the first login. How can i remove this property. whatever password the admin assigns should be used to login at all the times. The portal should
-
Label printing (repeat X times for certain label depends on the input file)
I want to print the label.. and source file is something like.. Item Name No.of Copies to be printed Item 1 5 Item 2 3 Item 3 2 when it convert to the dat file.. i think maybe is something like ^field ItemName Item 1 ^field NoCopy 5 ^field ItemName I
-
10.4.9 Intel update killed my Airport connection
Had the EXACT same problem with 10.4.8, so I eventually reverted back to 10.4.7. Once 10.4.9 came out, I thought I'd be safe, but after the update, my Airport connection constantly drops, sometimes several times a day, for no apparent reason. After i
-
Link laptop to printer via router
I have a Dell Dimension desktop, a Sony Vaio laptop, an HP Officejet 5610v printer and a Linksys WRT54G router. I want to be able to print to the printer with my Sony laptop. The Sony is linked via the router to the internet and the printer will p