Wi-fi access
Hi, My iPhone cannot find my home's wifi as all other devices can. Dose somebody know why? Thank you !!!
Read http://support.apple.com/kb/ts1398
Similar Messages
-
Why self-defined access sequences of free goods can not work?
Hi gurus,
I have maintained access sequences of free goods self-defined.but when i creat the SO it does not work!
when i used the standard access sequences ,it is OK .
Can anybody tell me why?
thanks in advanceDear Sandy,
Go to V/N1 transaction select your self defined access sequence then go in to the accesses and fields and check all fields are activated.
Make sure that these fields are flowing in your sales order.
I hope this will help you,
Regards,
Murali. -
Partner application access to portal login info
How can an SSO partner application (Java) tell whether or not a user has logged in to Portal?
I need to log activity in a public application servlet, so I'd like to log the user as PUBLIC if not logged in or as their actual userid.
I don't seem to have access to this info until the user has visited a secure part of the app.
Any pointers would be appreciated.
Thanks
RobDIY answer ...
The cludge I used to get round this was ...
Make a PL/SQL item which displays a Login or Logout link as appropriate, based on the current userid from portal.wwctx_api.get_user.
The login link goes to a secure portal page called FORCE_LOGIN, passing a URL parameter called nextPageURL which contains the URL of the next page to show after the login is complete. You can use portal.wwpro_api_parameters.get_value( '_pageid', 'a'); to help build the current page URL if you want to retun to the current page.
The FOIRCE_LOGIN page contains a PL/SQL item which builds an IFRAME whos src is a URL to my app servlet ForceLoginServlet, passing on the nextPageURL parameter. Use portal.wwpro_api_parameters.get_value( 'nextPageURL', 'a'); to help with that.
The ForceLoginServlet is a secure servlet (set up in web.xml) so that forces a silent authentication to my app. All the servlet does is display HTML to redirect back to the URL in nextPageURL.
Horrible! But it does the job.
Anyone who know a better way of doing this, please tell me.
Rob -
How to allow access to web service running under ApplicationPoolIdentity
Hi All,
I have a WCF web service hosted in IIS 7 (or maybe 7.5, whichever comes with Windows server 2008 R2) using DefaultAppPool running under ApplicationPoolIdentity per Microsoft's recommendation. The web service needs to call a stored procedure to insert data
to a db. The web server is on a different VM than the database server. The db server is running SQL 2008 R2. Both VMs run Windows server 2008 R2.
When the web service tries to connect to db, it encounters this exception:
Exception in InsertToDb()System.Data.SqlClient.SqlException (0x80131904): Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
Here's the connection string in web.config:
Application Name=somewebservice;Server=somewebserver;Integrated Security=SSPI;Database=somedatabase;Connection Timeout=60"
How should I configure SQL security to make this work?
Thanks in advanced.Thanks for the link Dan. Maybe I'm the one who cause the confusion :)
If I understand you(and Erland) correctly, you suggest using a custom, domain account for application pool identity. However, if we do that, our IT will need to maintain those accounts, and they don't want that. So I'm choosing a built-in account called
ApplicationPoolIdentity as the application pool identity, but it's not working. Network Service, on the other hand, works, but my boss wants us to follow MS's best practice.
What's puzzling is that according to this: http://learn.iis.net/page.aspx/624/application-pool-identities/, both Network Service and ApplicationPoolIdentity uses machine account to access network resource (like db in this case), but in my case, Network Service
works, but not ApplicationPoolIdentity.
Hallo Stephen,
with respect - it seems to me that only idiots are working at your IT ;)... It is absolutely useful to work with "service accounts" created within the domain. That's the only way to manage and control accounts!
If you want to "pass through" the identity of the web user (SSO) you have to check whether the app pool is set to "allow impersonate". As far as I understand the ApplicationPoolIdentity-function the app pool will create a unique user named as the service.
I assume that will not work with the connection to the sql server because this user is unknown.
Local Service will not work because it's restriction is located to the local machine.
Network Service will work because access to network resources will be available.
So my recommendation is to use a dedicated service account or impersonation:
http://msdn.microsoft.com/en-us/library/xh507fc5.aspx
Uwe Ricken
MCITP Database Administrator 2005
MCITP Database Administrator 2008
MCITS Microsoft SQL Server 2008, Database Development
db Berater GmbH
http://www-db-berater.de -
How to let SAP user use SSO to access Application in DMZ?
Hi All,
Our J2EE application is running on a system in DMZ which can not be connected with LDAP. So I am wondering if it's possible to let SAP user use SSO to access our application.
After talking with my colleague I think the only way is to import SSO public key to our WebAS and create user in UME and then assign user to the corresponding public key, but anybody know where to download SSP verification file or is it allowed to download and import into another system at all?
Regards,
BinHi,
Take a look at this example, it uses property nodes to select tha
active plot and then changes the color of that plot.
If you want to make the number of plots dynamic you could use a for
loop and an array of color boxes.
I hope this helps.
Regards,
Juan Carlos
N.I.
Attachments:
Changing_plot_color.vi 38 KB -
How do I access the web utility with model cisco sf302-08p ?
Hi,i have a problem with the model Cisco SB SF302-08PP Switch , i connect a cable rj45 to my pc and configure the adapter local area connection (ip address:192.168.1.252), the LEDs blink green, and go to the address bar and get the IP by default, which according to the manual is 192.168.1.254 and the result is: page not found. Is there any way to change the web utility? How do I access the web utility?
restore the switch by holding more than 30 seconds and try accessing with ip 192.168.1.254. username and password is "cisco". before change your base ip to 192.168.1.2-253.try to ping and check the connectivity
-
MS ACCESS, NULL, and '%'
I am using a prepared statement to query my access database which contains personal data first name, last name, address, city, state, etc.... I allow the user to search the database by any of these fields (or any combination of them) by making the default values for any empty fields '%'. Here's my select statement.
stmt =conn.prepareStatement("SELECT * FROM Data1 WHERE first_name LIKE ? AND last_name LIKE ? AND city LIKE ? ....");
stmt.setString(1, firstNameField.getText()+"%");
stmt.setString(2, lastNameField.getText()+"%");
stmt.setString(3, cityField.getText()+"%");
This worked but didn't return a record if ANY of their values are NULL. So I changed my select statement to allow for NULL values.
stmt =conn.prepareStatement("SELECT * FROM Data1 WHERE (first_name LIKE ? OR first_name IS NULL) AND (last_name LIKE ? OR last_name IS NULL) AND (city LIKE ? OR city IS NULL) ....");
stmt.setString(1, firstNameField.getText()+"%");
stmt.setString(2, lastNameField.getText()+"%");
stmt.setString(3, cityField.getText()+"%");
This fixed that problem, but now it ALWAYS returns the records with NULL fields. I want it to only match NULL fields if the coressponding JTextField is left blank. Can anyone tell me a good way to do this?How can I create it dynamically and still keep the
speed of a prepared statement??Unless you are doing block inserts in a loop you are probably not going to see any speed improvement anyways.
But as I said you can simply create all the combinations and then use an array to keep track of them. -
Sharepoint foundation 2010 externel https access problems
I have a very strange problem with my sharepoint foundation 2010 site.
I have a site which is accessible from outside on https (we have a valid certificate). I configured IIS for http and https.
Also I configured internal and externel access for this site on sharepoint.
But sometimes, the site is not accessible from outside on https with (externe.site.fr), BUT it will be accessible with public ip !!!
And also accessible from inside. (with interne.intranet.site.fr)
Any Idea ?
thanksHi,
According to your post, my understanding is that your site is not accessible from outside using external host name with https sometimes.
As your site can be accessible with public IP, however it can’t be accessible from outside using external host name with https sometimes, the issue could be caused by the gateway server in your environment.
I suggest that you need to check the gateway server configuration.
For more information, you can refer to:
http://community.bamboosolutions.com/blogs/sharepoint-2013/archive/2012/12/05/how-to-set-up-microsoft-forefront-unified-access-gateway-environment-for-sharepoint-2013.aspx
http://nhutcmos.wordpress.com/2013/07/26/configure-ssl-certificate-for-sharepoint-external-https-access/
http://sharepointdotnetwiki.iblogger.org/2009/12/dns-setup-in-sharepoint/
http://underthehood.ironworks.com/2010/06/making-a-sharepoint-2010-site-externally-available-alternate-access-mappings-host-header-bindings.html
Best Regards,
Yumi Fu -
When I try to login to the website of my bank, I get the following error message:
403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.
I have a new MacBook Air with OS Yosemite installed.
What is the problem and how can I solve it?Some websites require a special client certficate for access. If you don't have that certficate, you'll have to contact the site operator to find out how to get one.
Sometimes the problem is caused by a web server that is configured to request an optional client certificate. Safari treats the request as mandatory. In that case, other browsers such as Firefox and Chrome may be able to connect to the site, because they ignore the request.
The first time you were prompted for a certificate, you may have clicked through a dialog that requested access to the Apple certificate in your keychain that is used to secure the iMessage service. In that case, you may be able to regain access to the site in Safari by doing as follows.
Back up all data.
Double-click anywhere in the line below on this page to select it:
com.apple.idms.appleid.prd
Copy the selected text to the Clipboard by pressing the key combination command-C.
Launch the Keychain Access application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
Paste into the search field in the Keychain Access window by clicking in it and pressing the key combination command-V. An item may appear in the list of keychain items. The Name will begin with string you searched for, and the Kind will be "certificate."
Delete the item by selecting it and pressing the delete key. It will be recreated automatically the next time you launch the Messages or FaceTime application.
The next time you visit a site that prompts for an optional client certificate, cancel out of the prompt. You may have to do this several times before the server stops asking.
Credit for this idea to Christian Braukmueller of SAP. -
When i login with microsoft account cannot access with administrative share c$
i have a problem when i login to windows with microsoft account cannot access any network computer with administrative sharing c$,d$ with windows 8.1
but when i login with local account can access
and some people tell me create key in regedit t fix it
after enter user name and password show this error
and i apply your instruction and not fix until now
note:
my Machine windows 8.1 if another machine in network windows 7 can access a hidden share if machine in network windows 8.1 show this message in image 2
but if i login with local user can i access all machine hidden share network windows 7 and 8.1yes this computer i want to access name poland2-work and have two users
first :administrator
second : poland 2 -
I am unable to use gmail from a regular user account on my iMac.It fails with an error string that ends with "... becasue Safari can't establish a secure connection to the server "accounts.google.com". "
I have tried resetting safari and it does not help.
I have tried adding DNS entries based on some discussion board suggestions and that does not help either.
I am able to access gmail as an administator on the same machine though!
Please point me in the right direction, please! Thanks!You may have to take the computer to the Apple store to have the computer checked out.
Dead line is tuesday?
1. Try an external USB keyboard.
2. This may help.
http://support.apple.com/kb/PH10680
3. Virtual keyboard
There is a virtual keyboard available in OS X 10.8.4
System Preferences > Keyboard
Checkmark the box beside "Show Keyboard & Character Viewrs in menu bar.
Click "Input Sources" and then "Show input menu in menu bar".
Best. -
Remote Access VPN Clients Cannot Access inside LAN
I have been asked to set up remote access VPN on an ASA 5505 that I previously had no invlovement with. I have set it up the VPN using the wizard, they way I normally do, but the clients have no access to anything in the inside subnet, not even the inside interface IP address of the ASA. Thay can ping each other. The remote access policy below that I am working on is labeled VPNPHONE, address pool 172.16.20.1-10. I do not need split tunneling to be enabled. The active WAN interface is the one labeled outside_cable.
: Saved
ASA Version 8.2(1)
hostname ASA5505
domain-name default.domain.invalid
enable password eelnBRz68aYSzHyz encrypted
passwd eelnBRz68aYSzHyz encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group dataDSL
ip address 76.244.75.57 255.255.255.255 pppoe
interface Vlan3
nameif dmz
security-level 50
ip address 192.168.9.1 255.255.255.0
interface Vlan10
nameif outside_cable
security-level 0
ip address 50.84.96.178 255.255.255.240
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 10
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit intra-interface
object-group service Netbios udp
port-object eq 139
port-object eq 445
port-object eq netbios-ns
object-group service Netbios_TCP tcp
port-object eq 445
port-object eq netbios-ssn
object-group network DM_INLINE_NETWORK_1
network-object host 192.168.100.177
network-object host 192.168.100.249
object-group service Web_Services tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq https
object-group network DM_INLINE_NETWORK_10
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_11
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_2
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_3
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_4
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_5
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_6
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_7
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_8
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_9
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network VPN
network-object 192.168.255.0 255.255.255.0
access-list outside_access_in extended permit icmp any host 76.244.75.61
access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp
access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp-data
access-list outside_access_in extended permit tcp any host 76.244.75.62 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.62 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.59 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.59 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.60 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.60 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.58 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.58 eq https
access-list dmz_access_in remark Quickbooks
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_6 host 192.168.100.5 eq 56719
access-list dmz_access_in remark Quickbooks range
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_7 host 192.168.100.5 range 55333 55337
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_8 host 192.168.100.5 eq 1434
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_9 host 192.168.100.5 eq 49398
access-list dmz_access_in remark QB
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_10 host 192.168.100.5 eq 8019
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_2 host 192.168.100.5 eq 2638
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_11 host 192.168.100.5 object-group Netbios
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_3 host 192.168.100.5 object-group Netbios_TCP
access-list dmz_access_in extended deny ip host 192.168.9.4 host 192.168.100.5 inactive
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_4 any
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_5 any
access-list dmz_access_in remark Printer
access-list dmz_access_in extended permit ip 192.168.9.0 255.255.255.0 object-group DM_INLINE_NETWORK_1
access-list dmz_access_in extended permit tcp 192.168.9.0 255.255.255.0 any object-group Web_Services
access-list dmz_access_in extended permit udp 192.168.9.0 255.255.255.0 any eq domain
access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.255.0 255.255.255.0 echo-reply
access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.100.0 255.255.255.0 echo-reply log disable
access-list dmz_access_in remark QB probably does not need any udp
access-list dmz_access_in extended permit udp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
access-list dmz_access_in remark QB included in other rule range
access-list dmz_access_in extended permit tcp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
access-list dmz_access_in remark May be required for Quickbooks
access-list dmz_access_in extended permit icmp host 192.168.9.4 host 192.168.100.5
access-list CAD_capture extended permit ip host 192.168.9.4 host 192.168.100.5
access-list CAD_capture extended permit ip host 192.168.100.5 host 192.168.9.4
access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 172.16.10.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 172.16.20.0 255.255.255.240
access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.9.0 255.255.255.0
access-list dmz_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
access-list outside_cable_access_in extended permit icmp any host 50.84.96.182
access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp
access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp-data
access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq https
access-list Local_LAN_Access standard permit host 0.0.0.0
access-list vpnusers_spitTunnelACL extended permit ip 192.168.100.0 255.255.255.0 any
access-list nonat-in extended permit ip 192.168.100.0 255.255.255.0 172.16.20.0 255.255.255.0
pager lines 24
logging enable
logging buffered informational
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu outside_cable 1500
ip local pool VPN_IP_range 192.168.255.1-192.168.255.10 mask 255.255.255.0
ip local pool VPN_Phone 172.16.20.1-172.16.20.10 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat-control
global (outside) 10 interface
global (outside_cable) 10 interface
nat (inside) 0 access-list nonat-in
nat (inside) 10 0.0.0.0 0.0.0.0
nat (dmz) 0 access-list dmz_nat0_outbound
nat (dmz) 10 0.0.0.0 0.0.0.0
static (inside,outside) 76.244.75.62 192.168.100.25 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.61 192.168.9.123 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.59 192.168.9.124 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.58 192.168.9.4 netmask 255.255.255.255 dns
static (inside,dmz) 192.168.100.0 192.168.100.0 netmask 255.255.255.0
static (dmz,outside) 76.244.75.60 192.168.9.10 netmask 255.255.255.255 dns
static (inside,outside_cable) 50.84.96.183 192.168.100.25 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.182 192.168.9.123 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.180 192.168.9.124 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.179 192.168.9.4 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.181 192.168.9.10 netmask 255.255.255.255 dns
access-group outside_access_in in interface outside
access-group dmz_access_in in interface dmz
access-group outside_cable_access_in in interface outside_cable
route outside_cable 0.0.0.0 0.0.0.0 50.84.96.177 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.100.0 255.255.255.0 inside
http 204.107.173.0 255.255.255.0 outside
http 204.107.173.0 255.255.255.0 outside_cable
http 0.0.0.0 0.0.0.0 outside_cable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_cable_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_cable_map interface outside_cable
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp enable outside_cable
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 192.168.100.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.100.0 255.255.255.0 inside
ssh 204.107.173.0 255.255.255.0 outside
ssh 204.107.173.0 255.255.255.0 outside_cable
ssh 0.0.0.0 0.0.0.0 outside_cable
ssh timeout 15
console timeout 0
vpdn group dataDSL request dialout pppoe
vpdn group dataDSL localname [email protected]
vpdn group dataDSL ppp authentication pap
vpdn username [email protected] password *********
dhcpd address 192.168.100.30-192.168.100.99 inside
dhcpd dns 192.168.100.5 68.94.156.1 interface inside
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.100.5
vpn-tunnel-protocol IPSec l2tp-ipsec
group-policy cad_supplies_RAVPN internal
group-policy cad_supplies_RAVPN attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value cad_supplies_RAVPN_splitTunnelAcl
group-policy VPNPHONE internal
group-policy VPNPHONE attributes
dns-server value 192.168.100.5
vpn-tunnel-protocol IPSec
split-tunnel-policy excludespecified
split-tunnel-network-list value Local_LAN_Access
client-firewall none
client-access-rule none
username swinc password BlhBNWfh7XoeHcQC encrypted
username swinc attributes
vpn-group-policy cad_supplies_RAVPN
username meredithp password L3lRjzwb7TnwOyZ1 encrypted
username meredithp attributes
vpn-group-policy cad_supplies_RAVPN
service-type remote-access
username ipphone1 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone1 attributes
vpn-group-policy VPNPHONE
username ipphone2 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone2 attributes
vpn-group-policy VPNPHONE
username ipphone3 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone3 attributes
vpn-group-policy VPNPHONE
username oethera password WKJxJq7L6wmktFNt encrypted
username oethera attributes
vpn-group-policy cad_supplies_RAVPN
service-type remote-access
username markh password nqH+bk6vj0fR83ai0SAxkg== nt-encrypted
username markh attributes
vpn-group-policy cad_supplies_RAVPN
tunnel-group DefaultRAGroup general-attributes
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group cad_supplies_RAVPN type remote-access
tunnel-group cad_supplies_RAVPN general-attributes
address-pool VPN_IP_range
default-group-policy cad_supplies_RAVPN
tunnel-group cad_supplies_RAVPN ipsec-attributes
pre-shared-key *
tunnel-group VPNPHONE type remote-access
tunnel-group VPNPHONE general-attributes
address-pool VPN_Phone
default-group-policy VPNPHONE
tunnel-group VPNPHONE ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 1500
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:8b25ecc61861a2baa6d2556a3679cc7c
: endHi,
You have your "group-policy" set so that you have excluding some networks from being tunneled.
In this access-list named Local_LAN_Access you specify "0.0.0.0"
Doesnt this mean you are excluding all networks from being tunneled? In other words no traffic goes to your tunnel.
This access-list should only contain your local LAN network from where you are connecting with the VPN Client. If you dont need to access anything on your local LAN while having the VPN on, you don't even need this setting on. You could just tunnel all traffic instead of excluding some networks.
- Jouni -
ASA 5505 VPN client LAN access problem
Hello,
I'm not expert in ASA and routing so I ask some support the following case.
There is a Cisco VPN client (running on Windows 7) and an ASA5505.
The goals are client could use remote gateway on ASA for Skype and able to access the devices in ASA inside interface.
The Skype works well but I cannot access devices in the interface inside via VPN connection.
Can you please check my following config and give me advice to correct NAT or VPN settings?
ASA Version 7.2(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password wDnglsHo3Tm87.tM encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Vlan3
no forward interface Vlan1
nameif dmz
security-level 50
no ip address
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0 any
access-list inside_access_in extended permit udp 192.168.1.0 255.255.255.0 any
access-list outside_access_in extended permit ip any 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool VPNPOOL 10.0.0.200-10.0.0.220 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 10.0.0.0 255.255.255.0
nat (inside) 1 192.168.1.0 255.255.255.0
nat (outside) 1 10.0.0.0 255.255.255.0
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd auto_config outside
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd dns xx.xx.xx.xx interface inside
dhcpd enable inside
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server value 84.2.44.1
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem enable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools none
smartcard-removal-disconnect enable
client-firewall none
client-access-rule none
webvpn
functions url-entry
html-content-filter none
homepage none
keep-alive-ignore 4
http-comp gzip
filter none
url-list none
customization value DfltCustomization
port-forward none
port-forward-name value Application Access
sso-server none
deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information
svc none
svc keep-installer installed
svc keepalive none
svc rekey time none
svc rekey method none
svc dpd-interval client none
svc dpd-interval gateway none
svc compression deflate
group-policy XXXXXX internal
group-policy XXXXXX attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelall
split-tunnel-network-list none
username XXXXXX password G910DDfbV7mNprdR encrypted privilege 15
username XXXXXX password 5p9CbIe7WdF8GZF8 encrypted privilege 0
username XXXXXX attributes
vpn-group-policy XXXXXX
username XXXXX password cRQbJhC92XjdFQvb encrypted privilege 15
tunnel-group XXXXXX type ipsec-ra
tunnel-group XXXXXX general-attributes
address-pool VPNPOOL
default-group-policy XXXXXX
tunnel-group XXXXXX ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
service-policy global_policy global
prompt hostname context
Cryptochecksum:a8fbb51b0a830a4ae823826b28767f23
: end
ciscoasa#
Thanks in advance!
fbelaconfig#no nat (inside) 1 10.0.0.0 255.255.255.0 < This is not required.
Need to add - config#same-security-traffic permit intra-interface
#access-list extended nonat permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0
#nat (inside) 0 access-list nonat
Please add and test it.
Thanks
Ajay -
Asa 5505, the outside cant access to a server in the inside
hi, i have an Asa 5505, a pc in the outside with the ip 10.1.1.6 cant access to a server in the inside 192.168.1.4, pls help...
this is my conf:
ASA Version 8.0(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 0
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 10.1.1.2 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
boot system disk0:/asa804-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list 100 extended permit tcp any host 10.1.1.3 eq www
pager lines 24
logging enable
logging asdm debugging
mtu inside 1500
<--- More --->
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 10.1.1.3 192.168.1.4 netmask 255.255.255.255
access-group 100 in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
<--- More --->
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
<--- More --->
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:14e7b74fabc386613ae646b915f60e9e
: end
ciscoasa#Andres
The security level for your inside interface should be 100 ie.
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
After changing that can you
1) ping the outside interface of the ASA from the pc or ping the PC from the ASA
2) I'm assuming you are trying to connect to 10.1.1.3 when you attempt the connection ?
Jon -
New MBP - wireless/internet access networking problem - a summary!
Greetings!
New MBP here, with all the trimmings (MacOS X 10.4.10 - Safari 3 Beta). New also to the Apple/MAC world
MBP >> wireless networking into a Linksys WRT54G router and >> thru HughesNet DW7000 Satellite Internet connection (not the fastest, but hey, the US and especially rural areas are NOT S. Korea when it comes to speedy internet connections!
Frankly, I bought into it for two reasons: First, hearing about the vaunted Mac a/v/ and doc/photo editing capabilities,... and about MacOS stability, etc... Well, it all needs a little work still: on the part of new users like me, but also probably on the part of the Apple/Mac people as well. 2nd reason I decided to purchase the MBP - i.e. ability to run Windows (I have not yet tried BootCanp, etc...: still resolving preliminary issues!). I still live in a heavy Win environment at my business - no other way of course!
Communications issues seem to still prevail: I am hanging out at several VERY HELPFUL forums (AppleDiscussionForum, MacRumorsForums, etc...) and the same issues keep popping up. Im my case, same as all above reported, with a few additional points, as follows:
1. Xmission errors: seem to be - at least in my case - a constant factor, regardless on how close/far i am from my wireless router. For example, I would be attempting to dwnload an upgrade (large)QT or MacOS file. i am barely into the dowmoad, and I already have several Read/Send errors. By the end of the download, I will have probably about 15 Rcv and 5 Send errors. Never gets quite that bad in my Win machines, I must mention. Anything to do here (I know, there are such things always affecting wireless com). AND, MOST importantly, how that this affect the effectiveness of the upgrade (I spotted same thing with MacOS 10.4.10 and Safari Beta 3 upgrade downloads!). Would it be likely that applying upgrades in such circumstances would screw up the OS??? Could OTOH such errors be automatically "compensated" by re-xmits from the source, and eventually the download would be OK? Because quite frankly, I do NOT know if my important upgrade download was OK to apply to the system, given those errors!!!
Also same thing with PING errors. Quite frequent when pinging another device on my network.
2. Quite often, accessing a site will proceed somehow OK, and then things will get stuck twd the end, as if some buffer somewhere gets overloaded??? Of course, as elsewhere reported, same can often happen with com getting stuck right over the "www" part of the URL!
3. AND, of course, the often reported "NO connection to the Internet", but computer shows good signal level and connection otherwise.
4. Strangely enough, seems that the Airport Extreme wifi card sort of "warms up the the internet" as one proceeds to start using it. It eventually picks up on a network, and often "improves" its connection over time!
5. Built in Airport Extreme seems to not exhibit up all immediately surrounding networks. Sensitivity issue?? iStumbler does.
6. iStumbler permanently posts noise level of 9% regardless of how close to my wireless router/broadband modem I am. Anyone uses iStumbler to monitor network traffic?
This is getting longuish: I just want to get over all those p*ant issues and get into putting my a/v stuff together!!
- Roger T
Thanks for just reading all this!. I am not sure it is all fixable (back to the Win "features" terminology, really meaning "bugs"??)Thanks, BDaqua. This support forum is quite well stocked: I have been perusing all its nooks and cranies!
On the www.dslreports.com - All things Mac - forum, I spotted a couple of mentions of the following type of infromation:
link: »www.hardmac.com/news/2007-07-27/#7039
- The first TechNote provides information concerning the Airport problem affecting the MBP Santa Rosa (but also other Mac Intel). When used on battery, the wireless connection drops and one can even experience kernel panic. Apple Centers are asked not to exchange affected notebook as this is due to a unidentified bug in the Atheros driver, and should be fixed in the future with a simple Airport system update. So for the moment, unfortunate users are asked to directly power their notebook when using wireless network, or using Ethernet connection when running on battery... in other words, turn your notebook into a desktop
to forum · permalink
I am wondering if you and folks on this close-to-Apple forum know anything about this. At least, we could just await remedy instead of messing around endlessly looking for solutions and... pondering as to whether it was a wise thing to purchase an expensive machine which happens to have trouble communicating online. After all, seems that the Mac folks are prone to spend MORE time online uploading/downloading music and videos instead of my being normally doing with the rest of my (Win) computers, i.e. work on customer lists, correspondence, inventories, accounting, data bases, etc....
So, seems to me we do have a pb and Apple might just save a few $$$ on silly ads and get to work on com instead. if nothing else to avoid the appearance of further - admittedly rather funny - ad-spoofs!
So back to your further inquiry. I run a wireless network from a HughesNet satellite modem, thru a Linksys WRT54GL wireless router, into some nearby office LANed desktops and point of sale equipment, to another neighbouring facility via wireless bridge, and to my Mac laptop. Distance from the laptop to the router: 50 ft max.
It all works surprizingly very well: up to 200kbps up and 1000 kbps down (in prime time, 150 up and 600 down). OK, my set up looks complex and incurring LOTS of activity. Actually, online activity is quite minimal and well scheduled - right now I am the only machine on the network online. Otherwise, our office processes online money wiring for customers among other things.
I'll try your DNS server choice on the Mac settings first. Will report accordingly.
Thanks for everything!
- Roger T -
I am trying to import developed images from LightRoom 5 Photoshop 6 for further editing. I am receiving this message and the images will not open.....'Could not open scratch file because the file is locked, or you do not have necessary access permissions or another program is using the file. Use the 'Properties' command in the Windows Explorer to unlock the file. How do I fix this? I would greatly appreciate it if you would respond with terms and procedures that a computer ignorant user, such as me, will understand. Thanks.
Have you tried restoring the Preferences yet?
Maybe you are looking for
-
CS5 won't open in 10.9.3
help- have installed and re-installed CS5 in my 2012 laptop (updated to mavericks- latest java, latests adobe updates, latest mac updates. neither photshop nor bridge will open and can't find any online help that has worked so far!
-
HT5037 plug-in is installed, still unable to open an old library, what next?
Hi: I was directed to download a plug-in, did so, upon attempting to re-open an older iphoto library i keep getting bounced back to the message telling me i need to get the upgrader app, confused, any suggestions?
-
Generate PDF in WebDynpro 4 ABAP
Hi, I have the problem, that I would generate a PDF from WebDynpro 4 ABAP and show it in the WebDynpro application. I found the possibility to solve it with the interactive Forms but therefore Adobe Document Service must be installed and the Usage Ty
-
Moving through array backwards
Hi guys, Im new to java and i have a small query. I have an array which i have found the maximum value of using the code below. I want to be able to move back through the array(the maximum value is at rightmost element). Any suggestions as the best w
-
Messed up: MSN Hotmail I have a multiple blueish overlay over the words "Inbox" & "Folders" The overlay has wording...more actions for Inbox or Folders/depending on which word it is laying over. (This is only in the Firefox browser) I wish to remove