VPN connected - how do I access my office mac?
VPN - I am connected remotely on my MacBook Air via a VPN connection to my office Mac. How do I actually "see" the files, folders, etc. on my office Mac?
Thank you for your suggestion. I did turn on file sharing on the server before I left last night and attempted to connect through the VPN to the server's local address at my office but I was unsuccessful. The IP address I used was the static assigned IP address of the server computer and I waited for over 10 minutes to connect without getting a connection or any error messages. Prior to that, when I used an incorrect address or attempted to use the actual server's assigned network name, I received an error message within 10 seconds. Is there something I haven't considered at this point?
Similar Messages
-
Once VPN is connected, how do I access files?
I was able to get VPN connected to the network at the office. What do I use to access files and how do I access the exchange server? Our system is not set up to use IMAP.
Thanks
MacBook Pro 2.0 Mac OS X (10.4.10) Need XP capabilityThank you for your suggestion. I did turn on file sharing on the server before I left last night and attempted to connect through the VPN to the server's local address at my office but I was unsuccessful. The IP address I used was the static assigned IP address of the server computer and I waited for over 10 minutes to connect without getting a connection or any error messages. Prior to that, when I used an incorrect address or attempted to use the actual server's assigned network name, I received an error message within 10 seconds. Is there something I haven't considered at this point?
-
Remote access my office mac from my home mac
I know this is not the right forum for this, but I am not sure which one is and so I am asking this question here in the hopes that someone will direct me to the right place.
If I want to access my office mac from home, what program do I need to use? (Apple Remote Desktop?) Where can I find detailed instructions?
Other pertinent details:
I have a PB at home and one at the office, both running OSX.3.
Both are on a wireless network.
Office is behind a firewall.
Because both computers are on a wireless network, their IP addresses are of the form 10.0.1.xxx. Turning on File sharing on the office computer and then doing "ssh [email protected].....etc. does not seem to work.
Ideally I want to be able to remotely run programs on the office computer. I know this ability exists for Windows XP (and my colleagues use it), so it MUST exist for Macs.
Any help will be much appreciated.
Thanks,
NSns,
Apple Remote Desktop and Timbuktu Pro are worthy programs; you can achieve the same effects with free VNC (virtual network connection) software. Essentially, you set one Mac up as a VNC server, the other as a VNC client, and connect the client to the server. Check Version Tracker and/or MacUpdate for such freeware as VNCThing (OS 9 client), OSXvnc (OS X server), and Chicken of the VNC (OS X client).
The firewall will require you to set up port forwarding. I've actually found the FAQ and help info at the site for the Windows program UltraVNC along with PortForward more than enough to figure how to set up a VNC link to a Windows PC in my wife's office that could be accessed by either my office Mac (before turning on the link encryption) or her home PC. Adding / using SSH is somewhat more complicated and outside of my firsthand experience, but there are references at e.g. SSH VNC Tunneling (try Googling "SSH VNC Mac"). See for example:
Homemade Dot-Mac: Remote Control
MacMod - Your Mac Modding HQ
VNC Sessions From Off-Campus
Note that if you have the usual dynamic IP account at home and a static IP at work, it will be easier to set up the work computer as the server since the IP number will be a fixed address. If both computers are on dynamic IP accounts, the server's IP number will have to be checked locally before connecting remotely (one reason ISPs can charge extra for static IP accounts). -
How do i access word for mac on my macbook air?
how do i access word for mac on my macbook air?
Purchase it. Here's one link to an Amazon site to buy one of the many Office configurations:
http://www.amazon.com/Office-Mac-Home-Student-2011/dp/B003YCOJA8/ref=sr_1_3?s=so ftware&ie=UTF8&qid=1349217216&sr=1-3&keywords=office+for+mac
You would receive Office on a CD, and need a disk drive for your MacBook Air to access so you could download the software. -
How do I load on Office:Mac onto my new MacBook Pro when it doesn't have a disk drive?
How do I load on Office: Mac onto my new MacBook Pro when it doesn't have a disk drive - I don't want to have to purchase another copy.
Glad you were able to solve your problem. For the benefit of others who may find this discussion later, allow me to suggest another possibility.
If you have access to another Mac running Lion or Mountain Lion with an optical drive, you should be able to use the Remote Disc feature to access the optical drive on that other Mac. -
How do I access my work mac from my home mac?
how do I access my work mac from my home mac?
Your best choice would be to use Back to My Mac with your iCloud Account. For more informatio please see the following topics.
OS X: Using and Troubleshooting Back to My Mac with your iCloud account
http://support.apple.com/kb/HT4907
OS X: About Back to my Mac security with iCloud
http://support.apple.com/kb/HT4908
Hope this helps you and let us know how it goes. -
VPN connects but unable to access resources on remote network
HI,
I'm able to ping the ASA interface once the VPN is connected but unable to access any of the resources located on the remote network such as shares and computers. The cisco vpn client shows data being sent and recieved when I ping the interface on the ASA but it doesn't recieve any data when I attempt to ping or access other resources on the network.
ASA Version 8.2(5)
hostname HOST_NAME
domain-name default.domain.invalid
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
speed 10
duplex half
interface Ethernet0/4
speed 100
duplex full
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.10.8.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 12.x.x.x x.x.x.x
boot system disk0:/asa825-k8.bin
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 10.10.8.2
domain-name default.domain.invalid
same-security-traffic permit intra-interface
object-group service Vipre tcp
port-object range 18082 18082
port-object range 18086 18086
object-group network town
network-object 192.168.0.0 255.255.0.0
access-list outside_20_cryptomap extended permit ip 10.10.8.0 255.255.255.0 192.168.0.0 255.255.252.0
access-list new extended permit ip host 192.168.0.1 any
access-list new extended permit ip any host 192.168.0.1
access-list outside_20_cryptomap_1 extended permit ip 10.10.8.0 255.255.255.0 192.168.0.0 255.255.252.0
access-list townoffice_splitTunnelAcl standard permit 10.10.8.0 255.255.255.0
access-list townremote_splitTunnelAcl standard permit 10.10.8.0 255.255.255.0
access-list outside_access_in extended permit tcp any interface outside object-group Vipre
access-list outside_access_in extended permit tcp any object-group Vipre interface inside object-group Vipre
access-list outside_access_in extended permit tcp any eq 3389 10.10.8.0 255.255.255.0 eq 3389
access-list test extended permit ip host 192.168.0.6 host 10.10.8.155
access-list test extended permit ip host 10.10.8.155 host 192.168.0.6
access-list test extended permit ip host 10.10.8.2 host 192.168.3.116
access-list test extended permit ip host 192.168.3.116 host 10.10.8.2
access-list test extended permit ip host 10.10.8.155 host 192.168.3.116
access-list bypass extended permit ip host 10.10.8.155 host 192.168.3.116
access-list bypass extended permit tcp 192.168.0.0 255.255.0.0 10.10.8.0 255.255.255.0
access-list bypass extended permit tcp 10.10.8.0 255.255.255.0 192.168.0.0 255.255.0.0
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpn 10.10.8.125-10.10.8.149 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (inside) 1 interface
global (outside) 1 interface
nat (inside) 1 192.168.0.0 255.255.0.0
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 18082 10.10.8.2 18082 netmask 255.255.255.255
static (inside,outside) tcp interface 18086 10.10.8.2 18086 netmask 255.255.255.255
static (inside,outside) tcp interface 3389 10.10.8.2 3389 netmask 255.255.255.255
static (inside,inside) 192.168.0.0 192.168.0.0 netmask 255.255.0.0
static (inside,inside) 10.10.8.0 10.10.8.0 netmask 255.255.255.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 12.70.119.65 1
route inside 192.168.0.0 255.255.0.0 10.10.8.250 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http outside
http outside
http inside
http outside
http inside
http outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt noproxyarp inside
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 60 set pfs
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 80 set pfs
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 100 set pfs
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto map outside_map 20 match address outside_20_cryptomap_1
crypto map outside_map 20 set pfs
crypto map outside_map 20 set peer 69.87.150.118
crypto map outside_map 20 set transform-set ESP-3DES-SHA ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 30
telnet 10.10.8.0 255.255.255.0 inside
telnet timeout 5
ssh 63.161.207.0 255.255.255.0 outside
ssh timeout 5
console timeout 0
dhcpd dns 10.8.8.2
dhcpd address 10.10.8.150-10.10.8.200 inside
dhcpd dns 10.10.8.2 interface inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy aaa internal
group-policy aaa attributes
dns-server value 10.10.8.2 4.2.2.2
vpn-tunnel-protocol IPSec
default-domain value domainname
group-policy bbb internal
group-policy bbb attributes
wins-server value 10.10.8.2
dns-server value 10.10.8.2
vpn-tunnel-protocol IPSec l2tp-ipsec
split-tunnel-policy tunnelall
split-tunnel-network-list value townoffice_splitTunnelAcl
default-domain value domainname.local
group-policy townremote internal
group-policy townremote attributes
wins-server value 10.10.8.2
dns-server value 10.10.8.2 4.2.2.2
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value townremote_splitTunnelAcl
default-domain value domainanme
group-policy remote internal
group-policy remote attributes
wins-server value 10.10.8.2
dns-server value 10.10.8.2
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value townremote_splitTunnelAcl
default-domain value dksecurity.local
address-pools value vpn
username xxxx password . encrypted privilege 15
username xxxx attributes
vpn-group-policy dksecurityremote
username xxx password encrypted privilege 15
username xxx attributes
vpn-group-policy dksecurityremote
username xxxx password . encrypted privilege 15
username xxx password encrypted privilege 15
username xxx attributes
vpn-group-policy dksecurityremote
username xxx password encrypted privilege 15
username xxxx attributes
vpn-group-policy dksecurityremote
username xxx password encrypted privilege 15
username xxx attributes
vpn-group-policy dksecurityremote
username xxx password encrypted privilege 15
username xxx attributes
vpn-group-policy dksecurityremote
username xxx password encrypted privilege 15
username xxx password encrypted privilege 15
username xxxx attributes
vpn-group-policy remote
username xxx password encrypted privilege 15
username xxx attributes
vpn-group-policy remote
username xxx password encrypted privilege 15
username xxx attributes
vpn-group-policy remote
username xxxx password encrypted privilege 15
username xxx password encrypted privilege 15
username xxx attributes
vpn-group-policy remote
tunnel-group 69.87.150.118 type ipsec-l2l
tunnel-group 69.87.150.118 ipsec-attributes
pre-shared-key *****
tunnel-group remote type remote-access
tunnel-group remote general-attributes
address-pool vpn
default-group-policy townremote
tunnel-group townremote ipsec-attributes
pre-shared-key *****
isakmp keepalive disable
tunnel-group townremote type remote-access
tunnel-group townremote general-attributes
address-pool vpn
default-group-policy townremote
tunnel-group lansingremote ipsec-attributes
pre-shared-key *****
class-map tcp-bypass
match access-list bypass
class-map test
match access-list new
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
no dns-guard
no protocol-enforcement
no nat-rewrite
policy-map global_policy
class test
class inspection_default
policy-map tcp
class tcp-bypass
set connection random-sequence-number disable
set connection advanced-options tcp-state-bypass
service-policy global_policy global
service-policy tcp interface inside
prompt hostname context
call-home reporting anonymous prompt 2
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:c724d6744097760d94a7dcc79c39568a
: endYou need to change the VPN pool ip subnet to something other than the same ip range used on the inside interface.
Sent from Cisco Technical Support iPad App -
How do I control my office mac throught the internet from home
I have a small office network with 5 computers.
The network is has internet access through a windows 2003 server PC. On the network I have 3 macs, one mac mini server running Filemaker Pro 11 which acts as a filemaker server for the other 3 Macs. When I am in the office I use my MBP with Remote Desktop 3.4 to access the server mac and work on Filemaker. I need to be able to access this from home through the internet.
How do I go about this. I don't have local Mac support where I live, and the IT people I use only know Windows systems.
Thanks
AbelThank you, the problem has been solved. I would think that the help screens of Remote Desktop can explain that better, but I managed to find the solution searching through the forum.
I had the IT guy open ports 3283 and 5900 on the router and then instructed the router to forward request to those ports to the internal IP address of the computer I want to controll.
In Remote Desktop I selected Scanner and the button Network Address and then entered the router's internet IP address.
RDP then picks up the computer I want to control and from there you just follow the prompts for password.
Prior to this and since posting my first message I tried out logmein and without any help I was able to remotely contol the other computer without getting anyone to set ports. However I think that Remote Desktop offers more features and is probably faster. -
I have old Mac with no firewire connection, How do I transfere to new Mac ?
I have older Mac no firewire connection
How do I transfere my Itunes to new Mac
Also I have purchased some Korean songs, thru I tunes, they will not transfer (wont copy)
Thanksuse an external USB drive.
-
ASA 5505 IPSEC VPN connected but can't access to LAN
ASA : 8.2.5
ASDM: 6.4.5
LAN: 10.1.0.0/22
VPN Pool: 172.16.10.0/24
Hi, we purcahsed a new ASA 5505 and try to setup IPSEC VPN via ASDM; i just simply run the Wizards, setup vpnpool, split tunnelling,etc.
I can connect to the ASA by using cisco VPN client and internet works fine on the local PC, but it cannot access to the LAN (can't ping. can't remote desktop). I tried the same thing on our Production ASA(those have both Remote VPN and Site-to-site VPN working), the new profile i created worked fine.
Below is my configure, do I mis-configure anything?
ASA Version 8.2(5)
hostname asatest
domain-name XXX.com
enable password 8Fw1QFqthX2n4uD3 encrypted
passwd g9NiG6oUPjkYrHNt encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.1.1.253 255.255.252.0
interface Vlan2
nameif outside
security-level 0
ip address XXX.XXX.XXX.XXX 255.255.255.240
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns server-group DefaultDNS
domain-name vff.com
access-list vpntest_splitTunnelAcl standard permit 10.1.0.0 255.255.252.0
access-list inside_nat0_outbound extended permit ip 10.1.0.0 255.255.252.0 172.16.10.0 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging trap warnings
logging asdm informational
logging device-id hostname
logging host inside 10.1.1.230
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 172.16.10.1-172.16.10.254 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server AD protocol nt
aaa-server AD (inside) host 10.1.1.108
nt-auth-domain-controller 10.1.1.108
http server enable
http 10.1.0.0 255.255.252.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 10.1.0.0 255.255.252.0 inside
ssh timeout 20
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy vpntest internal
group-policy vpntest attributes
wins-server value 10.1.1.108
dns-server value 10.1.1.108
vpn-tunnel-protocol IPSec l2tp-ipsec
password-storage disable
ip-comp disable
re-xauth disable
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpntest_splitTunnelAcl
default-domain value XXX.com
split-tunnel-all-dns disable
backup-servers keep-client-config
address-pools value vpnpool
username admin password WeiepwREwT66BhE9 encrypted privilege 15
username user5 password yIWniWfceAUz1sUb encrypted privilege 5
username user3 password umNHhJnO7McrLxNQ encrypted privilege 3
tunnel-group vpntest type remote-access
tunnel-group vpntest general-attributes
address-pool vpnpool
authentication-server-group AD
authentication-server-group (inside) AD
default-group-policy vpntest
strip-realm
tunnel-group vpntest ipsec-attributes
pre-shared-key BEKey123456
peer-id-validate nocheck
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:447bbbc60fc01e9f83b32b1e0304c6b4
: endI change a Machine's gateway to this ASA and capture again, now we can see some reply.
All ohter PCs and switches gateway are point to another ASA, maybe that's the reason why i didn't work?
what's the recommanded way to make our LAN to have two 2 gateways(for load balance or backup router, etc)?
add two gateways to all PCs and swtichwes?
1: 18:15:48.307875 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
2: 18:15:49.777685 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
3: 18:15:51.377147 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
4: 18:15:57.445777 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
5: 18:15:58.856324 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
6: 18:16:00.395090 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
7: 18:16:06.483464 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
8: 18:16:08.082805 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
9: 18:16:09.542406 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
10: 18:16:20.640424 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.230: icmp: echo request
11: 18:16:20.642193 802.1Q vlan#1 P0 10.1.1.230 > 172.16.10.1: icmp: echo reply
12: 18:16:21.169607 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.230: icmp: echo request
13: 18:16:21.171210 802.1Q vlan#1 P0 10.1.1.230 > 172.16.10.1: icmp: echo reply
14: 18:16:22.179556 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.230: icmp: echo request
15: 18:16:22.181142 802.1Q vlan#1 P0 10.1.1.230 > 172.16.10.1: icmp: echo reply
16: 18:16:23.237673 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.230: icmp: echo request
17: 18:16:23.239291 802.1Q vlan#1 P0 10.1.1.230 > 172.16.10.1: icmp: echo reply
18: 18:16:27.676402 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 50
19: 18:16:29.246935 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 50
20: 18:16:30.676921 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 50
21: 18:16:49.539660 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.233: icmp: echo request
22: 18:16:54.952602 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.233: icmp: echo request
23: 18:17:04.511463 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.233: icmp: echo request -
VPN Connects but unable to access internal devices
Thank you in advance for any assistance that can be provided.
I am using AnyConnect to create a VPN with an ASA 5505. Once connected, the client needs to access a device behind a 1941 router.
Internally, (not using VPN), all my routing is working correctly. My VPN client can connect and when I put a route on my 1941 router, I am able to ping that particular device. But my VPN client cannot appear to ping anything else, either the devices on the same internal range as the ASA 5505 or anything past the 1941.
VPN Client ASA 5505 Workstation 1941 Router Far Device
192.168.201.20 -----> Outside IP x.x.x.x // Internal 192.168.101.1 192.168.101.56 192.168.101.2 // 192.168.8.1 192.168.8.150
Client connects and get IP from ASA
Cannot ping this Cannot ping this
Can ping internal IP of 1941
*(after creating a static route)
I have been playing around with my configuration extensively to try and make this work. Split-tunneling is enabled and is required.
Here is my current config:
hostnameMYHOST
enable password mUUvr2NINofYuSh2 encrypted
passwd UNDrnIuGV0tAPtz2 encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
switchport access vlan 7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.101.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address x.x.x.x 255.255.0.0
interface Vlan7
no forward interface Vlan1
nameif DMZ
security-level 20
ip address 137.57.183.1 255.255.255.0
ftp mode passive
clock timezone MST -7
dns domain-lookup outside
object-group network obj_any_dmz
access-list nonat extended permit ip 192.168.101.0 255.255.255.0 any
access-list nonat extended permit ip 192.168.201.0 255.255.255.0 any
access-list split-tunneling standard permit 192.168.101.0 255.255.255.0
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu DMZ 1500
ip local pool Internal_Range 192.168.101.125-192.168.101.130 mask 255.255.255.0
ip local pool vpn_pool 192.168.201.20-192.168.201.30 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
nat (DMZ) 10 137.57.183.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route inside 192.168.8.0 255.255.255.0 192.168.101.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable 64000
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ca trustpoint ASDM_TrustPoint1
enrollment self
subject-name CN=MYHOST
keypair ClientX_cert
crl configure
crypto ca certificate chain ASDM_TrustPoint1
certificate 0f817951
308201e7 30820150 a0030201 0202040f 81795130 0d06092a 864886f7 0d010105
05003038 31173015 06035504 03130e41 494d452d 56504e2d 42415455 53311d30
1b06092a 864886f7 0d010902 160e4149 4d452d56 504e2d42 41545553 301e170d
31333036 32373137 32393335 5a170d32 33303632 35313732 3933355a 30383117
30150603 55040313 0e41494d 452d5650 4e2d4241 54555331 1d301b06 092a8648
86f70d01 0902160e 41494d45 2d56504e 2d424154 55533081 9f300d06 092a8648
86f70d01 01010500 03818d00 30818902 818100c9 ff840bf4 cfb8d394 2c940430
1887f25a 49038aa0 1299cf10 bda2a436 227dcdbf f1c5566b c35c2f19 8b3514d3
4e24f5b1 c8840e8c 60e2b39d bdc0082f 08cce525 97ffefba d42bb087 81b9adb9
db0a8b2f b643e651 d17cd6f8 f67297f2 d785ef46 c3acbb39 615e1ef1 23db072c
783fe112 acd6dc80 dc38e94b 6e56fe94 d59d5d02 03010001 300d0609 2a864886
f70d0101 05050003 8181007e 29e90ea0 e337976e 9006bc02 402fd58a a1d30fe8
b2c1ab49 a1828ee0 488d1d2f 1dc5d150 3ed85f09 54f099b2 064cd622 dc3d3821
fca46c69 62231fd2 6e396cd1 7ef586f9 f41205af c2199174 3c5ee887 42b684c9
7f4d2045 4742adb5 d70c3805 4ad13191 8d802bbc b2bcd8c7 8eec111b 761d89f3
63ebd49d 30dd06f4 e0fa25
quit
crypto isakmp enable outside
crypto isakmp policy 40
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 DMZ
ssh timeout 10
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
ssl trust-point ASDM_TrustPoint1 outside
webvpn
enable outside
svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
svc enable
group-policy ClientX_access internal
group-policy ClientX_access attributes
dns-server value 4.2.2.2
vpn-tunnel-protocol svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunneling
default-domain value access.local
address-pools value vpn_pool
ipv6-address-pools none
webvpn
svc mtu 1406
svc rekey time none
svc rekey method ssl
username ClientX password ykAxQ227nzontdIh encrypted privilege 15
username ClientX attributes
vpn-group-policy ClientX_access
service-type admin
tunnel-group ClientX type remote-access
tunnel-group ClientX general-attributes
address-pool Internal_Range
default-group-policy ClientX_access
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
default-group-policy ClientX_access
tunnel-group ClientX_access type remote-access
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:da38065247f7334a5408b7ada3af29ae
: endok, lets go on ... ;-)
Split-Tunneling: The ACL must include all networks you want to reach through the VPN:
access-list split-tunneling standard permit 192.168.101.0 255.255.255.0
access-list split-tunneling standard permit 192.168.8.0 255.255.255.0
NAT: Don't use "any" in the nat-exemption, but specify all traffic that should not be natted:
access-list nonat extended permit ip 192.168.101.0 255.255.255.0 192.168.201.0 255.255.255.0
access-list nonat extended permit ip 192.168.8.0 255.255.255.0 192.168.201.0 255.255.255.0
Routing: The 1941 needs a route for the vpn-pool pointing to the ASA (just in case there is no default route to the ASA)
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
I am in a bit of a dilemma and need some help from the community. I have a Mac Mini running 16GB Ram 2.3 I7 and 1 TB Fusion Drive at my office, it is in Parrallels Coherence mode 100% of the time. I have to run certain Windows apps from home. I am setting my routers at the office to accept NAT-PMP, or Plug and Play so that I can access them.
I have two questions:
1. Will I be able to use back to my mac, or screen share to completely operate and share my mac mini with a new mac book air?
2. I am buying a new MacBook Air, I am under the assumption that I can get the 13" 4gb, I5, with 256 GB and I should be able to quickly access and handle all basic remote access, iphoto stuff and some i movie stuff occassionally.
Am I correct in these assumptions? Any recommendations?
I do have IPAD apps that can also access two of the three windows apps that are critical to my company, but really need a traditional computer with mouse to run them effectively remotely.
Thanks in advance for your help,
John1. Will I be able to use back to my mac, or screen share to completely operate and share my mac mini with a new mac book air?
2. I am buying a new MacBook Air, I am under the assumption that I can get the 13" 4gb, I5, with 256 GB and I should be able to quickly access and handle all basic remote access, iphoto stuff and some i movie stuff occassionally.
Yes to both, as long as the Mini is running Mountain Lion or later OS you can use Back to My Mac and Screen Sharing. It will be as though you are seated at the remote Mac. Connections and speed will be determined by Internet conditions.
OS X Mountain Lion: Share your screen using Back to My Mac
It's pretty seamless. Copying files for example is a simple matter of dragging them to or from the Screen Sharing window. If you have multiple users on the Mini you can log in remotely as any user for which you have access, or share the screen interactively with a user's consent.
The only uncertainties are your router, but according to Apple all that should be required is to enable NAT-PMP or UPnP.
I use Apple routers, to eliminate any uncertainty. -
How do I control my office mac with my mac laptop from the road?
I have two Mac machines, my Powerbook G4 is updated to Leopard (even though it says Tiger below Nerowolf) and a new Mac Mini at home. I want to access it in real time from my office. As if I were at home using my Mini. How to I accomplish this? I know I can do it with Ichat but I need something better than that if possible.
Thanks,
JuliasLook at the thread linked below for some answers. There are some good tips there, from stuff like Back to my Mac and LogMeIn to actually configuring your home system for remote access without needing a third party.
http://discussions.apple.com/thread.jspa?messageID=9436505� -
Hi team,
i have been building up native applications and has access to Microsoft tenant in azure and there i have already the mobile application. Also i can add the webapi's to my application once when i went to configure tab and hit add on the bottom.
So from here i can add office 365 exchange online api and set the delegated permissions to required field.
Also i went through couple of articles and videos which shows how to get access to office 365 api.
http://www.microsoftvirtualacademy.com/training-courses/deep-dive-integrate-office-365-apis-in-your-mobile-device-apps?m=11496
As mentioned in video we add the connected service and it sign in to microsoft account and register the app.
Also add some client id to App.xaml . And when we went to tenant application page we can see the new registered app with a client id.
Please let me know if i already has the application in azure and i have added the office 365 exchange online api , then shall i need to do above steps or i can directly hit the api service Uri's.
thanks,
NIteshHi,
need to add the office 365 exchange online web api in Azure and set the required permissions.
then following this video code we can connect with office apis
http://www.microsoftvirtualacademy.com/training-courses/deep-dive-integrate-office-365-apis-in-your-mobile-device-apps?m=11496
also following url can be referred if we need directly to communicate with office 365 api using Oauth authentication method.
https://msdn.microsoft.com/en-us/office/office365/api/api-catalog
Thanks,
Nitesh -
Can anyone suggest a free fast VPN connection
Can anyone suggest a free fast VPN connection.
i want to access streaming video (ie hulu.com)that is blocked in canada. Hotspot Shield works but is way too slow and I get stuttering and frozen video.
Any suggestions would be appreciated
Thanks in advance
DaveFast and free? I'm surprised you can even find slow and free. I use StrongVPN. It is fast, but it isn't free at $15/month.
Maybe you are looking for
-
how to finding a site wise sales and stock report? please reply ASAP
-
*** General (49) error
I'm editing in FCP 6.0.3 and have exported the video via compressor but I'm having trouble with the audio. Specifically, I'm getting an Error (49) message. I'm on an Intel 2 x 3 GHz MacPro. I've tried trashing the preferences, and the render and audi
-
I have this TV hooked up to my Arch machine and whenever I run xrandr the computer sees the output. The problem is, the TV is not recognizing any input so I can't change into VGA. Arch even detects the correct resolution and when I hook up a Debian m
-
I have: select BUKRS BELNR GJAHR BUZEI KOKRS HKONT BSCHL WRBTR SHKZG LIFNR from BSEG into corresponding fields of itab where HKONT in ZCOUNT and BELNR EQ '0003000020' or BELNR EQ '0003000025'. append itab. endselect. where ZCOUNT is
-
Adobe InDesign Licence doesn't work any more
Hi folks. Since Adobe doesn't provide any help I have to turn to you now. It says: Error 150:30 - my licence isn't valid any more. For the record, I have InDesign CS4 and a Mac 10.7.5. Any ideas? Thank you very much!!