VPN connection works, but can't ping or access any other device on remote network
I have an OS X Lion server at work (uses a static IP of 192.168.2.10). VPN is setup and works.
The work network's router has an IP of 192.168.2.1 and hands out IPs of 192.168.2.100-149. The VPN service is configured to hand out IPs of 192.168.2.150-170.
My home network uses a router with an IP of 192.168.1.1 and hands out IPs from 192.168.1.2-49
Both routers are using subnet mask of 255.255.255.0
The problem is, I can connect to the VPN just fine and access all services running on that same OS X server like iChat and AFP file sharing. But, I cannot directly access any other device on the office network like client machines or even trying to log into the router's GUI interface. Pings timeout, etc.
Example:
At my home, I have a local IP of 192.168.1.12 and I connect to the work VPN. It assigns me an IP address of 192.168.2.151 and I'm able to connect to iChat on the OS X server that has a static IP of 192.168.2.10
In terminal, I try to ping the router on the work network (192.168.2.1) and I get no response (even though ICMP response is turn ON). I try to ping another OS X workstation on the work office, and get no response.
I'm not sure how to fix this, or whether I need to change settings on either router or the server.
Would greatly appreciate any insight or help on this. Thanks.
danimalapple wrote:
I have an OS X Lion server at work (uses a static IP of 192.168.2.10). VPN is setup and works.
The work network's router has an IP of 192.168.2.1 and hands out IPs of 192.168.2.100-149. The VPN service is configured to hand out IPs of 192.168.2.150-170.
My home network uses a router with an IP of 192.168.1.1 and hands out IPs from 192.168.1.2-49
Both routers are using subnet mask of 255.255.255.0
The problem is, I can connect to the VPN just fine and access all services running on that same OS X server like iChat and AFP file sharing. But, I cannot directly access any other device on the office network like client machines or even trying to log into the router's GUI interface. Pings timeout, etc.
Example:
At my home, I have a local IP of 192.168.1.12 and I connect to the work VPN. It assigns me an IP address of 192.168.2.151 and I'm able to connect to iChat on the OS X server that has a static IP of 192.168.2.10
In terminal, I try to ping the router on the work network (192.168.2.1) and I get no response (even though ICMP response is turn ON). I try to ping another OS X workstation on the work office, and get no response.
I'm not sure how to fix this, or whether I need to change settings on either router or the server.
Would greatly appreciate any insight or help on this. Thanks.
Check the DNS settings on the server (see my earlier post in this thread).
Similar Messages
-
I downloaded a movie on one of my computers, and yet I can't see it in my purchases and I can't download it on any other devices. Any suggestions?
Films will only show in your library if you've downloaded it on that computer or copied it from another computer. You checked the Purchased link under Quicklinks on the right-hand side of the store homepage to see if it shows there for redownloading on that computer
If it doesn't show there then you can copy it over from the computer that you downloaded it on e.g. via home sharing : http://support.apple.com/kb/HT4527 (that page refers specifally to music, but it works for other content types as well).
Or you can right-clidck (control-click on a Mac) on the film in the iTunes library that it is on and select 'show in explorer' ('show in finder') and copy it to, for example, a flashdrive, and use that to copy it onto the other computer's iTunes library (File > Add To Library) -
VPN client connected to VPN but can't ping or access to server
HI ,
i need help urgently, had been troubleshooting for a day, but have no ideal what wrong with the config.
Basically there is 2 set of VPN configured, one is site to site IPSEC VPN and another one is connect via VPN client software coexist in same router.
This recently we having problem on client can't access or ping to internal server which is 192.168.6.3 from VPN client software.
VPN client will connect to VPN ip pool as10.20.1.0 to 10.20.1.100
Software itself shown connected but request time out when ping.
Below is the config. Some of the command might be extra as when i did some test, but end up didn't work.
aaa new-model
aaa authentication login userauthen local
aaa authorization network adminmap group VPNClient
aaa authorization network groupauthor local
aaa authorization network map-singapore local
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key emptyspace address 203.142.83.218 no-xauth
crypto isakmp keepalive 15 periodic
crypto isakmp client configuration address-pool local ippool
crypto isakmp client configuration group map-singapore
key cisco123
dns 192.168.6.3
domain cisco.com
pool ippool
acl 102
crypto isakmp profile VPNclient
match identity address 27.54.43.210 255.255.255.255
match identity group vpnclient
client authentication list userauthen
client configuration address respond
crypto ipsec security-association idle-time 86400
crypto ipsec transform-set REMSET esp-3des esp-md5-hmac
crypto ipsec transform-set DYNSET esp-aes esp-md5-hmac
crypto ipsec transform-set esp-3des-sha esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10
set transform-set DYNSET
set isakmp-profile VPNclient
reverse-route
crypto map VPNMAP client authentication list userauthen
crypto map VPNMAP isakmp authorization list map-singapore
crypto map VPNMAP client configuration address respond
crypto map VPNMAP 10 ipsec-isakmp dynamic dynmap
crypto map VPNMAP 11 ipsec-isakmp
description VPN to ASA5520
set peer 203.142.83.218
set security-association lifetime kilobytes 14608000
set security-association lifetime seconds 86400
set transform-set REMSET
match address 100
interface GigabitEthernet0/0
ip address 27.54.43.210 255.255.255.240
ip nat outside
no ip virtual-reassembly
duplex full
speed 100
crypto map VPNMAP
interface GigabitEthernet0/1
ip address 192.168.6.1 255.255.255.0
ip nat inside
no ip virtual-reassembly
duplex full
speed 100
interface GigabitEthernet0/2
description $ES_LAN$
no ip address
shutdown
duplex auto
speed auto
ip local pool ippool 10.20.1.0 10.20.1.100
ip forward-protocol nd
ip pim bidir-enable
no ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip nat inside source route-map nonat interface GigabitEthernet0/0 overload
ip nat inside source static 192.168.6.3 27.54.43.212
ip route 0.0.0.0 0.0.0.0 27.54.43.209
ip route 192.168.1.0 255.255.255.0 27.54.43.209
ip route 192.168.151.0 255.255.255.0 192.168.6.151
ip route 192.168.208.0 255.255.255.0 27.54.43.209
ip access-list extended RA_SING
permit ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip 10.0.0.0 0.255.255.255 192.168.6.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 192.168.208.0 0.0.0.255
permit ip 10.20.1.1 0.0.0.100 192.168.6.0 0.0.0.255
permit ip 10.20.1.0 0.0.0.255 10.0.0.0 0.255.255.255
deny ip any any log
access-list 1 remark Local Network
access-list 1 permit 192.168.6.0 0.0.0.255
access-list 1 permit 192.168.102.0 0.0.0.255
access-list 1 permit 192.168.151.0 0.0.0.255
access-list 2 remark VPNClient-range
access-list 2 permit 10.0.0.0 0.255.255.255
access-list 10 permit 192.168.6.0 0.0.0.255
access-list 10 permit 192.168.102.0 0.0.0.255
access-list 10 permit 192.168.151.0 0.0.0.255
access-list 10 permit 10.0.0.0 0.255.255.255
access-list 100 permit ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.102.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.6.0 0.0.0.255 192.168.208.0 0.0.0.255
access-list 100 permit ip host 192.168.6.7 host 192.168.208.48
access-list 101 deny ip 192.168.6.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
access-list 101 permit ip 192.168.6.0 0.0.0.255 any
access-list 102 permit ip 10.0.0.0 0.255.255.255 any
access-list 120 deny ip any any log
access-list 120 deny ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255 log
access-list 120 deny ip 192.168.6.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 120 deny ip 192.168.6.0 0.0.0.255 192.168.208.0 0.0.0.255
no cdp run
route-map nonat permit 10
match ip address 120
control-plane
alias isakmp-profile sh crypto isakmp sa
alias exec ipsec sh crypto ipsec sa
banner motd ^CC^CI did not try to ping 4.2.2.2. I just know I can not ping comcasts dns servers. I have updated the firmware on the router and it did not work. The computer was able to access the internet until about a week ago, I don't understand what could have changed that I would now need a static DNS.
-
Wireless nearly working, but can't ping
I've been trying to get wireless to work on my laptop using wpa_supplicant. I seem I be connected to the network, but I'm unable to ping google. Here's some info:
bash-3.2# wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf
Trying to associate with 00:1a:1e:8d:1d:20 (SSID='Northwestern' freq=2462 MHz)
Associated with 00:1a:1e:8d:1d:20
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)
EAP-MSCHAPV2: Authentication succeeded
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
WPA: Key negotiation completed with 00:1a:1e:8d:1d:20 [PTK=CCMP GTK=CCMP]
CTRL-EVENT-CONNECTED - Connection to 00:1a:1e:8d:1d:20 completed (auth) [id=0 id_str=]
bash-3.2# dhcpcd wlan0
wlan0: dhcpcd 4.0.12 starting
wlan0: broadcasting for a lease
wlan0: offered 165.124.136.34 from 129.105.49.10
wlan0: acknowledged 165.124.136.34 from 129.105.49.10
wlan0: checking 165.124.136.34 is available on attached networks
wlan0: leased 165.124.136.34 for 1800 seconds
bash-3.2# ifconfig wlan0
wlan0 Link encap:Ethernet HWaddr 00:1F:3B:27:C4:15
inet addr:165.124.136.34 Bcast:165.124.136.255 Mask:255.255.255.0
inet6 addr: fe80::21f:3bff:fe27:c415/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21 errors:0 dropped:0 overruns:0 frame:0
TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3977 (3.8 Kb) TX bytes:2952 (2.8 Kb)Hi, the wireless link seems to be done successfully because you can obtain an IP on the network.
What error message does the ping google.com command give ?
Also can you ping 129.105.49.10, the dhcp server which gives you an ip ?
After the dhcp setup, what default gateway shows the route command ? -
VPN connection works but VPN traffic is blocked
I have an 881w in a central site which remote users VPN into with desktop client then initiate RDP connection to machines at central site. I configured this mostly with the Easy VPN tool since I am a complete novice with Cisco equipment. We just upgraded to this from Linksys running DD-WRT since we were running the CPU on it at 100%.
Details
Remote clients can ping the gateway but nothing else and can't RDP to machines.
Clients cannot be pinged from central site.
Configuration Professional shows active connections.
The network at the central site is 192.168.10.0/24.
The network at the remote sites is unknown, but it is not the same as the central site.
Can someone help me figure out what I'm doing wrong?
Thank you for looking. The config is posted below.
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname 881w01
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$j49H$gGfj5TWFFbg/fc0sAc1rN/
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa session-id common
memory-size iomem 10
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-2923777556
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2923777556
revocation-check none
rsakeypair TP-self-signed-2923777556
crypto pki certificate chain TP-self-signed-2923777556
certificate self-signed 01
EDITED OUT
quit
no ip source-route
ip dhcp excluded-address 192.168.10.1 192.168.10.200
ip dhcp excluded-address 192.168.10.251 192.168.10.254
ip dhcp pool ccp-pool1
import all
network 192.168.10.0 255.255.255.0
dns-server 208.67.222.222 208.67.220.220
default-router 192.168.10.2
domain-name EDITED OUT
ip cef
no ip bootp server
ip domain name EDITED OUT
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip ddns update method ccp_ddns1
HTTP
add http://EDITED [email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
remove http://EDITED [email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
no ipv6 cef
license udi pid CISCO881W-GN-A-K9 sn FTX162683LX
username EDITED OUT privilege 15 secret 5 $1$BK.5$K7ODMYoskU8zBrozUoXj..
username EDITED OUT secret 5 $1$pG2b$aAEaz1JagmxNQHmqTMEBe0
username EDITED OUT secret 5 $1$ySKe$rqvLbt.LeSu83HKmCdaSN1
username EDITED OUT secret 5 $1$btT6$P24XxPBSQRrGD4BtvYJbo0
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-any SDM_BOOTPC
match access-group name SDM_BOOTPC
class-map type inspect match-any SDM_DHCP_CLIENT_PT
match class-map SDM_BOOTPC
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-any sdm-cls-bootps
match protocol bootps
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any SDM_IP
match access-group name SDM_IP
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
pass
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class class-default
drop
policy-map type inspect ccp-permit
class type inspect SDM_EASY_VPN_SERVER_PT
pass
class type inspect SDM_DHCP_CLIENT_PT
pass
class class-default
drop
policy-map type inspect sdm-permit-ip
class type inspect SDM_IP
pass
class class-default
drop log
zone security out-zone
zone security in-zone
zone security ezvpn-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
service-policy type inspect sdm-permit-ip
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group EDITED OUT
key EDITED OUT
dns 208.67.222.222 208.67.220.220
domain accnet.com
pool SDM_POOL_2
acl 102
save-password
max-logins 5
crypto isakmp profile ciscocp-ike-profile-1
match identity group EZVPNGroup
client authentication list ciscocp_vpn_xauth_ml_2
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA1
set isakmp-profile ciscocp-ike-profile-1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description WAN link$FW_OUTSIDE$$ES_WAN$$ETH-WAN$
ip address dhcp client-id FastEthernet4
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
interface Virtual-Template1 type tunnel
description VPN virtual interface
ip unnumbered FastEthernet4
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.10.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
ip local pool SDM_POOL_1 30.30.30.10 30.30.30.30
ip local pool SDM_POOL_2 192.168.10.10 192.168.10.29
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip access-list extended SDM_AH
remark CCP_ACL Category=1
permit ahp any any
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
ip access-list extended SDM_ESP
remark CCP_ACL Category=1
permit esp any any
ip access-list extended SDM_IP
remark CCP_ACL Category=1
permit ip any any
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=4
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
access-list 102 remark CCP_ACL Category=4
access-list 102 permit ip 192.168.10.0 0.0.0.255 any
no cdp run
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500Thank you for the respnse Jennifer. I have made the suggested changes, but no change in behavior on either end.
Does anything else stand out as a potential problem? The current running-config is below:
I'll take a stab at what I think the problem could be, but this is an uneducated guess.
I think I need acl 150 instead of acl 102 under
"crypto isakmp client configuration group EZVPNGroup"
I also think I can get rid of SDM_POOL_1 since it appears to not be used, but I don't think this is actually causing any issue.
Building configuration...
Current configuration : 11362 bytes
! Last configuration change at 09:07:22 PCTime Sun Aug 5 2012 by 881wmin
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname 881w01
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 EDITED
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa session-id common
memory-size iomem 10
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-EDITED
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-EDITED
revocation-check none
rsakeypair TP-self-signed-EDITED
crypto pki certificate chain TP-self-signed-EDITED
certificate self-signed 01
EDITED
quit
no ip source-route
ip dhcp excluded-address 192.168.10.1 192.168.10.200
ip dhcp excluded-address 192.168.10.251 192.168.10.254
ip dhcp pool ccp-pool1
import all
network 192.168.10.0 255.255.255.0
dns-server 208.67.222.222 208.67.220.220
default-router 192.168.10.2
domain-name EDITED
ip cef
no ip bootp server
ip domain name EDITED
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip ddns update method ccp_ddns1
HTTP
add http:/[email protected]/nic/update?system=dyndns&hostname=&myip=
remove http://[email protected]/nic/update?system=dyndns&hostname=&myip=
no ipv6 cef
license udi pid CISCO881W-GN-A-K9 sn FTX162683LX
username EDITED
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-any SDM_BOOTPC
match access-group name SDM_BOOTPC
class-map type inspect match-any SDM_DHCP_CLIENT_PT
match class-map SDM_BOOTPC
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-any sdm-cls-bootps
match protocol bootps
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any SDM_IP
match access-group name SDM_IP
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
pass
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class class-default
drop
policy-map type inspect ccp-permit
class type inspect SDM_EASY_VPN_SERVER_PT
pass
class type inspect SDM_DHCP_CLIENT_PT
pass
class class-default
drop
policy-map type inspect sdm-permit-ip
class type inspect SDM_IP
pass
class class-default
drop log
zone security out-zone
zone security in-zone
zone security ezvpn-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
service-policy type inspect sdm-permit-ip
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group EZVPNGroup
key EDITED
dns 208.67.222.222 208.67.220.220
domain EDITED
pool SDM_POOL_2
acl 102
save-password
max-users 20
max-logins 5
crypto isakmp profile ciscocp-ike-profile-1
match identity group EZVPNGroup
client authentication list ciscocp_vpn_xauth_ml_2
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA1
set isakmp-profile ciscocp-ike-profile-1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description WAN link$FW_OUTSIDE$$ES_WAN$$ETH-WAN$
ip address dhcp client-id FastEthernet4
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
interface Virtual-Template1 type tunnel
description VPN virtual interface
ip unnumbered FastEthernet4
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.10.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
ip local pool SDM_POOL_1 30.30.30.10 30.30.30.30
ip local pool SDM_POOL_2 192.168.80.10 192.168.80.29
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 150 interface FastEthernet4 overload
ip access-list extended SDM_AH
remark CCP_ACL Category=1
permit ahp any any
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
ip access-list extended SDM_ESP
remark CCP_ACL Category=1
permit esp any any
ip access-list extended SDM_IP
remark CCP_ACL Category=1
permit ip any any
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=4
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
access-list 102 remark CCP_ACL Category=4
access-list 102 permit ip 192.168.10.0 0.0.0.255 any
access-list 150 deny ip 192.168.10.0 0.0.0.255 192.168.80.0 0.0.0.255
access-list 150 permit ip 192.168.10.0 0.0.0.255 any
no cdp run
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username privilege 15 secret 0
Replace and with the username and password you
want to use.
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end -
I just purchased Acrobat XI pro for Mac. I have OS 10.9.2 When I got to digitally sign, it only allows me to sign using certificate- which does not render a legible name- and is an apple authorization certificate. Or if I go to "type text" the only type showing in the box is Helvetica 12. I can't adjust that. then I put my name in and that's it. It does not look like a signature. I was hoping to insert an image
or at least have it look like a signature.
What can fix this?
DarcyWhen I click "place signature" I only have one option.
It asks me "How would you like to create your signature?
The only option available to me is "use a certificate- When I attempt to use another option there are some but they are not available to me."use an image" draw my signature, or type my signature
are not available.
For that reason I went to preferences to see what I could do to change the settings- and all I could do was manage the certificate signature- so that it looks better than it did.
As an aside- after doing that- the document went on and the person couldn't sign because it had an "open password" If you also know about that- that would be great.
This is the only reason I purchased the Adobe XI so I could draw my signature or type it and have it appear as a signature. -
I have a new ipad and everything works but can't connect to the app store. Itunes works and the wifi seems to be working but i get a blank white screen when i open the appstore. Nothing will load unter the features or charts tab so i cant download any apps. Purchased and updates tab loads fine. Any suggestions?
You would get better response from the iTunes community forum.
Have a nice day! -
I just got a new Mac yesterday and I am trying to connect my Logitech headset for work but can't! I plug it into the USB but nothing pops up and I can't find where I go to look to see if it's connected. HELP!
Ask the Verizon store to exchange your iPhone for a different iPhone 4.
UPDATE - Sure, try ckuan's solution first. Then use mine if that fails.
Message was edited by: sberman -
i am having trouble with exchange account connection .the vpn connects fine but the exchange account is still showing the yellow light .can anyone help?
I had a similar problem. Here is how I resolved the issue.
1. Remove Network Connect
2. Run Terminal and remove /usr/local/juniper and everything within the juniper directory.
3. Reboot the machine and reinstall Network Connect
4. Test if you can now connect.
During removal, you may encounter permission denied error, you will need to change the permission to 777. For example "sudo chmod 777 nc". -
I purchased a new router and can not connect my IPHONE 4S to it. All my other devices connect fine including my IPAD. HELP! I am not a techie!! I am a newbie
My guess is that when you see the router on your phone, you press the blue arrow on the right - thats why you see all the IP stuff. Don't press the blue arrow. Press further to the left. You should be prompted for a password then.
-
Almost got VPN to work, but Auth failing?
Hi,
I almost got VPN to work, but I have one last error. Here is, what I did so far:
1.) Configured VPN via Server app
2.) Enabled PPTP like described in Apple support doc
3.) VPN Server is reachable within my home network
4.) VPN Server is reachable from outside my home network
I'd be more than happy if anyone could provide me with some hints on how to fix either of the following two errors
When I try to connect via L2TP (From in- or outside the network), I get the following error:
Aug 29 22:42:17 server racoon[164]: Connecting.
Aug 29 22:42:17 server racoon[164]: IPSec Phase1 started (Initiated by peer).
Aug 29 22:42:17 server racoon[164]: IKE Packet: receive success. (Responder, Main-Mode message 1).
Aug 29 22:42:17 server racoon[164]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
Aug 29 22:42:17 server racoon[164]: IKE Packet: receive success. (Responder, Main-Mode message 3).
Aug 29 22:42:17 server racoon[164]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
Aug 29 22:42:17 server racoon[164]: IKE Packet: receive failed. (Responder, Main-Mode Message 5).
Aug 29 22:42:20 server racoon[164]: IKE Packet: transmit success. (Phase1 Retransmit).
Aug 29 22:42:20 server racoon[164]: IKE Packet: receive failed. (Responder, Main-Mode Message 5).
Aug 29 22:42:23: --- last message repeated 1 time ---
Aug 29 22:42:23 server racoon[164]: IKE Packet: transmit success. (Phase1 Retransmit).
Aug 29 22:42:23 server racoon[164]: IKE Packet: receive failed. (Responder, Main-Mode Message 5).
Aug 29 22:42:26: --- last message repeated 1 time ---
Aug 29 22:42:26 server racoon[164]: IKE Packet: transmit success. (Phase1 Retransmit).
Aug 29 22:42:26 server racoon[164]: IKE Packet: receive failed. (Responder, Main-Mode Message 5).
Aug 29 22:42:38: --- last message repeated 1 time ---
Aug 29 22:42:38 server racoon[164]: IKE Packet: transmit success. (Phase1 Retransmit).
Aug 29 22:42:38 server racoon[164]: IKE Packet: receive failed. (Responder, Main-Mode Message 5).
However, when I try to connect via PPTP (no matter if from in- or outside my network), I see the following error:
Aug 29 22:27:18 server pppd[16843]: The remote system is required to authenticate itself
Aug 29 22:27:18 server pppd[16843]: but I couldn't find any suitable secret (password) for it to use to do so.
Aug 29 22:27:18 server vpnd[16413]: --> Client with address = 192.168.1.226 has hungupI have not yet tried the VPN server in Lion, but I would normally associate IKE traffic with L2TP style VPN connections and not PPTP connections. This might indicate the remote client is trying to make an L2TP connection and you have not yet setup that properly with the same shared secret password at both ends (this different the actual users login password).
Or of course you can correct the remote client and set it to use PPTP. -
I bought an external hard drive for backups to use with Time Machine, but however when I try to connect it with the other windows laptop it doesn't work ? intact it doesn't work on any other device except my MAC ?
Do not worry about it.
Time Machine needs that your external drive is formatted in HFS+, or better known as "Mac OS Extended (Journaled)". This filesystem is used by Apple on Macs and Windows cannot read or write drives formatted with this filesystem, being this the reason why all your devices do not read the external drive except your Mac.
You can only use your external drive to make Time Machine drives. If you store anything different, you may damage the Time Machine structure, so it is better not to use it as a drive to store other data. Instead, get another external drive to do it or create a second partition on the external drive formatted in FAT32 by using Disk Utility > http://pondini.org/OSX/DU3.html FAT32 can be read by Windows PCs -
DW CS3: test connection works, but local pages won't upload.
My MacBook Pro died, can'taccess files or apps and I don't have the CS3 install disks, so I moved DW over from my Mac Pro.The test connection works, but local pages won't upload.I re-entered all the site info, confirmed I ahd all the correct FTP settings from my sertver tech guys. I even created a new site duplicating all the original info. BTW I have ALWAYS had this problem on the Mac Pro...Never been able to upload from that computer. All the other apps in CS3 work fine.
jackhatfieldFileZilla worked. Thanks so much. Still wish I could figure out why
Dreamweaver won¹t transfer files, it would be easier than editing in DW and
then having to use Filezilla to transfer them. DW never transferred files on
the Mac Pro I had it installed on either (that¹s where I got it from when I
moved apps to my new MacBook Pro).
jack -
At first my Apple TV was stuck so I unplugged it and re plugged it so everything disappeared all my apps everything then when I tried hooking up to my Internet it said connected to wifi but cannot connect to the Internet so I'm not sure what that means or how to fix it
GH
When you say everything disappeared do you still have Computers and Settings icons? Try rebooting the router and apple tv with all cables out for 30 seconds. Does it work eathernet connected if you can try that too?
Jules -
I downloaded iOS 7 onto my iPhone 4 and updated the iTunes on my PC, WiFi connection works but somewhow it won't do anything when I plug the iPhone. Now, I got frustrated that neither iTunes nor my iPhone do anything. I need my iPhone to get it back to work regardless if it's back to the last version of iOS.
I just encountered this problem for the first time and stumbled upon this forum to find a solution. I played around with it a bit and it seems that if you slide your finger from the bottom up, you will come upon that new screen that will allow you to do various functions with your phone (put it in airport mode, lock, etc.), you can select your Airport from this screen and play your music wirelessly from your phone; at least this was my experience. Hope this helps!
Maybe you are looking for
-
Com sdk issue: order of stop and play events
Hopefully someone can answer a question regarding the Windows COM SDK. I've written a few applications in VB using this interface to monitor my play history. The documentation says that when the track changes, an OnPlayerStopEvent is given followed b
-
Nokia E71- Sounds Cuts Out in Videos?
When I record videos using my Nokia E71, during playback the sound will cut out half way through as if it's been muted, but the video keeps playing. It doesn't cut out at the same time in each video, just randomly..and sometimes it doesn't cut out at
-
HI, EVERY BODY I NEED INFORMATION ABOUT : <b>BUSINESS FLOW in BW</b> it is SD DATA FLOW or SOURCE SYSTEM to BW FLOW OR WHAT ? PLZ SEND ME AT [email protected]
-
I am having a problem deleting .app files from my macbook. I can delete other files such as .mp3 or any other but for some reason when i delete a .app it reappears on my HD. there will be a white circle with a line through it as if its stopping me fr
-
Reinstalling InDesign and Illustrator
I need to reload Illustrator and InDesign (CS4) because when I try to open a document in these it give me a warning stating " The localized resource files for this application could not be loaded. Please reinstall or repair the application and try ag