Site not accessable in VRF
Hi,
I have a L3 VPN customer, in my MPLS network who works in a MESH topolgy.Customer is connected to PE on a E1 link. I am finding a problem with one location of the customer. Below is the problem statement and work around done.
1. Customer is not able to access one specific website which is in his Intranet which is located in his HO again on the MPLS network, the web browser shows you as connecting, but the page is not opening. From his LAN ping,trace, telnet to port 443 and 80 is happening.
2. All other 8 locations which is connected to the same MPLS cloud from differnt location on different PE rouers are able to connect to the the server and able to open the webppage.
Work Around.
1. Assinged the affected LAN IP pool to another location where the website is opening, and found it works from that location.So the Source IP blocking issue is sorted out.
2. Checked the configurations at all the locations and found everything to be identical.
All the locations have cisco7609 with 12.2.18SXE working as PE and mtu is set to 1600.
Can anybody help out in this.
Thanks
Abey
It looks like it might be an issue with the path mtu. Have you tried pinging from the client to the server using a 1500 bytes packet and setting the DF bit as follow assuming the workstation is an MS workstation:
ping -f -l 1472
NB: the 1472 bytes is the size of the ICMP echo-request payload, which added to the 8 bytes of ICMP header and 20 bytes of IP header results in 1500 bytes total.
Hope this helps,
Similar Messages
-
SharePoint Site not accessing on Windows Phone
We have a SharePoint 2010 site. We are planning to give mobile access the same site.
We are able show this site for Andriod and iPhone users by doing some changes in compact.browser file at web application level.
But the same site when I am accessing from the Windows Phone I am getting an error saying
"we're having trouble in displaying this page".
Is there any specific configurations for Windows Phone?
Thanks,Make sure you have checked below pages incase you plan for mobile site
http://technet.microsoft.com/en-us/library/gg610510%28v=office.15%29.aspx
Check for supported authentications and devices
Table: Mobile authentication support matrix for Office Hub
SharePoint infrastructure
Authentication mode
Authentication provider
Windows Phone 7.5 or later versions
SharePoint on-premises
NTLM
Active Directory
Supported
SharePoint on-premises
Basic authentication
Active Directory
Not supported
SharePoint on-premises
SAML
WS-Federation 1.1 compatible Identity Provider
Not supported
SharePoint Online
Forms-based authentication
Org-ID
Supported
Mobile device operating system
Operating system version
Browser
Smartphone device
Slate or tablet device
Windows Phone
Windows Phone 7.5 or later versions
Internet Explorer Mobile
Supported
Not applicable
Windows
Windows 7 or later versions
Internet Explorer
Not applicable
Supported
iOS
5.0 or later versions
Note:
Video play experience requires iOS version 6.0 or later.
Safari
Supported
Supported
Important:
Office Web Apps full functionality is supported on iPad versions 2 and 3 using iOS 6.0 or later versions. Limited viewing and editing functionality is also supported on iPad versions 1, 2, 3 using iOS version 5.1.
Android
4.0 or later versions
Note:
Video play experience requires Android version 4.1 or later.
Android Browser
Supported
Supported
Plan for views
http://technet.microsoft.com/en-us/library/jj673030%28v=office.15%29.aspx
Also follow below for optimization
http://blog.mastykarz.nl/optimizing-sharepoint-2013-websites-mobile-devices/
If this helped you resolve your issue, please mark it Answered -
Folders in /Library/Webserver/Sites/ not accessable with chmod by ftp
When i create a new folder within a website and want to give it write permission with chmod 777 by ftp client it changes back to the default setting. So i always have to open server admin > filesharing to accomplish writable folder access.
Is there a way to do some configuration to avoid this and do this the usal way when webdeveloping by ftp and chmod?
(local testsites and upload by ftp client, i use transmit)Have you tried using "PureFTPd" Manager?
I found it was much better when it comes to working with Users and Permissions compared to using the built in FTP server chmod permissions.
Try it out. -
Can not access Server admin site
I can not access http://MYSERVER1:50000 site. I get error "The page cannot be displayed. The page you are looking for is currently unavailable.".
But I was able to access even yesterday. Could you tell me any possible problems and how to fix the error?
Thanks!
MikeHi Mike
That means your J2EE engine is not running...
Restart the engine, also check that the DB is up and running.
Regards
Juan -
Safari update does not access some web sites
I just did the latest Mac update, the Safari, Quicktime,Itunes update. And now Safari does not allow me to access my own Flash based web site. It says it's loaded 3 of 4 and then just stops, no error message, nothing, just a blank page.
And worse I am not the only person having this problem, several other people on Macs, in different parts of the country,and using Safari also can not access my site. However Firefox has no problem on my computer or theirs. Worse still, I am traveling and will be away for several weeks more and it's the holidays which is a key time for my website as it is an important sales tool for my business. There haven't been any changes to the website itself for over a year. I guess I just won't be expecting any business from Mac users this Christmas........
Also other websites seem to have loading issues as well.
I used to look forward to Apple updates as they USED to improve the performance of my computer, however the last two updates caused severe problems to a computer that had been working perfectly.Hello,
I'm afraid that site doesn't work either for me with Safari 3.0.4 on OS X 10.4.11.
The page appears to load but only displays a blank page.
The W3C (web standards consortium) validation tool shows a few errors with the site: [validation results|http://validator.w3.org/check?uri=www.kosoff.com&charset=%28detect+auto matically%29&doctype=Inline&group=0] -
I have a web site that I subscribe to and when I pulled it up Firefox asked me if I wanted to allow it or not. Accidently I pressed never allow for this site. Opps . . How do I undo this? I tried restarting and am now stuck as I can not access my website
Do you mean saving a password?
If you clicked "Never" then you have created an exception that you need to remove.
Remove site(s) from the Exceptions:
* Tools > Options > Security: Passwords: Exceptions
* https://support.mozilla.com/kb/Remembering+passwords -
OSX10.10.1 Yosemti Safari can NOT access US Charles Schwab web site.
Chrome could. Why????Many financial cites are just not compatible with Safari. Contact Schwab and ask them.
Similar to your other post:
OSX Yousemite Safari could NOT accesss US Citibank web site. Chrome could. Why??? -
AOL mail not updating. Spinning wheel just keeps spinning. It hasn't updated in 5 days. G-mail updates normally. I can use the AOL web site and access it on my android phone too, but not on my MacBook Pro. OS 10.6.8
Hello robe427,
Thanks for using Apple Support Communities.
To troubleshoot this issue where you are unable to receive email from one of your accounts, please follow the steps in the article linked to below.
Mac Basics: Use Mail on your Mac
Take care,
Alex H. -
Safari 1.3.2 Not Accessing Some Secure Web Sites Including This One
Operating system is 10.3.9 running Safari 1.3.2 and today I couldn't access American Express or Apple Discussions web site. I had a lock up yesterday that forced me to do a hard reset. Funny thing is, Safari otherwise is running fine other than not accessing secure sites that I accessed just fine yesterday. FWIW, I am entering this info from a PC not my Mac...Any Ideas.
Hi Richard!
It's probably a corrupt Cache or Cookie item.
Do you know your user names & passwords for sites that require them?
If so, open Safari Preferences > Security.
Click on Show Cookies.
Click on Remove All.
Click on Done.
If you do not know your user name & PWs for sites, you will have to individually click on the cookies for the ones that are not opening, and delete them one by one.
Then from the Safari contextual menu, select Empty Cache.
Click on Empty.
Good Luck!
ali b -
My web browser( Google ) home page appears but when i type in the web address it does not access them it just constantly appears to be loading.
Any help would be appreciated
Thanksthere are a lot of complaints here about wifi issues with the ipad mini - all seam to deal with 3rd party routers. you might want to check these Threads out.
did you delete the wifi network on your ipad and reconnect? Are you using WPA2? Did you select TKIP/AES or only one of them? Does your ipad get an ip address? -
Scenario
Windows 7 users log on to workstations at a site. Domain Controller is up and does the domain authentication for those users across the WAN. Users are then accessing a local(same building) Shared directory on a Windows 2008r2 server, in order to open, modify,
save new files, etc.
Then, the site loses access to the Domain Controller due to a WAN outage.
Question
Will those users that have already logged onto their Windows 7 workstations continue to have access to the shared resources on the local Windows 2008r2 server with their cached credentials(assuming they don't logoff or restart their machines)?? This has
been the case in the past, but wondering if anything has changed with Windows 2008??
ThanksHi,
The duration that you can access the server depends on when the server requires re-authentication.
In Windows implementation, SMB session expiration is enforced based upon the client’s support of dynamic re-authentication capability [MS-SMB].
If the client enables the CAP_DYNAMIC_REAUTH capability bit, the server will enforce session expiration. If a client does not set CAP_DYNAMIC_REAUTH, the Windows server does not return STATUS_NETWORK_SESSION_EXPIRED.
The SMB dynamic re-authentication feature was introduced in Windows XP. From there, Windows-based clients set the CAP_DYNAMIC_REAUTH capability bit to indicate to the server that the client supports re-authentication when the Kerberos service ticket for
the session expires.
Windows servers do check CAP_DYNAMIC_REAUTH:
If clientCapabilities sets CAP_DYNAMIC_REAUTH, the server will set Server. Session.AuthenticationExpirationTime to the expiry time returned by AcceptSecuirtyContext.
If clientCapabilities does not set CAP_DYNAMIC_REAUTH, the server will not set Server. Session.AuthenticationExpirationTime, basically a CAP_DYNAMIC_REAUTH capability bit not set by the client means the session will not expire on the server side.
To configure Maximum lifetime for service ticket, you can use grouppolicy. The default value of
Maximum lifetime for service ticket
in Default Domain Policy is 600 minutes.
Note:This setting is applied to DC, not clients.
For detailed information, please view the link below
CIFS and SMB Timeouts in Windows
http://blogs.msdn.com/b/openspecification/archive/2013/03/19/cifs-and-smb-timeouts-in-windows.aspx
Maximum lifetime for service ticket
http://technet.microsoft.com/en-us/library/jj852188.aspx
Hope this helps.
Steven Lee
TechNet Community Support -
ASA-5505 Site-to-Site Not Working
I am somewhat new to Cisco but to do have some experience. I am trying to connect two ASA 5505's together via site-to-site VPN. They are configured with public IPs and all other services are working. I have used the VPN wizard on both boxes successfully but the tunnels are not working. The two devices are on the Comcast network. Any help would be appreacited.
Site A: ASA 5505 w/50 User license
Site B: ASA 5505 w/10 User license
Site A Config:
ASA Version 8.2(5)
hostname *********************
enable password 6.De4e7UzES9wBPg encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.100.10 Web_Server
name 10.0.6.0 Ghost_Flower_Inside
name 10.0.5.0 San_Mateo_Inside
name 10.0.5.100 Any_Connect_100
name 10.0.5.101 Any_Connect_101
name 10.0.5.102 Any_Connect_102
name 10.0.5.103 Any_Connect_103
name 10.0.5.104 Any_Connect_104
name 10.0.5.105 Any_Connect_105
name 10.0.5.106 Any_Connect_106
name 10.0.5.107 Any_Connect_107
name 10.0.5.108 Any_Connect_108
name 10.0.5.109 Any_Connect_109
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 12
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.0.5.201 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 173.10.XXX.XXX 255.255.255.252
interface Vlan12
no forward interface Vlan1
nameif dmz
security-level 50
ip address 192.168.100.1 255.255.255.0
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 75.75.75.75
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network Any_Connect_DHCP
network-object host Any_Connect_100
network-object host Any_Connect_101
network-object host Any_Connect_102
network-object host Any_Connect_103
network-object host Any_Connect_104
network-object host Any_Connect_105
network-object host Any_Connect_106
network-object host Any_Connect_107
network-object host Any_Connect_108
network-object host Any_Connect_109
access-list outside_access_in extended permit tcp any interface outside eq www
access-list outside_access_in extended permit tcp any interface outside eq ssh
access-list outside_1_cryptomap extended permit ip San_Mateo_Inside 255.255.255.0 Ghost_Flower_Inside 255.255.255.0
access-list inside_nat0_outbound extended permit ip San_Mateo_Inside 255.255.255.0 Ghost_Flower_Inside 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group Any_Connect_DHCP any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool AnyConnectDHCPPool Any_Connect_100-10.0.5.110 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (dmz) 1 192.168.100.2 netmask 255.255.255.255
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (dmz,outside) tcp interface www Web_Server www netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 173.10.XXX.XXX 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 10.0.1.0 255.255.255.0 inside
http 10.1.10.0 255.255.255.0 outside
http San_Mateo_Inside 255.255.255.255 inside
http San_Mateo_Inside 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 173.12.XXX.XXX
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
vpn-sessiondb max-webvpn-session-limit 10
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 10.0.1.0 255.255.255.0 inside
ssh San_Mateo_Inside 255.255.255.0 inside
ssh 10.1.10.0 255.255.255.0 outside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 10.0.5.10-10.0.5.30 inside
dhcpd dns 75.75.75.75 75.75.76.76 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 1 regex "Intel Mac OS X"
svc profiles CATS disk0:/cats.xml
svc enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
dns-server value 75.75.75.75
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
webvpn
svc profiles value CATS
username user1 password tTq7bIZ.C4x0j.qv encrypted privilege 15
username ********* password sPxon1E6hTszm7Ko encrypted privilege 15
tunnel-group 173.12.XXX.XXX type ipsec-l2l
tunnel-group 173.12.XXX.XXX ipsec-attributes
pre-shared-key *****
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:1751532c3624a6c2eec3c1ae0c31fe03
: end
Site B:
ASA Version 8.2(5)
hostname ***************
enable password 6.De4e7UzES9wBPg encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.100.10 Web_Server
name 10.0.6.0 Ghost_Flower_Inside
name 10.0.5.0 San_Mateo_Inside
name 10.0.5.100 Any_Connect_100
name 10.0.5.101 Any_Connect_101
name 10.0.5.102 Any_Connect_102
name 10.0.5.103 Any_Connect_103
name 10.0.5.104 Any_Connect_104
name 10.0.5.105 Any_Connect_105
name 10.0.5.106 Any_Connect_106
name 10.0.5.107 Any_Connect_107
name 10.0.5.108 Any_Connect_108
name 10.0.5.109 Any_Connect_109
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 12
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.0.5.201 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 173.10.XXX.XXX 255.255.255.252
interface Vlan12
no forward interface Vlan1
nameif dmz
security-level 50
ip address 192.168.100.1 255.255.255.0
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 75.75.75.75
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network Any_Connect_DHCP
network-object host Any_Connect_100
network-object host Any_Connect_101
network-object host Any_Connect_102
network-object host Any_Connect_103
network-object host Any_Connect_104
network-object host Any_Connect_105
network-object host Any_Connect_106
network-object host Any_Connect_107
network-object host Any_Connect_108
network-object host Any_Connect_109
access-list outside_access_in extended permit tcp any interface outside eq www
access-list outside_access_in extended permit tcp any interface outside eq ssh
access-list outside_1_cryptomap extended permit ip San_Mateo_Inside 255.255.255.0 Ghost_Flower_Inside 255.255.255.0
access-list inside_nat0_outbound extended permit ip San_Mateo_Inside 255.255.255.0 Ghost_Flower_Inside 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group Any_Connect_DHCP any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool AnyConnectDHCPPool Any_Connect_100-10.0.5.110 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (dmz) 1 192.168.100.2 netmask 255.255.255.255
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (dmz,outside) tcp interface www Web_Server www netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 173.10.242.182 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 10.0.1.0 255.255.255.0 inside
http 10.1.10.0 255.255.255.0 outside
http San_Mateo_Inside 255.255.255.255 inside
http San_Mateo_Inside 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 173.12.XXX.XXX
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
vpn-sessiondb max-webvpn-session-limit 10
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 10.0.1.0 255.255.255.0 inside
ssh San_Mateo_Inside 255.255.255.0 inside
ssh 10.1.10.0 255.255.255.0 outside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 10.0.5.10-10.0.5.30 inside
dhcpd dns 75.75.75.75 75.75.76.76 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 1 regex "Intel Mac OS X"
svc profiles CATS disk0:/cats.xml
svc enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
dns-server value 75.75.75.75
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
webvpn
svc profiles value CATS
username ************** password sPxon1E6hTszm7Ko encrypted privilege 15
tunnel-group 173.12.XXX.XXX type ipsec-l2l
tunnel-group 173.12.XXX.XXX ipsec-attributes
pre-shared-key *****
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:1751532c3624a6c2eec3c1ae0c31fe03
: endHi Kevin,
Both the sides have IP address of 173.10.XXX.XXX on the respective Outside interfaces and you have configured the peers for 173.12.X.X.
Please ensure the correct IP addresses for VPN peers are configured , via the following command:
crypto map outside_map 1 set peer X.X.X.X
e.g. If you have 173.10.X.X on Site X and 173.12.X.X on Site Y , then
On Site X, peer would be
crypto map outside_map 1 set peer 173.12.X.X
and the tunnel-group will be
tunnel-group 173.12.XXX.XXX type ipsec-l2l
tunnel-group 173.12.XXX.XXX ipsec-attributes
pre-shared-key *****
On Site Y, peer would be
crypto map outside_map 1 set peer 173.10.X.X
and the tunnel-group will be
tunnel-group 173.10.XXX.XXX type ipsec-l2l
tunnel-group 173.10.XXX.XXX ipsec-attributes
pre-shared-key *****
Also , the nat exempt would be complimentary on each other i.e.
On Site X,
access-list inside_nat0_outbound extended permit ip San_Mateo_Inside 255.255.255.0 Ghost_Flower_Inside 255.255.255.0
On Site Y,
access-list inside_nat0_outbound extended permit ip Ghost_Flower_Inside 255.255.255.0 San_Mateo_Inside 255.255.255.0
Hope that helps.
Regards,
Dinesh Moudgil -
WRT54G2 and WRT54G locks-up (freezes) when blocking web sites using Access Restrictions
I am convinced that a few Linksys routers such as WRT54G2 and WRT54G have a major issue when blocking web sites using Access Restrictions (Internet Access Policy). After a few hours of internet access by 15 wired users the Linksys locks-up and blocks all internet web access. The only solution is to restart the power on the router.
We are currently using a Linksys WRT54G2 v1 (firmware 1.0.04). We upgraded the WRT54G2 v1 firmware to the latest 1.0.04 version which did not resolve the issue. NOTE: We were previosuly using a a Linksys WRT54G v1.1 (firmware 4.21.1) until the power supply blew a week after we started blocking web sites using Access Restrictions (Internet Access Policy).
Basically, we have a T1 internet connection and a hub connected to the Linksys router. We are trying to block several web sites such as facebook, myspace, etc. for 15 wired users. We do not use wireless connections.
This is the 2nd time it happened with 2 different models.
Please help ASAP.
Thank you,
Lance
(Mod note: Edited post. Some parts off topic.. Thanks!)Also, you have already upgrade/re-flash the firmware of your Linksys Router you need to reset and reconfigure your router from scratch. Press and hold the reset button for 30 seconds...Release the reset button...Unplug the power cable from your router, wait for 30 seconds and re-connect the power cable...Now re-configure your router...
-
Access Denied Error while accessing "Site Settings Access requests and invitations"
Hi,
I am getting Access Denied Error while accessing "Site Settings > Access requests and invitations" in SharePoint 2013 online. Currently I am the owner of the site and have "FULL CONTROL" access. I am able to access using
site collection account. So, what permission I have to give my regular account to access this page?
Thanks, PalHello,
Have you recently changed the Owners group of the site collection or removed the user from the original owners group?
The reason I am asking is when the Access requests and invitations list are created, the permissions are given only to the default owners group at the time that the Access Request list was created. If this "regular account" is not part of that owners
group, the user will receive access denied. Site Collection Admins always have permissions for the Access Request List.
A workaround for the Access Denied issue is listed in the KB article http://support.microsoft.com/kb/2911390/en-us. By giving the correct group or user the permissions to this list, the users will not receive
the Access Denied issue anymore.
Preferably, in order to grant the user the full permissions ( you will see features like resending invitations may still fail after implementing the above workaround) there is one other workaround that may be required depending on what the original issue
was. Below are additional steps to restore full functionality.
1)Access the /_layouts/15/permsetup.aspx of the site collection, make sure the default Owners Group
is set correctly. (There is a group selected)
2) Add user to that Owners Group. (Issue may be resolved at this step if the site collection Owners
Group was never changed, if not continue to next step.)
3) Implement workaround on http://support.microsoft.com/kb/2911390/en-us, by adding that owners
group as Full control on Access Request list Permissions.
Let me know how this works out for you.
- Shpendi Jashari -
Issue with the site level access in the trial ac
I am following the given video to get an understanding of site level access.
SAP HANA Cloud Portal Setting Access Levels in the Site - YouTube
I could not find the option of setting the site level access to either public, restricted or private in my trial ac. in the site settings as per the given video above. Could this be some authorization issue or some settings that needs to be done.Hello,
The site access level configuration is now under the Access Managment entry in the side panel.
Please follow the documentation in the link below.
SAP HANA Cloud Portal Documentation
Regards,
Eliel.
Maybe you are looking for
-
Invoice of downpayment of 100%
Sometimes when we sell a material we sometimes ask the downpayment of 100% of the order. When we deliver a material we issue a delivery note and the final invoice, but it is impossible to issue a final invoice of 0 Euro with a registration on the
-
Hi! I have a question. May I use BPS variable in BeX?
-
I Have done my Objects in 300 Client.I want to Import it into other client
hi I Have done my Objects in 300 Client.I want to Import it into other client. What is the Procedure for that Please clarify ASAP.. Thanks
-
Gig DWDM connection between 2 x 3750's
We have a customer that has a gig DWDM connection between 2 cat3750's. The interfaces are SMF. He is complaining of throughput issues. He has a pair of AIX servers transfering a file between them using we believe RPC (not 100% sure). If he does it ac
-
I-pod not working computer will not recognize it
Last night my I-pod froze I couldn't get it to do anything. After my computer started acting up so I restored it. Now I got my I-pod un froze but all my music is gone? I can't get my computer to recognize it, and it will not download drivers cause it