Support configuring PlayBook on a Microsoft VPN with default settings
We have a Microsoft VPN running at work. I can connect to it from any Windows 7 PC with the default VPN settings. How can I configure the PlayBook to connect to the VPN. I have had no success after trying various settings.
Can anyone shed some insight into the correct settings - I too am attempting to get a VPN operational against a standard Microsoft Server VPN.
Is there something that I need to be able to ask IT ? where should I look ?
When I configure a new win 7 laptop all I need is the URL of the VPN server...
Similar Messages
-
Need urgent help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 - 8.2(1).
The following is the Layout:
There are two Leased Lines for Internet access - 1.1.1.1 & 2.2.2.2, the latter being the Standard Default route, the former one is for backup.
I have been able to configure Client to Site IPSec VPN
1) With access from Outside to only the Internal Network (172.16.0.0/24) behind the asa
2) With Split tunnel with simultaneous assess to internal LAN and Outside Internet.
But I have not been able to make tradiotional Hairpinng model work in this scenario.
I followed every possible sugestions made in this regard in many Discussion Topics but still no luck. Can someone please help me out here???
Following is the Running-Conf with Normal Client to Site IPSec VPN configured with No internat Access:
LIMITATION: Can't Boot into any other ios image for some unavoidable reason, must use 8.2(1)
running-conf --- Working normal Client to Site VPN without internet access/split tunnel
ASA Version 8.2(1)
hostname ciscoasa
domain-name cisco.campus.com
enable password xxxxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxx encrypted
names
interface GigabitEthernet0/0
nameif internet1-outside
security-level 0
ip address 1.1.1.1 255.255.255.240
interface GigabitEthernet0/1
nameif internet2-outside
security-level 0
ip address 2.2.2.2 255.255.255.224
interface GigabitEthernet0/2
nameif dmz-interface
security-level 0
ip address 10.0.1.1 255.255.255.0
interface GigabitEthernet0/3
nameif campus-lan
security-level 0
ip address 172.16.0.1 255.255.0.0
interface Management0/0
nameif CSC-MGMT
security-level 100
ip address 10.0.0.4 255.255.255.0
boot system disk0:/asa821-k8.bin
boot system disk0:/asa843-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name cisco.campus.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network cmps-lan
object-group network csc-ip
object-group network www-inside
object-group network www-outside
object-group service tcp-80
object-group service udp-53
object-group service https
object-group service pop3
object-group service smtp
object-group service tcp80
object-group service http-s
object-group service pop3-110
object-group service smtp25
object-group service udp53
object-group service ssh
object-group service tcp-port
object-group service udp-port
object-group service ftp
object-group service ftp-data
object-group network csc1-ip
object-group service all-tcp-udp
access-list INTERNET1-IN extended permit ip host 1.2.2.2 host 2.2.2.3
access-list CSC-OUT extended permit ip host 10.0.0.5 any
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq www
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq https
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ssh
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ftp
access-list CAMPUS-LAN extended permit udp 172.16.0.0 255.255.0.0 any eq domain
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq smtp
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq pop3
access-list CAMPUS-LAN extended permit ip any any
access-list csc-acl remark scan web and mail traffic
access-list csc-acl extended permit tcp any any eq smtp
access-list csc-acl extended permit tcp any any eq pop3
access-list csc-acl remark scan web and mail traffic
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 993
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq imap4
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 465
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq www
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq https
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq smtp
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq pop3
access-list INTERNET2-IN extended permit ip any host 1.1.1.2
access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0
access-list DNS-inspect extended permit tcp any any eq domain
access-list DNS-inspect extended permit udp any any eq domain
access-list capin extended permit ip host 172.16.1.234 any
access-list capin extended permit ip host 172.16.1.52 any
access-list capin extended permit ip any host 172.16.1.52
access-list capin extended permit ip host 172.16.0.82 host 172.16.0.61
access-list capin extended permit ip host 172.16.0.61 host 172.16.0.82
access-list capout extended permit ip host 2.2.2.2 any
access-list capout extended permit ip any host 2.2.2.2
access-list campus-lan_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 192.168.150.0 255.255.255.0
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu internet1-outside 1500
mtu internet2-outside 1500
mtu dmz-interface 1500
mtu campus-lan 1500
mtu CSC-MGMT 1500
ip local pool vpnpool1 192.168.150.2-192.168.150.250 mask 255.255.255.0
ip verify reverse-path interface internet2-outside
ip verify reverse-path interface dmz-interface
ip verify reverse-path interface campus-lan
ip verify reverse-path interface CSC-MGMT
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (internet1-outside) 1 interface
global (internet2-outside) 1 interface
nat (campus-lan) 0 access-list campus-lan_nat0_outbound
nat (campus-lan) 1 0.0.0.0 0.0.0.0
nat (CSC-MGMT) 1 10.0.0.5 255.255.255.255
static (CSC-MGMT,internet2-outside) 2.2.2.3 10.0.0.5 netmask 255.255.255.255
access-group INTERNET2-IN in interface internet1-outside
access-group INTERNET1-IN in interface internet2-outside
access-group CAMPUS-LAN in interface campus-lan
access-group CSC-OUT in interface CSC-MGMT
route internet2-outside 0.0.0.0 0.0.0.0 2.2.2.5 1
route internet1-outside 0.0.0.0 0.0.0.0 1.1.1.5 2
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
http server enable
http 10.0.0.2 255.255.255.255 CSC-MGMT
http 10.0.0.8 255.255.255.255 CSC-MGMT
http 1.2.2.2 255.255.255.255 internet2-outside
http 1.2.2.2 255.255.255.255 internet1-outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map internet2-outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map internet2-outside_map interface internet2-outside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca xyzxyzxyzyxzxyzxyzxyzxxyzyxzyxzy
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as
quit
crypto isakmp enable internet2-outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash md5
group 2
lifetime 86400
telnet 10.0.0.2 255.255.255.255 CSC-MGMT
telnet 10.0.0.8 255.255.255.255 CSC-MGMT
telnet timeout 5
ssh 1.2.3.3 255.255.255.240 internet1-outside
ssh 1.2.2.2 255.255.255.255 internet1-outside
ssh 1.2.2.2 255.255.255.255 internet2-outside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy VPN_TG_1 internal
group-policy VPN_TG_1 attributes
vpn-tunnel-protocol IPSec
username ssochelpdesk password xxxxxxxxxxxxxx encrypted privilege 15
username administrator password xxxxxxxxxxxxxx encrypted privilege 15
username vpnuser1 password xxxxxxxxxxxxxx encrypted privilege 0
username vpnuser1 attributes
vpn-group-policy VPN_TG_1
tunnel-group VPN_TG_1 type remote-access
tunnel-group VPN_TG_1 general-attributes
address-pool vpnpool1
default-group-policy VPN_TG_1
tunnel-group VPN_TG_1 ipsec-attributes
pre-shared-key *
class-map cmap-DNS
match access-list DNS-inspect
class-map csc-class
match access-list csc-acl
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class csc-class
csc fail-open
class cmap-DNS
inspect dns preset_dns_map
service-policy global_policy global
prompt hostname context
Cryptochecksum: y0y0y0y0y0y0y0y0y0y0y0y0y0y
: end
Neither Adding dynamic NAT for 192.168.150.0/24 on outside interface works, nor does the sysopt connection permit-vpn works
Please tell what needs to be done here, to hairpin all the traffic to internet comming from VPN Clients.
That is I need clients conected via VPN tunnel, when connected to internet, should have their IP's NAT'ted against the internet2-outside interface address 2.2.2.2, as it happens for the Campus Clients (172.16.0.0/16)
I'm not much conversant with everything involved in here, therefore please be elaborative in your replies. Please let me know if you need any more information regarding this setup to answer my query.
Thanks & Regards
maxsHi Jouni,
Thanks again for your help, got it working. Actually the problem was ASA needed some time after configuring to work properly ( ?????? ). I configured and tested several times within a short period, during the day and was not working initially, GUI packet tracer was showing some problems (IPSEC Spoof detected) and also there was this left out dns. Its working fine now.
But my problem is not solved fully here.
Does hairpinning model allow access to the campus LAN behind ASA also?. Coz the setup is working now as i needed, and I can access Internet with the NAT'ed ip address (outside-interface). So far so good. But now I cannot access the Campus LAN behind the asa.
Here the packet tracer output for the traffic:
packet-tracer output
asa# packet-tracer input internet2-outside tcp 192.168.150.1 56482 172.16.1.249 22
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.255.0.0 campus-lan
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.150.1 255.255.255.255 internet2-outside
Phase: 5
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group internnet1-in in interface internet2-outside
access-list internnet1-in extended permit ip 192.168.150.0 255.255.255.0 any
Additional Information:
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: CP-PUNT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: NAT-EXEMPT
Subtype: rpf-check
Result: ALLOW
Config:
Additional Information:
Phase: 10
Type: NAT
Subtype:
Result: DROP
Config:
nat (internet2-outside) 1 192.168.150.0 255.255.255.0
match ip internet2-outside 192.168.150.0 255.255.255.0 campus-lan any
dynamic translation to pool 1 (No matching global)
translate_hits = 14, untranslate_hits = 0
Additional Information:
Result:
input-interface: internet2-outside
input-status: up
input-line-status: up
output-interface: internet2-outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
The problem here as you can see is the Rule for dynamic nat that I added to make hairpin work at first place
dynamic nat
asa(config)#nat (internet2-outside) 1 192.168.150.0 255.255.255.0
Is it possible to access both
1)LAN behind ASA
2)INTERNET via HAIRPINNING
simultaneously via a single tunnel-group?
If it can be done, how do I do it. What changes do I need to make here to get simultaneous access to my LAN also?
Thanks & Regards
Abhijit -
Tracks ripped in iTunes with default settings cut short on iPods
I have a WIndows PC running XP (which I keep up to date).
I rip CDs I have bought using iTunes with default settings (so creating AAC files). My iPod library is held on a networked storage device.
All tracks play fine in iTunes.
Quite frequently, when I sync the ripped CD to an iPod, one or more tracks will cut short when played on the iPod, usually near the beginning (they generally play for less than 30 seconds).
The tracks always cut off at the same point.
The problem occurs consistently across 3 separate iPods (i.s. same tracks, same point).
I have tried resetting iPods, removing artwork as suggested by some threads etc.
The only way I have found to resolve the problem is to re-rip the CD (or at least the faulty tracks). Usually this fixes it, although sometimes I have had to re-rip more than once.
I have not found similar problem reports (those I have found tend to be people ripping to MP3 format), which seems strange if this is an iTunes bug.
It has occurred to me this might be an issue with the data being written to the storage device which is connected via ether to router.
Any thoughts?You're welcome. Glad it worked out.
Amazing day yesterday. The Earth shake was very powerful, lasting for over a minute. Fortunately and amazingly, we had very minor damage.
Please mark this post "solved". Helpful for others looking for a solved solution to a similar question, also helpful for me. Aloha from Big Island. -
990FX-GD80 and FX-8350 System not Stable with Default Settings - BSOD or Lockup
Bios = 11.13
Ram = Viper 3 Series, DDR3 32GB (4 x 8GB) 2133MHz Quad Kit 1.5v
Video = Geforce GTX460
Power Supply = Corsair TX850M
OS = Windows 7 x64
I had some issues setting up the OS initially and because the system drive was Raid 1, I needed to create a boot-able USB key to do the install.
When I installed the OS, I had an AMD Phenom II 1090 installed and bios version was 11.12.
I had a few BSODs during setup and after wards, but not too frequent. I can't recall if I made many changes the bios at this time (possibly disabled C6 state and CoolnQuite).
When I had purchase the FX8350, the bios was upgraded prior to install the CPU being installed.
When the system booted, it failed during the windows experience index test. Some times the test would crash at random points, or the system would freeze and even the
occasionally BSOD when the test made it to the CPU performance index.
I had tried the OC Gennie in the beginning too, but it did not work out. The system would lockup while loading windows.
Too bad.
I decided to shut off all power saving features in the bios and after that I still had some issues with the the Windows Experience Index test.
The system was much more stable when Turbo boost was disabled, but I still had the occasional lockup and BSOD under load (Fallout Vegas or Handbrake encoding media).
With the CPU Core voltage set to auto, and power saving disabled, the core voltage would read 1.288v under no load
and drop below 1.25 during the Windows Experience Index.
I have manually set the CPU voltage in bios. Currently it is at 1.328 and measures 1.304 when the system is not loaded.
DDR3 Ram voltage is set to 1.58v and measures at 1.552.
I am using Open Hardware Monitor to get this info. You need to enable hidden voltages to view the DDR3 voltage which is labeled Voltage #3.
Under load the CPU voltage drops to 1.288 and lower.
When I have been running Windows Experience Index, the CPU only seems to hit 75% maximum usage
during the CPU test while the CPU core voltage drops to 1.264.
I would like to over clock the system but I am concerned now. The mother board is rated at 140w for the CPU and the CPU is
rated at 125W, and from what I have read, overclocking with this CPU would exceed the boards 140w rating.
Because of the fluctuating CPU Core voltages (with power saving features disabled) , I thought that the motherboard may have a fault
so sent it back to the vendor for replacement. I now have a second board and it is performing the same as the first.
Older systems I have owned usually just worked, an so I am wondering what others are experiencing with this combination of
CPU and motherboard. I am considering sending both CPU and motherboard back to vendor and switching to an Intel CPU.Improvement of what?
If you want to know the voltages for sure, then take a volt-meter and measure them.
The readings you see in software and BIOS are not much more then an indication at best.
It's not an checked and verified precision reading.
And yes, voltages fluctuate, if they don't your board is dead
Anybody with electronic skills will tell you this.
As for memory, you may want to read this: http://www.guru3d.com/articles_pages/amd_fx_8350_processor_review,3.html
The CPU supports 1866 DDR3, but what they never tell is that this is with 2 ranks per channel, ergo 1 double sided stick of 2 single sided sticks.
Have you tried running with 1333 or 1600? Because you have 4 large sticks it for sure can't do 2133 and I doubt it can sustain 1866.
This is not a board problem but CPU limitation. -
Connection to JetDirect Box x500 with default settings failed
Hello everybody,
got a big problem withJetDirect x500 boxes in my company.
After a blackout at my company, many JetDirect boxes lose their configuration and reset themselves to the default configurations.
We got the exact configuration of each box written down, so i want to set them up again with the correct settings.
But now i can´t connect to the boxes via HP JetAdmin. I try it with the mac adress and also with the default ip (192.0.0.192), but non of these works.
I also tried resetting the boxes and then try to connect, but the connection failed.
I also tried to connect the boxes locally via a network switch to my notebook and repeat to connect with the methods written above , but this is also not working.
There must be a way to configure these boxes locally so they can be set up in the network, but i can not find in in the manual.
Did someone got a solution for this and can help me out, please ???
greetings
patLike sasek, I'm using the RTL8187SE card and I can't use networkmanager because it just doesn't detect the networks. What I've seen in the log files is that wpa_supplicant is stuck in a loop. I used Fedora for a few days and it connects fine, using the gnome-shell applet, but Fedora is so damn slow on my laptop.
Right now I'm using wicd-curses. That's my solution for now. -
This is a known issue with Time Machine. I suggest backing up iPhoto Library separately and not rely on Time Machine to do so. In fact if it were up to me I would not let you use Time Machine. I would recommend using one of the following for your regular and scheduled backups:
Suggested Backup Software
1. Carbon Copy Cloner
2. Get Backup
3. Deja Vu
4. SuperDuper!
5. Synk Pro
6. Tri-Backup
Others may be found at VersionTracker or MacUpdate.
Visit The XLab FAQs and read the FAQ on backup and restore. Also read How to Back Up and Restore Your Files. -
HTML5 videos not rendered proper. Too light/pale. With default settings.
Title says it all. Is there a way to change anything codec, renderer or some preference?
I was told that firefox uses media foundation codecs are there any alternatives to microsoft's built in codec?
If I disable "media.windows-media-foundation.use-dxva" I get proper video, but of course CPU usage increases significantly which might cause troubles. Especially if I have other stuff running and/or I play high-res videos. Also the efficient HW acceleration of the GPU remains unused.Please work through the video troubleshooting guide.
https://helpx.adobe.com/flash-player/kb/video-playback-issues.html
If you're still stuck, please follow the directions in the guide on providing the dxdiag report and additional information about what you tested and saw. -
Shopping cart Issue with ( "Default settings: Set values" ) link
Hello SRM Gurus,
I have an issue in shopping cart process:
When creating a shopping cart, I am trying to change the u201CDelivery Address/Performanceu201D tab data through link u201CDefault settings: Set valuesu201D, then add the items in to shopping cart and ordered. The change values are properly populating. For example (Street/house number) .
But when we re-creating the shopping cart, the changed values are not populating automatically (Itu2019s not updated in to master table I guess) and we need to open the link u201CDefault settings: Set valuesu201D and change the values again.
So is this link (u201CDefault settings: Set valuesu201D ) active only for that particular Shopping cart? Or is it missing to update the changed data in to master table?
Because business wants, when changes happen through (u201CDefault settings: Set valuesu201D) link, It should be update in to users master and when open next time the changed value should be populated.
Is this standard behavior of shopping cart?
Kindly let me know your comments.
Thanks.
Regards,
Magesh.Hi Anubhav
Thanks for the mail.
Actually my issue is that,
When creating new shopping cart, trying to change some values through "Default Settingsu201D will it be parentally stores the changed value into user master data? Or it is temporarily changes for that shopping cart alone?
Because business wanted when changing the values in "Default Settingsu201D the changed value should be appeared when creating shopping cart next time also..
So I want to know that , What is the standard behavior of u201Cdefault settingsu201D . Kindly let me know your experience.
Thanks.
Regards,
Magesh Basavaraj. -
Imac has restarted with default settings?
i was downloading flash player update and did , then was asked to restart firefox which i did then the desktop lost all icons and screen looked like it did when i took it out of the box 2 years ago, all music is lost and recent photos in iphoto are gone. what happened
Which site did you use to download from? The official Adobe site?
-
Graduated Filter always comes up with default settings
... of exposure +2 and some other settings in LR2.1. Where can I change this default for the graduated Filter? Annoying: Not (only) the default setting, but the lack of a hard drive based help system or a decent manual for such a product. Getting help for basics takes MUCH too much time. The web is not everything.
thanks for a help comment.
GerdIn article <[email protected]>,
[email protected] wrote:
> Getting help for basics takes MUCH too much time.
You can download and print the LR manual as a basic help from here:
Cheers Martin -
Router to Router VPN with Overlapping internal networks
Hello Experts,
One quick question. How do I configure a Router to Router VPN with overlapping internal networks???
Both of my internal networks have ip address of 192.168.10.0 and 192.168.10.0
Any link or config will be appreciated. I've been looking but no luck.
Thanks,
RandallRandall,
Please refer the below URL for configuration details:
Configuring an IPSec Tunnel Between Routers with Duplicate LAN Subnets
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b07ed.shtml
Let me know if it helps.
Regards,
Arul
** Please rate all helpful posts ** -
How do I change SSID setting? Getting message "using network with default ssid'
Getting message "using network with default ssid'
First, let's address the biggest issue, the version of Firefox you are using is extremely old, out of date and insecure. Please update to Firefox 33 ASAP ([[Update Firefox to the latest version]])
After that, please give a bit more context on what exactly is going on. Keep in mind this is a Firefox support forum, we can't help you with Windows settings or setting up wireless networks. -
Portal compability with IE7 settings
Hi all,
When we are using our portal with IE6 it was working fine but when we tested it with IE7 (let us consider with default settings) there where some links pointing to some KM documents when we are clicking that links the attachment opens in a new explorer window.When we close that window still a blank window appears,What we observe that by viewing source code that
<p class=MsoNormal><span style='font-size:8.0pt;font-family:Arial'><A HREF="/irj/servlet/prt/portal/prtroot/WebEditingApplication.RedirectKMDocs?realpath=/Intranet/Articles/Processes/Hidden%20Main%20Article%20Folder/EHSQ%20Metals/Division.doc"TARGET="_blank">//Division level//</a></span></p>"
In my view this Target = "_blank" is causing problem(the same was not causing the problem in IE6) but we can't change the configurations,Any body has already faced this problem?Please helpWhat portal version you are using?
By the way, SAP have two notes on IE7,
SAP Note: 981710
and Sap Note : 991449
Please have a look.
Regards,
Nitin -
[SOLVED] MS-CHAP[v2] auth, Microsoft VPN client setup with pptpclient
Hi,
Have just started with Archlinux and trying to set up a VPN tunnel using pptp.
I have been following the guide at:
https://wiki.archlinux.org/index.php/Mi … pptpclient
I want to connect to a service from www.ipredator.se
Info from them when connection to Windows XP are:
Enter company name "Ipredator". Click Next.
Enter "vpn.ipredator.se" as "Host name or IP address".
I have been given a <USERNAME> and <PASSWORD> from them.
I got the VPN tunnel up and running in Ubuntu with the settings.
Only enabled MSCHAPv2
use MPPE 128 bit
and allow data compression, BSD, Deflate and TCP header.
My configuration files:
options.pptp
# $Id: options.pptp,v 1.3 2006/03/26 23:11:05 quozl Exp $
# Sample PPTP PPP options file /etc/ppp/options.pptp
# Options used by PPP when a connection is made by a PPTP client.
# This file can be referred to by an /etc/ppp/peers file for the tunnel.
# Changes are effective on the next connection. See "man pppd".
# You are expected to change this file to suit your system. As
# packaged, it requires PPP 2.4.2 or later from [url]http://ppp.samba.org[/url]/
# and the kernel MPPE module available from the CVS repository also on
# [url]http://ppp.samba.org[/url]/, which is packaged for DKMS as kernel_ppp_mppe.
# Lock the port
lock
# Authentication
# We don't need the tunnel server to authenticate itself
noauth
# We won't do PAP, EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2
# (you may need to remove these refusals if the server is not using MPPE)
refuse-pap
refuse-eap
refuse-chap
refuse-mschap
# Compression
# Turn off compression protocols we know won't be used
nobsdcomp
nodeflate
# Encryption
# (There have been multiple versions of PPP with encryption support,
# choose with of the following sections you will use. Note that MPPE
# requires the use of MSCHAP-V2 during authentication)
# [url]http://ppp.samba.org[/url]/ the PPP project version of PPP by Paul Mackarras
# ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o
# Require MPPE 128-bit encryption
# require-mppe-128
# [url]http://polbox.com/h/hs001/[/url] fork from PPP project by Jan Dubiec
# ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o
# Require MPPE 128-bit encryption
# mppe required,stateless
chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
<USERNAME> pptpd <PASSWORD> *
I named my tunnel "ipredator"
/etc/ppp/peers/ipredator
pty "pptp vpn.ipredator.se --nolaunchpppd"
name <USERNAME>
remotename Ipredator
require-mppe-128
file /etc/ppp/options.pptp
ipparam ipredator
When I try to connect I get following:
[root@archlinux ppp]# pon $TUNNEL ipredator dump logfd 2 nodetach
pppd options in effect:
nodetach # (from command line)
logfd 2 # (from command line)
dump # (from command line)
noauth # (from /etc/ppp/options.pptp)
refuse-pap # (from /etc/ppp/options.pptp)
refuse-chap # (from /etc/ppp/options.pptp)
refuse-mschap # (from /etc/ppp/options.pptp)
refuse-eap # (from /etc/ppp/options.pptp)
name <USERNAME> # (from /etc/ppp/peers/ipredator)
remotename Ipredator # (from /etc/ppp/peers/ipredator)
# (from /etc/ppp/options.pptp)
pty pptp vpn.ipredator.se --nolaunchpppd # (from /etc/ppp/peers/ipredator)
crtscts # (from /etc/ppp/options)
# (from /etc/ppp/options)
asyncmap 0 # (from /etc/ppp/options)
lcp-echo-failure 4 # (from /etc/ppp/options)
lcp-echo-interval 30 # (from /etc/ppp/options)
hide-password # (from /etc/ppp/options)
ipparam ipredator # (from /etc/ppp/peers/ipredator)
proxyarp # (from /etc/ppp/options)
nobsdcomp # (from /etc/ppp/options.pptp)
nodeflate # (from /etc/ppp/options.pptp)
require-mppe-128 # (from /etc/ppp/peers/ipredator)
noipx # (from /etc/ppp/options)
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
MPPE required, but MS-CHAP[v2] auth not performed.
Connection terminated.
[root@archlinux ppp]#
I have not managed to understand way MS-CHAP[v2] auth is not performed.
Any ideas on what I have missed during my configuration would be most appreciated!
use code tags instead of quote since they provide scrollers and keep the thread from becoming a mile long -- Inxsible
Thank you!
Regards,
/Christer
Last edited by agkbill (2011-06-14 15:23:15)The problem was that <PASSWORD> was never found.
What is written after "remotename" in peers file in the guide "PPTP" is used to find the password in chap-secreds.
But in the guide chap-secrets look like "<USERNAME> pptpd <PASSWORD> *".
Consecuently <PASSWORD> will never be found. It should have been "<USERNAME> PPTP <PASSWORD> *" then it would have worked OK.
The solution was to understand how password was found.
require-mppe-128 works fine as well.
Now it looks like this.
# Secrets for authentication using CHAP
# client server secret IP addresses
<USERNAME> PPTP <PASSWORD> *
pty "pptp vpn.ipredator.se --nolaunchpppd"
lock
noauth
nobsdcomp
nodeflate
name <USERNAME>
remotename PPTP
require-mppe-128
#file /etc/ppp/options.pptp
ipparam ipredator
Output:
[root@archlinux ppp]# pon ipredator debug logfd 2 nodetach
using channel 14
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7540313b> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xc615076a> <pcomp> <accomp>]
sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xc615076a> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x7540313b> <pcomp> <accomp>]
sent [LCP EchoReq id=0x0 magic=0x7540313b]
rcvd [LCP EchoReq id=0x0 magic=0xc615076a]
sent [LCP EchoRep id=0x0 magic=0x7540313b]
rcvd [CHAP Challenge id=0x46 <be769cd654150cc3dc0fd20bc73c03>, name = "pptpd"]
sent [CHAP Response id=0x46 <6ce74a85ab09e4ae223bc85f679395f0000000000000000dbb8dc66e8950ab46831b62f5815e015b1e72de1e01a4d00>, name = "<USERNAME>"]
rcvd [LCP EchoRep id=0x0 magic=0xc616076a]
rcvd [CHAP Success id=0x46 "S=2694D1D727F2B8C8E402125EA401750011F24F20"]
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]
rcvd [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr x.x.x.x>]
sent [IPCP ConfAck id=0x1 <compress VJ 0f 01> <addr x.x.x.x>]
rcvd [IPCP ConfNak id=0x1 <addr 93.182.150.56>]
sent [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr x.x.x.x>]
rcvd [IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr x.x.x.x>]
Cannot determine ethernet address for proxy ARP
local IP address
remote IP address x.x.x.x
Script /etc/ppp/ip-up started (pid 1778)
Script /etc/ppp/ip-up finished (pid 1778), status = 0x0
All the best!
/Christer -
Azure Site to Site VPN with Cisco ASA 5505
I have got Cisco ASA 5505 device (version 9.0(2)). And i cannot connect S2S with azure (azure network alway in "connecting" state). In my cisco log:
IP = 104.40.182.93, Keep-alives configured on but peer does not support keep-alives (type = None)
Group = 104.40.182.93, IP = 104.40.182.93, QM FSM error (P2 struct &0xcaaa2a38, mess id 0x1)!
Group = 104.40.182.93, IP = 104.40.182.93, Removing peer from correlator table failed, no match!
Group = 104.40.182.93, IP = 104.40.182.93,Overriding Initiator's IPSec rekeying duration from 102400000 to 4608000 Kbs
Group = 104.40.182.93, IP = 104.40.182.93, PHASE 1 COMPLETED
I have done all cisco s2s congiguration over standard wizard cos seems your script for 8.x version of asa only?
(Does azure support 9.x version of asa?)
How can i fix it?Hi,
As of now, we do not have any scripts for Cisco ASA 9x series.
Thank you for your interest in Windows Azure. The Dynamic routing is not supported for the Cisco ASA family of devices.
Unfortunately, a dynamic routing VPN gateway is required for Multi-Site VPN, VNet to VNet, and Point-to-Site.
However, you should be able to setup a site-to-site VPN with Cisco ASA 5505 series security appliance as
demonstrated in this blog:
Step-By-Step: Create a Site-to-Site VPN between your network and Azure
http://blogs.technet.com/b/canitpro/archive/2013/10/09/step-by-step-create-a-site-to-site-vpn-between-your-network-and-azure.aspx
You can refer to this article for Cisco ASA templates for Static routing:
http://msdn.microsoft.com/en-us/library/azure/dn133793.aspx
Did you download the VPN configuration file from the dashboard and copy the content of the configuration
file to the Command Line Interface of the Cisco ASDM application? It seems that there is no specified IP address in the access list part and maybe that is why the states message appeared.
According to the
Cisco ASA template, it should be similar to this:
access-list <RP_AccessList>
extended permit ip object-group
<RP_OnPremiseNetwork> object-group <RP_AzureNetwork>
nat (inside,outside) source static <RP_OnPremiseNetwork>
<RP_OnPremiseNetwork> destination static <RP_AzureNetwork>
<RP_AzureNetwork>
Based on my experience, to establish
IPSEC tunnel, you need to allow the ESP protocol and UDP Port 500. Please make sure that the
VPN device cannot be located behind a NAT. Besides, since Cisco ASA templates are not
compatible for dynamic routing, please make sure that you chose the static routing.
Since you configure the VPN device yourself, it's important that you would be familiar with the device and its configuration settings.
Hope this helps you.
Girish Prajwal
Maybe you are looking for
-
10.5.6 Update Issue with Time Machine
I updated my MacBook Pro 2.4GHz Core 2 Duo from 10.5.5 to 10.5.6 yesterday and since then I have been unable to complete a Time Machine backup to my Time Capsule. It always gives me a status message "Preparing." I have already restarted my computer a
-
I cannot seem to open back up my memory stick. I dragged the "icon" to the trash bucket before I pulled the stick out. The memory stick icon no longer shows up on my computer. It also will not open on any other computer. Is there anyway to find t
-
I have a Mac Pro using Lion, with SSD for system drive. Drive stopped booting, but otherwise appeared healthy. Restored from system backup. Now drive seems to work properly, BUT my logon password no longer works. Password OK for account; can acce
-
Suppress entries in the drop down list box for fields Priority and Category
Hello, For the transaction type 'Service Process' , I want to suppress certain values in the drop down list box for the fields Priority and Category based on certain conditions.I couldn't find a suitable badi for this scenario. Is there a solution so
-
I've just acquired a 2007 Mac Pro 2,1 2x 3GHz Xeon and would like to upgrade the graphics card
I've just acquired a 2007 Mac Pro 2,1 2x 3GHz Xeon and would like to upgrade the graphics card. I'd like to be able to run the Adobe CC 2014 software for 2D animation work. Don't need CUDA for any ray-traced work, just want to be able to run Ai and A