Setting up reverse telnet for 1900 witch access

Similar Messages

• Setting apache reverse proxy for EP6SP2

  Hi friends,
  I want to set apache reverse proxy for EP6SP2. But after doing the following changes, it is showing the SAP J2EE Engine documentation page.
  The following changes has been dont to httpd.conf:
  NameVirtualHost 1.1.1.1:80
  <VirtualHost 1.1.1.1:80>
    ProxyRequests Off
    ServerName ep6.xyz.com
    ProxyPreserveHost On
    proxyPass        /  http://ep6.xyz.com:50000/
    proxyPassReverse /  http://ep6.xyz.com:50000/
    ErrorLog logs/base.80.error.log
    CustomLog logs/base.80.custom.log common
  </VirtualHost>
  Help needed.
  Regards,
  Nilz

  Hi,
  I have a problem with my proxy:
  ssl.conf.in like
  ProxyPass /irj http://debmsu06.server.###.de:50300/irj
  ProxyPassReverse /irj http://debmsu06.server.###.de:50300/irj
  RewriteRule ^/$ /irj/portal [R]
  If I use URL:
  https://bebuyer.###.de/ goto https://bebuyer.###.de/irj/portal
  but if I use
  https://bebuyer.###.de/irj/
  I get the info:
  https://bebuyer.###.de/irj/HTTPS:/bebuyer.###.de:443/irj/index.html
  What is happened? How I can redirect to /irj/portal?
  Of course I can use
  http://debmsu06.server.###.de:50300/irj/
  Could you please give me some tips?
  Best Thanks!
  Heren Zhou

• Setting up MX Record for External email Access

  To All,
  I'm having trouble getting mail sent from external users to email accounts setup on my internally hosted server.
  I have setup my server in a Standard Configuration using the following format for my FQDN:
  server.mydomain.com (not real name)
  I have checked both Primary Zone and Reverse Zone and both check fine.
  I can send and receive email, while connected within my local domain, between users I have setup on my server using the format:
  [email protected]
  I can send email from inside the network to an outside email account, but cannot receive email from any users outside.
  I have POP, IMAP, and SMTP ports (110, 143, and 25, respectively) all forwarded to my server thru my AEBS.
  Consulting the setup guides, I have found these references to editing the MX record to allow for external email access using the [email protected] format:
  +"If you don’t want to use your server’s fully qualified DNS name for users’ email addresses, the+
  +DNS service must also include an MX record for your server. For example, if your server’s DNS+
  +name is myserver.example.com and you want to have email addresses like [email protected],+
  +the DNS service needs an MX record for your server."+....from the Installation and Setup Worksheet, page 15.
  also
  +"If you want users to be able to send and receive mail over the Internet, make sure DNS+
  +service is set up with the appropriate MX records for Mail service:+
  +A. If you have an ISP that provides DNS service to your network, contact the ISP and+
  +have the ISP set up MX records for you. Your ISP needs to know your mail server’s+
  +DNS name (such as mail.example.com) and your server’s IP address."+...from the Mail Service Admin page 22.
  My question is...how does the MX record need to be set up?
  Like this?
  10 @ mydomain.com
  Thanks for your help,
  Steve

  Camelot,
  Thanks for replying.
  1) What format do you want your users' email address in? (e.g. [email protected], >[email protected], [email protected], etc.)
  I want my users to have a [email protected] email address.
  I set up an A record as you suggested:
  mail.mydomain.com A 1.2.3.4
  My MX record was setup:
  mydomain.com 10 mail.mydomain.com
  However, I am still getting returned email from outside users. They are getting the following error:
  +This is an automatically generated Delivery Status Notification+
  +Delivery to the following recipient failed permanently:+
  [email protected]
  +Technical details of permanent failure:+
  +Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 554 554 5.7.1 <[email protected]>: Relay access denied (state 14).+
  Checking the Server Logs for IMAP I am getting these errors:
  +Jan 21 12:11:34 server imap[44121]: AOD: user opts: get attributes for user: user failed with error: -14479+
  +Jan 21 12:25:18 server imap[44236]: AOD: user opts: get attributes for user: user failed with error: -14479+
  +Jan 21 12:31:46 server imap[44473]: AOD: user opts: get attributes for user: user failed with error: -14479+
  +Jan 21 12:32:49 server imap[44499]: AOD: crypt authentication error: authentication failed for user: username (-14090)+
  +Jan 21 12:37:06 server imap[44598]: AOD: user opts: get attributes for user: user failed with error: -14479+
  +Jan 21 12:49:39 server imap[44520]: AOD: user opts: get attributes for user: user failed with error: -14479+
  +Jan 21 13:01:51 server imap[45049]: AOD: user opts: get attributes for user: user failed with error: -14479+
  +Jan 21 13:11:58 server imap[385]: AOD: user opts: get attributes for user: user failed with error: -14479+
  When I try and use an online MX Record checker to check the MX record, it says the mail.mydomain.com record is invalid.
  It's not until I change my MX record back to:
  +@ 10 mydomain.com+
  will the MX record show valid.
  Network Utility scans show the following with the MX record set to @ 10 mydomain.com:
  ++; <<>> DiG 9.4.2-P2 <<>> mydomain.com mx +multiline +nocomments +nocmd +noquestion +nostats search+
  ++;; global options: printcmd++
  ++wekrugs.com. 3600 IN SOA server.mydomain.com. admin.mydomain.com. (++
  ++ 2009011900 ; serial++
  ++ 86400 ; refresh (1 day)++
  ++ 3600 ; retry (1 hour)++
  ++ 604800 ; expire (1 week)++
  ++ 3600 ; minimum (1 hour)++
  ++ )++
  If I have it set up the way you suggested, the Network Utility and MX Checker reports that the NameServers don't respond to the entered MX record name.
  Thanks again for your help,
  Steve

• Set up reverse DNS for virtual mail hosting

  I need a bit of server configuation advice.
  I have a static IP and two public domains on a Snow Leopard server connected using NAT behind a firewall - with the necessary port forwarding to ensure all works. 
  1. abc.com is my primary domain on the server - server.abc.com
  2. I have xyz.com set up as a virtual domain and also as a virtual mail host
  This setup has worked well for a long time but I have found that emails to [email protected] are going missing.  If I check my mx records using one of the web based tools it show an error on the reverse dns for server.xyz.com showing a reverse DNS of server.abc.com.
  So the question - is it possible to have secondary 'virtual' DNS record on the server so reverse DNS works for the virtual mail host xyz.com?  If not how do I handle the reverse DNS problem which i think is causing some external mail server to reject mail due to the inconsistency on the reverse DNS lookup?
  Many thanks for any suggestions

  SMTP requires a DNS A record.
  A DNS A record is also known as a machine record.
  A DNS A record inherently means that forward DNS and reverse DNS will match.
  The forward translation translates the host name to the IP address.
  The reverse translation translates the IP address to host name.
  When the full translation produces the same host name, that's an A record.
  DNS CNAME records are aliases, and are used for virtual hosts.
  CNAME records inherently do not match the reverse DNS translations.
  To get your configuration to work, your server must have an A record.
  That means forward and reverse DNS will match.
  Any of the virtual hosts within your mail server then all use an MX pointing at the A record host.
  If you have your DNS hosted somewhere other than your ISP, then you'll need your ISP to set up a DNS PTR.
  The DNS PTR is the reverse translation; address to name.
  If you have your own DNS services within your network (as would be typical with a privately-addressed NAT'd network), set that up as a virtual host within SMTP.
  Here is some related reading on external (public) DNS, as related to SMTP servers and such.

• How to set up reverse proxy to allow user access portal site from internet

  Hi all,
  I have installed 10g(10.1.2.0.2) AS on same machine(single IP for both mid and infra with different users respectively). there is a DMZ on which windows IIS is working through which we need to redirect the request to application server such that users access portal page from internet (within intranet all URLs are working fine). I have went through technet documentation where i found 3 ways : through this link
  http://download.oracle.com/docs/cd/B14099_19/core.1012/b13998/variants.htm
  Section 9.2.1.1, "Configuring OracleAS Web Cache as a Reverse Proxy"
  Section 9.2.1.2, "Configuring the Oracle HTTP Server as a Reverse Proxy"
  Section 9.2.1.3, "Configuring Internet Information Services as a Reverse Proxy"
  I am confused to which option to use. Also i went through the metalink document 270160.1
  Please help me which option to choose to do this.
  Thanks.

  Hi Hozy,
  May be it's too late, I am thinking to go in the same route for our sap portal access to external customers. Please can you share your experience , like what are the challenges have you faced? what is the complexity? what are all the resources we need to configure this?
  I appreciate your feedback.
  Thanks
  Krish

• How to turn off  "DEBUG SOURCE=cs Setting status to 304 for file="  in access.log

  I see this entry in the log file every few seconds. How can I turn this OFF? I
  can set the EnableLogfile to false but then I don't get any logs. We are running
  WLS 5.1.
  Regards,
  Pat.

  Pat:
  I dont see this string appearing anywhere in the src in any version of th
  510 line (all Sp's included).
  What version of 5.1? i.e. what SP?
  Are you using extended log format? Did a developer write a custom elf logger
  package?
  What are the ELF headers at the top of the access.log?
  Cheers
  mbg
  "Pat" <[email protected]> wrote in message
  news:[email protected]..
  >
  I see this entry in the log file every few seconds. How can I turn thisOFF? I
  can set the EnableLogfile to false but then I don't get any logs. We arerunning
  WLS 5.1.
  Regards,
  Pat.

• Reverse Proxy for SharePoint 2013

  Hi,
  I need to setup SharePoint 2013 environment which needs to be accessible from mobile devices e.g. iPAD/Android, for reverse proxy, I am looking at apache or IIS ARR since UAG is going to be deprecated. So far any one setup apache (on
  RHEL 6.x)
  or IIS ARR(on W2K8R2) successfully as reverse proxy for SharePoint 2013 access? Is there any issue? and which SharePoint authentication method should be configured?
  Must is be Form based authentication? As I read some articles it seems ARR supports Windows authentication. Thanks in advance.

  IIS ARR doesn't authenticate users, it is a pass-through (unlike UAG which can do auth or anon). Both IIS AAR and the new Web Proxy Role in Server 2012 R2 do not work with SharePoint 2013 Apps.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• How to set the connection parameters for SQL

  How to set the connection parameters for SQL to access the MS Access database
  Attachments:
  Quick_SQL.vi ‏21 KB
  Doc1.doc ‏45 KB
  db1.mdb ‏112 KB

  Right-click the WINDOWS desktop, choose New->Microsoft Data Link. That will bring up a dialog that allows you to configure and test your database connection. You might connect to the Access database via ODBC or directly via Jet Engine. The Jet Enginge saves you the trouble of creating an ODBC connection on your PC. After you leave the dialog, the "data link" will show up on your desktop as text file. Open it and copy-paste the connection string to your VI.
  This webpage is an excellent resource for connection strings: http://www.able-consulting.com/ADO_Conn.htm
  If your application requires users to change the database connection at runtime, you can also include the dialog via ActiveX (MSDASC.IDataSourceLocator).

• IP address conflict help and setting up security code for access

  Hi folks, I am about as non-technical as one can get. So I apologize in advance and thank you guys for your patience as everything you tell me will have to be spelled out for me.
  Ques 1:  I have one desk top computer with internet access through my cable TV provider. On it I have the Linksys WRT54G wireless router.  We use two laptops.
  Lately I've been getting an error message on my desktop saying there is an IP Address that is in conflict. My son often gets booted off line (on laptop) and so I'm guessing maybe it is his laptop that is in conflict. Please help me resolve this issue.
  Quest 2:  I would like to set up a security code for our wireless access so that other people will not be able to intrude upon our signal. Can someone walk me through this as well?
  Thank you so much!
  -Jen in NJ

  The most common reason to get two identical IP addresses, is if you are using fixed LAN IP addresses incorrectly on your system.
  Do you already use any fixed LAN IP addresses? If so, please state what fixed LAN IP addresses you are using, and also state your DHCP server range.
  Rules for using fixed LAN IP addresses on Linksys routers:
  With Linksys routers, a fixed (static) LAN IP addresses must be assigned in the device that is using the address. So you need to enter the fixed address in the computer or printer, not in the router.
  When using a Linksys router, any fixed LAN IP address must be outside the DHCP server range (typically 192.168.1.100 thru 192.168.1.149), and it cannot end in 0, 1, or 255.
  Therefore any fixed LAN IP address would normally need to be in the range of
  192.168.1.2 thru 192.168.1.99 or
  192.168.1.150 thru 192.168.1.254
  assuming you are still using the default DHCP server range.
  Also, in the computer, when you set up a static LAN IP address, you would need to set the "Subnet mask" to 255.255.255.0 and the "Default Gateway" to 192.168.1.1 and "DNS server" to 192.168.1.1
  It is also important that no two devices on your network be set to the same static LAN IP address.
  Check all of your static LAN IP addresses. If you have violated any of the above rules for static LAN IP addresses, it could be the cause for your problem, and you should fix it before attempting any other router repairs or changes.
  *********  Wireless Security  **********
  Brfore proceeding with wireless security, you must get your IP address conflict problem solved.  Please do the above first.
  To set up wireless security, you must use a computer that is wired to the router.
  Where to find the router settings: The router's login password is usually on one of the "Administration" pages. The other settings are all found in the "Wireless" or the "Security" section of the router's setup pages, located at 192.168.1.1
  First, give your router a unique SSID. Don't use "linksys".
  Make sure "SSID Broadcast" is set to "enabled".
  Next, leave the router at its default wireless settings (except for the unique SSID), and then use your pc to connect wirelessly to the router. Test your wireless Internet connection and make sure it is working correctly. You must have a properly working wireless connection before setting up wireless security.
  To implement wireless security, you need to do one step at a time, then verify that you can still connect your wireless computer to the router.
  Next, encrypt your wireless system using the highest level of encryption that all of your wireless devices will support. Common encryption methods are:
  WEP - poor (see note below)
  WPA (sometimes called PSK, or WPA with TKIP) - good
  WPA2 (sometimes called PSK2, or WPA with AES) - best
  WPA and WPA2 sometimes come in versions of "personal" and "enterprise". Most home users should use "personal". Also, if you have a choice between AES and TKIP, and your wireless equipment is capable of both, choose AES. With any encryption method, you will need to supply a key (sometimes called a "password" ).
  The wireless devices (computers, printers, etc.) that you have will need to be set up with the SSID, encryption method, and key that matches what you entered in the router.
  Retest your system and verify that your wireless Internet connection is still working correctly.
  And don't forget to give your router a new login password.
  Picking Passwords (keys): You should never use a dictionary word as a password. If you use a dictionary word as a password, even WPA2 can be cracked in a few minutes. When you pick your login password and encryption key (or password or passphrase) you should use a random combination of capital letters, small letters, and numbers, but no spaces. A login password, should be 12 characters or more. WPA and WPA2 passwords should be at least 24 characters. Note: Your key, password, or passphrase must not have any spaces in it.
  Most home users should have their routers set so that "remote management" of the router is disabled. If you must have this option enabled, then your login password must be increased to a minumum of 24 random characters.
  One additional issue is that Windows XP requires a patch to run WPA2. The patch is located in SP3, so you will need SP3 to run WPA2 in Win XP. Vista already supports WPA2.
  Note:
  WEP is no longer recommended. The FBI has demonstrated that WEP can be cracked in just a few minutes using software tools that are readily available over the Internet. Even a long random character password will not protect you with WEP. You should be using WPA or preferably WPA2 encryption.

• Proxy Setting for Multiple WiFi Access Points

  I'm getting ready to roll out 30 iPads in a school setting.  They are going to be on a cart that teachers will be able to check out for class use, but will be returned to the computer lab each evening.  This creates a problem.
  Throughout the building, we have several WiFi access points - next year we will have an access point in each classroom.  And of course we connect through a proxy server so that the district can block various wbsites.  As I am setting up my iPad to connect to each access point, I have to set the proxy server address for the access point; I would really like to be able to simply say "This is my proxy server address and port for EVERY WiFi access point in the building." and be done with it.  I haven't been able to find a way to do this -- it looks like I have to configure each access point individually.
  Am I just missing something (I hope)?

  I suspect you have the D-Link set up to make its network an entirely new subnet using NAT.
  If you setup the D-Link as a bridge to the network created by the Extreme, things may work properly.
  You may need to refer to the D-Link documentation to find out the proper way to do this.

• I have set up an Apple ID for my child who is under 13. I did not get the steps to set up the password for the ID. How do I do that now. The family sharing has sent an email notification to the email by how do I access it?

  I have set up an Apple ID for my child who is under 13. I did not get the steps to set up the password for the ID. How do I do that now. The family sharing has sent an email notification to the email by how do I access it to accept.
  Thanks.

  Hey Lori,
  You can set or change the password for an Apple ID by following the steps in this article -
  Apple ID: Changing your password - Apple Support
  Thanks for using Apple Support Communities.
  Be well,
  Brett L 

• Setting Up Time Capsule for External Access

  Hello all,
  I am trying to set up my Time Capsule to be accessed without local Wi-Fi. I can use Back to My Mac to access the Time Capsule from my iMac, but not from my iPhone as Back to My Mac isn't intergrated into iOS. I use File Browser on my iPhone to access my TC from LAN, and it seems likely the TC can also be accessed through 4G using File Browser, too.
  My first question is, can the Time Capsule be accessed through the internet (by port forwarding or something)?
  Second question if the first is possible, how do I do so? (step by step instructions please)
  I have the latest model of Time Capsule and AirPort Utility.
  Thanks!
       - Noah

  Filebrowser can be used to remotely access the TC.
  There are instructions in the filebrowser website.. have you tried those?
  http://www.stratospherix.com/support/gsw_timecapsule.php?page=6remote
  The one area where I think you might have issues is global domain name.. as that has been problematic.
  You really need a static public IP from your ISP for this to be successful.
  See Tesserax doco on remote access especially the global domain instructions.
  https://discussions.apple.com/docs/DOC-3413
  There is a hugely better method BTW..
  Buy a vpn router and substitute that for the Time Capsule.. which can then be bridged behind the router.
  VPN client is built into iOS and every mainline OS available. It is robust and has far superior security.
  Note carefully the method you are going to use with iphone is opening your TC to attack. They have hidden the SMB port, but in reality.. any hacker will one day do a port scan on you and find it open.. no matter what port it is translated to.. at that point your password will be the only thing stopping access to outsider.. and they can often get around that.. or mount Man in the Middle type attack, since passwords in SMB are not secure.
  Not that I think a hacker is going to waste their time doing it.. but it is just so you know.. it is fundamentally wrong. 

• Setting up my Mac for remote access

  Hey! I'm trying to set up, what i guess is a VPN? I'm running a g4 with Mac OSX 10.3.9.
  Is there a way i can set it up to give someone remote access to that computers files?

  I have the same problem.  It must be somewhere in the computer, but I can't find it.  I look forward to seeing responses to this problem. 
  Kelly

• AnyConnect error " User not authorized for AnyConnect Client access, contact your administrator"

  Hi everyone,
  it's probably just me but I have tried real hard to get a simple AnyConnect setup working in a lab environment on my ASA 5505 at home, without luck. When I connect with the AnyConnect client I get the error message "User not authorized for AnyConnect Client access, contact your administrator". I have searched for this error and tried some of the few solutions out there, but to no avail. I also updated the ASA from 8.4.4(1) to 9.1(1) and ASDM from 6.4(9) to 7.1(1) but still the same problem. The setup of the ASA is straight forward, directly connected to the Internet with a 10.0.1.0 / 24 subnet on the inside and an address pool of 10.0.2.0 / 24 to assign to the VPN clients. Please note that due to ISP restrictions, I'm using port 44455 instead of 443. I had AnyConnect working with the SSL portal, but IKEv2 IPsec is giving me a headache. I have stripped down certificate authentication which I had running before just to eliminate this as a potential cause of the issue. When running debugging, I do not get any error messages - the handshake completes successfully and the local authentication works fine as well.
  Please find the current config and debugging output below. I appreciate any pointers as to what might be wrong here.
  : Saved
  ASA Version 9.1(1)
  hostname ASA
  domain-name ingo.local
  enable password ... encrypted
  xlate per-session deny tcp any4 any4
  xlate per-session deny tcp any4 any6
  xlate per-session deny tcp any6 any4
  xlate per-session deny tcp any6 any6
  xlate per-session deny udp any4 any4 eq domain
  xlate per-session deny udp any4 any6 eq domain
  xlate per-session deny udp any6 any4 eq domain
  xlate per-session deny udp any6 any6 eq domain
  passwd ... encrypted
  names
  name 10.0.1.0 LAN-10-0-1-x
  dns-guard
  ip local pool VPNPool 10.0.2.1-10.0.2.10 mask 255.255.255.0
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif Internal
  security-level 100
  ip address 10.0.1.254 255.255.255.0
  interface Vlan2
  nameif External
  security-level 0
  ip address dhcp setroute
  regex BlockFacebook "facebook.com"
  banner login This is a monitored system. Unauthorized access is prohibited.
  boot system disk0:/asa911-k8.bin
  ftp mode passive
  clock timezone PST -8
  clock summer-time PDT recurring
  dns domain-lookup Internal
  dns domain-lookup External
  dns server-group DefaultDNS
  name-server 10.0.1.11
  name-server 75.153.176.1
  name-server 75.153.176.9
  domain-name ingo.local
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network LAN-10-0-1-x
  subnet 10.0.1.0 255.255.255.0
  object network Company-IP1
  host xxx.xxx.xxx.xxx
  object network Company-IP2
  host xxx.xxx.xxx.xxx
  object network HYPER-V-DUAL-IP
  range 10.0.1.1 10.0.1.2
  object network LAN-10-0-1-X
  access-list 100 extended permit tcp any4 object HYPER-V-DUAL-IP eq 3389 inactive
  access-list 100 extended permit tcp object Company-IP1 object HYPER-V-DUAL-IP eq 3389
  access-list 100 extended permit tcp object Company-IP2 object HYPER-V-DUAL-IP eq 3389 
  tcp-map Normalizer
    check-retransmission
    checksum-verification
  no pager
  logging enable
  logging timestamp
  logging list Threats message 106023
  logging list Threats message 106100
  logging list Threats message 106015
  logging list Threats message 106021
  logging list Threats message 401004
  logging buffered errors
  logging trap Threats
  logging asdm debugging
  logging device-id hostname
  logging host Internal 10.0.1.11 format emblem
  logging ftp-bufferwrap
  logging ftp-server 10.0.1.11 / asa *****
  logging permit-hostdown
  mtu Internal 1500
  mtu External 1500
  ip verify reverse-path interface Internal
  ip verify reverse-path interface External
  icmp unreachable rate-limit 1 burst-size 1
  icmp deny any echo External
  asdm image disk0:/asdm-711.bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  object network obj_any
  nat (Internal,External) dynamic interface
  object network LAN-10-0-1-x
  nat (Internal,External) dynamic interface
  object network HYPER-V-DUAL-IP
  nat (Internal,External) static interface service tcp 3389 3389
  access-group 100 in interface External
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server radius protocol radius
  aaa-server radius (Internal) host 10.0.1.11
  key *****
  radius-common-pw *****
  user-identity default-domain LOCAL
  aaa authentication ssh console radius LOCAL
  http server enable
  http LAN-10-0-1-x 255.255.255.0 Internal
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec ikev2 ipsec-proposal DES
  protocol esp encryption des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal 3DES
  protocol esp encryption 3des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES
  protocol esp encryption aes
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES192
  protocol esp encryption aes-192
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES256
  protocol esp encryption aes-256
  protocol esp integrity sha-1 md5
  crypto ipsec security-association pmtu-aging infinite
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
  crypto map External_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map External_map interface External
  crypto ca trustpoint srv01_trustpoint
  enrollment terminal
  crl configure
  crypto ca trustpoint asa_cert_trustpoint
  keypair asa_cert_trustpoint
  crl configure
  crypto ca trustpoint LOCAL-CA-SERVER
  keypair LOCAL-CA-SERVER
  crl configure
  crypto ca trustpool policy
  crypto ca server
  cdp-url http://.../+CSCOCA+/asa_ca.crl:44435
  issuer-name CN=...
  database path disk0:/LOCAL_CA_SERVER/
  smtp from-address ...
  publish-crl External 44436
  crypto ca certificate chain srv01_trustpoint
  certificate <output omitted>
    quit
  crypto ca certificate chain asa_cert_trustpoint
  certificate <output omitted>
    quit
  crypto ca certificate chain LOCAL-CA-SERVER
  certificate <output omitted>
    quit
  crypto ikev2 policy 1
  encryption aes-256
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 10
  encryption aes-192
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 20
  encryption aes
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 30
  encryption 3des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 40
  encryption des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 enable External client-services port 44455
  crypto ikev2 remote-access trustpoint asa_cert_trustpoint
  telnet timeout 5
  ssh LAN-10-0-1-x 255.255.255.0 Internal
  ssh xxx.xxx.xxx.xxx 255.255.255.255 External
  ssh xxx.xxx.xxx.xxx 255.255.255.255 External
  ssh timeout 5
  ssh version 2
  console timeout 0
  no vpn-addr-assign aaa
  no ipv6-vpn-addr-assign aaa
  no ipv6-vpn-addr-assign local
  dhcpd dns 75.153.176.9 75.153.176.1
  dhcpd domain ingo.local
  dhcpd option 3 ip 10.0.1.254
  dhcpd address 10.0.1.50-10.0.1.81 Internal
  dhcpd enable Internal
  threat-detection basic-threat
  threat-detection scanning-threat shun except ip-address LAN-10-0-1-x 255.255.255.0
  threat-detection statistics access-list
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  dynamic-filter use-database
  dynamic-filter enable interface Internal
  dynamic-filter enable interface External
  dynamic-filter drop blacklist interface Internal
  dynamic-filter drop blacklist interface External
  ntp server 128.233.3.101 source External
  ntp server 128.233.3.100 source External prefer
  ntp server 204.152.184.72 source External
  ntp server 192.6.38.127 source External
  ssl encryption aes256-sha1 aes128-sha1 3des-sha1
  ssl trust-point asa_cert_trustpoint External
  webvpn
  port 44433
  enable External
  dtls port 44433
  anyconnect image disk0:/anyconnect-win-3.1.02026-k9.pkg 1
  anyconnect profiles profile1 disk0:/profile1.xml
  anyconnect enable
  smart-tunnel list SmartTunnelList1 mstsc mstsc.exe platform windows
  smart-tunnel list SmartTunnelList1 putty putty.exe platform windows
  group-policy DfltGrpPolicy attributes
  vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
  webvpn
    anyconnect profiles value profile1 type user
  username write.ingo password ... encrypted
  username ingo password ... encrypted privilege 15
  username tom.tucker password ... encrypted
  class-map TCP
  match port tcp range 1 65535
  class-map type regex match-any BlockFacebook
  match regex BlockFacebook
  class-map type inspect http match-all BlockDomains
  match request header host regex class BlockFacebook
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 1500
    id-randomization
  policy-map TCP
  class TCP
    set connection conn-max 1000 embryonic-conn-max 1000 per-client-max 250 per-client-embryonic-max 250
    set connection timeout dcd
    set connection advanced-options Normalizer
    set connection decrement-ttl
  policy-map type inspect http HTTP
  parameters
    protocol-violation action drop-connection log
  class BlockDomains
  policy-map global_policy
  class inspection_default
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect dns preset_dns_map dynamic-filter-snoop
    inspect http HTTP
  service-policy global_policy global
  service-policy TCP interface External
  smtp-server 199.185.220.249
  privilege cmd level 3 mode exec command perfmon
  privilege cmd level 3 mode exec command ping
  privilege cmd level 3 mode exec command who
  privilege cmd level 3 mode exec command logging
  privilege cmd level 3 mode exec command failover
  privilege cmd level 3 mode exec command vpn-sessiondb
  privilege cmd level 3 mode exec command packet-tracer
  privilege show level 5 mode exec command import
  privilege show level 5 mode exec command running-config
  privilege show level 3 mode exec command reload
  privilege show level 3 mode exec command mode
  privilege show level 3 mode exec command firewall
  privilege show level 3 mode exec command asp
  privilege show level 3 mode exec command cpu
  privilege show level 3 mode exec command interface
  privilege show level 3 mode exec command clock
  privilege show level 3 mode exec command dns-hosts
  privilege show level 3 mode exec command access-list
  privilege show level 3 mode exec command logging
  privilege show level 3 mode exec command vlan
  privilege show level 3 mode exec command ip
  privilege show level 3 mode exec command failover
  privilege show level 3 mode exec command asdm
  privilege show level 3 mode exec command arp
  privilege show level 3 mode exec command ipv6
  privilege show level 3 mode exec command route
  privilege show level 3 mode exec command ospf
  privilege show level 3 mode exec command aaa-server
  privilege show level 3 mode exec command aaa
  privilege show level 3 mode exec command eigrp
  privilege show level 3 mode exec command crypto
  privilege show level 3 mode exec command ssh
  privilege show level 3 mode exec command vpn-sessiondb
  privilege show level 3 mode exec command vpnclient
  privilege show level 3 mode exec command vpn
  privilege show level 3 mode exec command dhcpd
  privilege show level 3 mode exec command blocks
  privilege show level 3 mode exec command wccp
  privilege show level 3 mode exec command dynamic-filter
  privilege show level 3 mode exec command webvpn
  privilege show level 3 mode exec command service-policy
  privilege show level 3 mode exec command module
  privilege show level 3 mode exec command uauth
  privilege show level 3 mode exec command compression
  privilege show level 3 mode configure command interface
  privilege show level 3 mode configure command clock
  privilege show level 3 mode configure command access-list
  privilege show level 3 mode configure command logging
  privilege show level 3 mode configure command ip
  privilege show level 3 mode configure command failover
  privilege show level 5 mode configure command asdm
  privilege show level 3 mode configure command arp
  privilege show level 3 mode configure command route
  privilege show level 3 mode configure command aaa-server
  privilege show level 3 mode configure command aaa
  privilege show level 3 mode configure command crypto
  privilege show level 3 mode configure command ssh
  privilege show level 3 mode configure command dhcpd
  privilege show level 5 mode configure command privilege
  privilege clear level 3 mode exec command dns-hosts
  privilege clear level 3 mode exec command logging
  privilege clear level 3 mode exec command arp
  privilege clear level 3 mode exec command aaa-server
  privilege clear level 3 mode exec command crypto
  privilege clear level 3 mode exec command dynamic-filter
  privilege cmd level 3 mode configure command failover
  privilege clear level 3 mode configure command logging
  privilege clear level 3 mode configure command arp
  privilege clear level 3 mode configure command crypto
  privilege clear level 3 mode configure command aaa-server
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:41a021a28f73c647a2f550ba932bed1a
  : end
  Many thanks,
  Ingo

  Hi Jose,
  here is what I got now:
  ASA(config)# sh run | begin tunnel-group
  tunnel-group DefaultWEBVPNGroup general-attributes
  address-pool VPNPool
  authorization-required
  and DAP debugging still the same:
  ASA(config)# DAP_TRACE: DAP_open: CDC45080
  DAP_TRACE: Username: tom.tucker, aaa.cisco.grouppolicy = DfltGrpPolicy
  DAP_TRACE: Username: tom.tucker, aaa.cisco.username = tom.tucker
  DAP_TRACE: Username: tom.tucker, aaa.cisco.username1 = tom.tucker
  DAP_TRACE: Username: tom.tucker, aaa.cisco.username2 =
  DAP_TRACE: Username: tom.tucker, aaa.cisco.tunnelgroup = DefaultWEBVPNGroup
  DAP_TRACE: Username: tom.tucker, DAP_add_SCEP: scep required = [FALSE]
  DAP_TRACE: Username: tom.tucker, DAP_add_AC:
  endpoint.anyconnect.clientversion="3.1.02026";
  endpoint.anyconnect.platform="win";
  DAP_TRACE: Username: tom.tucker, dap_aggregate_attr: rec_count = 1
  DAP_TRACE: Username: tom.tucker, Selected DAPs: DfltAccessPolicy
  DAP_TRACE: Username: tom.tucker, DAP_close: CDC45080
  Unfortunately, it still doesn't work. Hmmm.. maybe a wipe of the config and starting from scratch can help?
  Thanks,
  Ingo

• WAE reverse telnet problem

  Hi,
  I am trying to set up a reverse telnet from a Router's Aux port to WAE694's console port.., but failed.. 
  Here is the log,
  2012 Jun  4 02:39:56 HOCLWAAStest1 PAM_unix[6051]: %WAAS-UNKNOWN-3-899999: ### pam_unix: pam_sm_authenticate bad username [ 2012, DECEMBER 21 ] (wired time)
  2012 Jun  4 02:39:47 HOCLWAAStest1 PAM_unix[6017]: %WAAS-UNKNOWN-1-899999: ### pam_unix: _unix_verify_password check pass; user unknown
  2012 Jun  4 02:39:47 HOCLWAAStest1 login[6017]: %WAAS-UTILLIN-5-801060: Access has been denied for user 'Username: ' from 'localhost': Invalid local user.
  The username and password are verified by console in this 694 directily..     By looking at the log,  the user is 'Username:' and not be the real one 'admin' which I put in.. 
  thanks
  Ryan

  Again,
  Below is the login info,
  #telnet 1.1.1.1 2001
  Trying 1.1.1.1, 2001 ... Open
  2012, DECEMBER 21
  User Access Verification
  Username:
  Username: admin
  Password:
  Rejected
  Username: admin
  Password:
  Rejected
  [Connection to 1.1.1.1 closed by foreign host]
  Wired time  since the WAE'S clock is good..   By the way, ther version is 4.4.7...   Thanks in Advance..