Static NAT causes unable to access server via internal IP

Hi all,
Need some help. I running site-to-site IPsec VPN in Cisco 2811 IOS 12.4 both site. Here I encounter a problem to access server on Site A from Site B
Site A having Leased Line connected to router with Public IP. I have done static mapping 1 web server to Public IP (NAT). This to allow external users to access the server via Public IP. At the same time, users at Site B would need to access to same server via Internal IP since they have Site-to-Site VPN established. But once I done Static Mapping (NAT), user at Site B unable to access the server at Site A using its internal IP. But external user can access server via Public IP. What went wrong here. Do i need to add extra command to get this done? We really need this.

Hi sheik,
I'm accessing the server form Site B using its server's LAN IP.
If I remove the static NAT statement from my router at Site A, everything works well. I can access the server from site B using its LAN IP via Site-to-Site VPN. But in this case, external users unable to access server via Public IP since no Static NAT statement.

Similar Messages

Common area phone gets "Unable to access server. Please search later"

I installed two common area phones, a Polycom CX3000 speaker phone and a Polycom CX500. When starting to type a phone number the following message appears on the screen of the phone: "Unable to access server. Please search later".
Is there any way to enable the search capability for these phones without connecting the USB cable on the CX3000? Note that the CX500 doesn't have a USB cable at all.

Hi,
Please use the Test-CsPhoneBootstrap commandlet to troubleshoot the issue.
Please check SRV records as Lync phone cannot utilize manual configuration.
Please make sure the sign in user has been Enterprise Voice enabled.
Please double check the steps configuring common area phone:
http://blog.schertz.name/2011/04/common-area-phone-configuration-in-lync/
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.
Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support

On my TV, I can access my library and view movie rental trailers but when I actually order the move, it says unable to access server. Any ideas?

On my TV, I can access my library and view movie rental trailers but when I actually order the movie, it says unable to access server. Any ideas?

Have you tried rebooting or restoring?

Unable to access internet via my airport extreme base station

I have an AirPort Extreme Base Station which is hard wired to a Mac and which communicates wirelessly to a Mac in another room. My internet access is via comcast. Direct connection from this computer to my modem works fine, but not if I go through the AirPort. The LED lights of the AirPort indicate normal network activity, (flashing/on/flashing). I have tried disconnecting and reconnecting everything and rebooting the computer. The system has been working normally through the AirPort until today.

I would recommend that you do the following as a minimum:
Power-down the modem, AirPort base station, and computer(s).
(OPTIONAL) Disconnect the AirPort base station from the Internet broadband modem.
(OPTIONAL) While all of the devices are powered-down, perform a "factory default" reset on the base station. This will get it back to its "out-of-the-box" configuration and make setting it up much easier, especially if you use the "Assist me" process within the AirPort Utility. (ref: Resetting an AirPort Base Station or Time Capsule)
(OPTIONAL) After the base station resets, go ahead and power it back down.
(OPTIONAL) Reconnect the AirPort base station to the Internet broadband modem. For the Extreme and Time Capsule, be sure to connect the cable to the base station's WAN (circle-of-dots) port.
Power-up the modem; wait at least 10-15 minutes to allow it adequate time to initialize.
Power-up the AirPort base station; wait at least 5-10 minutes. Note: The AirPort's status light may continue to flash amber after it has intialized. That is because, there may be some additional configuration items necessary, like setting up wireless security, before the overall setup is completed to get a green status.
Power-up your computer(s).
In this basic configuration, the AirPort base station will broadcast an unsecured wireless network with a Network Name (SSID) of Apple Network NNNNNN. Network clients, connected to the base station either by wire or wireless, should now be able to access the Internet through the ISP's modem. Once Internet connectivity has been verified, you can use the AirPort Utility to configure the base station for wireless security and any other desired options. Please post back your results.

Can't access server via RDC through one of the LAN port among two.

Hello!!
I have a window 2008 server with two LAN port. First with public IP Address and Second with Private IP for internal connection (no gateway IP Address). I'm able to connect server via RDC via public IP but not via Private IP.
Pls suggest how can I troubleshoot for dual connectivity through RDC.
Regards,
nts007

I have seen this issue with multihomed systems. I would verify connectivity from the client first.
1. Can you Ping the private IP from the client?
If the pings are unsuccessful...
Are your client and server IP on the same subnet
I have run into this problem on multihomed servers. Because the default gateway points to a router on the public IP, return traffic from the server might be being sent to the default gateway.
To solve this you will need to use the route add command to tell the server to send the return traffic to a router through the private IP.
2. If you could ping the IP, I would make sure you can reach the RDP port on the internal IP
From a command prompt can you make a connection to the rdp port (3389 by default)?
telnet privateip 3389
If you can you will get a screen with the cursor at the top right if you can't it will say "Could not open connection"
If you could not connect to the port, then check to see if the Windows firewall might be preventing the connection.
3. If that doesn't work then I'd follow Milo's advice and use Netmon. You might have to run it from the client and the server to get a full understanding of the issue.

Unable to access vpn box internal address after vpn

Hi all. My office network is protected by asa5510 firewall with vpn configured. When i vpn into my office network i could not access the firewall via the firewall's internal address using telnet etc even though i have already enable telnet. The firewall is my office network gateway. Below is my config. Pls advise. Thks in advance. Access to my office network is fine using vpn.
hostname firewall
domain-name default.domain.invalid
enable password xxx
names
dns-guard
interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.1x.x 255.255.255.0
interface Ethernet0/1
nameif DMZ
security-level 50
ip address 192.168.2x.x 255.255.255.0
interface Ethernet0/2
nameif outside
security-level 0
ip address 8x.x.x.x 255.255.255.240
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
passwd xxx
ftp mode passive
same-security-traffic permit inter-interface
access-list inside_access_in extended permit ip 192.168.1x.0 255.255.255.0 any
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended deny ip any any
access-list DMZ_access_in extended permit ip 192.168.2x.0 255.255.255.0 any
access-list inside_nat0_outbound extended permit ip any 172.16.0.0 255.255.255.224
access-list split-tunnel standard permit 192.168.1x.0 255.255.255.0
pager lines 24
logging enable
logging asdm-buffer-size 500
logging asdm informational
mtu inside 1500
mtu DMZ 1500
mtu outside 1500
mtu management 1500
ip local pool addpool 172.16.0.1-172.16.0.20 mask 255.255.0.0
no failover
monitor-interface inside
monitor-interface DMZ
monitor-interface outside
monitor-interface management
asdm image disk0:/asdm-507.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 100 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 100 192.168.1x.0 255.255.255.0
access-group inside_access_in in interface inside
access-group DMZ_access_in in interface DMZ
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 8x.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy vpn internal
group-policy vpn attributes
dns-server value 192.168.1x.x 192.168.1x.x
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel
webvpn
username ciscoadm password xxx encrypted privilege 15
username ciscoadm attributes
vpn-group-policy vpn
webvpn
http server enable
http 192.168.1x.x 255.255.255.255 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection tcpmss 13800
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group vpn type ipsec-ra
tunnel-group vpn general-attributes
address-pool addpool
default-group-policy vpn
tunnel-group vpn ipsec-attributes
pre-shared-key *
telnet 192.168.1x.x 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0

Hi all. Below is my configuration. After i enable "management-access inside" i could access my firewall internal ip via ping after establishing vpn connection but not others like telnet even though "telnet 0.0.0.0 0.0.0.0 inside" is enabled. Pls advise.
interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.1x.254 255.255.255.0
interface Ethernet0/1
nameif DMZ
security-level 50
ip address 192.168.2x.254 255.255.255.0
interface Ethernet0/2
nameif outside
security-level 0
ip address 8x.xx.xx.xx 255.255.255.240
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
passwd xxx
ftp mode passive
same-security-traffic permit inter-interface
access-list inside_access_in extended permit ip 192.168.1x.0 255.255.255.0 any
access-list inside_access_in extended permit esp any any
access-list inside_access_in extended permit gre any any
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended deny ip any any
access-list DMZ_access_in extended permit ip 192.168.2x.0 255.255.255.0 any
access-list inside_nat0_outbound extended permit ip any 172.16.0.0 255.255.0.0
access-list split-tunnel standard permit 192.168.1x.0 255.255.255.0
access-list prod standard permit host 192.168.1x.x
access-list prod standard deny any
pager lines 24
logging enable
logging asdm-buffer-size 500
logging asdm informational
mtu inside 1500
mtu DMZ 1500
mtu outside 1500
mtu management 1500
ip local pool pool 172.16.0.1-172.16.0.20 mask 255.255.0.0
no failover
monitor-interface inside
monitor-interface DMZ
monitor-interface outside
monitor-interface management
asdm image disk0:/asdm-507.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 100 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 100 192.168.1x.0 255.255.255.0
access-group inside_access_in in interface inside
access-group DMZ_access_in in interface DMZ
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 8x.xx.xx.xx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy vpnuser internal
group-policy vpnuser attributes
dns-server value 192.168.1x.x 192.168.1x.x
split-tunnel-policy tunnelspecified
split-tunnel-network-list value prod
default-domain value mm.com
webvpn
username user password xxx encrypted privilege 15
username user attributes
vpn-group-policy vpnuser
webvpn
http server enable
http 192.168.1x.x 255.255.255.255 inside
http 0.0.0.0 0.0.0.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection tcpmss 13800
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group vpnuser type ipsec-ra
tunnel-group vpnuser general-attributes
address-pool pool
default-group-policy vpnuser
tunnel-group vpnuser ipsec-attributes
pre-shared-key *
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd dns 8x.x.1x.x 8x.x.x.x
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management

VPN client unable to access Internert via split tunneling.

I have split tunneling configured on a PIX 515. The remote VPN client connects to the PIX fine and can ping hosts on the internal LAN, but cannot access the Internet. Am I missing something? My config as per below.
Also, I don't see any secured routes on the VPN client via Statistics (screen shot below)
Any advice is much appreciated.
Rob
PIX Version 8.0(3)
hostname PIX-A-250
enable password xxxxx encrypted
names
interface Ethernet0
nameif outside
security-level 0
ip address x.x.x.250 255.255.255.240
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.9.1 255.255.255.0
passwd xxxxx encrypted
ftp mode passive
dns domain-lookup outside
dns server-group Ext_DNS
name-server 194.72.6.57
name-server 194.73.82.242
object-group network LOCAL_LAN
network-object 192.168.9.0 255.255.255.0
network-object 192.168.88.0 255.255.255.0
object-group service Internet_Services tcp
port-object eq www
port-object eq domain
port-object eq https
port-object eq ftp
port-object eq 8080
port-object eq telnet
object-group network WAN_Network
network-object 192.168.200.0 255.255.255.0
access-list ACLOUT extended permit udp object-group LOCAL_LAN any eq domain log
access-list ACLOUT extended permit icmp object-group LOCAL_LAN any log
access-list ACLOUT extended permit tcp object-group LOCAL_LAN any object-group Internet_Services log
access-list ACLIN extended permit icmp any any echo-reply log
access-list ACLIN extended permit icmp any any unreachable log
access-list ACLIN extended permit icmp any any time-exceeded log
access-list split_tunnel_list remark Local LAN
access-list split_tunnel_list standard permit 192.168.9.0 255.255.255.0
access-list NONAT extended permit ip object-group LOCAL_LAN 192.168.100.0 255.255.255.0
pager lines 24
logging enable
mtu outside 1500
mtu inside 1500
ip local pool testvpn 192.168.100.1-192.168.100.99
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NONAT
nat (inside) 1 0.0.0.0 0.0.0.0
access-group ACLIN in interface outside
access-group ACLOUT in interface inside
route outside 0.0.0.0 0.0.0.0 195.171.252.45 1
route inside 192.168.88.0 255.255.255.0 192.168.88.254 1
route inside 192.168.199.0 255.255.255.0 192.168.199.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set Set_1 esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 10 set transform-set Set_1
crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 280000
crypto dynamic-map outside_dyn_map 10 set reverse-route
crypto map outside_map 10 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
group-policy testvpn internal
group-policy testvpn attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
username testuser password xxxxxx encrypted
tunnel-group testvpn type remote-access
tunnel-group testvpn general-attributes
address-pool testvpn
default-group-policy testvpn
tunnel-group testvpn ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
service-policy global_policy global
prompt hostname context
Cryptochecksum:5dcb5dcdff277e1765a9a0c366b88b9e
: end
PIX-A-250#

Hello Jennifer,
I can ping the 192.168.88.0/24 (host 88.3) from my PIX fine. The 88 subnet hangs off a 2950 switch. This is my diagram.
My configs are as follows. Please note I have left out the suggested lines of config from above as they had no effect.
Very much appreciate your time and effort with my issue.
Many thanks,
Rob
PIX A
PIX Version 8.0(3)
hostname PIX-A-250
enable password NBhgOL6eDYkO4RHk encrypted
names
interface Ethernet0
nameif outside
security-level 0
ip address x.x.x.250 255.255.255.240
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.9.1 255.255.255.0
passwd k85be8tPM1XyMs encrypted
ftp mode passive
dns domain-lookup outside
dns server-group Ext_DNS
name-server 194.72.6.57
name-server 194.73.82.242
object-group network LOCAL_LAN
network-object 192.168.9.0 255.255.255.0
network-object 192.168.88.0 255.255.255.0
object-group service Internet_Services tcp
port-object eq www
port-object eq domain
port-object eq https
port-object eq ftp
port-object eq 8080
port-object eq telnet
object-group network WAN_Network
network-object 192.168.200.0 255.255.255.0
access-list ACLOUT extended permit udp object-group LOCAL_LAN any eq domain log
access-list ACLOUT extended permit icmp object-group LOCAL_LAN any log
access-list ACLOUT extended permit tcp object-group LOCAL_LAN any object-group Internet_Services log
access-list ACLIN extended permit icmp any any echo-reply log
access-list ACLIN extended permit icmp any any unreachable log
access-list ACLIN extended permit icmp any any time-exceeded log
access-list split_tunnel_list remark Local LAN
access-list split_tunnel_list standard permit 192.168.9.0 255.255.255.0
access-list split_tunnel_list standard permit 192.168.88.0 255.255.255.0
access-list split_tunnel_list standard permit 192.168.200.0 255.255.255.0
access-list NONAT extended permit ip object-group LOCAL_LAN 192.168.100.0 255.255.255.0
pager lines 24
logging enable
mtu outside 1500
mtu inside 1500
ip local pool testvpn 192.168.100.1-192.168.100.99
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NONAT
nat (inside) 1 0.0.0.0 0.0.0.0
access-group ACLIN in interface outside
access-group ACLOUT in interface inside
route outside 0.0.0.0 0.0.0.0 x.x.252.45 1
route inside 192.168.88.0 255.255.255.0 192.168.88.254 1
route inside 192.168.199.0 255.255.255.0 192.168.199.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set Set_1 esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 10 set transform-set Set_1
crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 280000
crypto dynamic-map outside_dyn_map 10 set reverse-route
crypto map outside_map 10 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
group-policy testvpn internal
group-policy testvpn attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunnel_list
username robbie password mbztSskhuas90P encrypted
tunnel-group testvpn type remote-access
tunnel-group testvpn general-attributes
address-pool testvpn
default-group-policy testvpn
tunnel-group testvpn ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
service-policy global_policy global
prompt hostname context
Cryptochecksum:5dcb5dcdff277e1765a9a0c366b88b9e
: end
3560_GW Gateway
test_gw01#sh run
Building configuration...
Current configuration : 2221 bytes
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname test_gw01
enable secret 5 $1$cOB4$UDjkhs&$FjQBe8/rc30
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface GigabitEthernet0/1
interface GigabitEthernet0/2
description uplink to Cisco_PIX
switchport access vlan 9
interface GigabitEthernet0/3
interface GigabitEthernet0/4
interface GigabitEthernet0/5
interface GigabitEthernet0/6
interface GigabitEthernet0/7
interface GigabitEthernet0/8
interface GigabitEthernet0/9
interface GigabitEthernet0/10
interface GigabitEthernet0/11
interface GigabitEthernet0/12
interface GigabitEthernet0/13
interface GigabitEthernet0/14
interface GigabitEthernet0/15
interface GigabitEthernet0/16
interface GigabitEthernet0/17
interface GigabitEthernet0/18
interface GigabitEthernet0/19
interface GigabitEthernet0/20
interface GigabitEthernet0/21
interface GigabitEthernet0/22
interface GigabitEthernet0/23
switchport access vlan 88
switchport mode access
spanning-tree portfast
interface GigabitEthernet0/24
switchport access vlan 9
switchport mode access
spanning-tree portfast
interface GigabitEthernet0/25
description trunk to 2950_SW_A port 1
switchport trunk encapsulation dot1q
interface GigabitEthernet0/26
interface GigabitEthernet0/27
description trunk to A_2950_112 port 1
switchport trunk encapsulation dot1q
shutdown
interface GigabitEthernet0/28
interface Vlan1
no ip address
shutdown
interface Vlan9
ip address 192.168.9.2 255.255.255.0
interface Vlan88
ip address 192.168.88.254 255.255.255.0
interface Vlan199
ip address 192.168.199.254 255.255.255.0
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.9.1
ip route 192.168.88.0 255.255.255.0 192.168.9.1
ip route 192.168.100.0 255.255.255.0 192.168.9.1
ip route 192.168.200.0 255.255.255.0 192.168.9.1
ip http server
control-plane
banner motd ^C This is a private network.^C
line con 0
line vty 0 4
login
line vty 5 15
login
end

Unable to access server files shares with Active Directory Users

Quick breakdown of my issue.
I have setup a Yosemite file server running the latest version of Yosemite and Server.
File sharing in Server.app is enabled and shares have been created
The server is bound to my company's Active Directory and you can directly login to the computer via AD credentials.
The big issue is this, unless the user has directly walked up to my server and logged into it at least once, they cannot authenticate to the file shares via their AD credentials.
For example: Administrator (me) I can login and access all file shares without issue.
Jane Smith (SMITH) who has actually walked up to my server and logged in via her AD credentials, can also access all file shares. (That she has access to)
John Doe (JDOE) who has not logged into the server in anyway, cannot authenticate to the server file shares at all (even though I have granted him permission) He just gets an "Access Denied" message.
I have gone into Directory Utility and changed the search order to give AD priority and this still doesn't resolve the problem.
We have unbound the server from AD and added in back again and still not able to resolve.
If you open Server.app and go to add someone from AD to a file share, it finds the AD user quickly and everything looks right. but still unable to authenticate to the server if they haven't directly logged into it before?
All of the documentation and google articles I have found say my server is setup correctly, any help would be greatly appreciate it!
Thanks in advance!

I figured this out. In Mountain Lion Server, it doesn't matter if you give the user rights to a shared file or folder, if the user doesn't have access the File Sharing service, they can't get it. I had to find the specific users in the Server app under the AD in the Users tab, and give them rights to the File Sharing service. I think you can do this for a whole AD group as well, but I haven't tried.

Left for vacation 5.27: firefox was accessible / returned from vacation 5.31: message on screen reads "unable to access server", "does not recognize server"

left for vacation 5.27: server was accessible / returned from vacation 5.31: message on screen now read: "does not recognize server" / this is for both internet & email access
== This happened ==
Every time Firefox opened
== i turned on my personal computer / this condition has remained for two days

I realise this doesn't help you but I have reported this exact same issue (well, the part about being unable to login to webmail from abroad anyway) for MONTHS and all I get told is 'well you SHOULD be able to login'. I am no further forward and have come to the conclusion the only way to resolve this is to change ISP/phone provider.
I had to create (and pay for) a domain with 1and1 in order to be able to send and receive e-mail while abroad, I didn't want to use Gmail or the like.
As you say, it is INCREDIBLY FRUSTRATING, especially when I work for at least 6 months of the year overseas and BT just seem to ignore these posts.
My trace is:
1 1 ms 3 ms <1 ms 172.16.0.1
2 1 ms 4 ms 16 ms 192.168.40.30
3 3 ms 20 ms 3 ms 37-225.rv.ipnxtelecoms.com [62.173.37.225]
4 15 ms 13 ms 16 ms 41-184-126-13.rv.ipnxtelecoms.com [41.184.126.13]
5 109 ms 117 ms 109 ms ir2-th-lon.rv.ipnxtelecoms.com [41.184.56.101]
6 109 ms 111 ms 153 ms tel-2.ccr01.lon09.atlas.cogentco.com [149.6.98.33]
7 113 ms 110 ms 182 ms te0-0-0-2.ccr21.lon01.atlas.cogentco.com [154.54.36.165]
8 109 ms 170 ms 167 ms bt.lon01.atlas.cogentco.com [130.117.14.170]
9 116 ms 114 ms 111 ms 166-49-214-175.eu.bt.net [166.49.214.175]
10 122 ms 115 ms 139 ms core2-te-0-3-0-1.ilford.ukcore.bt.net [62.172.102.14]
11 113 ms 122 ms 112 ms core2-pos1-1.birmingham.ukcore.bt.net [62.172.103.93]
12 118 ms 121 ms 117 ms iar1-gig5-5.birmingham.ukcore.bt.net [62.6.196.98]
13 115 ms 117 ms 115 ms 62.172.57.218
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.

Unable to access internet via Airport Express

Hi. I'm have trouble connecting to the internet using my Airport Express.
When I plug in my DSL modem to the unit, I get the solid green light. My Macbook is able to connect to the airport, and to other computers on the same Airport.
However, none of my computers are able to reach any internet sites. They were even unable to directly ping a remote IP address. However, if I plug my DSL modem directly into my Macbook, bypassing the Airport, it correctly connects to the internet, which leads me to believe the problem is with my Airport.
A couple of oddities which I don't know if they are normal. First, in my MacBook's network prefs, the DNS box is blank. However, I'm connected via DHCP, so I didn't know if that'd matter. In the airport configuration app, under internet, it's also using DHCP, but the box is empty, with the same address as the router (192.168.1.1) greyed out next to it. The IP address is 192.168.1.5. This number is rather different than when I connect to my DSL router directly on my MacBook.
I'm running what I believe to be the newest firmware (6.3).
Any ideas anyone?
Thanks,
Nathaniel

Hi,
I solved the problem using the airport express firmware 6.1.1. and erasing all favourites networks in network pref panel to create new ones. You may also check the keychains utility (applications -> utilities). If there is several times the same pass, just keep the latest and erase the others.
Hope my english is understandable...

Safari unable to access server error message on ipad

wireless network connected to Ipad but Safari "unable to connect to server" at any web address entered

Hello Glen,
Thank you for using Apple Support Communities.
You can use the following article to troubleshoot your iPads Wi-Fi connection:
iOS: Troubleshooting Wi-Fi networks and connections
Regards,
Jeff D.

Unable to send fax via internal modem

Until two days ago our internal modem was working fine we have been able to send faxes with no problem. I have ran disk first aid and repair, but the modem still is not able to send a fax. We have check the phone line and there is a dial tone up to the computer, but not dial tone in the computer. Is my modem dead or is there another way to fix the problem.
Thanks

If you want to use the modem to send and receive faxes, then you don't want to have the Network trying to control it, you should disable the modem port in the Network prefs and use only the Ethernet port. You can use the Network prefs to troubleshoot to ensure that the modem is in working condition, but you can't have the network dial-up taking control of the modem at the same time as you want to be waiting for a fax or sending a fax. This can cause the modem to get hung, and you will get the waiting behavior that you described.
You should just be able to receive faxes by checking the "Receive faxes on this computer" button in the Print & Fax Prefs. If you had an external modem you could see some activity lights come on as soon as you check the box as it goes into standby to answer a call mode, with an internal the only way to know it's working is to send yourself a fax.
To send a fax, I think you might need to configure a Fax printer, if you don't seem to have one already. Click the "Setup Fax Modem..." button at the bottom of that Print & Fax Prefs. IF you launch /Applications/Utilities/Printer Setup Utility can you select from the View Menu: Show Fax List and does anything show up in the list? You should have a Fax List and fax printer in that list similar to your Printer List and whatever printer you have installed.
To check if the modem is even working you may have to use some modem terminal utility like ZTerm that will let you type simple commands and check the modem response. For example AT should result in an OK. With the internal you can't check the activity lights to see if you are receiving data or sending data, so I'm not sure how else you can verify the internal modem is actually functioning. It might be worthwhile checking that first, or if you know you can use it for dial-up, I still use my modem as a backup for when DSL goes out (rarely).

Static NAT Pre 8.3 ASA no untranlate hits

Hello all---
Having an issue w a pre 8.3 ASA static NAT.   The intention is to static nat an antivirus server hanging off our DMZ interface on the ASA- that address being 192.168.255.2….. to one of our public IP address (for the sake of this forum) 44.44.44.44. The ASA DMZ interface is 192.168.255.1.
I’ve configured the static NAT rule and the access ACLs on both the outside interface and dmz interface. For the sake of testing, I used just IP as the service –will restrict it later w the correct service ports once I know it’s working- and for now just have a windows laptop acting as the server for testing.
What I’m seeing is incrementing translate hits, but no untranslated hits at all when performing the command:   show nat dmz outside 192.168.255.2 255.255.255.255
match ip dmz host 192.168.255.2 outside any
    static translation to 44.44.44.44
    translate_hits = 549, untranslate_hits = 0
match ip dmz any outside any
    no translation group, implicit deny
    policy_hits = 170905
Also, I see no hits at all on the acl for the outside interface when trying to do a ping or telnet to ports running on the laptop\server.
So, it’s obviously translating out- to the public, but not from the public in to the private. Almost like it’s not reaching that public IP. We have other publics we translate to for other services…..with no issue
Here’s the pertinent lines – pretty simple at this point.
Outside Interface ACL
access-list acl_out line 48 extended permit ip any host 44.44.44.44
DMZ interface ACL
access-list dmz_access_in line 3 extended permit ip any any
NAT Statement on DMZ interface
static (dmz,outside) 44.44.44.44 192.168.255.2 netmask 255.255.255.255
Any help or clarification is appreciated……   thanks   Dennis…

Try seeing what the ASA is doing with the return traffic using packet tracer utility as follows:
packet-tracer input outside tcp 8.8.8.8 1025 44.44.44.44 23
...substituting the actual public NAT address for the 44.44.44.44 of course. (If you were using 8.3+ you would specify the real end host IP address.)
Here's a link to the command reference for more details.

Unable to access Facebook through app on all iOS devices

I just encountered a rather strange problem - I'm suddenly unable to access Facebook via the app on any iOS device that's logged into my home wifi network. However, I'm able to access www.facebook.com via Safari or Google Chrome on the same devices, and if I log into a different wifi network the app works fine. I'm also able to access Facebook through my desktop PC when it's connected to my home wifi network. I have two iPads - one with iOS6 and the other with iOS7. It doesn't seem to be a problem with my router since I can access Facebook normally through my home PC. When I try to access using the app on the iPads, I just get the spinning indicator in the upper left and nothing ever loads. I've tried resetting the network, re-booting the router, power cycling the ipad, turning wifi on and back off, etc. and nothing has worked.
Anyone have any ideas?

I am on Sprint 4G, running through a Cradlepoint router. My desktop PC is hard wired to the router and as I mentioned in my post I'm able to get on Facebook from the PC, and also from any laptops that are connected to the router via wifi. I'm also able to log into Facebook on the iPads through Safari or Google Chrome, just not with the app.

RV082 Remote Clients not Able To Access Server

I have a RV082 and several of my remote laptops cannot access my server using its domain name. It can be accessed using its internal ip address. The issue is that you can log onto the server using remote access and the ip however you cannot use any shortcuts using the domain name. You can see the server with the domin name however no access path is available. This is only on a few remote user laptops. Others work perfectly. Does anyone have any advise?

Evans,
Please be details as possible when posting next.
You say some of your remote laptops can't access server via name and some can. How are the computers than can connect to servers name different from the ones that can't?
what connection type are the remote user using to connect to your network?
They using vpn software located on RV082?
IPsec / PPTP both ?
What's the subnet's that the remote computers are remote from ?
whats the local subnet of RV082?
Is the subnet's the same on remote computer as the RV082 ?
What's the WAN type (public) (private ) ip address ?
What's the topology of your network ?
You can also give the Cisco Small Business Support Center a call @ 1-866-606-1866 and get help with your issue as well.
Thanks,
Jasbryan
Cisco Support Engineer
.:|:.:|:.

Static NAT causes unable to access server via internal IP

Similar Messages

Maybe you are looking for