Windows 8.1 adds Router Alert - MLD option on ICMPv6 echo packets
I am unable to ping my company's IPv6 routers from my Windows 8.1 machine located at my home. When I start a Fedora Core 18 Live system in Hyper-V, and ping the same targets, I am able to get a response.
I have IPv6 dual-stack connectivity from end to end.
Traceroute from Windows system:
C:\Users\Me>tracert 2605:a380::9
Tracing route to lo0.pe1.nyc1.nitelusa.net [2605:a380::9]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 2001:db8:1:1::
2 * * * Request timed out.
3 8 ms 21 ms 8 ms 2001:558:302:70::1
4 10 ms 10 ms 8 ms te-7-1-ur01.mtprospect.il.chicago.comcast.net [2
001:558:300:1b1::2]
5 14 ms 10 ms 15 ms te-1-3-0-12-ar01.area4.il.chicago.comcast.net [2
001:558:300:328::1]
6 18 ms 19 ms 19 ms he-1-7-0-0-10-cr01.seattle.wa.ibone.comcast.net
[2001:558:0:f6e9::1]
7 * * * Request timed out.
8 * * * Request timed out.(continuing failures removed)
From the Fedora Core VM:
[root@localhost ~]# traceroute -I 2605:a380::9
traceroute to 2605:a380::9 (2605:a380::9), 30 hops max, 80 byte packets
1 2001:db8:1:1:: (2001:db8:1:1::) 1.680 ms 1.638 ms 1.625 ms
2 * * *
3 2001:558:302:71::1 (2001:558:302:71::1) 9.946 ms 9.936 ms 9.928 ms
4 te-0-7-0-3-sur04.mtprospect.il.chicago.comcast.net (2001:558:300:1cb::2) 9.657 ms 9.887 ms 9.512 ms
5 te-0-5-0-2-ar01.area4.il.chicago.comcast.net (2001:558:300:23e::1) 11.078 ms 11.068 ms 11.228 ms
6 he-1-7-0-0-10-cr01.seattle.wa.ibone.comcast.net (2001:558:0:f6e9::1) 11.717 ms 13.020 ms 13.142 ms
7 2001:559::46e (2001:559::46e) 10.474 ms 10.759 ms 10.738 ms
8 vl-4080.edge2.chicago2.level3.net (2001:1900:4:1::b6) 10.289 ms 10.580 ms 10.561 ms
9 cwie-llc.edge2.chicago2.level3.net (2001:1900:2100::108a) 10.540 ms * *
10 lo0.pe1.nyc1.nitelusa.net (2605:a380::9) 32.126 ms 32.105 ms 31.715 ms
When I examine packet captures, I notice that the Windows 8.1 machine sets an IPv6 hop-by-hop option on all of the echo packets, a Router Alert for MLD. Sample below:
No. Time Source Destination Protocol Length Info
1 0.000000000 2001:db8:1:1:d911:664b:7877:dc14 2605:a380::9 ICMPv6 102 Echo (ping) request id=0x0001, seq=196
Frame 1: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on interface 0
Ethernet II, Src: <removed>, Dst: <removed>
Internet Protocol Version 6, Src: 2001:db8:1:1:d911:664b:7877:dc14 (2001:db8:1:1:d911:664b:7877:dc14), Dst: 2605:a380::9 (2605:a380::9)
0110 .... = Version: 6
.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 48
Next header: IPv6 hop-by-hop option (0)
Hop limit: 128
Source: 2001:db8:1:1:d911:664b:7877:dc14 (2001:db8:1:1:d911:664b:7877:dc14)
Destination: 2605:a380::9 (2605:a380::9)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Hop-by-Hop Option
Next header: ICMPv6 (58)
Length: 0 (8 bytes)
IPv6 Option (Router Alert)
Type: Router Alert (5)
Length: 2
Router Alert: MLD (0)
IPv6 Option (PadN)
Type: PadN (1)
Length: 0
PadN: <missing>
Internet Control Message Protocol v6
Type: Echo (ping) request (128)
Code: 0
Checksum: 0x37db [correct]
Identifier: 0x0001
Sequence: 196
Data (32 bytes)
0000 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 abcdefghijklmnop
0010 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
</missing>
This seems to affect ping to other sites as well, including ipv6.google.com. I am able to ping that from Fedora Core.
Why is a router alert for MLD being propagated with my unicast ICMP echo? Can that behavior be disabled?
Thanks
I am unable to ping my company's IPv6 routers from my Windows 8.1 machine located at my home. When I start a Fedora Core 18 Live system in Hyper-V, and ping the same targets, I am able to get a response.
I have IPv6 dual-stack connectivity from end to end.
Traceroute from Windows system:
C:\Users\Me>tracert 2605:a380::9
Tracing route to lo0.pe1.nyc1.nitelusa.net [2605:a380::9]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 2001:db8:1:1::
2 * * * Request timed out.
3 8 ms 21 ms 8 ms 2001:558:302:70::1
4 10 ms 10 ms 8 ms te-7-1-ur01.mtprospect.il.chicago.comcast.net [2
001:558:300:1b1::2]
5 14 ms 10 ms 15 ms te-1-3-0-12-ar01.area4.il.chicago.comcast.net [2
001:558:300:328::1]
6 18 ms 19 ms 19 ms he-1-7-0-0-10-cr01.seattle.wa.ibone.comcast.net
[2001:558:0:f6e9::1]
7 * * * Request timed out.
8 * * * Request timed out.(continuing failures removed)
From the Fedora Core VM:
[root@localhost ~]# traceroute -I 2605:a380::9
traceroute to 2605:a380::9 (2605:a380::9), 30 hops max, 80 byte packets
1 2001:db8:1:1:: (2001:db8:1:1::) 1.680 ms 1.638 ms 1.625 ms
2 * * *
3 2001:558:302:71::1 (2001:558:302:71::1) 9.946 ms 9.936 ms 9.928 ms
4 te-0-7-0-3-sur04.mtprospect.il.chicago.comcast.net (2001:558:300:1cb::2) 9.657 ms 9.887 ms 9.512 ms
5 te-0-5-0-2-ar01.area4.il.chicago.comcast.net (2001:558:300:23e::1) 11.078 ms 11.068 ms 11.228 ms
6 he-1-7-0-0-10-cr01.seattle.wa.ibone.comcast.net (2001:558:0:f6e9::1) 11.717 ms 13.020 ms 13.142 ms
7 2001:559::46e (2001:559::46e) 10.474 ms 10.759 ms 10.738 ms
8 vl-4080.edge2.chicago2.level3.net (2001:1900:4:1::b6) 10.289 ms 10.580 ms 10.561 ms
9 cwie-llc.edge2.chicago2.level3.net (2001:1900:2100::108a) 10.540 ms * *
10 lo0.pe1.nyc1.nitelusa.net (2605:a380::9) 32.126 ms 32.105 ms 31.715 ms
When I examine packet captures, I notice that the Windows 8.1 machine sets an IPv6 hop-by-hop option on all of the echo packets, a Router Alert for MLD. Sample below:
No. Time Source Destination Protocol Length Info
1 0.000000000 2001:db8:1:1:d911:664b:7877:dc14 2605:a380::9 ICMPv6 102 Echo (ping) request id=0x0001, seq=196
Frame 1: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on interface 0
Ethernet II, Src: <removed>, Dst: <removed>
Internet Protocol Version 6, Src: 2001:db8:1:1:d911:664b:7877:dc14 (2001:db8:1:1:d911:664b:7877:dc14), Dst: 2605:a380::9 (2605:a380::9)
0110 .... = Version: 6
.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 48
Next header: IPv6 hop-by-hop option (0)
Hop limit: 128
Source: 2001:db8:1:1:d911:664b:7877:dc14 (2001:db8:1:1:d911:664b:7877:dc14)
Destination: 2605:a380::9 (2605:a380::9)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Hop-by-Hop Option
Next header: ICMPv6 (58)
Length: 0 (8 bytes)
IPv6 Option (Router Alert)
Type: Router Alert (5)
Length: 2
Router Alert: MLD (0)
IPv6 Option (PadN)
Type: PadN (1)
Length: 0
PadN: <missing>
Internet Control Message Protocol v6
Type: Echo (ping) request (128)
Code: 0
Checksum: 0x37db [correct]
Identifier: 0x0001
Sequence: 196
Data (32 bytes)
0000 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 abcdefghijklmnop
0010 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
</missing>
This seems to affect ping to other sites as well, including ipv6.google.com. I am able to ping that from Fedora Core.
Why is a router alert for MLD being propagated with my unicast ICMP echo? Can that behavior be disabled?
Thanks
The problem is likely due to the fact that modifies the software packages installed on your computer. In my case the error was in Kaspersky Internet Security. Helped only the removal of the product.
Similar Messages
-
Add Folder to Library option is not available in the latest version of iTunes for Windows. I am using Windows 7 64 bit. Any suggestion ?
CTRL + B will bring up the menu bar, on which is File/Add Folder...
-
Cisco ASA 5505 VPN connection issue ("Unable to add route")
I'm trying to get IPSec VPN working onto a new Cisco ASA5505. Pretty standard configuration.
Setup:
* Cisco VPN client on Windows 7 (v5.0.07.0290 x64 on Laptop1 and v5.0.07.0440 x64 on Laptop2)
* PPPoE/NAT and internal DHCP on the ASA were configured with the Startup Wizard in ASDM
NATting is working fine - internal PCs get an IP address in the 192.168.2.0/24 range and can all access the Internet.
I wanted to be able to connect from anywhere to the ASA in order to reach one of the internal servers. Should be pretty basic.
First I tried with the built-in ASDM IPSec Wizard, instructions found here.
VPN clients can connect to the ASA, are connected (until they're manually disconnected), but cannot reach the internal network nor the Internet. Note VPN client can connect fine to a different VPN site (not administered by myself).
Client logs show following error messages:
1 15:53:09.363 02/11/12 Sev=Warning/3 IKE/0xA300005F
Firewall, Cisco Intrusion Prevention Security Agent, is not running, the client will not send firewall information to concentrator.
2 15:53:13.593 02/11/12 Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route with metric of 0: code 160
Destination 192.168.1.255
Netmask 255.255.255.255
Gateway 172.16.1.1
Interface 172.16.1.101
3 15:53:13.593 02/11/12 Sev=Warning/2 CM/0xA3100024
Unable to add route. Network: c0a801ff, Netmask: ffffffff, Interface: ac100165, Gateway: ac100101.
4 15:54:30.425 02/11/12 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=172.16.1.101, error 0
5 15:54:31.433 02/11/12 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=172.16.1.101, error 0
6 15:54:32.445 02/11/12 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CleanUpVASettings: Was able to delete all VA settings after all, error 0
7 20:50:45.355 02/11/12 Sev=Warning/3 IKE/0xA300005F
Firewall, Cisco Intrusion Prevention Security Agent, is not running, the client will not send firewall information to concentrator.
8 20:50:50.262 02/11/12 Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route with metric of 0: code 160
Destination 192.168.1.255
Netmask 255.255.255.255
Gateway 172.16.1.1
Interface 172.16.1.100
9 20:50:50.262 02/11/12 Sev=Warning/2 CM/0xA3100024
Unable to add route. Network: c0a801ff, Netmask: ffffffff, Interface: ac100164, Gateway: ac100101.
I've already tried the suggestions from this link, although the problem is different there (as the user can still access the internet, even without split tunneling, which I cannot).
A show run shows the following output (note in the below I have tried a different VPN network: 192.168.3.0/24 instead of 172.16.1.0/24 seen in the Client log)
Result of the command: "sh run"
: Saved
ASA Version 8.2(5)
hostname AsaDWD
enable password kLu0SYBETXUJHVHX encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group DW-VPDN
ip address pppoe setroute
ftp mode passive
access-list inside_nat0_outbound extended permit ip any 192.168.3.0 255.255.255.240
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
ip local pool DWD-VPN-Pool 192.168.3.5-192.168.3.15 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.2.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group DW-VPDN request dialout pppoe
vpdn group DW-VPDN localname fa******@SKYNET
vpdn group DW-VPDN ppp authentication pap
vpdn username fa******@SKYNET password *****
dhcpd auto_config outside
dhcpd address 192.168.2.5-192.168.2.36 inside
dhcpd domain DOMAIN interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DWD internal
group-policy DWD attributes
vpn-tunnel-protocol IPSec
username test password ******* encrypted privilege 0
username test attributes
vpn-group-policy DWD
tunnel-group DWD type remote-access
tunnel-group DWD general-attributes
address-pool DWD-VPN-Pool
default-group-policy DWD
tunnel-group DWD ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:3e6c9478a1ee04ab2e1e1cabbeddc7f4
: end
I've installed everything using the CLI as well (after a factory reset). This however yielded exactl the same issue.
Following commands have been entered:
ip local pool vpnpool 172.16.1.100-172.16.1.199 mask 255.255.255.0
username *** password ****
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 43200
isakmp enable outside
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 10 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 10 set reverse-route
crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 288000
crypto map outside_map 10 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp nat-traversal
sysopt connection permit-ipsec
sysopt connection permit-vpn
group-policy dwdvpn internal
group-policy dwdvpn attributes
vpn-tunnel-protocol IPSec
default-domain value DWD
tunnel-group dwdvpn type ipsec-ra
tunnel-group dwdvpn ipsec-attributes
pre-shared-key ****
tunnel-group dwdvpn general-attributes
authentication-server-group LOCAL
default-group-policy dwdvpn
Unfortunately I'm getting the same "AddRoute failed to add a route with metric of 0: code 160" error message.
I'm very confused as this should be a pretty standard setup. I tried to follow the instructions on the Cisco site to the letter...
The only "differences" in my setup are an internal network of 192.168.2.0 (with ASA IP address 192.168.2.254) and PPPoE with DHCP instead of no PPPoE at all.
Does anyone know what's going on?Yes, I have tried from a different laptop - same results. Using that laptop I can connect to a different IPSec site without issues.
Please find my renewed config below:
DWD-ASA(config)# sh run: Saved:ASA Version 8.2(5) !hostname DWD-ASAenable password ******* encryptedpasswd ****** encryptednames!interface Ethernet0/0 switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1 nameif inside security-level 100 ip address 192.168.2.254 255.255.255.0 !interface Vlan2 nameif outside security-level 0 pppoe client vpdn group DWD ip address pppoe setroute !ftp mode passiveaccess-list inside_nat0_outbound extended permit ip any 192.168.50.0 255.255.255.224 pager lines 24logging asdm informationalmtu inside 1500mtu outside 1500ip local pool vpnpool 192.168.50.10-192.168.50.20 mask 255.255.255.0icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp timeout 14400global (outside) 1 interfacenat (inside) 0 access-list inside_nat0_outboundnat (inside) 1 0.0.0.0 0.0.0.0timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00timeout floating-conn 0:00:00dynamic-access-policy-record DfltAccessPolicyhttp server enablehttp 192.168.2.0 255.255.255.0 insidehttp 0.0.0.0 0.0.0.0 outsideno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstartcrypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec security-association lifetime seconds 28800crypto ipsec security-association lifetime kilobytes 4608000crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAPcrypto map outside_map interface outsidecrypto isakmp enable outsidecrypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400telnet timeout 5ssh 0.0.0.0 0.0.0.0 outsidessh timeout 5console timeout 0vpdn group DWD request dialout pppoevpdn group DWD localname *****@SKYNETvpdn group DWD ppp authentication papvpdn username *****@SKYNET password ***** dhcpd auto_config outside!dhcpd address 192.168.2.10-192.168.2.40 insidedhcpd enable inside!threat-detection basic-threatthreat-detection statistics access-listno threat-detection statistics tcp-interceptwebvpn enable outside svc enablegroup-policy DfltGrpPolicy attributes vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpngroup-policy dwdipsec internalgroup-policy dwdipsec attributes vpn-tunnel-protocol IPSec default-domain value DWDDOMusername user1 password ***** encrypted privilege 0username user1 attributes vpn-group-policy dwdipsectunnel-group dwdipsec type remote-accesstunnel-group dwdipsec general-attributes address-pool vpnpool default-group-policy dwdipsectunnel-group dwdipsec ipsec-attributes pre-shared-key *****tunnel-group dwdssl type remote-accesstunnel-group dwdssl general-attributes address-pool vpnpool!class-map inspection_default match default-inspection-traffic!!policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options !service-policy global_policy globalprompt hostname context no call-home reporting anonymousCryptochecksum:f5c8dd644aa2a27374a923671da1c834: endDWD-ASA(config)# -
Add routes remotely Via Powershell
I have csv file that contains computer name and defaultipgateway i need to add the routes on this servre but i am receiving error while doing it remotely below is my script
$ADDs = Import-Csv .\gateway2.csv
foreach ($add in $adds) {
$computer =$add.name
$gateway = $add.DefaultipGateway
Write-Output "working on $computer in $gateway"
Invoke-Command -ComputerName $computer -ScriptBlock {route add -p 22.175.0.0 mask 254.246.0.0 $gateway; route print}
Th error is below
+ CategoryInfo : NotSpecified: (:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Manipulates network routing tables.
ROUTE [-f] [-p] [-4|-6] command [destination]
[MASK netmask] [gateway] [METRIC metric] [IF interface]
-f Clears the routing tables of all gateway entries. If this is
used in conjunction with one of the commands, the tables are
cleared prior to running the command.
-p When used with the ADD command, makes a route persistent across
boots of the system. By default, routes are not preserved
when the system is restarted. Ignored for all other commands,
which always affect the appropriate persistent routes. This
option is not supported in Windows 95.
-4 Force using IPv4.
-6 Force using IPv6.Thanks for the reply it worked with little modification i specified CSV path directly instead of using split
i have few question what is the use of split-path and $pscommandoath parameter why do we use args [0].once again thanks for the help
below is the script
$FileData = Import-Csv -Path excel.csv
$Object = @()
Foreach ($Entry in $FileData) {
$Object += New-Object PSObject -Property @{
Name = $Entry.Name
Gateway = $Entry.DefaultipGateway
Foreach ($Obj in $Object) {
Invoke-Command -ComputerName $Obj.Name -ScriptBlock {
Write-Output -Verbose $env:COMPUTERNAME
Write-Output -Verbose $args[0]
#route add -p 25.175.0.0 mask 255.246.0.0 $args[0]
#route print
} -ArgumentList $Obj.Gateway -
With the new Calendar app, how do you add an alert to an event? I want it to email me a day before. The 'alert' option no longer appears when you double-click an event.
Thanks
BobClick at the date in the event window and a submenu will open with the option for a alert message.
There are some submenus opening, if you click the visible headlines. -
Hi - Even though block popup windows is unchecked in content tab of options, I am still not getting any popups. Please suggest how to over come this problem.
Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem.
*Switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance
*Do NOT click the Reset button on the Safe Mode start window
*https://support.mozilla.org/kb/Safe+Mode
*https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes
Did you make sure that your security software isn't blocking the pop-ups?
Boot the computer in Windows Safe Mode with network support (press F8 on the boot screen) as a test.
*http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/ -
I purchased a Mac Book Pro and find the Itunes a bit strange as the "add folder to library" option under the menu is not available
is my itunes corrupt or what can i do to transfer folders to my itunes?
please helpRuggernaut wrote:
I purchased a Mac Book Pro and find the Itunes a bit strange as the "add folder to library" option under the menu is not available
is my itunes corrupt or what can i do to transfer folders to my itunes?
iTunes for Mac has never had an "Add folder to library" option. This is only available on Windows version.
Select Add to library, select the folder then click OK.
Or drag the folder(s) to the iTunes library at top left of iTunes. -
I would like to know whether the Lenovo Windows 7 upgrade discs will include the option for a 32 to 64-bit upgrade via a clean install? I called Mentor today and was told the answer is no, but I was hoping someone here could tell me differently.
If "no" is truly the answer, I would like to voice my complaint: The upgrade discs from Microsoft (i.e. the retail upgrade discs) include both the 32 and 64-bit versions, so I don't completely understand why Lenovo's upgrade program doesn't offer the same thing. I purchased my T500 in August, and back then Vista Ultimate 64 was not offered, so I chose Vista Ultimate 32 thinking that I could later upgrade to Windows 7 Ultimate 64. This assumption was based off of the info. on Microsoft's website indicating that all upgrades would contain the 32 and 64-bit versions. I even customized my computer with 4 gigs of RAM thinking that I could take advantage of the extra gig once I installed Windows 7 64.
I don't understand what Lenovo or Mentor Media have to gain by restricting a 32 to 64-bit install. I voiced this opinion to Mentor Media over the phone, who responded by saying that I should be happy since I am receiving a "free" upgrade. I don't think this is an accurate assessment for two reasons: (1) I had to pay $17.03 for shipping, and I still haven't received the upgrade and (2) The total cost of my computer was almost $3,000, and the purchase was made a mere few weeks before Windows 7 was released. $3,000 is a lot of money. I waited for the details of the Windows 7 Upgrade Program to be announced BEFORE purchasing my machine. When I finally bought my computer I accounted Windows 7 into the price I was paying. In addition, when I bought this computer I did so expecting good customer service as a given. Not providing a 64-bit upgrade without a rational explanation as to why does not qualify as appropriate customer service.
As most of you know, 4 gigs of RAM is useless with a 32-bit OS. Also, NOW Lenovo is building new T500s with the option of having Windows 7 Ultimate 64 (why wasn't Vista Ultimate 64 offered when I bought my computer???). And the price for choosing Windows 7 Ultimate 32 is EQUAL to the price for choosing Windows 7 Ultimate 64, which proves that there is no cost difference. I just want to know what Lenovo has to gain by denying customers a 64-bit upgrade? There would really be no additional cost since as I mentioned before, Microsoft's retail upgrade includes the 32 and 64-bit OS on one disc. If anything I would think that it's costing Lenovo money to strip the 64-bit install from the upgrade discs.
Can anyone please address my problems? Do you think there is anyone at Lenovo I could contact to voice my opinions? I have been a loyal Thinkpad customer for over 5 years now, and I expect better from Lenovo. Thank you for reading!
moderator note: core question add to title, as stated in the forum rules and it will help others too answer your questions.Daventry wrote:
Is there any way to request a 64-bit OEM? Why should Lenovo care whether I want a 32-bit or 64-bit as long as it's the same edition (Ultimate edition)?
if your system shipped with a 32-bit version of vista then you will be sent 32-bit windows 7 upgrade media. the reason for this is two-fold.
first, because this is upgrade media, it's impossible to install a 64-bit version of windows over a 32-bit version. doing so would require a clean installation and upgrade media simply won't allow this. this is the case with retail media, too. if you had 32-bit vista installed and wanted to upgrade it to 64-bit using retail media, you'd have to wipe your system or set up a dual-boot.
second, the COA (certificate of authenticity) on the bottom of your system is for vista. because of this, your new license is of an upgrade from vista to 7. this is how microsoft licenses it and it is their policy, not lenovo's. microsoft's policy with OEMs is that you must install vista first, then upgrade to 7 (unless, of course, you purchased your system native with 7 on or after the 22nd). since your original lenovo preload is of a 32-bit OS, the issue becomes circular and you'll have to refer again to the first reason.
i understand your frustration and wish this stuff were made easier for everyone. it's repetative reading post after post of people with 4GB installed who don't understand the limitations of a 32-bit environment. i wish both manufacturers and users switched to 64-bit OSes sooner. the same thing happened when the industry went from 16-bit windows 3.11 to 32-bit windows NT4/95 and limitations went from 16KB all the way up to 4GB (which, in 1995, no one thought we'd ever exceed). the difference is that people were complaining on BBSes over 14.4k modems instead of on GUI-based forums using broadband connections. times sure have changed.
ThinkStation C20
ThinkPad X1C · X220 · X60T · s30 · 600 -
Hi Network experts
realy i need you to figure out the below
1)how windows 7 decide which route to take if THE PC Has 4 connection (add on 4 X 1 Gig) available to internet , the route print on windows machine shows the 4
connection with same metric (metric 10) , the adapter order is as follows
G1,G2,G3.G4
2)what about the less subnet id if each interface has less subnet id than other
3)the built in interface (gig 0) why have metric of 286 not 10 like others
thank you allHello.
As far as I remember, Windows uses ANY of the routes with equal metric.
I'm not sure if there is publicly available algorithm, but I believe it may switch from one interface to another if experience packet loss on the current.
So, the conclusion is: the outgoing interface is not predictable.
If you want any kind of reliability you would better to create port-channel and use FHRP on your routers. -
how to create new routing table?
how to add routing rule to route table?Hi!
I supose your network configuration is OK.
I have some problems in order to configure mine under Solaris 10. But trying to change this, I found something that can help you.
In a terminal window, type "man route". I could add a new one, but, because I am not able to find how to change the IP gateway, it returns me an error.
I hope this can help you
Zenaida -
Can't add mobile alerts to another account on my plan
My husband is the primary account holder on our account. I would like to add mobile alerts to my number--a secondary account under our plan. Every time I attempt to do this through the messaging drop down, I can only add alerts for the primary number. There is no drop down bar to select a different phone and while I can view my number, usages, and phone features, I cannot figure out how to add mobile alerts.
I have to say Verizon's website is the least user-friendly website I've ever encountered. I wonder how it ranks among competitors. It's a shame because otherwise I really love my service, but I dread having to use this website.You need to create an account for YOUR phone number. Click on Register, and set up a separate username and password for your number only.
You'll need this for Backup Assistant, purchasing (if you chose to) ringtones and ringback tones, and other services, like the mobile alerts.
The main account is tied to one number, the PRIMARY number. That account/login has access to all the details for each of the numbers as far as calls, texts, etc, as well as billing information. Each of the other numbers can (and should) register, monitor their own usage only, and set certain options, alerts, manage contacts, etc. It has to be a separate login so Verizon can display specific information for that number, as wel as send the ringtones, alerts, and whatever to the number that is logged in.
Hope that all makes sense.... -
Hi, what steps must I take to add an alert message that reminds the Adobe Reader end user to Print their form if they wish to keep a record of their form data.
Also, where should such an alert appear, when and upon which event type?
HarryThanks Jimmy, unfortunately it doesn't work on my Submit button (which is where I do want it).. Here's what I have on the standard Submit button.
----- form1.SF_P8.SF_print-submit.EmailSubmitButton::click - (JavaScript, client) ------------------
xfa.messageBox("Please ensure you also print a copy for your records", Warning, 1, 1);
this makes my button do nothing at all, not even submit. I think it's because there are 2 events associated with it, the invisible "submit" and the new warning. Any suggestions?
Harry -
When I try open a .pdf file my Adobe Reader 11 only allows the download / save opening the related window and don't show me both options 1) open with ... and 2) save as.... probably someone flagged the choise... always perform this way ....
Could some one give help and let me know where I can probably find the settings option that allows me to change and switch to previous situation where it was possible to decide time to time how to proceed either opening the file or saving it ??
Thanks in advance
DavidWhat is your operating system?
Open a PDF from where? If online, in what browser? -
Help I just moved my music files to a external hard drive and am using the new crappy version ( i know my opinion) of itunes and cant add the files to my libray it gives me the add file to library option but not the add folder to library option what am i doing wrong?
In iTunes 11 uncheck the preferences setting in in the iTunes Preferences panel "Advanced > Copy Files to iTunes Media folder when adding to Library"
-
since changing to windows 8, I no longer get the options of "no scaling", my paper patterns are printing too small. they printed great before computer change and change to windows 8. no longer have the option of "no scaling". Where can I go to choose that option
Hi AbbyZiva
I understand since updating to Win8 you don't have the "no scaling" option available.
Did you uninstall and reinstall the printer after doing the Windows upgrade?
Here is a url for the drivers for the Photosmart Plus 200.
http://www8.hp.com/us/en/support-search.html?tab=2#/qryterm=photosmart%20plus%20210&searchtype=s-001
If you need more assistance just let me know.
Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
Click the “Kudos Thumbs Up" on the right to say “Thanks” for helping!
Gemini02
I work on behalf of HP
Maybe you are looking for
-
Apple TV 1st gen stuck in infinite loop
Hi This has probably been covered a few times but the only answers I could find was from an archived discussion. The other day I was given an Apple TV 1st gen, it had not been used for quite some time, and decided to upgrade the software, when I noti
-
InDesign CS3 epub export photo problem
Hi, I am trying to format a book in epub, using InDesign CS 3. The text styles translate satisfactory, but I have not been able to get inline photos to show up at full galley width. I have so far done about 2 doz tests, with different anchored object
-
On a fast dual core processor, WMP300N can chew up half of the cycles. This executable becomes active when LinkSys Monitor is used to manage the WMP300N PCI Adapter. On the Linksys Wireless-N Products page http://www.linksys.com/servlet/Satellite?c=L
-
Order Recommndation process with due dates
Hi, I am having little difficulties with MRP and recommendation I donu2019t know if there is way I can turn off the lead time on MRP process. The situation is that when I have a blanket purchase order which is due in future and when a new recommenda
-
Report to Print from SPOOL to Printer
Dear SDN users, is there any function module for print the report from SPool to