VPN over Internet Issues

I have a Mac OS X Server with VPN (L2TP and PTP) enabled. I am able to connect to the VPN service from my iMac (I also tried another computer) from within my LAN, but VPN over LAN isn't very useful, of course.
The problem is, I cannot connect to the VPN by typing in my public IP (with the rest of the settings the same) instead of the private IP. I've enabled port forwarding for UDP 1701, 4500, and 500, and TCP 1723. I also tried making my Mac OS X Server machine (a Mac Mini) a DMZ host, and that didn't work. I turned my router's firewall off, too.
So if I can connect to my VPN locally but not over the Internet even though I've enabled a DMZ host, which shouldn't fail, some setting must be wrong somewhere. Does anyone know what it could be?
By the way, the Mini is on WiFi for now (we recently got it and haven't set up a place for it yet).

Jeff: Sorry to sound inexperienced, but I can't find a VPN or network related log in Console. Which one is it? Anyway, I doubt that it's the connection settings but something with my router. I know all routers are different, but I was wondering if there was some generic problem with VPN and routers. Strangely enough, my other services work on the server (HTTP, AFP, SSH, VNC) by port forwarding. Again, DMZ hosting did NOT solve the problem, so I'm guessing that there's more to do if you want VPN???
Basically (to anyone), my VPN works fine over the network, so my settings must be correct, and I am almost sure that when I connect over the internet, the request does not even touch my server.
As for the other reply: I've forwarded the same ports and made my server's IP static like in the thread. The only difference is that DD-WRT firmware. Was that the final solution?
P.S. My server is temporarily down (due to some nasty irrepairable permissions issues) as I reinstall Mac OS X, so I can't really test anything on the server until it's up.
Message was edited by: Mac OS 9000

Similar Messages

  • MPD over NFS which is not on LAN but over Internet

    Hello,
    I tried MPD on a raspberry pi and a NFSv4 mount over vpn over internet.
    Suffice to say, I was surprised when I saw mpd actually attempting to *read* one and every file in the huge 500GB repository. What the hell. Why does it need to "read" in the whole file??
    Is there an alternative to mpd with similar capabilities, that doesnt suck? Or should I run mpd on the main server - but how do I then get the sound/mp3s to the raspberry pi?

    HiImTye wrote:
    you could do library updates from the NFS server and save the library info to the NFS share, then point your MPD server you use to listen on to those library files. then you don't have to struggle with network speeds on updates.
    but this does make me curious why it is reading the entire songs. it could just be that you have a lot of songs so that it seems like it is? idk
    I scp'ed over the database file from main server which had indexed/updated the db with about 80k songs.
    Then mounted the nfs share to the rasperry pi to the same absolute paths as on the main server (why not).
    This works fine, I see only the songs that I play are transferred quite fast, playing is almost instantenous, and they seem to be cached somewhere. Seeking within files is also fast, especially once already played.
    Now as you say, the database file needs to be kept in sync between the NFS server and raspberry, one way would be to put it as well in some nfs share, or sshfs or whatever, or even cronjob it with rsync, since I wont be doing database updates/adding albums that often on the main server.
    Would be good if something like this was documented somewhere. Like the wiki. And an option in mpd to ignore update commands to its database - thats now dangerous - it does read all the files, and even if it only tries to read headers - for some shares such as 1 or 2TB of songs, thats too much. Now the mpd on rasperry is more of a proxy.
    So yes, this does work now, the slight downside is that the android client mpdroid is not that good - it doesnt respect volume keys when not in view'and such, but one can live with that.

  • How to setup a vpn over the internet

    Hi ,
    how to setup a vpn over the internet ? Just  I have using window server 2012 r2, I already install 'remote access service' also ready enable VPN service but I can't connect to vpn server over Internet(Other network), when I connect from LAN , vpn service
    is enable I can connected. My ADSL router also Enable VPN access(PPTP, L2TP, IPsec). But I can't access my server over Internet :'( . What I need to do? Help me please.
    Thanks,

    Hiya,
    Did you have a look at this guide? - It gives you all the steps.
    http://www.howtogeek.com/135996/how-to-create-a-vpn-server-on-your-windows-computer-without-installing-any-software/

  • I am transmitting data over internet and WiFi ,it's working fine with internet but when I choose WiFi for data transmission data is not being transmitted. What may be the possible issues of data transmission failure over WiFi?  Please help me.

    I am transmitting data over internet and WiFi ,it's working fine with Internet but when I choose WiFi for data transmission data is not being transmitted. What may be the possible issues of data transmission failure over WiFi?     Please help me....
    Thanks in Advance.
    Neeraj@iDev

    After a week's worth of debugging, I found the issue.
    The Java type returned from the call was defined as ArrayList.  Changing it to List resolved the problem.
    I'm not sure why ArrayList isn't a valid return type, I've been looking at the Adobe docs, and still can't see why this isn't valid.  And, why it works in Debug mode and not in Release build is even stranger.  Maybe someone can shed some light on the logic here to me.

  • EBS R12 forms over Internet...???

    Hii All,
    Can we deploy EBS R12 forms over internet?
    Is it supported by oracle..?
    will there be any issues in accessing EBS forms through internet...?
    Will there be any security issues...??
    Did anybody implemented this already..?
    or using VPN is safe...?
    Please help me out finding right stratagy...!!
    Thanks
    RB
    Edited by: R12DBA on Nov 5, 2010 1:39 PM

    Hi,
    Can we deploy EBS R12 forms over internet?Yes.
    Is it supported by oracle..?Yes.
    will there be any issues in accessing EBS forms through internet...?
    Will there be any security issues...??If you follow the steps in the DMZ documents, it should be OK.
    Did anybody implemented this already..?Yes.
    or using VPN is safe...?This is also a valid option.
    Please help me out finding right stratagy...!!See these docs/links.
    Oracle E-Business Suite R12 Configuration in a DMZ [ID 380490.1]
    Case History: Implementing a Reverse Proxy Alone in a DMZ Configuration - R12 [ID 726953.1]
    iHelp in R12 Not Working With Load Balanced or DMZ Environments [ID 604843.1]
    What Does "DMZ Certification" Mean?
    http://blogs.oracle.com/stevenChan/2007/04/what_does_dmz_certification_me.html
    Additional Configuration and Deployment Options in Release 12
    http://blogs.oracle.com/stevenChan/2007/02/additional_configuration_and_d.html
    Troubleshooting DMZ Setups for Apps
    http://blogs.oracle.com/stevenChan/2007/09/troubleshooting_dmz_setups_for.html
    Thanks,
    Hussein

  • Asa 5505 vpn from internet native vpn client, tcp discarted 1723

    Hello to all,
    I'm configuring this asa for to connect home users to my network using the native microsoft vpn clients with windows xp over internet.
    This asa have on the outside interface one public intenet ip and in the inside inferface have configured in the the network 192.168.0.x and i want to acces to this network from internet users using native vpn clients.
    I tested with one pc connected directly to the outside interface and works well, but when i connect this interface to internet and tried to connect on user to the vpn i can see in the logs this, and can't connect with error 800.
    TCP request discarded from "public_ip_client/61648" to outside:publicip_outside_interface/1723"
    Can help me please?, Very thanks in advance !
    (running configuration)
    : Saved
    ASA Version 8.4(3)
    hostname ciscoasa
    enable password *** encrypted
    passwd *** encrypted
    names
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.0.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address publicinternetaddress 255.255.255.0
    ftp mode passive
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network gatewayono
    host gatewayofinternetprovideraccess
    description salida gateway ono
    object service remotointerno
    service tcp destination eq 3389
    description remoto
    object network pb_clienteing_2
    host 192.168.0.15
    description Pebble cliente ingesta 2
    object service remotoexternopebble
    service tcp destination eq 5353
    description remotoexterno
    object network actusmon
    host 192.168.0.174
    description Actus monitor web
    object service Web
    service tcp destination eq www
    description 80
    object network irdeto
    host 192.168.0.31
    description Irdeto
    object network nmx_mc_p
    host 192.168.0.60
    description NMX Multicanal Principal
    object network nmx_mc_r
    host 192.168.0.61
    description NMX multicanal reserva
    object network tarsys
    host 192.168.0.10
    description Tarsys
    object network nmx_teuve
    host 192.168.0.30
    description nmx cabecera teuve
    object network tektronix
    host 192.168.0.20
    description tektronix vnc
    object service vnc
    service tcp destination eq 5900
    description Acceso vnc
    object service exvncnmxmcr
    service tcp destination eq 5757
    description Acceso vnc externo nmx mc ppal
    object service exvncirdeto
    service tcp destination eq 6531
    description Acceso vnc externo irdeto
    object service exvncnmxmcp
    service tcp destination eq 5656
    object service exvnctektronix
    service tcp destination eq 6565
    object service exvncnmxteuve
    service tcp destination eq 6530
    object service ssh
    service tcp destination eq ssh
    object service sshtedialexterno
    service tcp destination eq 5454
    object-group service puertosabiertos tcp
    description remotedesktop
    port-object eq 3389
    object-group protocol TCPUDP
    protocol-object udp
    protocol-object tcp
    object-group network DM_INLINE_NETWORK_1
    network-object object irdeto
    network-object object nmx_mc_p
    network-object object nmx_mc_r
    network-object object nmx_teuve
    network-object object tektronix
    object-group service vpn udp
    port-object eq 1723
    object-group service DM_INLINE_TCP_1 tcp
    port-object eq https
    port-object eq pptp
    object-group network DM_INLINE_NETWORK_2
    network-object object actusmon
    network-object object tarsys
    access-list inside_access_in extended permit object remotointerno any any
    access-list inside_access_in extended permit object ssh any any
    access-list inside_access_in extended permit object-group TCPUDP any any eq www
    access-list inside_access_in extended permit icmp any any
    access-list inside_access_in extended permit object vnc any any
    access-list inside_access_in extended permit ip any any
    access-list outside_access_in extended permit object remotointerno any object pb_clienteing_2
    access-list outside_access_in extended permit object-group TCPUDP any object actusmon eq www
    access-list outside_access_in remark Acceso tedial ssh
    access-list outside_access_in extended permit tcp any object tarsys eq ssh
    access-list outside_access_in extended permit object vnc any object-group DM_INLINE_NETWORK_1
    access-list outside_access_in extended permit tcp any any object-group DM_INLINE_TCP_1
    access-list outside_access_in extended deny icmp any any
    access-list corporativa standard permit 192.168.0.0 255.255.255.0
    access-list Split-Tunnel-ACL standard permit 192.168.0.0 255.255.255.0
    pager lines 24
    logging enable
    logging monitor debugging
    logging asdm debugging
    logging debug-trace
    mtu inside 1500
    mtu outside 1500
    ip local pool clientesvpn 192.168.0.100-192.168.0.110 mask 255.255.255.0
    ip local pool clientesvpn2 192.168.1.120-192.168.1.130 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any inside
    icmp permit any outside
    no asdm history enable
    arp timeout 14400
    nat (outside,inside) source static any interface destination static interface actusmon service Web Web unidirectional
    nat (outside,inside) source static any interface destination static interface tarsys service sshtedialexterno ssh unidirectional
    nat (outside,inside) source static any interface destination static interface pb_clienteing_2 service remotoexternopebble remotointerno unidirectional
    nat (outside,inside) source static any interface destination static interface irdeto service exvncirdeto vnc unidirectional
    nat (outside,inside) source static any interface destination static interface nmx_mc_p service exvncnmxmcp vnc unidirectional
    nat (outside,inside) source static any interface destination static interface nmx_mc_r service exvncnmxmcr vnc unidirectional
    nat (outside,inside) source static any interface destination static interface nmx_teuve service exvncnmxteuve vnc unidirectional
    nat (outside,inside) source static any interface destination static interface tektronix service exvnctektronix vnc unidirectional
    nat (any,outside) source dynamic DM_INLINE_NETWORK_2 interface
    access-group inside_access_in in interface inside
    access-group outside_access_in in interface outside per-user-override
    route outside 0.0.0.0 0.0.0.0 gatewayinternetprovideracces 1
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    eou allow none
    aaa local authentication attempts max-fail 10
    http server enable
    http 192.168.0.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    no sysopt connection permit-vpn
    crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec ikev1 transform-set clientewindowsxp esp-3des esp-md5-hmac
    crypto ipsec ikev1 transform-set clientewindowsxp mode transport
    crypto ipsec ikev1 transform-set L2TP-IKE1-Transform-Set esp-aes esp-sha-hmac
    crypto ipsec ikev1 transform-set L2TP-IKE1-Transform-Set mode transport
    crypto ipsec ikev2 ipsec-proposal DES
    protocol esp encryption des
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal 3DES
    protocol esp encryption 3des
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES
    protocol esp encryption aes
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES192
    protocol esp encryption aes-192
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES256
    protocol esp encryption aes-256
    protocol esp integrity sha-1 md5
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set ikev1 transform-set clientewindowsxp
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
    crypto dynamic-map L2TP-MAP 10 set ikev1 transform-set L2TP-IKE1-Transform-Set
    crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map inside_map interface inside
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map L2TP-VPN-MAP 20 ipsec-isakmp dynamic L2TP-MAP
    crypto map L2TP-VPN-MAP interface outside
    crypto ca trustpoint _SmartCallHome_ServerCA
    crl configure
    crypto ikev2 policy 1
    encryption aes-256
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 10
    encryption aes-192
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 20
    encryption aes
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 30
    encryption 3des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 40
    encryption des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 enable outside client-services port 443
    crypto ikev2 remote-access trustpoint Ingenieria
    crypto ikev1 enable inside
    crypto ikev1 enable outside
    crypto ikev1 policy 5
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 10
    authentication crack
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 20
    authentication rsa-sig
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 30
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 40
    authentication crack
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 50
    authentication rsa-sig
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 60
    authentication pre-share
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 70
    authentication crack
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 80
    authentication rsa-sig
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 90
    authentication pre-share
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 100
    authentication crack
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 110
    authentication rsa-sig
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 130
    authentication crack
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 140
    authentication rsa-sig
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 150
    authentication pre-share
    encryption des
    hash sha
    group 2
    lifetime 86400
    telnet 192.168.0.0 255.255.255.0 inside
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd dns 8.8.8.8
    dhcpd auto_config outside
    dhcpd address 192.168.0.5-192.168.0.36 inside
    dhcpd dns 8.8.8.8 8.8.4.4 interface inside
    dhcpd auto_config outside interface inside
    dhcpd enable inside
    no threat-detection basic-threat
    no threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ssl trust-point Ingenieria outside
    webvpn
    tunnel-group-list enable
    group-policy DefaultRAGroup internal
    group-policy DefaultRAGroup attributes
    wins-server none
    dns-server value 192.168.0.1
    vpn-tunnel-protocol l2tp-ipsec
    default-domain none
    group-policy DfltGrpPolicy attributes
    dns-server value 8.8.8.8
    vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
    group-policy ingenieria internal
    group-policy ingenieria attributes
    vpn-tunnel-protocol l2tp-ipsec
    default-domain none
    group-policy L2TP-Policy internal
    group-policy L2TP-Policy attributes
    dns-server value 8.8.8.8
    vpn-tunnel-protocol l2tp-ipsec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value Split-Tunnel-ACL
    intercept-dhcp enable
    username ingenieria password 4fD/5xY/6BwlkjGqMZbnKw== nt-encrypted privilege 0
    username ingenieria attributes
    vpn-group-policy ingenieria
    username rjuve password SjBNOLNgSkUi5KWk/TUsTQ== nt-encrypted
    tunnel-group DefaultRAGroup general-attributes
    address-pool clientesvpn
    address-pool clientesvpn2
    authentication-server-group (outside) LOCAL
    authorization-server-group LOCAL
    default-group-policy L2TP-Policy
    authorization-required
    tunnel-group DefaultRAGroup ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group DefaultRAGroup ppp-attributes
    no authentication chap
    authentication ms-chap-v2
    class-map inspection_default
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    prompt hostname context
    call-home reporting anonymous
    Cryptochecksum:59b54f1d10fe829aeb47bafee57ba95e
    : end
    no asdm history enable

    Yes with this command creates this
    policy-map global_policy
        class inspection_default
         inspect pptp
    But don't work. I also tried to add the pptp and gre in the outside access rules but nothing...
    I don't understand why if a connect directly to the outside interface with the same outside network works well.
    ej: the pc have 89.120.145.14 ip and the outside asa have 89.120.145.140 and if I create one vpn in this pc the outside ip 89.120.145.140 with the correct parameters the asa don't discart 1723 and connect ok but if this ip is not of this range discards 1723...

  • Is there a way to have a Chicken of the vnc type GUI over internet in ARD3?

    Hello, to whoever reads this question, thanks in advance if you can help.
    My need is this. I regularly use Chicken of the VNC for multiple administration over the internet, but what I like is the possibility to have same IP but Multiple clients with fixed IP (local) behind Firewall, i.e. x.x.x.x:5910 x.x.x.x:5920, x.x.x.x:5930, etc. and i can connect at the same time to the different machines to admin them.
    Question: Is there any possibility to have the multiple connections with ARD 3 or even ARD 2 over the internet with same IP?
    At one point ARD 3 did work for me like that for about an hour and then it stopped, blocking out 2 of 3 machines in the same IP. I mean, it acutally let me have 2 windows open on the same IP with different ports over internet and was flabbergasted, but then it stopped! when I quitted and restarted, I could do it no more…
    I really like ARD, but if I got to manually change the port everytime I log in… yikes…!! I admin 20 machines in 10 different locations, so everytime i gotta log in to machine 'a' then change ports to machine 'b' for 10 locations everyday… well I hope you get the idea.
    BTW i tried looking all over the forum, but could not find this info specifically.
    PS thank you for your time

    I, too, was a bit bummed out by the lack of this feature. I wondered if ARD 3 had some sort of mode Apple themselves used "silently".
    There IS a way to make it work, however -- via VPN. I discovered that once I used VPN into my company's intranet, ARD 3's scanner could see EVERY Mac in the company.
    Setting up a VPN nowadays is pretty simple -- many routers handle the support for you. OS X's Internet Connect feature makes it trivial to connect to the VPN, once it is properly set up from the inside of the company.

  • Accessing discoverer viewer over internet

    URL's host name is changed when i am clicking to expand report link for work sheet selection. I have installed Oracle 10g AS and discoverer and trying to access work sheets over internet using discoverer viewer.

    Hello Michael,
    Thank you for your response. I did not changed fully qualified domain name. I am trying to access the discoverer viewer from outside of our LAN through internet. I have configured firewall to allow HTTP trafic to exposed server and mapped public IP and port to local discoverer server (port forwarding) to route discoverer viewer requests to discoverer server. Discover server is in our local domain with local IP address. I am able to view the viewer login and Worksheet list page with public IP in discoverer URL. When i am clicking to expand worksheet in worksheet list page, viewer changes the IP address part of URL to local host name. This local host name is not resolved outside and IE shows the 'Page Not Found' error. Pl suggest the way to resolve this issue.
    Thanks,
    Sambhaji Ghorpade

  • WLC 5508 7.0.98.0 has vpn client connection issues

    Hi
    my guest ssid is set to L2 security none and L3 Web policy and authentication local. clients that need to connect to some vpn server (internet) are reporting disconnection issues with the vpn session but not the wireless network. as soon as they get connected via another wireless internet connection the vpn connection gets stable. that makes me thing is in deed the my wireless network the one causing issues.  is there a know issues with the web authentication WLAN and vpn clients?  no firewall in the middle.
    Exclusionlist.................................... Disabled
    Session Timeout.................................. Infinity
    CHD per WLAN..................................... Enabled
    Webauth DHCP exclusion........................... Disabled
    Interface........................................ xxxxxxxxxxxxxxxx
    WLAN ACL......................................... unconfigured
    DHCP Server...................................... Default
    DHCP Address Assignment Required................. Disabled
    --More or (q)uit current module or <ctrl-z> to abort
    Quality of Service............................... Bronze (background)
    Scan Defer Priority.............................. 4,5,6
    Scan Defer Time.................................. 100 milliseconds
    WMM.............................................. Allowed
    Media Stream Multicast-direct.................... Disabled
    CCX - AironetIe Support.......................... Enabled
    CCX - Gratuitous ProbeResponse (GPR)............. Disabled
    CCX - Diagnostics Channel Capability............. Disabled
    Dot11-Phone Mode (7920).......................... Disabled
    Wired Protocol................................... None
    IPv6 Support..................................... Disabled
    Passive Client Feature........................... Disabled
    Peer-to-Peer Blocking Action..................... Disabled
    Radio Policy..................................... All
    DTIM period for 802.11a radio.................... 1
    DTIM period for 802.11b radio.................... 1
    Radius Servers
       Authentication................................ Disabled
       Accounting.................................... Disabled
       Dynamic Interface............................. Disabled
    Local EAP Authentication......................... Disabled
    Security
       802.11 Authentication:........................ Open System
       Static WEP Keys............................... Disabled
       802.1X........................................ Disabled
       Wi-Fi Protected Access (WPA/WPA2)............. Disabled
       CKIP ......................................... Disabled
       Web Based Authentication...................... Enabled
            ACL............................................. Unconfigured
            Web Authentication server precedence:
            1............................................... local
       Web-Passthrough............................... Disabled
       Conditional Web Redirect...................... Disabled
       Splash-Page Web Redirect...................... Disabled
       Auto Anchor................................... Disabled
       H-REAP Local Switching........................ Disabled
       H-REAP Learn IP Address....................... Enabled
       Client MFP.................................... Optional but inactive (WPA2 not configured)
       Tkip MIC Countermeasure Hold-down Timer....... 60
    Call Snooping.................................... Disabled
    Roamed Call Re-Anchor Policy..................... Disabled
    Band Select...................................... Disabled
    Load Balancing................................... Disabled

    Thanks Scott,
    We have two controllers and all the APs (50) are associated with the primary Controller,what is the best path to follow for the upgrade.
    we don't have Field recoversy image installed on our controller, do we have to do the FSU upgrade?
    (Cisco Controller) >show sysinfo
    Manufacturer's Name.............................. Cisco Systems Inc.
    Product Name..................................... Cisco Controller
    Product Version.................................. 7.0.98.0
    Bootloader Version............................... 1.0.1
    Field Recovery Image Version..................... N/A
    Firmware Version................................. FPGA 1.3, Env 1.6, USB console                                                        1.27
    Build Type....................................... DATA + WPS
    System Name...................................... Airespace_01
    System Location..................................
    System Contact...................................
    System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
    IP Address....................................... 10.0.0.201
    Last Reset....................................... Power on reset
    System Up Time................................... 9 days 2 hrs 57 mins 21 secs
    System Timezone Location......................... (GMT -6:00) Central Time (US and Canada)
    Current Boot License Level....................... base
    Current Boot License Type........................ Permanent
    Next Boot License Level.......................... base
    Next Boot License Type........................... Permanent
    Configured Country............................... Multiple Countries:US,CN,DE,TW,HK
    Is the below Upgrade Path make sense ?
    1. Upgrade the Primary controller and reboot- wait till all APs associate with primary controller and download the new image
    2. Upgrade the secondary controller and reboot
    3. Failover the APs to secondary controller and test
    Siddhartha

  • Cisco VPN over a tethered Personal Hotspot on IP4(Airtel)

    Hello everyone
    I am having problems connecting to our company Cisco VPN over a tethered or Personal Hotspot connection on my iPhone 4 (Airtel).
    When the Hotspot is on, I am able to use the CISCO AnyConnect Secure Mobility Client to connect to the server, However, when I use the Remote Desktop Connection.
    this is the error:
    The Mac cannot connect to the Windows-based computer.
    This problem can occur if:
    • The Windows-based computer is not set up to accept remote connections.
    • The Windows-based computer is not turned on.
    • The Mac, or the Windows-based computer is experiencing network problems.
    Try connecting to the Windows-based computer again, or contact your administrator.
    Has anyone else had these kinds of problems? I have no idea what to try, I am not a VPN/network expert.
    If i use an Andriod device to tether the internet connection, I am able to connect to the Cisco server and connect to my work server using the Remote desktop. So i am wondering if this is to do with the way Iphone share internet.
    Any help is really appreciated.

    I have noted that all vpn or remote desktop solutions will not work over personal hotspot(ph) seems like the iPhone is blocking some ports. First I thought it was the lack of service announces over the network but it seems even with a direct ip connect you can't share vpn connections.
    This limits apps like Air display from working over an iPhone and some other services like standard vpn are out of the question as well. There must be a .plist file somewhere in the iPhone 4 version of the 4.3.2 ios that blocks certain ports when on ph. Would be nice to have a look, but I have no expertise in this.
    But  +1 Confirm that vpn are locked.

  • I have changed my PC, deactivated Adobe Acrobat and tried to load on new PC. Got to registration and get the message " A problem was encountered while trying to send information over internet" this is 8 standard

    I have changed my PC, deactivated Adobe Acrobat and tried to load on new PC. Got to registration and get the message " A problem was encountered while trying to send information over internet" this is 8 standard
    When I try to use it to make pdf files I get the message "Missing PDFMaker files
    It is a proper copy with serial numbers

    Moving this discussion to the Acrobat Installation & Update Issues forum.

  • Entire R12 over internet!!!

    Hello,
    Our requirement is to make EBS R12(forms,OA pages, conc_processing etc) all components accessible over internet I had gone through note 380490.1 & 726953.1 but thing is making this implementaion is only making OA pages accessible over internet, I need to know is there any method other then VPN where I can make whole EBS accessible to internet.
    Regards
    Saransh Soni

    Hello Hsawwan,
    In doc 380490.1 option 2.1,2.2,2.3 in all these options its saying as 'Restrict access to a limited set of Oracle Applications responsibilities for users logging in via the Internet' also in option 2.4 there is no limitation documented anywhere but while configuring context file its stricley saying to disable all services other then oa pages hosting.
    I just want to know is it possible to make entire EBS services available over internet by implementing reverse proxy.
    Regards
    Saransh Soni

  • Problem in RTP over Internet(JMF Gurus help me)

    hi,
    i have developed an application over internet for video transmission,
    from client to server the transmission is good but when from server(Static IP server) to client i am not getting the streaming using public IP
    but i am recieving the control information like system info
    username@systemname
    wot is the problem here
    -venkat

    Hi Seriphan,
    Thank you for allowing me to access your SA500.  I noticed lots of ethernet WAN errors (eth1) in your error log, like the ones that follow;
    WARN Kernel eth1: Using 10Mbps with software preamble removal
    WARN Kernel eth1: Using 10Mbps with software preamble removal
    WARN Kernel size of this packet is lesser than minimum length
    I also noticed that you manually set the WAN speed to 100 Full duplex. This means that any autonegotiation process between the Service providers xDSL modem and my SA520 will fail.
    The service providers modem seems to be running at 10meg probably half duplex and you have manually set your WAN port speed to a  fixed speed of  100 meg and  full duplex, as per your screen capture below.
    By setting a port  to a fixed speed you without knowing it turn off the autonegotiate process.  Unless you configure the xDSL modem to 100 full duplex you will have WAN connection issues.
    Please select auto in the SA520  and allow the SA500 to autonegotiate with the ethernet peer, which just happens to be a xDSL modem..
    regards dave

  • Configure time capsule to open over internet

    hello
    i have macbook pro retina os x yosemiti, i bought time capsule 3T, i connect it to my laptop and is ok,
    i want to configure it to open remotly  and control it over internet,
    please advise on how to do that?
    thank you for your reply in advance

    Post immediately above yours has the answers.
    How can I access my Airport Time Capsule from a remote location?
    Configure over WAN though is problematic and your TC will give you an error.
    It is best to stick to what BTMM offers.. if you really need access to the level of actually changing the settings you are highly likely to mess up your own access. That is why you should do it professionally using vpn connection.. not some trick method.

  • Hide computer's name over internet!

    Hi there ,
    Can my computer's name be seen over internet just like windows? If yes how can I hide it while surfing via browser or even when I'm not surfing and having other connections via other things?

    But as long as IP of TC is visible the incoming connection can also be redirected to my computer.
    No, actually, it cannot. Not unless you edit the settings for your Time Capsule and set up port forwarding... and that's assuming that the cable/DSL modem is a "dumb device" that simply passes on all traffic, which may or may not be the case.
    ( by the way hiding the IP was not my question)
    No, but it is relevant to the question. The issue, as I understood it, was whether or not your machine is accessible from the outside world, and it is not.
    By sending a request to a website or server for a connection you send many information about your system( browser,OS, version, mac address, language and so on) in windows as far as I know the name of the user's computer can be seen by the server side
    I don't know if that is true or not, but I can tell you for a fact this is not the case on a Mac. I just used Wireshark to capture all the traffic involved in loading a web page, then searched it for my machine's name. It was not found. Of course, I'm not sure what anyone would do with my machine's name... I'll even tell it to you right now: "Zeus". That gives you no power whatsoever over my machine.

Maybe you are looking for