View individual connections by IP on ASA using a MIB

Similar Messages

• Cannot connect to ASDM on ASA 5505 over https

  Problem: Cannot connect to ASDM on ASA 5505 when vlan1 network is changed from the factory default.
  Hi all. I am just getting started on a new ASA 5505, working it in a test lab environment. I ran thru the initial setup wizard. During that time I specified a name for Vlan1 (changed from 'inside' to 'INTR-NET'), modified the Vlan1 IP address to use DHCP, and then populated the Device Config Access table with entries corresponding to the entire Class B network here on the local intranet. I don't recall if the factory-default network was already populated, but if it wasn't I added it as 192.168.1.0/255.255.255.0
  I then saved the config, and verified that the ASA got a dhcp address using the RS-232 console. I then reconfigured the laptop I have plugged into port 0/1 with it's normal address on the intranet and discovered that I couldn't reconnect to ASDM. The ASDM client times out, and a web browser opened to https://(ASA5505's dhcp addr) fails as well.
  I then used the console to add another http IP address matching the specific IP address (xxx.240.113.129/255.255.255.255) which the laptop is set for, to the list of permissible admin connections, but saw no difference.
  This issue is much the same as was reported in this prior forum posting:
  http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=General&topicID=.ee6e1f8&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cc16cb8/4
  EXCEPT that I was already aware the admin IP address(es) needed to be registered to enable access via SSH/Telnet/HTTPS.
  And, I did that step, but it is not working. I have tried adding various combinations of network ranges in the device config access list, including the specific subnet that the lab's dhcp server assigned to the ASA 5505 (xxx.240.112.0/255.255.254.0), but there is no difference. I can traceroute to the laptop and ping the Vlan1 interface from the laptop, but the https ASDM (and ssh connections too) are not successful. This is very frustrating.
  The device is brand new, I see that upon boot it loads asa724-k8.bin, and the software banner says Cisco Adaptive Security Appliance Software Version 7.2(4)
  Note also that, from the RS-232 console, if I reset the IP address to the static, factory default (192.168.1.1) and manually config my laptop on the same subnet, then ASDM makes the connection. Just like out of the box. But when I put it back onto our intranet and verify the DHCP lease, then ASDM is a no go.
  Can you think of what I've missed?

  Good question. Let me add that info plus related Vlan config details:
  ASA5505A# show ip
  System IP Addresses:
  Interface Name IP address Subnet mask Method
  Vlan1 INTR-NET XXX.240.112.92 255.255.254.0 DHCP
  Vlan2 VoIP 172.26.99.1 255.255.255.0 manual
  Vlan3 dmz-unused 192.168.99.1 255.255.255.0 manual
  Current IP Addresses:
  Interface Name IP address Subnet mask Method
  Vlan1 INTR-NET XXX.240.112.92 255.255.254.0 DHCP
  Vlan2 VoIP 172.26.99.1 255.255.255.0 manual
  Vlan3 dmz-unused 192.168.99.1 255.255.255.0 manual
  ASA5505A# show switch vlan
  VLAN Name Status Ports
  1 INTR-NET up Et0/1, Et0/2, Et0/3, Et0/4
  2 VoIP down Et0/5, Et0/6, Et0/7
  3 dmz-unused down Et0/0
  ASA5505A#
  ASA5505A# config t
  ASA5505A(config)# show running-config http
  http server enable
  http XXX.240.0.0 255.255.0.0 INTR-NET
  http 192.168.1.0 255.255.255.0 INTR-NET
  http XXX.240.113.129 255.255.255.255 INTR-NET
  ASA5505A(config)#
  ASA5505A(config)# show running-config ssh
  ssh 192.168.1.0 255.255.255.0 INTR-NET
  ssh XXX.240.0.0 255.255.0.0 INTR-NET
  ssh timeout 5
  SECURITY LEVEL IS 100 ON Vlan1 and Vlan2, 50 on Vlan3, and traffic is restricted from Vlan3 to Vlan1 because this is the basic license.

• Question on connecting a client VPN ASA

  Hi Guys,
  i have a question about VPN Tunneling. I have one ASA 5505 with static PPPoE Adress outside and local 192.168.202.0/24 Network, acting as an EasyVPN Server. On the other side is another ASA 5505 without dynamic PPPoE outside interface acting as EasyVPN Client in client ode. Inside network is 192.168.1.0/24
  This works pretty well! But now i have created another user that uses an software EasyVPN client to connect the EasyVPN Server. This works as well.
  But how am i able to connect the client network 192.168.1.0/24 over the ASA connections?
  Please give me some hint.

  "But how am i able to connect the client network 192.168.1.0/24 over the ASA connections?"
  Yes, if you set the split-tunnel ACL correctly you should be able connect to remote-client ASA.
  Please follow the split-tunnel configuration method from Cisco doc, from below link.
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808a61f4.shtml
  Please rate helpful post.
  Thanks
  Rizwan Rafeek

• Make full TV view while connecting to Apple TV

  How to make full TV view, while connecting my iPad Air to the Apple TV???

  You still need a local network to be able to use airplay

• Connecting to office computer remotely using screen sharing app

  How do I connect to my office computer using the screen sharing app in the system?
  Are there complete instructions somewhere that I can read?
  I have a computer at home and at the office, both with sbcglobal router connections to the internet. I have read that /System/CoreServices/Screen Sharing.app will allow you to connect to computers over the internet, but the article I read did not have much detail.
  So say my work router hardware internet address is 123.12.23.123
  When the window open after I click Screen Sharing, do I put that address in there?
  Is there a port I need to open at the office?
  Is there some internet address for my computer besides the sbc 172.12.1.23 address that I should use instead?
  Screen sharing has a computer setting under sharing "VNC viewer may control screen with password: abcdefg"
  Where do I find more information about Virtual computer networking and how I can do it with my may and the software apple provides.
  I appreciate your help.
  Message was edited by: James Mol

  The only way I have been able to do this is to use logmein.com to access my office computer, then using iChat, accept the invitation to share my office screen. One connected, I can log off logmein.
  Has anyone found an easier way?
  Thanks

• GUI Bug / Suggestion - View Network Connection Settings

  I'm currently running Windows Server Technical Preview in a VMware Workstation environment.  When I click on the network icon in the system tray, and then proceed to click on "View Network Connection Settings", nothing happens.  Is this
  a bug?
  I know in the desktop OS this opens PC Settings which doesn't exist in Server, but it makes sense for this button to link to "Network Connections" or even "Network and Sharing Center" in Server. 

  Enable Desktop Experience. Server with a GUI is not the full GUI, you need to enable Desktop Experience (on User Interface options), Fax Server (for Windows Fax and Scan), Server Backup, wireless, XPS Viewer and GUI for Windows Defender, to make use of
  the full graphical experience. Some shortcuts and elements in the GUI make sense only after you activate thoose functions. Windows Server seems a modified version of Windows client x64, more or less, some leftovers from the client origin still remain
  in the server version. Some client features are present, but turned off by default, if you want to experiment, you can enable them. Windows Server can become very close to the Windows client, if you know what to turn on.

• Adobe FLME Error Message "Please check if video devices are connected properly and are not used by any other application."

  Hello, I'm trying to use my MAC Book Pro with Adobe FMLE. Once I select either my internal or external camera and microphone, in the live encoder I get this error message. "Please check if video devices are connected properly and are not used by any other application." The Facetime HD camera works in Photo Booth. Can someone assist me in what to do please, Thanks in advance!

  Hi all ,
  We found the solution for this issue .
  We have installed the crypto library in global executable directory and any way it will replicate those binaries to individual application servers.
  But the parameters are still looking for global executable directory for loading crypto library during time.
  So all application servers are trying to load crypto library files from global "exe" instead of local directory, which was clustered .Sometimes during  heavy network load it may cause some delays to load the libraries to individual application servers and in turn is causing the license key issues.
  Note 982056 - The license key library has not been initialized yet..
  SAP Recommend option for all SSF parameters should be instance profile parameters not in default parameters..This was mentioned in below note:
  Note 662340 - SSF Encryption Using the SAPCryptolib --- .
  But in our Environment SSF and SEC parameter were set in DEFAULT profile instead Instance profile.
  Recommendations:
  o     ssf/ssfapi_lib  = <Path and file name of SAPCRYPTOLIB>
  o     sec/libsapsecu  = <Path and file name of SAPCRYPTOLIB>
  This was mentioned in the below SAP HELP.
  http://help.sap.com/saphelp_nw04/helpdata/en/3d/bf463c6796e61ce10000000a114084/frameset.htm.

• Hyperion Strategic Finace are not listed under Smart View Shared Connections (EPMS 11.1.2.3)

  Dears,
  I'm can't access Hyperion Strategic Finance trhough SmartView because are not listed under Smart View Shared Connections.
  But if I try connect trhough Private Connections it's work fine.
  I've tried reconfigure Providers Services, but didn't work.
  Anyone could help me?
  Thanks in advance

  It should be possible using a Shared connection to Strategic Finance as it is documented - Creating a connection using Shared Connections , as far as I am aware it is only OBIEE where you have to use the XML method.
  It might be worth checking in workspace under workspace settings and enabled products to see if Strategic Finance is enabled.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Can't connect to X11 window server using '127.0.0.1:0.0'

  Oracle 9i R2 on Redhat Fedora Core 2
  In the terminal on Xwindow enviroment
  # xhost +
  # su - oracle
  $ export DISPLAY=127.0.0.1:0.0
  $./runInstaller
  It display error messege below
  Exception in thread "main" java.lang.InternalError: Can't connect to X11 window server using '127.0.0.1:0.0' as the value of the DISPLAY variable.
  Why can't connect to X11 window server? Can you tell me how to solve that problem? Thanks

  hello
  I am trying to install Oracle 10g in Sun Solaris 10 all the while I ahve the following error. Please help to install oracle in sun solaris environment.
  I have tried all the step of installation
  Starting Oracle Universal Installer...
  Checking installer requirements...
  Checking operating system version: must be 5.6, 5.7, 5.8 or 5.9. Actual 5.10 Failed <<<<
  Ignoring required pre-requisite failures. Continuing...Preparing to launch Oracle Universal Installer from /tmp/OraInstall2005-08-07_10-51-43AM. Please wait ...$ Oracle Universal Installer, Version 10.1.0.3.0 Production
  Copyright (C) 1999, 2004, Oracle. All rights reserved.
  Xlib: connection to ":0.0" refused by server
  Xlib: No protocol specified
  Can't connect to X11 window server using ':0' as the value of the DISPLAY variable.
  :0
  :0
  Unable to start an interactive install session because of the following error:Can't connect to X11 window server using ':0' as the value of the DISPLAY variable. The DISPLAY environment variable should be set to <hostname or IP address>:<screen>, where the <screen> is usually '0.0'.
  Depending on the Unix Shell, you can use one of the following commands as examples to set the DISPLAY environment variable:
  - For csh: % setenv DISPLAY 192.168.1.128:0.0
  - For sh, ksh and bash: $ DISPLAY=192.168.1.128:0.0; export DISPLAY
  Use the following command to see what shell is being used:
  echo $SHELL
  Use the following command to view the current DISPLAY environment variable setting:
  echo $DISPLAY
  - Make sure that client users are authorized to connect to the X Server.
  To enable client users to access the X Server, open an xterm, dtterm or xconsole as the user that started the session and type the following command:
  % xhost +
  To test that the DISPLAY environment variable is set correctly, run a X11 basedprogram that comes with the native operating system such as 'xclock':
  % <full path to xclock... see below>
  If you are not able to run xclock successfully, please refer to your PC-X Server or OS vendor for further assistance.
  Typical path for 'xclock': ''

• CONNECT UNIX MACHINE FROM WINDOWS USING C#

  Hi all i have a requirement to connect unix machine from windows using c# code . I have the IP Address of the unix machine and the path too.I have to make a FTP using the c# code from unix to windows and vice versa . Can anybody help me out on this . It
  would be great if have a solution for this .

  Hi
  Balamurali_Mohan,
  Please refer to the similar thread
  How to connect to unix server using c#
  The marked answer said: Use a SSH (secure shell) client wrapper for .NET to connect to the remote UNIX machine and execute commands to run your script.
  Have a look at:
  http://www.codeproject.com/KB/IP/sharpssh.aspx
  Best regards,
  Kristin
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• When I login to Horizon View, it shows me the list of desktops to connect to. If I'm entitled to only one desktop then can View auto connect me to that desktop instead of me clicking on Connect?

  When I login to Horizon View, it shows me the list of desktops to connect to. If I'm entitled to only one desktop then can View auto connect me to that desktop instead of me clicking on Connect.

  Yes you certainly can.
  Right click any desktop in the list > Settings > in the left pane select the desktop you want to auto connect to > check "Auto connect to this desktop".

• I have a new MAcBook Air and my photos don't fit on the internal hard drive.  I want to store my photos on an external hard drive which I will connect to my Air when using Iphoto.  How do I set an external hard drive as the default drive?

  I have a new MAcBook Air and my photos don't fit on the internal hard drive.  I want to store my photos on an external hard drive which I will connect to my Air when using Iphoto.  How do I set an external hard drive as the default drive in Iphoto?

  Make sure the drive is formatted Mac OS Extended (Journaled)
  1. Quit iPhoto
  2. Copy the iPhoto Library from your Pictures Folder to the External Disk.
  3. Hold down the option (or alt) key while launching iPhoto. From the resulting menu select 'Choose Library' and navigate to the new location. From that point on this will be the default location of your library.
  4. Test the library and when you're sure all is well, trash the one on your internal HD to free up space.
  Regards
  TD

• Error while connecting to SQL Server 2000 using Heteregenous Services 11g

  Hope this is the right thread to post on! We have been given the challenge of connecting to and reading data from a SQL Server 2000 database.
  Our Infrastructure guys have set up the network access.
  The SQL Server DB is set to windows NT Authentication only (N.B. NOT Mixed Mode) as there is an application running against the DB locally that will not run under Mixed Mode.
  Our Oracle partner has download and installed the 11g Heteregenous Services. all works fine until the point we try to create the DBLink and then connect to the SQL Server DB when we get:
  SQL> CREATE DATABASE LINK infoteam1.sco.infoteam.co.uk CONNECT TO "sco.infoteam.co.uk/infoteam" IDENTIFIED BY "########" USING 'dg4msql';
  Database link created.
  SQL> select * from "systables"@infoteam1.sco.infoteam.co.uk;
  select * from "systables"@infoteam1.sco.infoteam.co.uk
  ERROR at line 1:
  ORA-28500: connection from ORACLE to a non-Oracle system returned this message:
  [Oracle][ODBC SQL Server Driver][SQL Server]Login failed for user
  'sco.infoteam.co.uk/infoteam'. Reason: Not associated with a trusted SQL Server
  connection.[Oracle][ODBC SQL Server Driver]Invalid connection string attribute
  ORA-02063: preceding 2 lines from INFOTEAM1.SCO.INFOTEAM.CO.UK
  The question is can we (and if so how)?) connect to the SQL Server using an NT Windows Authorised account?
  Jeremy

  Hi,
  Please look at MOS note
  ORA-28500: Generic connectivity using ODBC DSN over mapped drive fails [ID 105210.1]
  Ora-28500 with Ms Sqlserver - Not associated with a trusted SQL Server connection [ID 333775.1]
  Regards,
  Edited by: gjilevski1 on Aug 31, 2010 8:23 AM

• Help: Connecting Tomcat to CA-IDMS Using JDBC Type 4 Drivers (JNDI)

  Hi there,
  I have a rather interesting / complex problem......creating a connection to CA-IDMS from Tomcat using JDBC type 4 drivers (CA provide the type 4 driver).
  We have a zSeries 9 IBM mainframe running CA-IDMS r16.1, and I need to connect to the IDMS from Tomcat (running on Linux) using the JDBC Type 4 drivers provided by CA.
  At this stage I am struggling with the actual setup and configuration of Tomcat’s server.xml and web.xml files. These are the files where the JDBC configuration is set (I think). I have to setup the CA-IDMS part of the configuration, but that is a different problem. Basically there is a TCP/IP listener on the IDMS, waiting for incoming connections from the JDBC type 4 driver.
  I set up a Tomcat to MySQL connection using MySQL Connector / J, which is a similar kind of process to what I am trying to achieve with IDMS. MySQL connector / J came with a jar file which is placed in Tomcat’s lib folder, and then the JDBC setup for the web application is created in Tomcat's server.xml and web.xml files. You can then connect to the MySQL database using JSP and the configured JDBC driver / connection. The CA-IDMS Server comes with an idmsjdbc.jar file, which I think is the JDBC typr 4 driver. I think it needs to be placed in the Tomcat /lib folder, but I don’t know how to set up the configuration.
  There is a JDBC DriverManager which allows JDBC drivers to connect to CA-IDMS. The DriverManager recognises the following syntax:
  jdbc:idms://hostname:port/database
  This allows the JDBC driver running within Tomcat to connect to the IDMS which is running on the IDM mainframe. CA IDMS r16 supports direct connections from the Type 4 JDBC driver to the Central Version on IDMS. "hostname" is the DNS name or IP address of the machine where the CV is running, and "port" is the IP port that was specified for the listener PTERM (setup on the IDMS side).
  There is a caidms.properties file for the JDBC driver, which is used to specify user ID, password, and optional accounting information. It can also be used to specify physical connection information, allowing an application to connect to a CA-IDMS database without requiring the definition of an ODBC style data source. However, I don’t know where to place this file within the Tomcat setup.
  There is also an IdmsDataSource class. I don’t know where to configure this or how to set it up; the CA-IDMS Server manual states the following:
  This class implements the JDBC DataSource interface. It is used with an application server (Tomcat) providing Java Naming and Directory Interface (JNDI) naming service to establish a connection to a CA IDMS database. IdmsDataSource properties conform to the Java Beans naming conventions and are implicitly defined by public “setter” and “getter” methods. For example, the “description” property, which is required for all DataSource implementations, is set using the setDescription(String) method. The application server may use the java.lang.reflection methods to discover DataSource properties and provide an interface to set them, or may simply require that they are defined in some configuration file. IdmsDataSource properties are used to specify the connection parameters. These properties are the equivalent of the DriverPropertyInfo attributes described in the previous section and can be used to completely define the parameters needed to connect to a database. Like a URL, an IdmsDataSource object can also reference an “ODBC” style data source name, where the connection parameters are defined in the configuration file on Linux.
  Is there anyone that can try to point me in the right direction to setting up the JDBC connection? I am totally new to Java and so the instructions are not making much sense at the moment. Any help, hints, tips…..anything will be greatly appreciated as I have just hit a brick wall here. I can't find much to do with setting up the CA-IDMS Server JDBC type 4 driver online either....if anyone can point me to some resources that would also be extremely useful.
  Kind regards
  Jp

  You say you've managed to get the JDBC driver working
  in an application but not in a JSP. You also say that
  the error you get is
  "com.microsoft.jdbc.sqlserver.SQLServerDriver".
  I'd be willing to bet that the exception that you have
  got is a ClassNotFoundException. I.E. your application
  server hasn't found the JDBC driver classes. The
  application server probably doesn't use your current
  CLASSPATH to look for classes. It will be setup within
  the application server in some way and you'll need to
  check your app server documentation to see how it is
  done.
  Try replacing
  e.printStackTrace();with
  e.printStackTrace(out);to get a full stack trace of your error.
  ColTried it. Got this error when I tried to run the JSP.
  Incompatible type for method. Can't convert javax.servlet.jsp.JspWriter to java.io.PrintWriter.
            e.printStackTrace(out);
  I'm currently using Apache Tomcat 4.0.3 as my JSP/Servlet Container.
  I'm also using Type 4 MS SQL Server 2000 JDBC driver version 2.0 on my NT4.0 Server.
  Do I need to set my JDBC driver in my container? if so, how do I do that?

• ACS 5.3, ASA using TACACS+ forces to PAP?

  As the title says I'm trying to have an ASA (8.2.3) auth against an ACS 5.3 using TACACS+.  It only works if I have PAP enabled on the ACS.  Obviously this concerns me.  I've found the following reference in the configuration guides:
  TACACS+ Server Support
  The ASA supports TACACS+ authentication with ASCII, PAP, CHAP, and MS-CHAPv1.
  I can't figure out how to make the ASA use MS-CHAPv1 though.  Seems like it should be pretty simple.
  Incidentally I was having the same problem with VPN auth's using RADIUS but I was able to fix that by enabling the password management option which is only available in CHAPv2.  Seems that option isn't available under TACACS+.
  Any suggestions?

  As far as I am aware the asa will only use PAP to authenticate console exec logins. I wish it used chap-v2.
  Sent from Cisco Technical Support iPhone App