Source Routing and Sendmail
Hi all
This is probably not directly related to IronPort, but I'm sure you guys might be able to help.
We installed an IronPort applicane a few months ago and everything works great. Unfortunately, we forward the mails to our internal sendmail server which has to be reachable from the Internet for some legacy stuff. The sendmail box in conjunction with IronPort (smarthost) seems to enable source routing of email addresses, rendering the box an open relay.
Is there a way to drop all source routed e-mails at sendmail? Based on what I read, IronPort does drop source routed e-mails anyway.
thx
reto
You will need to disable the loose_relay_check option in Sendmail. This option turns off the default behavior of rechecking recipients using the % addressing. For example, if the recipient address is user%site@othersite, the default behavior without the loose_relay_check option is that Sendmail will check if any @othersite is an allowed relay host specified in either class R macro or the access db file. If a site is an allowed relay host, the check_rcpt ruleset strips @othersite and checks user@site for relaying. Sendmail does not recheck user@site if loose_relay_check option is set to ON.
Similar Messages
-
How to enable source routing on outgoing packets?
Hi all
Perhaps some of you can help me with this. I recently read http://enclaveforensics.com/Blog/files/ … 8d9-5.html about loose source routing, and would like to do the experiment myself in an isolated network dedicated for testing purposes.
I know how to filter source routed traffic with firewalls (ip-tables), but have no idea of how to enable either loose or strict source routing in the ip-headers for those packets i'm sending out. Maybe there are some kind of setting in some configuration-file? Or are we talking the source code of an application? Kernel compilation setting? Please let me know, if you know how to do it.
And also please notice this: I've got no malicious intentions. I will only perform this in an isolated network dedicated for testing purposes. So please do not accuse me for beeing a cracker/hacker/whatever...
Thankyouthe best way to actually enable it system-wide is to use mangle table of iptables to manually enable the ipv4 options and adding the routing info with each packet, on the other hand, you can create a program with python's scapy that does LSRR and SSRR.
Last edited by Sin.citadel (2010-07-01 12:00:07) -
Please let me know what is IP source Route and why is it disable for security purpose.
Thanks in advanceHello Nitin,
Cisco routers normally accept and process source routes. Unless a network depends on it, source routing should be disabled.
Source routing is a technique whereby the sender of a packet can specify the route that a packet should take through the network. As a packet travels through the network, each router will examine the destination IP address and choose the next hop to forward the packet to. In source routing, the "source" (i.e., the sender) makes some or all of these decisions.
Reason for disabling: Attackers can use source routing to probe the network by forcing packets into specific parts of the network. Using source routing, an attacker can collect information about a network's topology, or other information that could be useful in performing an attack. During an attack, an attacker could use source routing to direct packets to bypass existing security restrictions.
Remedy:
Use the 'no ip source-route' command to disable IP source routing on the router. Refer to your router documentation for specific instructions.
Regards,
Mohit -
/*! flamingo 6.4.0 2013-06-18 */
function AppListView(){this.allBooks=[],this.recentBooks=[],this.$dom=$("<div>",{"class" :"app-list"}),this._loadBooks(),this._createView(),setTimeout($.proxy(this._prel oadIcons,this),1e3)}function Beacon(e,a){location.protocol.match(/^http/)&&e.enable_tracking&&e.product&&e.p latform&&e.version&&(this.title=e.title.toLowerCase(),this.product=e.product.toL owerCase(),this.platform=e.platform.toLowerCase(),this.version=e.version.toLower Case(),this.locale=a.isoCodes[0],this.loaded=$.getScript(App.resourcePath+"sc.js ",$.proxy(this.init,this)),$(e).on("navigate",$.proxy(this.navigate,this)),$(e). on("search",$.proxy(this.search,this)),$(e).on("searchresults",$.proxy(this.sear chResultSelected,this)),$(e).on("feedback",$.proxy(this.feedback,this)),$(e).on( "mediastart",$.proxy(this.mediaStart,this)))}function Book(e){if($.extend(this,e),this.name=this.title,$.each(this.topics,$.proxy(fun ction(e,a){this.topics[e]=new Topic(e,a,this)},this)),$.each(this.sections,$.proxy(function(e,a){this.section s[e]=new Section(e,a,this)},this)),$.each(this.toc,$.proxy(function(e,a){this.toc[e]=thi s.topics[a]||this.sections[a]||a},this)),$.each(this.sections,$.proxy(function(e ,a){var t=a.children;$.each(t,$.proxy(function(e,i){t[e]=this.topics[i]||this.sections[ i]||i,t[e].parent=a},this))},this)),this.landing=this.topics[this.landing]||"",t his.copyright=this.topics[this.copyright]||"",!this.landing){for(var a=this.toc[0];a instanceof Section;)a=a.children[0];this.landing=a}this.unknown_topic=new Topic("unknown",{name:"TOPIC_UNAVAILABLE".loc(),href:""},this)}function ContentView(e,a){this.name=e,this.$dom=$("<div>",{id:e,"class":"contentView"}). addClass(e),this.topic=null,a&&this.showTopic(a)}function DebugPanel(e){this.$dom=$("<dl>",{"class":"debug-info"}),$("<dt>",{text:"flamin go"}).appendTo(this.$dom),$("<dd>",{text:e.version}).appendTo(this.$dom),$.each( ["build_id","title","design","enable_tracking","product","platform","version","l ocale","collect_feedback","framework","source_schema"],$.proxy(function(a,t){$(" <dt>",{text:t}).appendTo(this.$dom),$("<dd>",{text:e.book[t]||"[ undefined ]"}).toggleClass("undefined",!e.book[t]).appendTo(this.$dom)},this))}function Design(e){this.name=e||"default";var a=Design.namedSkins[this.name];this.cssClass="",this.isLayeredStyle=!1,this.hel pviewerWindowSize={height:520,width:815},this.dismissSearchLabel="Cancel",this.p reloadList=["lightbox-close.png","[email protected]","lightbox-close-hover.p ng","[email protected]","disclosure-open.png","[email protected]" ],a&&(a.preloadList&&(this.preloadList.concat(a.preloadList),delete a.preloadList),$.extend(this,a))}function HelpViewerBook(e){this.id=e.bookID(),this.title=e.title(),this.link="help:openb ook='"+this.id+"'",this.iconHref=("x-help-icon://"+encodeURIComponent(this.id)). replace(/\.help$/,""),this.apple=this.id.match(/^com\.apple\./)?!0:!1}function LandingView(e,a){this.book=e,this.bundle=a,this.contentView=new ContentView("landing",e.landing),this.$dom=this.contentView.$dom,this.isHelpCen ter="HelpViewer"in window&&!HelpViewer.currentScope(),this.isHelpCenter?this._addMarquee():this._l ayoutLanding()}function LightboxView(e){this._$previous_focus=$(),this.visible=!1,this.$dom=$("<div>",{ id:e,"class":e,"aria-hidden":"true",role:"alertdialog",tabindex:"-1"}).hide(),$( "<div>",{"class":"background"}).appendTo(this.$dom);var a=$("<div>",{id:"lightboxOuterWrapper"}).appendTo(this.$dom),t=$("<div>",{id:"l ightboxInnerWrapper"}).appendTo(a),i=$("<div>",{id:"lightboxContentWrapper"}).ap pendTo(t);this.contentView=new ContentView("lightbox-content"),i.append(this.contentView.$dom);var n=$("<img>",{src:App.resourcePath+"images/[email protected]",alt:"Close".lo c(),role:"button"});$("<a>",{"class":"closeButton"}).append(n).appendTo(a).click ($.proxy(function(){App.navigation.popPrevious(),this.hide()},this)).hover(funct ion(){n.attr("src",App.resourcePath+"images/[email protected]")},funct ion(){n.attr("src",App.resourcePath+"images/[email protected]")})}function NavController(e){this._book=e,this._linearTOC=[],this._currentItem=null,this._p ushedItem=null,this._addItems(e.toc),App.design.isLayeredStyle||this._linearTOC. unshift(e.landing),this._checkHash();var a=$.proxy(this._checkHash,this);"onhashchange"in window?$(window).bind("hashchange",a):setTimeout(function(){setInterval(a,100)} ,500)}function Section(e,a,t){this.id=e,this.book=t,$.extend(this,a)}function TOC(e,a,t){this.book=e,this._contentPath=t,this._$liByID={},this.$dom=this._$ul ForNavList(this.book.toc,0).addClass("toc");var i=$("<li>",{role:"treeitem","class":"home"}).prependTo(this.$dom),n=$("<a>",{hr ef:"#"+this.book.landing.id}).appendTo(i);$("<img>",{src:a+"images/tangerine/hom [email protected]"}).appendTo(n),$("<span>",{"class":"name",text:"Home".loc()}).appendTo( n),this._$liByID[e.landing.id]=i,this.$dom.on("click","a",$.proxy(this._toggleSe ctions,this))}function Topic(e,a,t){this.id=e,this.book=t,this.categories=[],$.extend(this,a),this.ful l_name=this.name,this._content_loaded=!1,this.$content=$("<div>",{id:e}),this.is _landing=$.inArray("landing",this.categories)>-1,this.is_glossary=$.inArray("glo ssary",this.categories)>-1,this.is_external=!!this.href.match(/^\w+:/),this.is_h ash=!!this.href.match(/^#/)}function TermMatch(e,a,t){this.term=e,this.topic=App.book.topicForID(a),this.weight=t}fu nction WeightedTopic(e){this.topic=e.topic,this.weight=e.weight}function SearchResult(e,a,t){this.query=e,this.matchingTerms=a,this.topics=[];var i={};$.each(t,function(e,a){var t=a.topic.id,n=i[t];n?n.addMatch(a):i[t]=new WeightedTopic(a)});var n=$.map(i,function(e){return e}),o=n.sort(function(e,a){return a.weight-e.weight});this.topics=$.map(o,function(e){return e.topic})}function SearchIndex(e){this._keywordStemRegex="",this._matchesByTerm={};var a,t,i,n,o=[];i=function(e,t){return new TermMatch(a,t,e)},n=function(e,a,t){return"\\b"+a+(t?t.replace(/(.)/g,"$1?"):"" )+"\\b"};for(var s in e)a=s,t=e[a],this._matchesByTerm[a]=$.map(t,i),a=a.replace(/(\.|\*|\+|\?|\{|\}| \||\[|\]|\(|\)|\-|\^|\$)/g,"\\$1"),a=a.replace(/^(..)(.+)$/,n),o.push(a);o.sort( function(e,a){return a.length-e.length}),this._keywordStemRegex=RegExp(o.join("|"),"gi")}window.App= {version:"6.4.0",env:"production"},location.search.match(/%23/)&&location.replac e(location.href.replace("%23","#")),$.ajaxSetup({crossDomain:!1}),window.APD={}, $.extend(window.App,{book:null,bundle:null,design:null,navigation:null,searchInd ex:null,resourcePath:"",queryParams:{},views:{}}),String.prototype.loc=function( ){return App.bundle?App.bundle.translate(this):this},function(){if("console"in window||(window.console={},$.each(["assert","count","debug","dir","dirxml","err or","group","groupCollapsed","groupEnd","info","log","markTimeline","profile","p rofileEnd","time","timeEnd","trace","warn"],function(){window.console[this]=$.no op})),location.search&&$.each(location.search.substring(1).split("&"),function() {var e=this.split("=");App.queryParams[decodeURIComponent(e[0])]=decodeURIComponent( e[1])}),App.queryParams.topic){var e=App.queryParams.topic,a=location.pathname;return delete App.queryParams.topic,a+=$.param(App.queryParams)?"?"+$.param(App.queryParams): "",a+="#"+e,location.replace(a),void 0}App.queryParams.localePath&&App.queryParams.localePath.match(/^http/)&&delete App.queryParams.localePath,navigator.userAgent.match(/Help Viewer/)&&($.browser.helpviewer=!0),$(document).ready(function(){function e(){clearTimeout(i),t.hide().remove()}function a(){e(),console.error("Could not load navigation.json file."),$("html").addClass("nocontent")}$("#javascriptDisabled").remove(),App.r esourcePath=$("script[src$='flamingo.js']").attr("src").replace(/flamingo\.js$/, ""),(new Image).src=App.resourcePath+"images/[email protected]";var t=$("<div>",{id:"updating"}).hide().appendTo("body").append($("<img>",{src:App. resourcePath+"images/[email protected]"})),i=setTimeout(function(){t.show()},500);A pp._loadBundle().pipe(function(){return $.getJSON(App.bundle.URL()+"navigation.json",function(e,a,t){App._addServerType (t),App.book=new Book(e),App.beacon=new Beacon(App.book,App.bundle.current)})}).fail(a).then(e).then(App.init).then(App .showInterface).then(function(){return $.getJSON(App.bundle.URL()+"search.json",function(e){App.searchIndex=new SearchIndex(e)})}).fail(function(){console.error("Could not load search.json file.")})}),App._loadBundle=function(){var e=$.Deferred(),a=App.queryParams.localePath||App.queryParams.lang||window.local ePath;return App.bundle=new APD.Bundle("",a,function(){$("body").attr("dir",this.current["text-direction"]) ,$("<div>",{"class":"localizedUpdateText",text:"Loading latest help...".loc()}).appendTo("#updating"),$("html").attr("lang",this.current.isoCo des[0]),e.resolve()}),e},App._addServerType=function(e){var a=e.getResponseHeader("x-server-type");"development"!==this.env&&a&&a.match(/re view|staging/)&&(this.env=a),$("html").addClass(this.env)},App.setTitle=function (e){var a=App.book.title,t=e&&(e.full_name||e.name);t!==a&&(a+=": "+$("<textarea>",{html:t}).text()),document.title=a},App.init=function(){var e=$("html");if($.each($.browser,function(a){"version"!==a&&e.addClass(a)}),e.ha sClass("nocontent")||$("#contentUnavailable").remove(),window.devicePixelRatio>1 &&void 0!==document.body.style.backgroundSize&&e.addClass("bgsize"),App.design=new Design(App.book.design),$.browser.helpviewer&&Design.helpviewerWindowSize){var a=Design.helpviewerWindowSize,t=Math.max(a.width,top.outerWidth),i=Math.max(a.h eight,top.outerHeight);top.resizeTo(t,i)}if(navigator.userAgent.match(/(iphone|i pad)/i)){"-webkit-overflow-scrolling"in document.body.style||e.addClass("nooverflow");var n=720;App.design.helpviewerWindowSize&&(n=App.design.helpviewerWindowSize.width ),$("<meta>",{name:"viewport",content:"maximum-scale=3.0,width="+n}).prependTo(" head")}},App.showInterface=function(){App.createViews(),App.design.preloadImages (),App.navigation=new NavController(App.book)},App.createViews=function(){var e=$("body"),a=$("<div>",{id:"container","class":"container"}),t=$("<div>",{id:" menu","class":"menu"}).appendTo(a),i=$("<div>",{id:"front-matter","class":"front -matter"}).appendTo(a),n=$("<div>",{id:"navigation","class":"navigation",role:"n avigation"}).appendTo(i);App.views.landing=new LandingView(App.book,App.bundle),App.views.toc=new TOC(App.book,App.resourcePath,App.bundle.URL()),App.views.topic=new ContentView("topic"),App.views.debug=new DebugPanel(App),App.views.lightbox=new LightboxView("lightbox"),$.browser.helpviewer&&!HelpViewer.currentScope()&&(App .views.appList=new AppListView),a.add(App.views.lightbox.$dom).addClass(App.design.name).addClass( App.design.cssClass),e.prepend(a),e.append(App.views.debug.$dom),i.prepend(App.v iews.landing.$dom),a.append(App.views.topic.$dom.hide()),searchController.addInt erfaceElements(n),n.append(App.views.toc.$dom),e.append(App.views.lightbox.$dom) ,App.views.appList&&e.append(App.views.appList.$dom),$("<h1>",{"class":"book-tit le"}).append($("<a>",{href:"#",text:App.book.title})).appendTo(t),$(App.book).on ("navigate",$.proxy(App.views.toc.updateSelection,App.views.toc)),$(App.book).on ("navigate",$.proxy(App.toggleViews,App)),$("body").on("orientationchange",App.r esetOverflow)},App.resetOverflow=function(){var e,a=App.views,t=$(".toc").add(a.landing.$dom).add(a.topic.$dom);t.css("overflow ","visible"),e=t.css("overflow"),t.css("overflow","")},App.toggleViews=function( e,a,t){var i=$(".front-matter"),n=i.find("#landing");App.setTitle(a),t===App.views.appList ?(App.views.topic.hide(),i.hide(),App.views.appList.show()):(App.views.appList&& App.views.appList.hide(),i.show()),t===App.views.landing&&App.views.topic.hide() ,App.design.isLayeredStyle?t===App.views.landing||t===App.views.toc?(i.attr({"ar ia-hidden":!1,tabindex:-1}).show().focus(),App.views.topic.hide()):t===App.views .topic&&i.attr({"aria-hidden":!0,tabindex:-1}).hide():t===App.views.landing||t== =App.views.toc?n.show():t===App.views.topic&&n.hide(),$("#container").attr("aria -hidden",t===App.views.lightbox),t!==App.views.lightbox&&App.views.lightbox.hide ();var o="HelpViewer"in window&&"currentScope"in HelpViewer,s="HelpViewer"in window&&"setBreadcrumbBookTitleWithAnchor"in HelpViewer;o&&s&&"com.apple.machelp"===HelpViewer.currentScope()&&HelpViewer.se tBreadcrumbBookTitleWithAnchor("",null),$("body").prop("scrollTop",0),$("html"). is(".nooverflow")&&window.scrollTo(0,1)},$(document).on("keydown",function(e){!( e.ctrlKey||e.metaKey||e.shiftKey||App.views.lightbox.visible)&&"querySelectorAll "in document&&(37===e.which?App.navigation.previous():39===e.which&&App.navigation. next())}),$(document).on("keypress",function(e){e.ctrlKey&&e.metaKey&&2===e.keyC ode&&App.views.debug.$dom.toggle()}),$("#localizations select").live("change",function(){delete App.queryParams.localePath,App.queryParams.lang=$(this).val(),location.href="?" +$.param(App.queryParams)})}(),AppListView.prototype.show=function(){this.$dom.s how()},AppListView.prototype.hide=function(){this.$dom.hide()},AppListView.proto type._loadBooks=function(){var e=this;"HelpViewer"in window&&HelpViewer.availableBooks&&HelpViewer.recentApplicationList&&($.each(He lpViewer.availableBooks(),function(a,t){e.allBooks.push(new HelpViewerBook(t))}),$.each(HelpViewer.recentApplicationList(),function(a,t){va r i=RegExp(t,"i");$.each(e.allBooks,function(a,t){t.id.match(i)&&e.recentBooks.pu sh(t)})}))},AppListView.prototype._createView=function(){var e=5,a="Show all".loc(),t="Show less".loc(),i=function(){var e=$(this).parents(".app-group"),i=e.hasClass("closed")?t:a;e.toggleClass("close d").find(".showHide").text(i)};if(this.allBooks.length){var n,o,s;n=$("<div>",{"class":"app-group closed"}).appendTo(this.$dom),$("<div>",{"class":"title"}).appendTo(n),$("<a>", {"class":"showHide",text:a,click:i}).appendTo(n),$("<div>",{"class":"clear"}).ap pendTo(n),$("<div>",{"class":"initial-set"}).appendTo(n),$("<div>",{"class":"add itional-set"}).appendTo(n),o=n.clone(!0,!0).appendTo(this.$dom),s=n.clone(!0,!0) .appendTo(this.$dom),$(".title",n).text("Recent applications".loc()),$(".title",o).text("Apple applications".loc()),$(".title",s).text("Other applications".loc()),$.each(this.recentBooks,function(a,t){e>a&&t.$iconLink().a ppendTo(n)}),$.each(this.allBooks,function(a,t){if("com.apple.HelpCenter.help"!= =t.id&&"com.apple.machelp"!==t.id){var i=t.apple?o:s,n=2*e>i.children(".initial-set").children().length?i.children(".i nitial-set"):i.children(".additional-set");t.$iconLink().appendTo(n)}}),$([n,o,s ]).each(function(){if(0===$(".additional-set",this).children().length&&$(".showH ide",this).remove(),0===$(".book",this).length)return $(this).remove(),void 0;for(var a=$(".book:last",this),t=a.parent();0!==t.find(".book").length%e;)$("<a>",{"cla ss":"book"}).appendTo(t)})}},AppListView.prototype._preloadIcons=function(){var e=this;setTimeout(function(){$.each(e.allBooks,function(e,a){setTimeout(functio n(){a.preloadIcon()},20*e)})},1e3)},function(e){var a={events:"",channel:"",pageName:"",eVar1:null,eVar16:null,eVar17:null,eVar18:n ull,eVar20:null,eVar21:null,eVar28:null};e.init=function(){this.setAccount(),thi s.setConstants()},e.setAccount=function(){var e="aaplpdglobaldev";"production"===App.env&&(e="aaplpdglobal"),this.sc=s_gi(e), this.sc.server=this.title,this.sc.trackDownloadLinks=!1,this.sc.trackExternalLin ks=!1,this.sc.trackInlineStats=!1,this.sc.useForcedLinkTracking=!1,this.sc.linkD ownloadFileTypes="exe,zip,wav,mp3,mov,mpg,avi,wmv,pdf,doc,docx,xls,xlsx,ppt,pptx ",this.sc.linkInternalFilters="help.apple.com",this.sc.linkLeaveQueryString=!1,t his.sc.linkTrackVars="eVar1,prop1,eVar2,prop2,eVar3,prop3,eVar4,prop4,eVar5,prop 5,eVar6,prop6,eVar7,prop7,eVar8,prop8,eVar9,prop9,eVar10,prop10,eVar11,prop11,eV ar12,prop12,eVar13,prop13,eVar14,prop14,eVar16,prop16,eVar17,prop17,eVar28,prop2 8,events",this.sc.linkTrackEvents="event1,event2,event3,event4",this.sc.usePlugi ns=!1,this.sc.doPlugins=$.noop,this.sc.visitorNamespace="appleproductdocumentati on",this.sc.trackingServer="metrics.apple.com",this.sc.trackingServerSecure="sec uremetrics.apple.com"},e.setConstants=function(){var e="unknown",a="unknown",t="unknown",i="help:"+this.product,n=i+":"+this.platfor m,o=n+":"+this.version;$.each(["helpviewer","safari","webkit","opera","mozilla", "msie"],function(){return this in $.browser?(e=this,!1):void 0}),$.each([/Mac OS X ([_\.\d]+)/,/iPhone OS ([_\.\d]+)/,/CPU OS ([_\.\d]+)/,/Windows NT ([_\.\d]+)/],function(){var e=navigator.userAgent.match(this);return e?(a=e[0].replace(this,"$1").replace(/_/g,"."),!1):void 0}),$.each([/Version\/([_\.\d]+)/,/Chrome\/([_\.\d]+)/,/MSIE ([_\.\d]+)/,/Firefox\/([_\.\d]+)/],function(){var e=navigator.userAgent.match(this);return e?(t=e[0].replace(this,"$1").replace(/_/g,"."),!1):void 0}),$.extend(this.sc,{eVar2:navigator.userAgent,eVar3:e+":"+t,eVar4:a,eVar5:e+" :"+a,eVar6:App.version,eVar7:i,eVar8:n,eVar9:o,eVar10:this.product,eVar11:this.p latform,eVar12:this.version,eVar13:(navigator.browserLanguage||navigator.systemL anguage||navigator.userLanguage||navigator.language).substr(0,2),eVar14:this.loc ale,eVar15:navigator.language})},e._track=function(e,t){this.loaded.then($.proxy (function(){$.extend(this.sc,a,t),this._resetProps(),this.sc.t(!0,"o",e)},this)) },e._resetProps=function(){var e,a,t={};for(e in this.sc)e.match(/prop\d+/)&&(this.sc[e]=null),e.match(/eVar\d+/)&&this.sc[e]&&( a=e.replace(/eVar(\d+)/,"$1"),t["prop"+a]="D=v"+a);$.extend(this.sc,t)},e.naviga te=function(e,a){var t=this.title+":"+a.name.toLowerCase();this._track("view",{events:"event1",chann el:t,pageName:t,eVar1:(a.is_glossary?"glossary:":"")+a.name,eVar28:a.id})},e.sea rch=function(e,a,t){if(a){var i=this.title+":search",n=t.length?"search":"search: no results";this._track(n,{events:t.length?"event2":"event3",channel:i,pageName:i, eVar1:n,eVar16:a})}},e.searchResultSelected=function(e,a,t){var i=this.title+":search",n="search: result click-through";this._track("name",{events:"event4",channel:i,pageName:i,eVar1:n ,eVar16:a,eVar17:t.name,eVar18:t.id})},e.feedback=function(e,a){var t=this.title+":"+a.name.toLowerCase();this._track("feedback",{events:"event5",c hannel:t,pageName:t,eVar1:a.name,eVar21:"false",eVar28:a.id})},e.mediaStart=func tion(e,a){var t=this.title+":media",i=App.navigation._currentItem;this._track("media: start",{events:"event7",channel:t,pageName:t,eVar1:i.name,eVar18:a,eVar20:"vide o",eVar28:i.id})}}(Beacon.prototype),Book.prototype.topicForID=function(e){retur n e?this.topics[e]:this.landing},Book.prototype.topicForURL=function(e){var a;return $.each(this.topics,function(){return this.href===e?(a=this,!1):void 0}),a},Book.prototype.sectionForID=function(e){return this.sections[e]},Book.prototype.itemForID=function(e){var a=this.topicForID(e)||this.sectionForID(e);return(!a||a instanceof String)&&(a=this.unknown_topic),a},function(){function e(e){return e?e.match(/[^\/]$/)?e+="/":e:""}function a(){var e=[navigator.browserLanguage||navigator.systemLanguage||navigator.userLanguage| |navigator.language];if("HelpViewer"in window&&"preferredLanguages"in HelpViewer)try{e=HelpViewer.preferredLanguages().concat(e)}catch(a){}if("iTunes "in window)try{e=$.map(iTunes.acceptedLanguages.split(","),function(e){return e.replace(/\+?([^;]+);.*/,"$1")}).concat(e)}catch(a){}return e=$.map(e,function(e){return e?(e=e.toLowerCase(),2>=e.length?e:[e,e.substr(0,2)]):null})}function t(e){return i||(i={},$.each(APD.translations,function(e,a){$.each(a.meta.isoCodes,function( e,t){i[t]=a})})),i[e]}var i,n={name:"English",isoName:"English",isoCodes:["en"],folder:"en.lproj","text-d irection":"ltr"};APD.Bundle=function(a,t,i){this.path=e(a),this.current=$.extend ({},n),t&&t.match(/^.*\.lproj$/)&&(this.current.folder=t),this.locales=[],this._ uiStrings={};var o=this;this._loadList().done(function(){var e=o._lookupLocale(t)||o._browserLocale();e&&(o.current=e)}).always(function(){o ._loadStrings()}).always(function(){i&&i.call&&i.call(o,o)})};var o=APD.Bundle.prototype;o._loadList=function(){var e=this,a=$.Deferred();return $.getJSON(this.path+"locale-list.json").done(function(t){e.locales=t,a.resolve( )}).fail(function(){return console.warn("Unable to load language list, loading content from "+e.current.folder),$.getJSON(e.URL()+"locale-info.json").done(function(t){t.me ta.folder=e.current.folder,e.locales.push(t.meta),a.resolve()}).fail(function(){ a.reject()})}),a},o._loadStrings=function(){var e=this,a=e.current.isoCodes;a.push("en"),$.each(a,function(a,i){var n=t(i);return n?(e._uiStrings=n.ui||{},e.cssClass=n.meta.cssClass||"",!1):void 0})},o._lookupLocale=function(e){if(!e)return null;var a=null;return $.each(this.locales,function(t,i){var n=i.isoCodes.concat([i.folder,i.name,i.isoName]);return $.inArray(e,n)>-1?(a=i,!1):void 0}),a},o._browserLocale=function(){var e=null,t=this.locales;return $.each(a(),function(a,i){return $.each(t,function(a,t){return $.inArray(i,t.isoCodes)>-1?(e=t,!1):void 0}),e?!1:void 0}),e},o.list=function(){if(2>this.locales.length)return[];if("iTunes"in window)return[];if("HelpViewer"in window)return[];var e=$.map(this.locales,function(e){return{name:e.name,isoCode:e.isoCodes[0]}});re turn e.sort(function(e,a){return e.name.localeCompare(a.name)}),e},o.translate=function(e){return this._uiStrings[e]||e},o.URL=function(){return this.path+e(this.current.folder)}}(),ContentView.prototype.showTopic=function(e ){e!==this.topic&&(this.topic=e,this.$dom.empty().prop("scrollTop",0).append(e.l oadContent()),"HelpViewer"in window&&"mtContentAccessed"in HelpViewer&&HelpViewer.mtContentAccessed(e.id+" "+e.name,e.book.title)),this.$dom.attr("aria-hidden",!1).show().trigger("conten tLoaded")},ContentView.prototype.hide=function(){this.$dom.attr("aria-hidden",!0 ).hide()},function(){$(".contentView a[href*='.html']").live("click",function(e){var a=$(this).attr("href"),t=a.match(/#/)?a.replace(/^.*\.html(#?.*)/,"$1"):"",i=a. replace(/^(.*\.html)#?.*/,"$1"),n=App.book.topicForURL(i)||App.book.topicForID(t );a.match(/^http/)||a.match(/\//)||(e.preventDefault(),n&&n.navigateTo())}),$(". contentView .Task h2, .contentView .task h2, .showTaskBody, .hideTaskBody").live("click",function(){var e=$(this).parent(".Task, .task").filter(":first"),a=e.toggleClass("closed").hasClass("closed");e.find("[ aria-expanded]").attr("aria-expanded",!a),e.find("[aria-hidden]").attr("aria-hid den",a)}),$(".contentView .LinkAppleWebMovie a, .contentView .movie a").live("click",function(e){if(!("HelpViewer"in window&&HelpViewer.availableBooks)){e.preventDefault();var a=$(this).attr("href");movieLightboxController.showLightboxWithURL(a)}})}(),Des ign.prototype.preloadImages=function(){$.each(this.preloadList,function(e,a){(ne w Image).src=App.resourcePath+"images/"+a})},Design.namedSkins={magenta:{helpview erWindowSize:null,cssClass:"layered",isLayeredStyle:!0},red:{helpviewerWindowSiz e:null,cssClass:"layered",isLayeredStyle:!0},tangerine:{dismissSearchLabel:"Clos e",preloadList:["tangerine/[email protected]","tangerine/disclosure-open.pn g","tangerine/[email protected]","tangerine/home.png","tangerine/[email protected] g","tangerine/menu-background.png"]}},HelpViewerBook.prototype.preloadIcon=funct ion(){(new Image).src=this.iconHref},HelpViewerBook.prototype.$iconLink=function(){return $("<a>",{href:this.link,"class":"book"}).append($("<img>",{src:this.iconHref})) .append($("<div>",{text:this.title}))},function(){var e=LandingView.prototype;e.showTopic=function(e){this.contentView.showTopic(e)}, e._layoutLanding=function(){if(!App.design.isLayeredStyle){var e=this.$dom.wrapInner("<div class='row' />").wrapInner("<div class='center' />").find(".center"),a=$("<div class='row' />").appendTo(e);$.browser.helpviewer||a.append(this._$languageMenu()),$("<div> ",{"class":"copyrightTagline",text:this.book.copyright_text}).appendTo(a)}},e._a ddMarquee=function(e){var a=$(".marquee",e),t=$("img",a).remove().attr("src"),i=$(".title",a).remove().te xt(),n="url("+t+") 0 0 no-repeat, -webkit-gradient(linear, 0 0, 0 100%, from(#ebebeb), to(#fff))";a.length&&e.addClass("hasMarquee"),$("<p>",{text:i}).appendTo(a),$(" <p>",{"class":"spacer"}).prependTo(a).clone().appendTo(a),a.css("background",n)} ,e._$languageMenu=function(){var e=this.bundle.list();if(0!==e.length){var a=$("<div>",{id:"localizations"}),t=$("<select>").appendTo(a);return $("<option>",{text:"Change Language".loc()}).appendTo(t),$.each(e,function(e,a){$("<option>",{val:a.isoCod e,text:a.name}).appendTo(t)}),a}}}(),LightboxView.prototype.showTopic=function(e ){this._$previous_focus=$(":focus"),this.visible=!0,this.contentView.showTopic(e ),this.$dom.show().attr("aria-hidden","false").attr("tabindex","0"),(!$.browser. msie||$.browser.version>=8)&&this.$dom.focus()},LightboxView.prototype.hide=func tion(){(!$.browser.msie||$.browser.version>=8)&&(this.$dom.blur(),this._$previou s_focus.focus()),this.$dom.hide().attr("aria-hidden","true").attr("tabindex","-1 "),this._$previous_focus$previous_focus=$(),this.visible=!1},function(){var e=NavController.prototype,a="showHelpViewerApplicationList";e._addItems=functio n(e){var a=this;$.each(e,function(e,t){t instanceof Section&&(App.design.isLayeredStyle&&!t.parent&&a._linearTOC.push(t),a._addItem s(t.children)),t instanceof Topic&&a._linearTOC.push(t)})},e.hash=function(){return location.hash.replace(/[^\-_a-z0-9]/gi,"")},e._checkHash=function(){this._goToI D(this.hash())},e._goToID=function(e){if(!this._currentItem||this._currentItem.i d!==e){searchController.navigateToItemWithID(e);var t,i=App.book.itemForID(e);i||(i=this._book.landing),e===a?t=App.views.appList:i instanceof Section?t=App.views.toc:i instanceof Topic&&(1>=App.book.toc.length&&App.book.toc[0]instanceof Topic&&i.is_landing?t=App.views.topic:i.is_landing?t=App.views.landing:i.is_glo ssary?(this._pushedItem=this._currentItem,t=App.views.lightbox):t=App.views.topi c,t.showTopic(i)),this._currentItem=i,$(this._book).trigger("navigate",[i,t])}}, e._goToItem=function(e){location.hash=e.id},e._goToPageOffset=function(e){for(va r a=0,t=0;this._linearTOC.length>t;t++)if(this._currentItem===this._linearTOC[t]) {a=t;break}a+=e,0>a?a=this._linearTOC.length+a:a>=this._linearTOC.length&&(a-=th is._linearTOC.length),this._goToItem(this._linearTOC[a])},e.previous=function(){ this._goToPageOffset(-1)},e.next=function(){this._goToPageOffset(1)},e.popPrevio us=function(){this._pushedItem?(this._goToItem(this._pushedItem),this._pushedIte m=null):this._goToItem(this._book.landing)}}(),Section.prototype.navPath=functio n(){return(this.parent?this.parent.navPath():[]).concat(this)},Section.prototype .linkHref=function(){return"#"+this.id},function(){var e=TOC.prototype;e._$ulForNavList=function(e,a){var t=$("<ul>",{role:a?"group":"tree"}).append($.map(e,$.proxy(function(e){return this._$liForNavItem(e,a)},this)));return t},e._$liForNavItem=function(e,a){if("string"==typeof e)return console.log("Unresolved TOC item:",e),void 0;var t=$("<li>",{role:"treeitem"}),i=$("<a>",{href:e.linkHref()}).appendTo(t);return this._$liByID[e.id]=t,t.add(i).data("item",e),e.categories&&t.addClass(e.catego ries.join(" ")),e.icon&&$("<img>",{src:this._contentPath+e.icon,alt:""}).prependTo(i),$("<s pan>",{"class":"name",html:e.name}).appendTo(i),e instanceof Section&&(t.addClass("closed hasChildren").attr("aria-expanded","false"),this._$ulForNavList(e.children,a+1) .appendTo(t)),t},e.updateSelection=function(e,a){this.$dom.find("li").removeClas s("selected").attr("aria-selected",!1);var t=this._$liByID[a.id],i=this.$dom.children("li"),n=!1;if(App.design.isLayeredSt yle&&(n=!0,t&&a.id!==this.book.landing.id||!this.book.toc.length||(a=this.book.t oc[0],t=this._$liByID[a.id]),a instanceof Section&&(i.addClass("closed").attr("aria-expanded",!1),i.is(t)))){var o=t.children("ul:first").height();o&&(this.$dom.css("overflow","hidden"),this.$ dom.css("min-height",o),this.$dom.css("overflow",null))}t&&t.addClass("selected" ).attr("aria-selected",!0).parents("li").add(n?t:null).removeClass("closed").att r("aria-expanded",!0)},e._toggleSections=function(e){var a=$(e.currentTarget).parents("li:first"),t=a.data("item"),i=a.hasClass("closed" );t instanceof Section&&(App.design.isLayeredStyle?a.removeClass("closed").attr("aria-expanded ",!0):(a.toggleClass("closed",!i).attr("aria-expanded",i),e.preventDefault())),t instanceof Topic&&"HelpViewer"in window&&"mtStatisticsIncrement"in HelpViewer&&HelpViewer.mtStatisticsIncrement(0,0,1,0)}}(),function(){var e=Topic.prototype,a=!1;flamingoQTDetect=!1,function(){return navigator.userAgent.match(/applewebkit/i)?(a=!0,void 0):"execScript"in window?(execScript('on error resume next: flamingoQTDetect = IsObject(CreateObject("QuickTimeCheckObject.QuickTimeCheck.1"))',"VBScript"),a= flamingoQTDetect,void 0):($.each($.makeArray(navigator.plugins),function(){return this.name.match(/quicktime/i)?(a=!0,!1):void 0}),void 0)}(),e.navPath=function(){return(this.parent?this.parent.navPath():[]).concat( this)},e.breadcrumbHTML=function(){var e=this.navPath(),a="rtl"===$("body").attr("dir")?"◀":"►",t=" <span class='breadcrumbArrow'>"+a+"</span> ";return e.pop(),$.map(e,function(e){return e.name}).join(t)},e.linkHref=function(){return this.is_external||this.is_hash?this.href:"#"+this.id},e.navigateTo=function(){l ocation.href=this.linkHref()},e.loadContent=function(){if(!this._content_loaded) {var e=App.bundle.URL(),a=this,t="";a.href&&$.ajax({async:!1,url:e+a.href,dataType:" html"}).done(function(a){t=a.replace(/.*<body/,"<div").replace(/\/body>.*/,"/div >"),t=t.replace(/src="/g,'src="'+e)}),t?(this.$content=$(t).addClass("apd-topic" ),this.$content.find("a[href^='http']").attr("target","_blank"),this.full_name=t his.$content.find("h1:first").text(),this.$content.attr("data-apdid",this.id).re moveAttr("id").find("a[name="+this.id+"]").remove(),this._removeSectionLinks(),t his._collapseTasks(),this._formatMovieLinks(),this._addFeedbackLink(),this._addC opyrightText(),this._content_loaded=!0):(this.$content=this._contentUnavailable( ),this._content_loaded=!1)}return this.$content},e._removeSectionLinks=function(){var e=this;this.$content.find("a:not([href^=http])").each(function(){var a,t=$(this),i=t.attr("href")||"";i.match(/^(\w+).html$/)&&(a=e.book.topicForURL (i),a||t.contents().unwrap())})},e._collapseTasks=function(){var e=this.$content.find(".Task, .task"),a=1===e.length;e.each(function(){$(this).addClass(a?"":"closed").find(" [aria-expanded]").attr("aria-expanded",a).end().find("[aria-hidden]").attr("aria -hidden",!a).end()}),$("<span>",{"class":"hideTaskBody",role:"button",text:"Hide ".loc(),"aria-label":"Hide".loc()}).prependTo(e),$("<span>",{"class":"showTaskBo dy",role:"button",text:"Show".loc(),"aria-label":"Show".loc()}).prependTo(e)},e. _addFeedbackLink=function(){if(this.book.collect_feedback){var e=$("<div>",{"class":"Feedback"}).appendTo(this.$content),a=$.param({bookID:thi s.book.title,topicTitle:this.name,appVersion:this.book.version||"",build:this.bo ok.build_id||"",source:$.browser.helpviewer?"helpviewer":"browser"});$("<span>", {"class":"LinkFeedback",text:"Was this page helpful?".loc()}).appendTo(e),$("<a>",{text:"Send feedback.".loc(),href:"http://help.apple.com/feedbackR1/English/pgs/fdbck_form.php?"+a,target:"_blank"}).click($.proxy(function(){$(this.book).trigger("feedback", this)},this)).appendTo(e)}},e._formatMovieLinks=function(){var e=this;this.$content.find(".LinkAppleWebMovie, .movie").each(function(){var t=$(this),i=t.find("a:first"),n=i.attr("href"),o=i.text(),s=e._getMovieURLFromU RLParam(n);a&&s?(i.parent().is("p")||i.wrap("<p class='p'>"),$("<a>",{title:o}).prependTo(t),t.find("a").attr({href:s,target:"h v_overlay_small"})):t.remove()})},e._getMovieURLFromURLParam=function(e){var a=null;if(e.match(/.*\?movie=/)){e=e.replace(/.*\?movie=/,"");var t=App.bundle.URL()+"movies/"+e+".json";a=this._getMovieURLFromJSONFileAtURL(t)} return a},e._getMovieURLFromJSONFileAtURL=function(e){var a=null;return $.browser.msie&&navigator.userAgent.match(/x64/i)?a:(navigator.onLine&&$.ajax({ async:!1,dataType:"json",url:e,success:function(e){a=e.length?e[0].url:e.url},er ror:function(){console.log(e+" could not be loaded")}}),a)},e._addCopyrightText=function(){if(this.book.copyright_text){var e=$("<div>",{"class":"copyrightTagline",html:this.book.copyright_text}),a=this. $content.find(".contentCell:last");
a.length?a.append(e):this.$content.append(e)}},e._contentUnavailable=function(){ var e=$("<div>",{id:this.id,"class":"apd-topic"});if($("<img>",{"class":"topicIcon" ,src:App.resourcePath+"images/[email protected]"}).appendTo(e),$("<h1>",{text:"TOPIC _UNAVAILABLE".loc()}).appendTo(e),$.browser.helpviewer&&location.protocol.match( /file/)){var a=$("<div>",{"class":"body conbody"}).appendTo(e);a.append($.map("CONNECT_TO_INTERNET".loc().split("\n"),f unction(e){return $("<p>",{"class":"p",text:e})})),"mtStatisticsIncrement"in HelpViewer&&HelpViewer.mtStatisticsIncrement(1,0,0,0)}return e}}(),APD.translations=[{meta:{isoCodes:["ar"],isoName:"Arabic",name:"Ø§Ù„Ø¹Ø±Ø ¨ÙŠØ©"},ui:{TOPIC_UNAVAILABLE:"الموضوع المØدد غير متوفر Øاليًا.",CONNECT_TO_INTERNET:'تأكد من الاتصال بالإنترنت. للØصول على مساعدة، اختر قائمة Apple > تفضيلات النظام، وانقر على الشبكة، ثم انقر على "ساعدني".\nإذا كنت متصلاً بالإنترنت، ولا يظهر المØتوى بعد، فØاول مرة أخرى لاØقًا.',"%@ Search Results":"%@ نتيجة (نتائج) بØØ«","Apple applications":"تطبيقات Apple",Cancel:"إلغاء","Change Language":"تغيير اللغة",Close:"إغلاق","Featured application help":"تعليمات تطبيقات مميّزة","Go to the homepage":"الانتقال إلى الصفØØ© الرئيسية","Help for:":"تعليمات لـ:",Hide:"إخفاء",Home:"الشاشة الرئيسية","Loading latest help...":"يتم الآن تØميل Ø£Øدث التعليمات…","Other applications":"تطبيقات أخرى","Recent applications":"Ø£Øدث التطبيقات",Search:"بØØ«","Send feedback.":"أرسل تغذية مرتدّة.","Show all":"إظهار الكل","Show less":"إظهار أقل","Show the previous page":"إظهار الصفØØ© السابقة","Show the next page":"إظهار الصفØØ© التالية",Show:"إظهار","Was this page helpful?":"هل كانت هذه الصفØØ© مفيدة؟"}},{meta:{isoCodes:["ca"],isoName:"Catalan",name:"Català "},ui:{TOPIC_UNAVAILABLE:"El tema seleccionat no està disponible ara",CONNECT_TO_INTERNET:"Comproveu que teniu connexió a Internet. Per obtenir ajuda sobre com establir connexió, seleccioneu el menú Apple > Preferències del Sistema i feu clic a Xarxa i, després, a Assistent.\nSi esteu connectat a Internet però el contingut no apareix, proveu-ho de nou més endavant.","%@ Search Results":"%@ resultats","Apple applications":"Aplicacions d'Apple",Cancel:"Cancel·lar","Change Language":"Canviar idioma",Close:"Tancar","Featured application help":"Ajuda de l'aplicació destacada","Go to the homepage":"Vés a la pà gina inicial","Help for:":"Ajuda de:",Hide:"Ocultar",Home:"Inici","Loading latest help...":"Carregant l'ajuda més actualitzada…","Other applications":"Altres aplicacions","Recent applications":"Aplicacions recents",Search:"Buscar","Send feedback.":"Enviar opinió.","Show all":"Mostrar-ho tot","Show less":"Mostrar menys","Show the previous page":"Mostra la pà gina anterior","Show the next page":"Mostra la pà gina següent",Show:"Mostrar","Was this page helpful?":"Us ha resultat útil aquesta pà gina?"}},{meta:{isoCodes:["cs"],isoName:"Czech",name:"ÄŒeÅ¡tina"},ui:{TOPIC_UNA VAILABLE:"Vybrané téma nenà k dispozici",CONNECT_TO_INTERNET:"UjistÄ›te se, že jste pÅ™ipojeni k Internetu. Chcete-li nápovÄ›du pro pÅ™ipojenÃ, použijte pÅ™Ãkaz PÅ™edvolby systému z nabÃdky Apple, kliknÄ›te na SÃÅ¥ a poté na „Průvodce“.\nJste-li pÅ™ipojeni k Internetu, avÅ¡ak obsah se pÅ™esto nezobrazuje, zkuste to znovu pozdÄ›ji.","%@ Search Results":"Výsledky hledánÃ: %@","Apple applications":"Aplikace Apple",Cancel:"ZruÅ¡it","Change Language":"ZmÄ›nit jazyk",Close:"ZavÅ™Ãt","Featured application help":"NápovÄ›da pro doporučené aplikace","Go to the homepage":"OtevÅ™Ãt domovskou stránku","Help for:":"NápovÄ›da pro:",Hide:"Skrýt",Home:"Plocha","Loading latest help...":"NačÃtánà nejnovÄ›jÅ¡Ã nápovÄ›dy…","Other applications":"Jiné aplikace","Recent applications":"Poslednà aplikace",Search:"Hledat","Send feedback.":"SdÄ›lte nám svůj názor.","Show all":"Zobrazit vÅ¡e","Show less":"Zobrazit ménÄ›","Show the previous page":"Zobrazit pÅ™edchozà stránku","Show the next page":"Zobrazit dalÅ¡Ã stránku",Show:"Zobrazit","Was this page helpful?":"Pomohla vám tato stránka?"}},{meta:{isoCodes:["da"],isoName:"Danish",name:"Dansk"},ui:{TOPIC_UN AVAILABLE:"Det valgte emne er utilgængeligt",CONNECT_TO_INTERNET:"Sørg for, at der er oprettet forbindelse til internettet. Vælg Apple > Systemindstillinger, klik pÃ¥ Netværk, og klik derefter pÃ¥ “Hjælp mig” for at fÃ¥ hjælp med at oprette forbindelse.\nHvis der er forbindelse til internettet, og indholdet stadig ikke vises, kan du prøve igen senere.","%@ Search Results":"%@ søgeresultater","Apple applications":"Apple-programmer",Cancel:"Annuller","Change Language":"Skift sprog",Close:"Luk","Featured application help":"Viste program","Go to the homepage":"GÃ¥ til hjemmesiden","Help for:":"Hjælp til:",Hide:"Skjul",Home:"Hjem","Loading latest help...":"Indlæser den nyeste hjælp…","Other applications":"Andre programmer","Recent applications":"Seneste programmer",Search:"Søg","Send feedback.":"Send feedback.","Show all":"Vis alle","Show less":"Vis færre","Show the previous page":"Vis forrige side","Show the next page":"Vis næste side",Show:"Vis","Was this page helpful?":"Var denne side nyttig?"}},{meta:{isoCodes:["de"],isoName:"German",name:"Deutsch"},ui:{TOPIC_UN AVAILABLE:"Das gewählte Thema ist derzeit nicht verfügbar",CONNECT_TO_INTERNET:"Vergewissern Sie sich, dass eine Verbindung zum Internet besteht. Wählen Sie „Apple“ > „Systemeinstellungen“, klicken Sie auf „Netzwerk“ und dann auf „Assistent“, wenn Sie Hilfe benötigen.\nWenn Sie mit dem Internet verbunden sind, den Inhalt aber dennoch nicht sehen können, versuchen Sie es zu einem späteren Zeitpunkt erneut.","%@ Search Results":"%@ Suchergebnisse","Apple applications":"Apple-Programme",Cancel:"Abbrechen","Change Language":"Sprache wechseln",Close:"Schließen","Featured application help":"Empfohlenes Programm-Hilfe","Go to the homepage":"Zur Homepage","Help for:":"Hilfe für:",Hide:"Ausblenden",Home:"Startseite","Loading latest help...":"Die neuste Hilfe wird geladen ...","Other applications":"Andere Programme","Recent applications":"Benutzte Programme",Search:"Suchen","Send feedback.":"Feedback senden.","Show all":"Alle einblenden","Show less":"Weniger einblenden","Show the previous page":"Nächste Seite einblenden","Show the next page":"Vorherige Seite einblenden",Show:"Einblenden","Was this page helpful?":"War diese Seite nützlich?"}},{meta:{isoCodes:["el"],isoName:"Greek",name:"Ελληνικά"},u i:{TOPIC_UNAVAILABLE:"Αυτήν τη στιγμή, το επιλεγμÎνο θÎμα δεν είναι διαθÎσιμο",CONNECT_TO_INTERNET:"Βεβαιωθείτε ότι είστε συνδεδεμÎνοι στο Διαδίκτυο. Για βοήθεια με τη σύνδεση, επιλÎξτε το μενού Apple > «Προτιμήσεις συστήματος», κάντε κλικ στο «Δίκτυο» και μετά στο «ΘÎλω βοήθεια».\nΕάν συνδεθείτε στο Διαδίκτυο και το περιεχόμενο δεν εμφανίζεται ακόμη, δοκιμάστε ξανά αργότερα.","%@ Search Results":"%@ αποτελÎσματα αναζήτησης","Apple applications":"ΕφαρμογÎÏ‚ Apple",Cancel:"Ακύρωση","Change Language":"Αλλαγή γλώσσας",Close:"Κλείσιμο","Featured application help":"Βοήθεια προτεινόμενων εφαρμογών","Go to the homepage":"Μετάβαση στην αρχική σελίδα","Help for:":"Βοήθεια για:",Hide:"Απόκρυψη",Home:"Αφετηρία","Loading latest help...":"Γίνεται φόρτωση της πιο πρόσφατης Βοήθειας…","Other applications":"Άλλες εφαρμογÎÏ‚","Recent applications":"Πρόσφατη εφαρμογή",Search:"Αναζήτηση","Send feedback.":"Στείλετε σχόλια.","Show all":"Εμφάνιση όλων","Show less":"Εμφάνιση λιγότερων","Show the previous page":"Εμφάνιση της προηγούμενης σελίδας","Show the next page":"Εμφάνιση της επόμενης σελίδας",Show:"Εμφάνιση","Was this page helpful?":"Ήταν χρήσιμη αυτή η σελίδα;"}},{meta:{isoCodes:["en-us","en-gb","en-ca","en-ie","en"],isoName :"English",name:"English"},ui:{TOPIC_UNAVAILABLE:"The selected topic is currently unavailable",CONNECT_TO_INTERNET:"Make sure you’re connected to the Internet. For help connecting, choose Apple menu > System Preferences, click Network, and click “Assist me.”\nIf you’re connected to the Internet, and the content still doesn’t appear, try again later.","%@ Search Results":"%@ Search Results","Apple applications":"Apple applications",Cancel:"Cancel","Change Language":"Change Language",Close:"Close","Featured application help":"Featured application help","Go to the homepage":"Go to the homepage","Help for:":"Help for:",Hide:"Hide",Home:"Home","Loading latest help...":"Loading latest help...","Other applications":"Other applications","Recent applications":"Recent applications",Search:"Search","Send feedback.":"Send feedback.","Show all":"Show all","Show less":"Show less","Show the previous page":"Show the previous page","Show the next page":"Show the next page",Show:"Show","Was this page helpful?":"Was this page helpful?"}},{meta:{isoCodes:["es"],isoName:"Spanish",name:"Español"},ui:{TOPIC _UNAVAILABLE:"El tema seleccionado no está disponible en estos momentos",CONNECT_TO_INTERNET:"Asegúrese de que está conectado a Internet. Si necesita ayuda para conectarse, seleccione menú Apple > Preferencias del Sistema, haga clic en Red y, a continuación, haga clic en Asistente.\nSi ya está conectado a Internet pero no se muestra el contenido del tema, inténtelo de nuevo más tarde.","%@ Search Results":"%@ resultados","Apple applications":"Aplicaciones de Apple",Cancel:"Cancelar","Change Language":"Cambiar idioma",Close:"Cerrar","Featured application help":"Ayuda de la aplicación destacada","Go to the homepage":"Ir a la página de inicio","Help for:":"Ayuda de:",Hide:"Ocultar",Home:"Inicio","Loading latest help...":"Cargando la ayuda más reciente…","Other applications":"Otras aplicaciones","Recent applications":"Aplicaciones recientes",Search:"Buscar","Send feedback.":"Enviar opinión.","Show all":"Mostrar todo","Show less":"Mostrar menos","Show the previous page":"Mostrar la página anterior","Show the next page":"Mostrar la página siguiente",Show:"Mostrar","Was this page helpful?":"¿Le ha resultado útil esta página?"}},{meta:{isoCodes:["fi"],isoName:"Finnish",name:"Suomi"},ui:{TOPIC_UN AVAILABLE:"Valittu aihe ei ole tällä hetkellä käytettävissä",CONNECT_TO_INTERNET:"Varmista, että olet yhteydessä internetiin. Jos tarvitset apua yhteyden muodostamisessa, valitse Omenavalikko > Järjestelmäasetukset, osoita Verkko ja osoita Avusta.\nJos olet yhteydessä internetiin, mutta sisältö ei silti tule näkyviin, yritä myöhemmin uudelleen.","%@ Search Results":"%@ - hakutulokset","Apple applications":"Applen ohjelmat",Cancel:"Kumoa","Change Language":"Vaihda kieltä",Close:"Sulje","Featured application help":"Esittelyssä olevan ohjelman ohje","Go to the homepage":"Siirry kotisivulle","Help for:":"Ohje:",Hide:"Kätke",Home:"Koti","Loading latest help...":"Ladataan uusinta ohjetta…","Other applications":"Muut ohjelmat","Recent applications":"Äskeiset ohjelmat",Search:"Etsi","Send feedback.":"Lähetä palautetta.","Show all":"Näytä kaikki","Show less":"Näytä vähemmän","Show the previous page":"Näytä edellinen sivu","Show the next page":"Näytä seuraava sivu",Show:"Näytä","Was this page helpful?":"Oliko tästä sivusta apua?"}},{meta:{isoCodes:["fr"],isoName:"French",name:"Français"},ui:{TOPIC_UN AVAILABLE:"La rubrique sélectionnée est actuellement indisponible.",CONNECT_TO_INTERNET:"Assurez-vous d’être connecté à Internet. Pour obtenir de l’aide pour vous connecter, choisissez le menu Pomme > Préférences Système, cliquez sur Réseau puis sur Assistant.\nSi vous êtes connecté à Internet, mais que le contenu ne s’affiche toujours pas, réessayez ultérieurement.","%@ Search Results":"%@ résultats","Apple applications":"Applications Apple",Cancel:"Annuler","Change Language":"Changer de langue",Close:"Fermer","Featured application help":"Aide de l’application actuelle","Go to the homepage":"Aller à la page d'accueil","Help for:":"Aide pour :",Hide:"Masquer",Home:"Accueil","Loading latest help...":"Chargement de l’Aide la plus récente… ","Other applications":"Autres applications","Recent applications":"Applications récentes",Search:"Rechercher","Send feedback.":"Envoyer des commentaires.","Show all":"Affichage total","Show less":"Affichage partiel","Show the previous page":"Afficher la page précédente","Show the next page":"Afficher la page suivante",Show:"Afficher","Was this page helpful?":"Avez-vous trouvé cette page utile ?"}},{meta:{isoCodes:["he"],isoName:"Hebrew",name:"עברית"},ui:{TOPIC_UNAVA ILABLE:"×”× ×•×©× ×©× ×‘×—×¨ ××™× ×• זמין כעת.",CONNECT_TO_INTERNET:"ודא/×™ ×©×”×™× ×š מחובר/ת ×œ××™× ×˜×¨× ×˜. לעזרה ×‘× ×•×©× התחברות, בחר/×™ תפריט Apple > ״העדפות המערכת״, לחץ/×™ על ״רשת״ ובחרי ״עזור לי״.\nאם ×”×™× ×š מחובר/ת ×œ××™× ×˜×¨× ×˜, ובכל זאת התוכן ××™× ×• מופיע, × ×¡×”/×™ שוב מאוחר יותר.","%@ Search Results":"%@ תוצאות","Apple applications":"יישומי Apple",Cancel:"ביטול","Change Language":"החלף/×™ שפה",Close:"סגור","Featured application help":"עזרה ×‘× ×•×©× היישומים המומלצים","Go to the homepage":"עבור אל דף הבית","Help for:":"עזרה ×‘× ×•×©×:",Hide:"הסתר",Home:"בית","Loading latest help...":"טוען את קבצי העזרה החדשים ביותר…","Other applications":"יישומים אחרים","Recent applications":"יישומים ××—×¨×•× ×™×",Search:"חיפוש","Send feedback.":"שלח/×™ משוב.","Show all":"הצג הכול","Show less":"הצג פחות","Show the previous page":"הצג את העמוד הקודם","Show the next page":"הצג את העמוד הבא",Show:"הצג","Was this page helpful?":"האם עמוד ×–×” עזר לך?"}},{meta:{isoCodes:["hr"],isoName:"Croatian",name:"Hrvatski"},ui:{TOPIC_U NAVAILABLE:"Odabrana tema trenutno nije dostupna",CONNECT_TO_INTERNET:'Provjerite jeste li spojeni na internet. Za pomoć pri spajanju odaberite Apple izbornik > Postavke sustava, kliknite na Mreža i zatim na "Pomoć".\nAko ste spojeni na internet i sadržaj se svejedno ne pojavljuje, pokuÅ¡ajte ponovno kasnije.',"%@ Search Results":"Rezultata pretraživanja: %@","Apple applications":"Appleove aplikacije",Cancel:"Odustani","Change Language":"Promijeni jezik",Close:"Zatvori","Featured application help":"Pomoć za ponuÄ‘ene aplikacije","Go to the homepage":"Prijelaz na početnu stranicu","Help for:":"Pomoć za:",Hide:"Sakrij",Home:"Početna stranica","Loading latest help...":"Učitavanje najnovijih datoteka pomoći…","Other applications":"Ostale aplikacije","Recent applications":"Novije aplikacije",Search:"Pretraži","Send feedback.":"PoÅ¡alji povratne informacije.","Show all":"Prikaži sve","Show less":"Prikaži manje","Show the previous page":"Prikaži prethodnu stranicu","Show the next page":"Prikaži sljedeću stranicu",Show:"Prikaži","Was this page helpful?":"Je li vam ova stranica pomogla?"}},{meta:{isoCodes:["hu"],isoName:"Hungarian",name:"Magyar"},ui:{TOPIC _UNAVAILABLE:"A kijelölt témakör jelenleg nem érhetÅ‘ el.",CONNECT_TO_INTERNET:"GyÅ‘zÅ‘djön meg róla, hogy csatlakozik az internethez. Ha segÃtségre van szüksége, válassza az Apple menü > RendszerbeállÃtások menüpontot, kattintson a Hálózat, majd a „SegÃtség kérése” elemre.\nHa csatlakozik az internethez, és a tartalom továbbra sem jelenik meg, próbálja meg késÅ‘bb.","%@ Search Results":"%@ keresési eredmény","Apple applications":"Apple alkalmazások",Cancel:"Mégsem","Change Language":"Nyelv módosÃtása",Close:"Bezárás","Featured application help":"Kiemelt alkalmazássúgó","Go to the homepage":"Ugrás a kezÅ‘dlapra","Help for:":"Súgó a következÅ‘höz:",Hide:"Elrejtés",Home:"FÅ‘gomb","Loading latest help...":"Legújabb súgó betöltése…","Other applications":"Egyéb alkalmazások","Recent applications":"Legutóbbi alkalmazások",Search:"Keresés","Send feedback.":"Visszajelzés küldése","Show all":"Az összes megjelenÃtése","Show less":"Kevesebb megjelenÃtése","Show the previous page":"ElÅ‘zÅ‘ oldal megjelenÃtése","Show the next page":"KövetkezÅ‘ oldal megjelenÃtése",Show:"MegjelenÃtés","Was this page helpful?":"Hasznosnak találta ezt az oldalt?"}},{meta:{isoCodes:["id"],isoName:"Indonesian",name:"Bahasa Indonesia"},ui:{TOPIC_UNAVAILABLE:"Topik yang dipilih saat ini tidak tersedia",CONNECT_TO_INTERNET:"Pastikan Anda terhubung ke Internet. Untuk bantuan dalam menghubungkan, pilih menu Apple > Preferensi Sistem, klik Jaringan, dan klik “Bantu saya.”\nJika Anda terhubung ke Internet, dan konten masih tidak muncul, coba lagi nanti.","%@ Search Results":"%@ Hasil Pencarian","Apple applications":"Aplikasi Apple",Cancel:"Batal","Change Language":"Ubah Bahasa",Close:"Tutup","Featured application help":"Fitur bantuan aplikasi","Go to the homepage":"Kunjungi halaman rumah","Help for:":"Bantuan untuk:",Hide:"Sembunyikan",Home:"Rumah","Loading latest help...":"Memuat bantuan terbaru…","Other applications":"Aplikasi lain","Recent applications":"Aplikasi terbaru",Search:"Cari","Send feedback.":"Kirim umpan balik.","Show all":"Tampilkan semua","Show less":"Tampilkan sebagian","Show the previous page":"Tampilkan halaman sebelumnya","Show the next page":"Tampilkan halaman berikutnya",Show:"Tampilkan","Was this page helpful?":"Apakah halaman ini membantu?"}},{meta:{isoCodes:["it"],isoName:"Italian",name:"Italiano"},ui:{TOPI C_UNAVAILABLE:"L'argomento selezionato non è al momento disponibile.",CONNECT_TO_INTERNET:"Assicurati di essere connesso a Internet. Per assistenza su come configurare la connessione a Internet, scegli menu Apple > Preferenze di Sistema, fai clic su Network, quindi su “Aiutami”.\nSe sei connesso a Internet, ma non puoi visualizzare il contenuto, riprova più tardi.","%@ Search Results":"%@ risultati di ricerca","Apple applications":"Applicazioni Apple",Cancel:"Annulla","Change Language":"Cambia lingua",Close:"Chiudi","Featured application help":"Aiuto applicazione in primo piano","Go to the homepage":"Vai alla pagina iniziale","Help for:":"Aiuto per:",Hide:"Nascondi",Home:"Inizio","Loading latest help...":"Carico argomento dell'aiuto più recente…","Other applications":"Altre applicazioni","Recent applications":"Applicazioni recenti",Search:"Cerca","Send feedback.":"Invia commenti.","Show all":"Mostra tutto","Show less":"Mostra meno","Show the previous page":"Mostra pagina precedente","Show the next page":"Mostra pagina successiva",Show:"Mostra","Was this page helpful?":"Hai trovato utile questa pagina?"}},{meta:{isoCodes:["ja"],isoName:"Japanese",name:"日本語"},ui:{TOPI C_UNAVAILABLE:"選択したトピックは現在利用㠁§ãã¾ã›ã‚“",CONNECT_TO_INTERNET:"インターム1;ットに接続していることを確認㠁—てください。接続について調べたã&# 129;„ときは、アップルメニュー>「シスム†ãƒ 環境è¨å®šã€ã¨é¸æŠžã—、「ネットワー㠂¯ã€ã‚’クリックしてから「アシスタント」 ;をクリックします。\nã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆã«æ Ž¥ç¶šã—ているのにコンテンツが表示ã&# 129;•ã‚Œãªã„å ´åˆã¯ã€å¾Œã§ã‚„ã‚Šç›´ã—ã¦ãã 9; さい。","%@ Search Results":"%@ 件の検索結果","Apple applications":"Apple アプリケーション",Cancel:"ã‚ャンセル","Change Language":"言語を変更",Close:"閉じる","Featured application help":"お勧めのアプリケーションヘルプ","Go to the homepage":"ホームページに移動","Help for:":"表示ä¸ã®ãƒ˜ãƒ«ãƒ—:",Hide:"éš ã™",Home:"ホーム","Loading latest help...":"最新のヘルプをèªã¿è¾¼ã¿ä¸...","Other applications":"ほかのアプリケーション","Recent applications":"最近使ったアプリケーション",Search:"æ¤œç´ ¢","Send feedback.":"フィードバックを送信","Show all":"すべてを表示","Show less":"一部を表示","Show the previous page":"前のページを表示","Show the next page":"次のページを表示",Show:"表示","Was this page helpful?":"このページは役立ちましã 9;Ÿã‹ï¼Ÿ"}},{meta:{isoCodes:["ko"],isoName:"Korean",name:"한글"},ui:{TOP IC_UNAVAILABLE:"ì„ íƒí•œ ì£¼ì œëŠ” 현재 ì‚¬ìš©í• ìˆ˜ 없습니다.",CONNECT_TO_INTERNET:"인터넷에 연결되어 있는지 확인하ì‹ì‹œì˜¤. 연결에 대한 도움말은 Apple 메뉴 > 시스템 í™˜ê²½ì„¤ì •ì„ ì„ íƒí•˜ê³ ë„¤íŠ¸ì›Œí¬ë¥¼ 클ë¦í•œ 다음 “도와주세요”를 클ë¦í•˜ì‹ì‹œì˜¤.\n인터넷에 연결되어 있지만 해당 ì½˜í…ì¸ ê°€ ì—¬ì „ížˆ 나타나지 않는 경우 나중에 다시 시도해보ì‹ì‹œì˜¤.","%@ Search Results":"%@개의 검색 ê²°ê³¼","Apple applications":"Apple 응용 프로그램",Cancel:"취소","Change Language":"언어 변경",Close:"닫기","Featured application help":"추천 응용 프로그램 도움말","Go to the homepage":"홈페이지로 이동","Help for:":"도움말:",Hide:"가리기",Home:"홈","Loading latest help...":"ìµœì‹ ë„ì›€ë§ 불러오는 중...","Other applications":"기타 응용 프로그램","Recent applications":"최근 사용 응용 프로그램",Search:"검색","Send feedback.":"피드백 보내기.","Show all":"모두 보기","Show less":"간단히 보기",Show:"보기","Show the previous page":"ì´ì „ 페이지 보기","Show the next page":"다음 페이지 보기","Was this page helpful?":"이 페이지가 도움이 되셨습니까?"}},{meta:{isoCodes:["ms"],isoName:"Malaysian",name:"Bahas a Malaysia"},ui:{TOPIC_UNAVAILABLE:"Topik yang dipilih tidak tersedia sekarang",CONNECT_TO_INTERNET:"Pastikan anda disambungkan ke Internet. Untuk bantuan sambungan, pilih menu Apple > Keutamaan Sistem, klik Rangkaian, dan klik “Bantu saya.”\nJika anda disambungkan ke Internet, dan kandungan masih tidak muncul, cuba lagi nanti.","%@ Search Results":"%@ Hasil Carian","Apple applications":"Aplikasi Apple",Cancel:"Batal","Change Language":"Tukar Bahasa",Close:"Tutup","Featured application help":"Bantuan untuk aplikasi yang ditampilkan","Go to the homepage":"Pergi ke laman utama","Help for:":"Bantuan untuk:",Hide:"Sembunyikan",Home:"Utama","Loading latest help...":"Memuatkan bantuan terbaru...","Other applications":"Aplikasi lain","Recent applications":"Aplikasi terbaru",Search:"Cari","Send feedback.":"Hantar maklum balas.","Show all":"Tunjukkan semua","Show less":"Tunjukkan sedikit","Show the previous page":"Tunjukkan halaman sebelumnya","Show the next page":"Tunjukkan halaman seterusnya",Show:"Tunjukkan","Was this page helpful?":"Adakah halaman ini membantu?"}},{meta:{isoCodes:["nl"],isoName:"Dutch",name:"Nederlands"},ui:{TOPI C_UNAVAILABLE:"Het geselecteerde onderwerp is momenteel niet beschikbaar",CONNECT_TO_INTERNET:"Controleer of er verbinding is met het internet. Als u hulp nodig hebt, kiest u Apple-menu > 'Systeemvoorkeuren' en klikt u vervolgens op 'Netwerk' en 'Assistentie'.\nAls u verbinding hebt met het internet en de inhoud nog steeds niet wordt weergegeven, probeert u het later nogHi Mac Attack,
My computer will not disconnect from the internet. It seems to find a clone router and continues even when I shut down and unplug my my own home iy
Your main question was 'chopped' in the title. Please reply in the body of a reply box with the full question and anything you have tried. And no, the long report was not helpful .
If the same website is opening each time you launch a browser (Safari?) hold down the shift key as you launch to prevent previous pages from opening.
Have a look at your settings in Safari > Preferences. Especially General and Privacy.
Reset Safari to remove cookies and other stored data.
System Preferences > General
Have a look at your settings in System Preferences > Security & Privacy.
Call back with more questions.
Regards,
Ian -
Default static route and Null 0
Hi Everyone,
Need to clear some doubts for below setup
Switch 3550A is connected to Internet Router and has OSPF nei relationship with it.
3550A# sh run int fa0/11
Building configuration...
Current configuration : 272 bytes
interface FastEthernet0/11
description OSPF LAN Connection to 2691 Router Interface Fas 0/1
no switchport
ip address 192.168.5.2 255.255.255.254
sh ip route shows
3550A#sh ip route
Gateway of last resort is 192.168.5.3 to network 0.0.0.0
O*E2 0.0.0.0/0 [110/1] via 192.168.5.3, 20:39:56, FastEthernet0/11
3550A#
All is working fine.
For testing purposes i config below static route on 3550A
ip default-network 192.168.1.0
ip route 192.168.1.0 255.255.255.0 Null0
After above change
3550A# sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
S* 192.168.1.0/24 is directly connected, Null0
O*E2 0.0.0.0/0 [110/1] via 192.168.5.3, 20:38:38, FastEthernet0/11
Now i can not ping to internet as below
3550A#ping 4.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Success rate is 0 percent (0/5)
When we ping from Switch then source IP is always the Outside interface IP right?
So in this case Switch is using which IP as source?
Ping to internet is not working as default network is set to 192.168.1.0 and all request goes to this IP and then it goes to
Null interface right?
Extended ping works fine as below
3550A#ping
Protocol [ip]:
Target IP address: 4.2.2.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.5.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.5.2
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/79/80 ms
Second thing to confirm is this ping works because 192.168.5.2 is directly connected to Internet Router interface?
Regards
MAheshHi Mahesh,
When we ping from Switch then source IP is always the Outside interface IP right?
That is correct. By default it is always the outgoing interface on the device unless you specify it differently.
Ping to internet is not working as default network is set to 192.168.1.0 and all request goes to this IP and then it goes to
Null interface right?
That is correct. Null0 can't be used as next-hop.
Second thing to confirm is this ping works because 192.168.5.2 is directly connected to Internet Router interface?
No, that is because 192.168.5.0/30 is NATed. Remember 192.168.x.x address is a private segment and cannot access the Internet unless NAT is used.
HTH
Reza -
Site to Site VPN Problems With 2801 Router and ASA 5505
Hello,
I am having some issue setting up a site to site ipsec VPN between a Cisco 2801 router and a Cisco ASA 5505. I was told there was a vpn previously setup with an old hosting provider, but those connections have been servered. Right now I am trying to get the sites to talk to the 2801. Here ere are my current configs, please let me know if you need anything else. Im stumped on this one. Thanks.
IP scheme at SIte A:
IP 172.19.3.x
sub 255.255.255.128
GW 172.19.3.129
Site A Ciscso 2801 Router
Current configuration : 11858 bytes
version 12.4
service timestamps debug datetime localtime
service timestamps log datetime localtime show-timezone
service password-encryption
hostname router-2801
boot-start-marker
boot-end-marker
logging message-counter syslog
logging buffered 4096
aaa new-model
aaa authentication login userauthen group radius local
aaa authorization network groupauthor local
aaa session-id common
clock timezone est -5
clock summer-time zone recurring last Sun Mar 2:00 1 Sun Nov 2:00
dot11 syslog
ip source-route
ip dhcp excluded-address 172.19.3.129 172.19.3.149
ip dhcp excluded-address 172.19.10.1 172.19.10.253
ip dhcp excluded-address 172.19.3.140
ip dhcp ping timeout 900
ip dhcp pool DHCP
network 172.19.3.128 255.255.255.128
default-router 172.19.3.129
domain-name domain.local
netbios-name-server 172.19.3.7
option 66 ascii 172.19.3.225
dns-server 172.19.3.140 208.67.220.220 208.67.222.222
ip dhcp pool VoiceDHCP
network 172.19.10.0 255.255.255.0
default-router 172.19.10.1
dns-server 208.67.220.220 8.8.8.8
option 66 ascii 172.19.10.2
lease 2
ip cef
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
no ip domain lookup
ip domain name domain.local
multilink bundle-name authenticated
key chain key1
key 1
key-string 7 06040033484B1B484557
crypto pki trustpoint TP-self-signed-3448656681
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3448bb6681
revocation-check none
rsakeypair TP-self-signed-344bbb56681
crypto pki certificate chain TP-self-signed-3448656681
certificate self-signed 01
3082024F
quit
username admin privilege 15 password 7 F55
archive
log config
hidekeys
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key XXXXX address 209.118.0.1
crypto isakmp key xxxxx address SITE B Public IP
crypto isakmp keepalive 40 5
crypto isakmp nat keepalive 20
crypto isakmp client configuration group IISVPN
key 1nsur3m3
dns 172.19.3.140
wins 172.19.3.140
domain domain.local
pool VPN_Pool
acl 198
crypto isakmp profile IISVPNClient
description VPN clients profile
match identity group IISVPN
client authentication list userauthen
isakmp authorization list groupauthor
client configuration address respond
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map Dynamic 5
set transform-set myset
set isakmp-profile IISVPNClient
qos pre-classify
crypto map VPN 10 ipsec-isakmp
set peer 209.118.0.1
set peer SITE B Public IP
set transform-set myset
match address 101
qos pre-classify
crypto map VPN 65535 ipsec-isakmp dynamic Dynamic
track 123 ip sla 1 reachability
delay down 15 up 10
class-map match-any VoiceTraffic
match protocol rtp audio
match protocol h323
match protocol rtcp
match access-group name VOIP
match protocol sip
class-map match-any RDP
match access-group 199
policy-map QOS
class VoiceTraffic
bandwidth 512
class RDP
bandwidth 768
policy-map MainQOS
class class-default
shape average 1500000
service-policy QOS
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$FW_INSIDE$
ip address 172.19.3.129 255.255.255.128
ip access-group 100 in
ip inspect SDM_LOW in
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet0/0.10
description $ETH-VoiceVLAN$$
encapsulation dot1Q 10
ip address 172.19.10.1 255.255.255.0
ip inspect SDM_LOW in
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1
description "Comcast"
ip address PUB IP 255.255.255.248
ip access-group 102 in
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map VPN
interface Serial0/1/0
description "Verizon LEC Circuit ID: w0w13908 Site ID: U276420-1"
bandwidth 1536
no ip address
encapsulation frame-relay IETF
frame-relay lmi-type ansi
interface Serial0/1/0.1 point-to-point
bandwidth 1536
ip address 152.000.000.18 255.255.255.252
ip access-group 102 in
ip verify unicast reverse-path
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
frame-relay interface-dlci 500 IETF
crypto map VPN
service-policy output MainQOS
interface Serial0/2/0
description "PAETEC 46.HCGS.788446.CV (Verizon ID) / 46.HCGS.3 (PAETEC ID)"
ip address 123.252.123.102 255.255.255.252
ip access-group 102 in
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
encapsulation ppp
crypto map VPN
service-policy output MainQOS
ip local pool VPN_Pool 172.20.3.130 172.20.3.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 50.00.000.110 track 123
ip route 0.0.0.0 0.0.0.0 111.252.237.000 254
ip route 122.112.197.20 255.255.255.255 209.252.237.101
ip route 208.67.220.220 255.255.255.255 50.78.233.110
no ip http server
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-top-talkers
top 20
sort-by bytes
ip nat inside source route-map COMCAST interface FastEthernet0/1 overload
ip nat inside source route-map PAETEC interface Serial0/2/0 overload
ip nat inside source route-map VERIZON interface Serial0/1/0.1 overload
ip nat inside source static tcp 172.19.3.140 21 PUB IP 21 extendable
ip access-list extended VOIP
permit ip 172.20.3.0 0.0.0.127 host 172.19.3.190
permit ip host 172.19.3.190 172.20.3.0 0.0.0.127
ip radius source-interface FastEthernet0/0
ip sla 1
icmp-echo 000.67.220.220 source-interface FastEthernet0/1
timeout 10000
frequency 15
ip sla schedule 1 life forever start-time now
access-list 23 permit 172.19.3.0 0.0.0.127
access-list 23 permit 172.19.3.128 0.0.0.127
access-list 23 permit 173.189.251.192 0.0.0.63
access-list 23 permit 107.0.197.0 0.0.0.63
access-list 23 permit 173.163.157.32 0.0.0.15
access-list 23 permit 72.55.33.0 0.0.0.255
access-list 23 permit 172.19.5.0 0.0.0.63
access-list 100 remark "Outgoing Traffic"
access-list 100 deny ip 67.128.87.156 0.0.0.3 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit tcp host 172.19.3.190 any eq smtp
access-list 100 permit tcp host 172.19.3.137 any eq smtp
access-list 100 permit tcp any host 66.251.35.131 eq smtp
access-list 100 permit tcp any host 173.201.193.101 eq smtp
access-list 100 permit ip any any
access-list 100 permit tcp any any eq ftp
access-list 101 remark "Interesting VPN Traffic"
access-list 101 permit ip 172.19.3.128 0.0.0.127 172.19.3.0 0.0.0.127
access-list 101 permit ip 172.20.3.128 0.0.0.127 172.19.3.0 0.0.0.127
access-list 101 permit ip 172.19.3.128 0.0.0.127 host 172.19.250.10
access-list 101 permit ip 172.19.3.128 0.0.0.127 host 172.19.250.11
access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any any eq ftp-data
access-list 102 remark "Inbound Access"
access-list 102 permit udp any host 152.179.53.18 eq non500-isakmp
access-list 102 permit udp any host 152.179.53.18 eq isakmp
access-list 102 permit esp any host 152.179.53.18
access-list 102 permit ahp any host 152.179.53.18
access-list 102 permit udp any host 209.000.000.102 eq non500-isakmp
access-list 102 permit udp any host 209.000.000.102 eq isakmp
access-list 102 permit esp any host 209.000.000.102
access-list 102 permit ahp any host 209.000.000.102
access-list 102 permit udp any host PUB IP eq non500-isakmp
access-list 102 permit udp any host PUB IP eq isakmp
access-list 102 permit esp any host PUB IP
access-list 102 permit ahp any host PUB IP
access-list 102 permit ip 72.55.33.0 0.0.0.255 any
access-list 102 permit ip 107.0.197.0 0.0.0.63 any
access-list 102 deny ip 172.19.3.128 0.0.0.127 any
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 permit icmp any any
access-list 102 deny ip any any log
access-list 102 permit tcp any host 172.19.3.140 eq ftp
access-list 102 permit tcp any host 172.19.3.140 eq ftp-data established
access-list 102 permit udp any host SITE B Public IP eq non500-isakmp
access-list 102 permit udp any host SITE B Public IP eq isakmp
access-list 102 permit esp any host SITE B Public IP
access-list 102 permit ahp any host SITE B Public IP
access-list 110 remark "Outbound NAT Rule"
access-list 110 remark "Deny VPN Traffic NAT"
access-list 110 deny ip 172.19.3.128 0.0.0.127 172.19.3.0 0.0.0.127
access-list 110 deny ip 172.19.3.128 0.0.0.127 172.19.10.0 0.0.0.255
access-list 110 deny ip 172.19.10.0 0.0.0.255 172.19.3.128 0.0.0.127
access-list 110 deny ip 172.20.3.128 0.0.0.127 172.19.3.0 0.0.0.127
access-list 110 deny ip 172.19.3.128 0.0.0.127 172.20.3.128 0.0.0.127
access-list 110 deny ip 172.19.3.128 0.0.0.127 host 172.19.250.11
access-list 110 deny ip 172.19.3.128 0.0.0.127 host 172.19.250.10
access-list 110 permit ip 172.19.3.128 0.0.0.127 any
access-list 110 permit ip 172.19.10.0 0.0.0.255 any
access-list 198 remark "Networks for IISVPN Client"
access-list 198 permit ip 172.19.3.0 0.0.0.127 172.20.3.128 0.0.0.127
access-list 198 permit ip 172.19.3.128 0.0.0.127 172.20.3.128 0.0.0.127
access-list 199 permit tcp any any eq 3389
route-map PAETEC permit 10
match ip address 110
match interface Serial0/2/0
route-map COMCAST permit 10
match ip address 110
match interface FastEthernet0/1
route-map VERIZON permit 10
match ip address 110
match interface Serial0/1/0.1
snmp-server community 123 RO
radius-server host 172.19.3.7 auth-port 1645 acct-port 1646 key 7 000000000000000
control-plane
line con 0
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
scheduler allocate 20000 1000
ntp server 128.118.25.3
ntp server 217.150.242.8
end
IP scheme at site B:
ip 172.19.5.x
sub 255.255.255.292
gw 172.19.5.65
Cisco ASA 5505 at Site B
ASA Version 8.2(5)
hostname ASA5505
domain-name domain.com
enable password b04DSH2HQqXwS8wi encrypted
passwd b04DSH2HQqXwS8wi encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 172.19.5.65 255.255.255.192
interface Vlan2
nameif outside
security-level 0
ip address SITE B public IP 255.255.255.224
boot system disk0:/asa825-k8.bin
ftp mode passive
clock timezone est -5
clock summer-time zone recurring last Sun Mar 2:00 last Sun Oct 2:00
dns server-group DefaultDNS
domain-name iis-usa.com
same-security-traffic permit intra-interface
object-group network old hosting provider
network-object 72.55.34.64 255.255.255.192
network-object 72.55.33.0 255.255.255.0
network-object 173.189.251.192 255.255.255.192
network-object 173.163.157.32 255.255.255.240
network-object 66.11.1.64 255.255.255.192
network-object 107.0.197.0 255.255.255.192
object-group network old hosting provider
network-object host 172.19.250.10
network-object host 172.19.250.11
access-list 100 extended permit ip 172.19.5.64 255.255.255.192 object-group old hosting provider
access-list 100 extended permit ip 172.19.5.64 255.255.255.192 172.19.3.128 255.255.255.128
access-list 10 extended deny ip 0.0.0.0 255.0.0.0 any
access-list 10 extended deny ip 127.0.0.0 255.0.0.0 any
access-list 10 extended deny ip 169.254.0.0 255.255.0.0 any
access-list 10 extended deny ip 172.16.0.0 255.255.0.0 any
access-list 10 extended deny ip 224.0.0.0 224.0.0.0 any
access-list 10 extended permit icmp any any echo-reply
access-list 10 extended permit icmp any any time-exceeded
access-list 10 extended permit icmp any any unreachable
access-list 10 extended permit icmp any any traceroute
access-list 10 extended permit icmp any any source-quench
access-list 10 extended permit icmp any any
access-list 10 extended permit tcp object-group old hosting provider any eq 3389
access-list 10 extended permit tcp any any eq https
access-list 10 extended permit tcp any any eq www
access-list 110 extended permit ip 172.19.5.64 255.255.255.192 172.19.3.0 255.255.255.128
access-list 110 extended permit ip 172.19.5.64 255.255.255.192 object-group old hosting provider
pager lines 24
logging enable
logging timestamp
logging console emergencies
logging monitor emergencies
logging buffered warnings
logging trap debugging
logging history debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
ip verify reverse-path interface inside
ip verify reverse-path interface outside
ip audit name jab attack action alarm drop reset
ip audit name probe info action alarm drop reset
ip audit interface outside probe
ip audit interface outside jab
ip audit info action alarm drop reset
ip audit attack action alarm drop reset
ip audit signature 2000 disable
ip audit signature 2001 disable
ip audit signature 2004 disable
ip audit signature 2005 disable
icmp unreachable rate-limit 1 burst-size 1
icmp permit 75.150.169.48 255.255.255.240 outside
icmp permit 72.44.134.16 255.255.255.240 outside
icmp permit 72.55.33.0 255.255.255.0 outside
icmp permit any outside
icmp permit 173.163.157.32 255.255.255.240 outside
icmp permit 107.0.197.0 255.255.255.192 outside
icmp permit 66.11.1.64 255.255.255.192 outside
icmp deny any outside
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 100
nat (inside) 1 0.0.0.0 0.0.0.0
access-group 10 in interface outside
route outside 0.0.0.0 0.0.0.0 174.78.151.225 1
timeout xlate 3:00:00
timeout conn 24:00:00 half-closed 0:10:00 udp 0:10:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 24:00:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http 107.0.197.0 255.255.255.192 outside
http 66.11.1.64 255.255.255.192 outside
snmp-server host outside 107.0.197.29 community *****
snmp-server host outside 107.0.197.30 community *****
snmp-server host inside 172.19.250.10 community *****
snmp-server host outside 172.19.250.10 community *****
snmp-server host inside 172.19.250.11 community *****
snmp-server host outside 172.19.250.11 community *****
snmp-server host outside 68.82.122.239 community *****
snmp-server host outside 72.55.33.37 community *****
snmp-server host outside 72.55.33.38 community *****
snmp-server host outside 75.150.169.50 community *****
snmp-server host outside 75.150.169.51 community *****
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map VPNMAP 10 match address 110
crypto map VPNMAP 10 set peer 72.00.00.7 old vpn public ip Site B Public IP
crypto map VPNMAP 10 set transform-set ESP-3DES-MD5
crypto map VPNMAP 10 set security-association lifetime seconds 86400
crypto map VPNMAP 10 set security-association lifetime kilobytes 4608000
crypto map VPNMAP interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 172.19.5.64 255.255.255.192 inside
telnet 172.19.3.0 255.255.255.128 outside
telnet timeout 60
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 60
console timeout 0
management-access inside
dhcpd dns 172.19.3.140
dhcpd wins 172.19.3.140
dhcpd ping_timeout 750
dhcpd domain iis-usa.com
dhcpd address 172.19.5.80-172.19.5.111 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection scanning-threat shun except object-group old hosting provider
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 128.118.25.3 source outside
ntp server 217.150.242.8 source outside
tunnel-group 72.00.00.7 type ipsec-l2l
tunnel-group 72.00.00.7 ipsec-attributes
pre-shared-key *****
tunnel-group old vpn public ip type ipsec-l2l
tunnel-group old vpn public ip ipsec-attributes
pre-shared-key *****
tunnel-group SITE A Public IP type ipsec-l2l
tunnel-group SITE A Public IP ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect netbios
inspect tftp
inspect pptp
inspect sip
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:
: endI have removed the old "set peer" and have added:
IOS router:
access-list 101 permit ip 172.19.3.128 0.0.0.127 172.19.5.64 0.0.0.65
ASA fw:
access-list 110 extended permit ip 172.19.5.64 255.255.255.192 172.19.3.128 255.255.255.128
on the router I have also added;
access-list 110 deny ip 172.19.3.128 0.0.0.127 172.19.5.64 0.0.0.63
Here is my acl :
access-list 110 remark "Outbound NAT Rule"
access-list 110 remark "Deny VPN Traffic NAT"
access-list 110 deny ip 172.19.3.128 0.0.0.127 172.19.3.0 0.0.0.127
access-list 110 deny ip 172.19.3.128 0.0.0.127 172.19.10.0 0.0.0.255
access-list 110 deny ip 172.19.10.0 0.0.0.255 172.19.3.128 0.0.0.127
access-list 110 deny ip 172.20.3.128 0.0.0.127 172.19.3.0 0.0.0.127
access-list 110 deny ip 172.19.3.128 0.0.0.127 172.20.3.128 0.0.0.127
access-list 110 deny ip 172.19.3.128 0.0.0.127 host 172.19.250.11
access-list 110 deny ip 172.19.3.128 0.0.0.127 host 172.19.250.10
access-list 110 permit ip 172.19.3.128 0.0.0.127 any
access-list 110 permit ip 172.19.10.0 0.0.0.255 any
access-list 110 deny ip 172.19.3.128 0.0.0.127 172.19.5.64 0.0.0.63
access-list 198 remark "Networks for IISVPN Client"
access-list 198 permit ip 172.19.3.0 0.0.0.127 172.20.3.128 0.0.0.127
access-list 198 permit ip 172.19.3.128 0.0.0.127 172.20.3.128 0.0.0.127
Still no ping tothe other site. -
HOME#sho run
Building configuration...
Current configuration : 5657 bytes
! Last configuration change at 10:51:11 UTC Fri May 17 2013 by admin
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname HOME
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
enable secret 5 $1$bgx9$VrtQW3Wg182VyYhKAHLbN.
no aaa new-model
memory-size iomem 10
crypto pki trustpoint TP-self-signed-1190003239
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1190003239
revocation-check none
rsakeypair TP-self-signed-1190003239
crypto pki certificate chain TP-self-signed-1190003239
certificate self-signed 01
3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31313930 30303332 3339301E 170D3133 30353137 31303333
35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31393030
30333233 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C002 80BBF151 E095E469 AA7DBB18 2A9E3CC2 4AC223F6 ABE0AF49 876C1203
65D0E246 786F174D E5B7897A 44C5755A 2571E58A 184A6C62 DD992A2A D8A24878
25A8D3C3 03F5D3C2 522EC8BB 302B0CCD 2945087A 7AF01418 D0056679 6F64DB4A
BE2D5DA1 106CD03A 83B422A2 3CCBAE88 F2413123 12269390 6949DFE0 411118E7
8F210203 010001A3 72307030 0F060355 1D130101 FF040530 030101FF 301D0603
551D1104 16301482 12484F4D 452E7777 772E7961 686F6F2E 636F6D30 1F060355
1D230418 30168014 3D2D854D 1203F50D 77F4ABC5 B61CEAF6 C922F4DF 301D0603
551D0E04 1604143D 2D854D12 03F50D77 F4ABC5B6 1CEAF6C9 22F4DF30 0D06092A
864886F7 0D010104 05000381 8100B24C 48BACACE 87ADEA03 386F2045 CC89624A
4EB1AD09 062EB2A4 CF4C96CA 0B2CF001 BD2C3804 8DC47FED 6A5B5F0D 3965AC6E
4FC4682F 707E4132 8F27C083 C7FAE1BD 21D055E6 C79D5DAD 051B6321 D35DB4F2
044E6BBD DAD08B6A 6ED87C7E 08F4F7E1 4EFDFB6F 867AF6FA 84165CFC D219D56F
A82EABD4 AD9CFA24 A5088145 E571
quit
ip source-route
ip routing protocol purge interface
ip dhcp excluded-address 10.10.10.1
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
domain-name www.google.com
dns-server 192.168.1.1
lease 0 2
ip cef
ip domain name www.yahoo.com
ip name-server 84.235.6.55
ip name-server 84.235.57.230
no ipv6 cef
multilink bundle-name authenticated
license udi pid CISCO881-SEC-K9 sn FCZ1516933C
username admin privilege 15 password 0 cisco
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
ip address dhcp
ip access-group 101 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip nat enable
ip virtual-reassembly
ip tcp adjust-mss 1452
interface Vlan2
no ip address
ip nat inside
ip virtual-reassembly
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 101 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet4
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit ip any any
dialer-list 1 protocol ip permit
no cdp run
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^C
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
^C
banner motd ^Cuthorized ^C
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password cisco
logging synchronous
login local
transport input telnet ssh
scheduler max-task-time 5000
endHOME#ping 4.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Success rate is 0 percent (0/5)
HOME#sh ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0 unassigned YES unset down down
FastEthernet1 unassigned YES unset down down
FastEthernet2 unassigned YES unset down down
FastEthernet3 unassigned YES unset down down
FastEthernet4 192.168.1.120 YES DHCP up up
NVI0 10.10.10.1 YES unset up up
Vlan1 10.10.10.1 YES NVRAM down down
Vlan2 unassigned YES NVRAM down down
HOME#
fast ethernet is connected to my internet connection -
Actiontech router and Windows Media Center on Win8
While waiting for Verizon to solve their network problems and actually get light to the ONT, they left the actiontech router in my house, so I took sometime to get to know it.
It's definitelly something I don't want or need in my network. It's not a bad router if you didn't have a business class product from before (actually it is pretty much the best you can get short of going to hardware firewall routers in the class of Zyxel, Watchguard and some high end, business class, Dells, Ciscos and Netgears).
Well... needless to say, I am running such a router (a Watchguard XTM-26W) and have security subscriptions with them to protect my network. In addition, it offers functionality and discrete access controls otherwise impossible with consumer grade products.
Now, back to the basic subject: I noticed something ominous and wonder if anyone else has noticed it too. I run my TV service through a machine that uses a Ceton 4-HD PCI-E tuner card with a multistream cablecard. It is installed on top of Windows 8 Pro, 64 bit and I use Windows Media Center as my core TV interface (guide and all). The machine is set to go to sleep by itself if no activity (and TV it's the only thing designed and intended to do and the only thong it does) is detected on the tuner for 5 minutes. This works flawlesly and always did while on Comcast service.
Now, the problem: you put the Actiontech router in the network (regardless of whether it's before or after the firewall gateway) and the machine fails to go to sleep. The router introduces some dort of chatter in the networkk that keeps the HDD active and the computer alive in perpetuity. Did anyone notice anything similar? What is your experience with this?
Obviously, I have no intent to keep the Actiontech router in the network under such conditions. For what I know, it is illegal in fact to put out products that send unsolicited traffic through one's network. Not to mention that it is a security risk. Might Verizon re-consider their insistence on deciding what routers to support and what don't or simply drop all support for all the routers since none is ever really needed? They only have the job to deliver a public IP to my equipment and I should be left alone otherwise (according to FCC). Which they otherwise fail to do by putting a piece of equipment that is theirs in the way and mandating that I use it, since 192.168.x.x is NOT a public IP, according to Internet Council.LeoZ wrote:
Actiontec responded to my inquiry. See below.
It turns out it's another Verizon problem...
"Honestly no idea what would cause the chatter on the network to prevent sleep\stand-by to function.
Verizon would have to review the issue and see what in the code programming would cause this."
Stop the chatter. Put your Media Center hardware behind another firewall. Like I said mine is Linux IP-COP, which constanty drops these trash packets from the single STB I have on the MOCA COAX.
All from the Verizon network router. Almost like a broadcast storm!
This is a Motorola STB, My Cisco had two real IP addresses asigned by DHCP, and they did not do this. I turned in all my STB hardware and ordered a single STB, and was sent Motorola when I had been using Cisco.
wan-1 in into my Linux box and lan-1 is out of it. Then all my harware which includes Media Center PCs are gigabit switches, not exposed to this. I guess you could use another router and not a Linux PC. This STB is going back soon.
Time
Chain
Iface
Proto
Source
Src Port
MAC Address
Destination
Dst Port
22:53:42
RED DROP
wan-1
UDP
169.254.1.135
21302
00:25:f1:3d:d9:37
255.255.255.255
21302
22:53:31
RED DROP
wan-1
UDP
169.254.1.135
21302
00:25:f1:3d:d9:37
255.255.255.255
21302
22:53:22
RED DROP
wan-1
IGMP
192.168.1.1
00:7f:28:5c:07:1b
224.0.0.1
22:53:21
RED DROP
wan-1
UDP
169.254.1.135
21302
00:25:f1:3d:d9:37
255.255.255.255
21302
22:53:11
RED DROP
wan-1
UDP
169.254.1.135
21302
00:25:f1:3d:d9:37
255.255.255.255
21302
22:53:01
RED DROP
wan-1
UDP
169.254.1.135
21302
00:25:f1:3d:d9:37
255.255.255.255
21302
22:52:51
RED DROP
wan-1
UDP
169.254.1.135
21302
00:25:f1:3d:d9:37
255.255.255.255
21302
22:52:41
RED DROP
wan-1
UDP
169.254.1.135
21302
00:25:f1:3d:d9:37
255.255.255.255
21302
22:52:31
RED DROP
wan-1
UDP
169.254.1.135
21302
00:25:f1:3d:d9:37
255.255.255.255
21302
22:52:21
RED DROP
wan-1
UDP
169.254.1.135
21302
00:25:f1:3d:d9:37
255.255.255.255
21302
22:52:11
RED DROP
wan-1
UDP
169.254.1.135
21302
00:25:f1:3d:d9:37
255.255.255.255
21302
22:52:01
RED DROP
wan-1
UDP
169.254.1.135
21302
00:25:f1:3d:d9:37
255.255.255.255
21302
22:51:51
RED DROP
wan-1
UDP
169.254.1.135
21302
00:25:f1:3d:d9:37
255.255.255.255
21302
22:51:41
RED DROP
wan-1
UDP
169.254.1.135
21302
00:25:f1:3d:d9:37
255.255.255.255
21302
22:51:31
RED DROP
wan-1
UDP
169.254.1.135
21302
00:25:f1:3d:d9:37
255.255.255.255
21302
22:51:21
RED DROP
wan-1
UDP
169.254.1.135
21302
00:25:f1:3d:d9:37
255.255.255.255
21302
22:51:17
RED DROP
wan-1
IGMP
192.168.1.1
00:7f:28:5c:07:1b
224.0.0.1
22:51:11
RED DROP
wan-1
UDP
169.254.1.135
21302
00:25:f1:3d:d9:37
255.255.255.255
21302 -
Problem with Cisco 861W router and outgoing VPN
We have a Cisco 861W router that is blocking an outgoing PPTP on the internal access point only. The outgoing VPN works when the traffic is through a wired connection or the connection is on another access point. We fail to make a connection only when connection to the 861W's internal Access Point.
Here is the Access Point Configuration:
Current configuration : 2100 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname obap
enable secret 5 $1$.1RF$go1D7WITXUn3s8TUaw3tC.
no aaa new-model
dot11 syslog
dot11 ssid OLIVER
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 XXXXXXXXXXX
username XXXXXX privilege 15 secret 5 $1$Wc0K$OzcQDDQfjHP6La31eXMoG/
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
ssid OLIVER
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecti
ng AP with the host router
no ip address
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 192.168.0.2 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
banner login ^CC
% Password change notice.
Default username/password setup on AP is cisco/cisco with priv¾ilege level 15.
It is strongly suggested that you create a new username with privilege level
15 using the following command for console security.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to
use. After you change your username/password you can turn off this message
by configuring "no banner login" and "no banner exec" in privileged mode.
^C
line con 0
privilege level 15
login local
no activation-character
line vty 0 4
login local
cns dhcp
end
obap#
Here is the Router's Configuration:
Current configuration : 5908 bytes
! No configuration change since last restart
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname obrouter
boot-start-marker
boot-end-marker
logging buffered 51200
logging console critical
enable secret 5 $1$i9XE$DjxFVAEC9nC4/r6EQKCd6/
no aaa new-model
memory-size iomem 10
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-1856757619
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1856757619
revocation-check none
rsakeypair TP-self-signed-1856757619
crypto pki certificate chain TP-self-signed-1856757619
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383536 37353736 3139301E 170D3036 30313032 31323030
34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353637
35373631 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B1A4 FB786547 3D582260 03DB768D 116BDE9A 309FBA04 B53F77B0 BFE32344
7C3439B3 97192B36 760A9411 1D5C7549 8D86F532 ABA44F53 0D08B7F4 A9A747D5
071330C3 65BF25A8 927F3596 29BB5A80 90C8D169 22268476 3B8DDE1E FDB7170D
B4820D03 5580A849 A92C7E76 9AC10867 505A2FEE 64360741 7F9DBDBF 3D79982C
F81D0203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
551D1104 19301782 156F6272 6F757465 722E6272 75736868 6F672E63 6F6D301F
0603551D 23041830 168014D8 5BC2FFB2 967A4C7B 11B44122 5C8D31F7 749B9230
1D060355 1D0E0416 0414D85B C2FFB296 7A4C7B11 B441225C 8D31F774 9B92300D
06092A86 4886F70D 01010405 00038181 005901F1 C239074B B8213567 CF7B65BF
DAFE4557 69B2A3B1 5F2593C7 A54B9598 23FD5E7A 563AA6E0 AFB25801 FA0061E8
F9545372 DB600B3A BE68AE65 1EDA593E 6A0C96B8 5A4136AF 393F9AAC 651E1C36
B8B7C6C0 47936C24 D2ECE9A5 9446EE32 FC7461FA AD8CF1CE A7FBF341 07E9C3C6
505AB88D 0E7FCAFC 5792298A E5E4D1FE CC
quit
no ip source-route
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp pool ccp-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server 216.49.160.10 216.49.160.66
default-router 192.168.0.1
ip cef
no ip bootp server
ip domain name brushhog.com
ip name-server 216.49.160.10
ip name-server 216.49.160.66
license udi pid CISCO861W-GN-A-K9 sn FTX155281FY
username tech38 privilege 15 secret 5 $1$d/4Z$n/23EsXbzfHF5XfJ8Nv.y0
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
pppoe-client dial-pool-number 1
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXXXXXX
ppp chap password 7 XXXXXXXXXXXXXXXX
ppp pap sent-username XXXXXXXXXXXXXX password 7 XXXXXXXXXXX
no cdp enable
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.0.25 80 interface Dialer0 80
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
privilege level 15
login local
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Any help would be appreciatedHello,
i have the same problem with router CISCO861W-GN-E-K9. Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
Can someone help?
Thank you.
Here is my config for internal AP and router. -
Can implement port forwarding using win2003 routing and remote acccess?
I have a sql server 2005 with a internet ip address b and a computer onwindows 2003 with a internet ip address a .
Now I want to use address "a" 's 14330 port to access sql server 2005 on ip address "b" with port 1433.
I use router and remote access to implement this,but fail.
in every server only have a adaptor and a ip.
How to do it?
Please tell me how to implement it from "routing and remote access" in detail.
I dont want use netsh.Hi,
I think this will not work. As we know, when a source computer send a request to SQL server, the packet should contain the following information.
Source IP and port number (this port is a randomly generated)
Destination IP and port 1433 (SQL by default)
So we cannot control which port to use when connecting another service.
Hope this helps. -
Cisco 877W router and external ADSL modem
Cisco 877W router and external ADSL modem
In order to support ADSL2+ on a pre ADSL2+ router and in preparation for a later migration to BT infinity I am trying to configure the Router using an external adsl2+ modem appropriately.
The original configuration had 3 ports configured as one (internal lan) vlan and bridge group together with one wireless sub-interface, the remaining port configured a second vlan and bridge group with a second wireless sub- interface. The Dialer was a member of the second bridge group. This way the second wireless interface and associated bridge group provided a kind of DMZ for outbound access.
The configuration I am attempting is similar the lan ports remain the same, but port 0 as a member of the vlan and bridge group (now a pppoe client) associated with one of the wireless sub interfaces as per above. The ATM interface is downed. This nearly works except that if the wireless subinterface on this bridge group is configured the dialer no longer dials giving a 'no dialer string' error. If I do not configure that wireless sub interface all works well.
If anyone is interested to look I would appreciate any comments. I enclose a sanitised config in which you will note the 'commented out' wireless subnet interface (in red).
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname xxxxxxxxxxxxxxxxxxxxx
boot-start-marker
boot-end-marker
logging buffered 4096 warnings
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
aaa new-model
aaa group server radius sdm-vpn-server-group-2
aaa group server radius rad_eap
server 192.168.253.1 auth-port 1812 acct-port 1813
server 192.168.253.1 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_2 group sdm-vpn-server-group-2
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa authorization network sdm_vpn_group_ml_2 local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-2834265337
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2834265337
revocation-check none
rsakeypair TP-self-signed-2834265337
crypto pki certificate chain TP-self-signed-2834265337
certificate self-signed 01 nvram:IOS-Self-Sig#2F.cer
dot11 syslog
dot11 ssid GuestAP
vlan 101
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 113B162712001F4A2D2B25
dot11 ssid LanAP
vlan 100
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
mbssid guest-mode
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.252.1 192.168.252.8
ip dhcp excluded-address 192.168.252.15 192.168.252.254
ip dhcp pool sdm-pool1
import all
network 192.168.252.0 255.255.255.0
domain-name XXX.Local
dns-server xxx.xxx.xxx.xxx
default-router 192.168.252.254
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
no ip domain lookup
ip domain name XXX.Local
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
ip reflexive-list timeout 120
vpdn enable
vpdn-group 1
request-dialin
protocol pppoe
username administrator privilege 15 secret 5 £££££££££££££££££££££
class-map type inspect match-any IN_to_OUT_CLASS
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-any OUT_to_IN_CLASS
match protocol https
match protocol smtp extended
class-map type inspect match-any DMZ_to_IN_CLASS
match protocol http
match protocol https
match protocol smtp extended
policy-map type inspect DMZ_to_IN_POL
class type inspect DMZ_to_IN_CLASS
inspect
class class-default
drop log
policy-map type inspect IN_to_OUT_POL
class type inspect IN_to_OUT_CLASS
inspect
class class-default
drop log
policy-map type inspect OUT_to_IN_POL
class type inspect OUT_to_IN_CLASS
inspect
class class-default
drop log
zone security INSIDE
zone security OUTSIDE
zone security DMZ
zone-pair security OUT_TO_IN source OUTSIDE destination INSIDE
service-policy type inspect OUT_to_IN_POL
zone-pair security IN_TO_OUT source INSIDE destination OUTSIDE
service-policy type inspect IN_to_OUT_POL
zone-pair security DMZ_TO_OUT source DMZ destination OUTSIDE
service-policy type inspect IN_to_OUT_POL
zone-pair security DMZ_TO_IN source DMZ destination INSIDE
service-policy type inspect DMZ_to_IN_POL
bridge irb
interface Loopback0
no ip address
interface Null0
no ip unreachables
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
interface FastEthernet0
description Outside Interface (PPPoE)
interface FastEthernet1
description Inside Interface
switchport access vlan 10
interface FastEthernet2
description Inside Interface
switchport access vlan 10
spanning-tree portfast
interface FastEthernet3
description Inside Interface
switchport access vlan 10
spanning-tree portfast
interface Dot11Radio0
no ip address
no ip route-cache cef
no ip route-cache
encryption vlan 100 mode ciphers aes-ccm tkip
encryption vlan 101 mode ciphers aes-ccm tkip
ssid GuestAP
ssid LanAP
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
interface Dot11Radio0.100
description LanAP
encapsulation dot1Q 100
no ip route-cache
no cdp enable
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!interface Dot11Radio0.101
! description GuestAP
! encapsulation dot1Q 101
! no ip route-cache
! no cdp enable
! bridge-group 1
! bridge-group 1 subscriber-loop-control
! bridge-group 1 spanning-disabled
! bridge-group 1 block-unknown-source
! no bridge-group 1 source-learning
! no bridge-group 1 unicast-flooding
interface Vlan1
description $ES_LAN$
no ip address
ip virtual-reassembly
pppoe enable group global
pppoe-client dial-pool-number 1
bridge-group 1
interface Vlan10
no ip address
ip virtual-reassembly
bridge-group 10
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
zone-member security OUTSIDE
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXX
ppp chap password 7 xxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
interface Dialer0
no ip address
interface BVI10
description Inside Interface
ip address 192.168.253.254 255.255.255.0
ip access-group 101 in
ip helper-address 192.168.253.1
ip nat inside
ip virtual-reassembly
zone-member security INSIDE
interface BVI1
description DMZ Interface
ip address 192.168.252.254 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security DMZ
ip local pool SDM_POOL_1 192.168.20.9 192.168.20.14
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list Inside_Clients_NAT interface Dialer1 overload
ip nat inside source static 192.168.253.10 xxx.xxx.xxx.xxx
ip access-list extended DMZ_to_IN_POL
remark SDM_ACL Category=128
permit ip any any
ip access-list extended Inside_Clients_NAT
remark SDM_ACL Category=2
permit ip 192.168.253.0 0.0.0.255 any
logging 192.168.253.10
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 192.168.253.0 0.0.0.255
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.253.0 0.0.0.255 any
access-list 100 deny ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark SDM_ACL Category=1
access-list 101 remark Auto generated by SDM for NTP (123) xxx.xxx.xxx.xxx
access-list 101 permit udp host xxx.xxx.xxx.xxx eq ntp host 192.168.253.254 eq ntp
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq telnet
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 22
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq www
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 443
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq cmd
access-list 101 deny tcp any host 192.168.253.254 eq telnet
access-list 101 deny tcp any host 192.168.253.254 eq 22
access-list 101 deny tcp any host 192.168.253.254 eq www
access-list 101 deny tcp any host 192.168.253.254 eq 443
access-list 101 deny tcp any host 192.168.253.254 eq cmd
access-list 101 deny udp any host 192.168.253.254 eq snmp
access-list 101 permit ip any any
access-list 199 permit ip any host 10.1.1.1
dialer-list 1 protocol ip permit
no cdp run
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.253.1 auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXXXXXXXX
radius-server host 192.168.253.1 auth-port 1645 acct-port 1646 key 7 XXXXXXXXXXXXXXXXXX
radius-server vsa send accounting
control-plane
bridge 1 protocol ieee
bridge 1 route ip
bridge 10 protocol ieee
bridge 10 route ip
banner login C Border Router
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 100 in
privilege level 15
length 0
transport input telnet ssh
scheduler max-task-time 5000
scheduler interval 500
ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
sntp server xxx.xxx.xxx.xxx
endHi Jody,
Apologies delay in replying. I have done the following:
Made two of the FE ports vlan1,BVI1 (for LAN traffic)
Left one port as VLAN10 as the pppoe client conected to the externalmodem
Made the last port VLAN10 as well and gave it an IP addess as for a DMZ client.
I have DHCP configured to serve the DMZ addresses.
This all works for LAN clients and also works for a client attachedto that physical DMZ port.
When I added a dot11radio sub interface into VLAN 10 the wireless client did not get an IP lease. Everything else continued to work.
I had never thought about this before, but if a dot11radio interface is on the same vlan (but not being part ofa bridge group) why are DHCP broadcasts not propogating to all the vlan members as I would have expected. I recognise that this isa limit in my understanding.
If I then made VLAN10 a member of a new Bridge Group, I lost WAN connectivity as per original posting.
I cannot add another VLAN due to the 2 vlan limit in this image.
Finally regarding your comment about giving it what it wants, what exactly did you have in mind. The dialer already has a dial string parameters configured.
Think I am about to give upon this.
Regards, -
OSB Dynamic Routing and Transaction Rollback
Hi,
I have implemented dynamic routing to different jms business services.
That's the flow:
1. I have a proxy service which is invoked via a message delivered to a jms queue(XA connection factory), this queue is configured with
Error Destination, expiration policy redirect, redelivery limit 5 and redelivery delay override 100
2. I use a dynamic routing action
<ctx:route isProxy="false">
<ctx:service>
$businessServiceXXX
</ctx:service>
</ctx:route>
where $businessServiceXXX is a variable to hold my target jms business service, its value depends on some incoming inbound headers.
3. if the endpoint is not correct(business service endpoint is dynamic) I catch the error in a Error handler, I raise an Error but :
THE MESSAGE IS NOT REDIRECTED TO THE ERROR QUEUE.
I know I could solve the issue with another approach like an external table to capture(fix) the endpoints, but it won't be so flexible in terms of deployment capability.
Any Ideas ?
Thanks,
T.Hi Tony,
Tested this in ALSB 2.5 . Transaction rollbacks fine when error in dynamic routing. I am attaching the test JMS proxy we have used for this.
We had XA enabled CF for JMS proxy service and target JMS BS. The dynamic route was configured in route node with no route error handler or service error handler. The test case was to pause the target JMS queue for production. We could see messages rolling back to the source queue and getting redelivered.
Attaching the Sbconfig for this proxy. Proxy Name: Dynamic Routing
<?xml version="1.0" encoding="UTF-8"?>
<xml-fragment name="DynamicRouting">
<ser:coreEntry isEnabled="true" isProxy="true" name="DynamicRouting" isAutoPublish="false" xmlns:ser="http://www.bea.com/wli/sb/services">
<ser:description/>
<ser:binding type="abstract XML"/>
</ser:coreEntry>
<ser:endpointConfig xmlns:ser="http://www.bea.com/wli/sb/services">
<tran:provider-id xmlns:tran="http://www.bea.com/wli/sb/transports">jms</tran:provider-id>
<tran:inbound xmlns:tran="http://www.bea.com/wli/sb/transports">true</tran:inbound>
<tran:URI xmlns:tran="http://www.bea.com/wli/sb/transports">
<env:value xmlns:env="http://www.bea.com/wli/config/env">jms://localhost:7001/XACF/InputQueue</env:value>
</tran:URI>
<tran:inbound-properties xmlns:tran="http://www.bea.com/wli/sb/transports"/>
<tran:all-headers xmlns:tran="http://www.bea.com/wli/sb/transports">false</tran:all-headers>
<tran:provider-specific xsi:type="jms:JmsEndPointConfiguration" xmlns:jms="http://www.bea.com/wli/sb/transports/jms" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<jms:is-queue>true</jms:is-queue>
<jms:is-secure>false</jms:is-secure>
<jms:inbound-properties>
<jms:response-required>false</jms:response-required>
</jms:inbound-properties>
<jms:request-encoding>UTF-8</jms:request-encoding>
</tran:provider-specific>
</ser:endpointConfig>
<ser:router xmlns:ser="http://www.bea.com/wli/sb/services">
<con:pipeline name="PipelinePairNode1_request" type="request" xmlns:con="http://www.bea.com/wli/sb/pipeline/config">
<con:stage name="Configuration">
<con:comment/>
<con:context/>
<con:actions>
<con1:assign varName="input" xmlns:con1="http://www.bea.com/wli/sb/stages/transform/config">
<con1:expr>
<con:xqueryText xmlns:con="http://www.bea.com/wli/sb/stages/config"><![CDATA[<root>
<type value="jms">
<service>DynamicRouting/BusinessService/JMS</service>
</type>
<type value="http">
<service>DynamicRouting/BusinessService/HTTP</service>
<operation>Test</operation>
</type>
</root>]]></con:xqueryText>
</con1:expr>
</con1:assign>
</con:actions>
</con:stage>
</con:pipeline>
<con:pipeline name="PipelinePairNode1_response" type="response" xmlns:con="http://www.bea.com/wli/sb/pipeline/config"/>
<con:flow xmlns:con="http://www.bea.com/wli/sb/pipeline/config">
<con:pipeline-node name="PipelinePairNode1">
<con:request>PipelinePairNode1_request</con:request>
<con:response>PipelinePairNode1_response</con:response>
</con:pipeline-node>
<con:route-node name="DynamicRoute">
<con:comment/>
<con:context/>
<con:actions>
<con1:dynamic-route xmlns:con1="http://www.bea.com/wli/sb/stages/routing/config">
<con1:service>
<con:xqueryText xmlns:con="http://www.bea.com/wli/sb/stages/config"><ctx:route>
<ctx:service isProxy="false">{data($input/*:type[@value=$body/*:body/*:type/text()]/*:service)}</ctx:service>
if($input/*:type[@value=$body/*:body/*:type/text()]/*:operation) then
<ctx:operation>{data($input/*:type[@value=$body/*:body/*:type/text()]/*:operation)}</ctx:operation>
else()
</ctx:route></con:xqueryText>
</con1:service>
<con1:outboundTransform>
<con2:routing-options xmlns:con2="http://www.bea.com/wli/sb/stages/transform/config">
<con2:uriExpr>
<con:xqueryText xmlns:con="http://www.bea.com/wli/sb/stages/config">$body/*:body/*:url/text()</con:xqueryText>
</con2:uriExpr>
</con2:routing-options>
</con1:outboundTransform>
<con1:responseTransform/>
</con1:dynamic-route>
</con:actions>
</con:route-node>
</con:flow>
</ser:router>
</xml-fragment>
Regards,
Atheek
Edited by: atheek1 on 27-Apr-2010 19:48 -
Source Route Bridging/ Translational Bridging
Has anyone been able to source route bridge on a router with a single token ring interface? I want to bridge traffic between token ring and ethernet. My router 2612 has only one token ring card. What are my options? We are migrating to ethernet one step at a time. Basically this router will replace a bridge. Thx
What kind of traffic requires Source Route? (SNA). What device hosts are you coming off of?
The attached shows you how to do it from a Token Ring environment to Ethernet. You need to set up your Source-bridge group and source bridge transparent statements. You need to keep in mind that in a Token Ring environment the bits are in a non-canonical format. In Ethernet they are canonical. ex. A MAc address in non-canonical form is 4000.A26A.8802 Translated to canonical form is 0200.4556.1140. This may seem clear as mudd, but it is a bit flipping process. So when you observe mac addresses in the Tomen Ring world you will see the 4000 macs and in Ethernet you will see the 0200 macs. You need to keep this in mind if you ever have to troubleshoot this. -
I need to usnderstand what role does SRB and 5500 (with no RSM) when talking to a token ring AS/400.
Does the ring number on the switch need to match the routers ring number when setting up the i.e source-bridge ring-group 100
Any helpfull hints or links to understand it better.You use SRB to bridge SNA traffic. IP and IPX traffic from the AS/400 is not handled by SRB.
If you want to bridge/transport SNA traffic from the AS/400 to controllers in remote site via DLSw, you need to enable SRB on the router.
You need to match the ring number on the router and that on the CAT5500 (i.e. TRCRF). However, it is not the number on source-bridge ring-group needs to match. It is the first number on the source-bridge under the token ring interface.
I cannot find an exact example. The closet example is from Configuration Guide of TRISL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fibm_c/bcfpart1/bcfvlan.htm#1003141
As you are not doing TRISL, it is kind of misleading. However, the idea is similar. -
I havea WRT350N Wireless Router and the DynDNS Service is...
I havea WRT350N Wireless Router and the DynDNS Service is not
resolving the correct Internet IP Address, is resolving to a local IP and
I see it on the DDNS Page on my Router Setup Screen. I'm
trying to connect to my DVR from a Remote Site with my DynDNS
Client in my computer but I could not do it. Port 80 (my DVR WAN
Port) is Open and redirected to my DVR local IP, my DynDNS Account
is working fine but theres no way that I could access my DVR or even
my Router if I activate the Remote Management Capabilities.The best source to ask is HughesNet. According to their web site the HNS7000S is a router. Instructions how to set up a home network can be found here.
I cannot find instructions how to set up DDNS on the HN70000S router. The suggested setup in the KB article link above won't help you with that either. I don't know whether it is possible with HughesNet to put the router into bridge mode and set up the WRT for internet. It may not be possible at all. But you have to check with HughesNet.
Maybe you are looking for
-
CONVERSION OF 1 TABLE TO ACCOMODATE MORE FIELDS USING TEMP VARIABLE IN STORE PROC
USE [FacetsXR] GO IF EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[frdmrpt].[pr_pha_BiometricsSummary]') AND type in (N'P', N'PC')) DROP PROCEDURE [frdmrpt].[pr_pha_BiometricsSummary] GO CREATE PROCEDURE [frdmrpt].[pr_pha_Biometric
-
Something's wrong with AMD. compile?
For some odd reason my computer is unable to compile MyInputPane.readDouble("whatever"); even if it's in my working directory, and it won't compile when I insinate (spelling, sorry) a new object (revoke/call methods) even if I did it correctly. So if
-
Today's my first time ever using livefont, sorry if its a noob question blah blah blah but I made a text with the 'manic' livefont effect and set it as ping pong or w/e. my question is how do i pause it halfway through (before it reverses). I suppose
-
Activate Logging in E Commerce Administration
Hi All Could anyone please advise how to activate Logging in E Commerce 5.0. I have gone through the steps given in Note 1090753. But then also I cannot see anything in Logging in the ECommerce administration. when I go to http://host:port/b2c/admin/
-
I have the latest version of itunes and the ipod but I cannot seem to find the video section in the itunes store?!