Wireless allowing iChat, ping, but no web surfing
Prior to today I'd had no problems with my Leopard-upgraded MBP talking to a Netgear WGT624 wireless router.
Although I began the day with no problems, I suddenly can't seem to use any web browser (Safari, Firefox) to get anywhere, including the router's configuration menu and the outside world. What I can do is iChat to other computers on my LAN, and I can also ping DNS servers as well as other things inside and outside the LAN. And when I plug into the router with a cord, all is fine with browsing.
Seemed like a DNS problem, but manually entering those didn't help. I also tried power cycling the laptop and the router several times, and I tried blowing away the wireless connection configuration and resetting it. Also tried monkeying with the IPv6 setting, which seemed to be coming up a lot. No luck. Lastly, the router seems to have the latest firmware. Also, my wife's Tiger macbook is still doing fine wirelessly.
Not sure if it matters, but I also noticed Norton AntiVirus strangely doing many LiveUpdates today, usually upon reboot, and I don't have it set to do that. But turning off AutoProtect also didn't seem to have any effect.
Any ideas? Is there a checklist of things I can try to get this wireless connection back up on a Leopard machine?
I have no idea what the problem was, but it seemed to vanish by itself.
My guess is that it was either my router going nuts for some reason, or maybe there was something funny with Mail interfacing with my IMAP account, which was hosed virtually all of last week and doing very strange things to Mail.
Similar Messages
-
WVC54GCA ip address and ping but no web or image
Hi,
I have two identical WVC54GCA cameras connected on static ips, .51 and .50. One works perfectly and I can see the image on the crappy viewing software or go to the web site and view the image there. The second one is more problematic. I can ping the device and get a 2-100 ms response. The camera software can detect the camera in the setup. However on the software, there is no image for camera 2, and when I try to go to the website .50 it just times out without ever connecting. It is as if the camera's network connection is working but its web service, etc is dead. Could that happen? If I buy another 2, will maybe 1 of them work?
Any suggestions gratefully received. Thanks.Unfortunately you can't enhance the antenna, as there is no provision for an external connection. You can only try to reposition it slightly.
The signal can be affected by metal objects nearby, other 2.4 GHz devices like handheld phones and microwave ovens.
Edit: The signal can also be affected by other wireless networks nearby. Try to use a different channel on the wireless access point. Set the same channel manually in the camera. (Try channel 1 or 6 or 11, as they all overlap somewhat).
If your second camera works well in that very same position (try it), then you may have a faulty unit. Take it back for a refund or warranty claim.
Message Edited by aWombat on 05-22-2009 01:26 PM -
WRVS4400N responds to pings but web interface fails
Hello.
I have a WRVS4400N router in a remote office. I have connectivity to the office and computers there. But the web interface for the router is failing to come up. This happens once every few days or so. Is there any utility or something that I can use to remotely reset the router without making use of the webinterface or having physical access to the router?
It's a version 2 router with the latest firmware.
Thanks.I gain access via LogMeIn. QuickVPN has not been enabled on this router. And the hardware VPN between it and a like-router in a second office is down and will not come back up.
I know the interface does not come up when I'm physically there because I tried it last time I traveled to the office during the last outage. I am using it's LAN IP 192.168.148.1. I also tried 192.168.148.2. Both IPs respond to pings but no web interface will connect.
The web browser (Chrome, Firefox, and IE) just says "unable to connect" or "cannot display the page" -
I use Links alot in my web surfing, dragging the icon in the address bar to Links. I can't seem to find anywhere that allows me to search those Links. I can't find a folder for them on my hard drive to search .. Help!
You can get Firefox 3.6.16 here:
http://www.mozilla.com/en-US/firefox/all-older.html
http://support.mozilla.com/en-US/kb/Installing+a+previous+version+of+Firefox -
Hi
I have just bought an old Nokia 6086 to allow me to test my web sites on a low spec phone without having to pay for mobile GPRS connections. I assumed that once I had connected to my wireless network and authenticated I would be able to surf the web through this but I can't get the phone to use this connection.
Is there something I am missing or have I just bought an expensive doorstop?
please help
MarkThe 6086 is an UMA phone, i.e. the WiFi in it can be used only to that purpose. To use UMA you need to have the UMA service enabled from your carrier. If you are looking for some cheap low end phone with WiFi for pure internet surfing etc. then perhaps the Nokia 6300i could be your pick ? (its not UMA)
-
[SOLVED] SLOW web SURFING (tcpdumps attached)
THIS PROBLEM HAS ALREADY BEEN SOLVED, THANKS TO heftig from #archlinux that solved this. The solution was actually pretty simple, set tcp_window_scaling to 0:
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
This is actually not gnu/linux fault at all. It's my ISP's fault. Here in Mexico, there's a cable company called "MEGACABLE", they seem to hire the system admins that now nothing or little about what they are doing, and this is exactly what caused the problem. The isp runs a transparent proxy (squid), and in the words of heftig this problem reduces to this:
"the issue is their proxy is announcing 'i understand window scaling' even though it doesn't. seems it needs a kernel upgrade"
This one issue is an isolated one, there are other issues regarding the transparent proxy, but I can live with those.
Hello, recently I've noticed my web surfing experience under archlinux is extremely slow. First I thought it was a problem with my ISP, but the problem only happened when surfing the web, if I download a file it will download it at the expected rate (5mbit). Other applications work fine (IM, pacman, ping, etc).
The first thing I did was trying with a fresh firefox profile, the problem persisted. Then I tried running it in safe mode, problem still persisted. So I tried a different web browser (konqueror) and the problem was still there. So I discarded this as a browser problem. On this same machine, I ran a virtualized windows instance (virtualbox): web surfing goes many times faster in there (using firefox too).
I manually configured NAT for the virtualized windows machine, so I'm pretty sure all traffic is flowing through my host OS (archlinux). Just to be sure it was not a firewall problem I disabled it, the slow web surfing problem persisted. I don't think this is a DNS issue either, both are using the same dns configuration and doing "nslookup archlinux.org" returns in less than a second (tried that with many other address as well).
So, just to verify what was going on I decided to do a test using tcpdump for webpage http://www.opendns.org (not using it, but this was just for testing). Below are the dumps for both native (archlinux) dump and virtualized (windows) dump. I noticed the archlinux dump shows a really small window size for packets, while the windows machine does not. Also, archlinux receives almost twice as much packets in the process than the windows machine. <-- Already solve this, thanks jargoman.
Additional information:
* there's no web proxy configured for any of the machines (except for the one behind my ISP, but that shouldn't concern me).
* I have changed MTU already (my ISP's dhcp server was setting it to 576, changed it to 1400).
* I did some more tests, sometimes (frequently) I get lots of small Push packets and the web page loads extremely slow, it goes image by image and line by line in paragraphs. Below is a dump that shows this behavior. Notice it took 600 packets to load a single page, it loaded very very slow.
ARCHLINUX DUMP
tcpdump -i eth0 -n tcp and host opendns.com
16:10:02.395080 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [S], seq 1164693811, win 2144, options [mss 536,sackOK,TS val 13806187 ecr 0,nop,wscale 7], length 0
16:10:02.404975 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [S.], seq 3422882, ack 1164693812, win 8760, options [mss 1460,wscale 0,eol], length 0
16:10:02.405028 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 1, win 17, length 0
16:10:02.405118 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 1, win 17, length 536
16:10:02.405128 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [P.], ack 1, win 17, length 119
16:10:02.592995 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 1, win 46, length 0
16:10:02.593969 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 0
16:10:02.630362 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [P.], ack 656, win 54, length 329
16:10:02.630396 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 330, win 26, length 0
16:10:02.630929 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:02.630945 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 866, win 34, length 0
16:10:02.727854 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:02.727909 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 1402, win 42, length 0
16:10:02.728954 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:02.729017 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 1402, win 42, length 0
16:10:02.729899 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [P.], ack 656, win 54, length 536
16:10:02.729964 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 2474, win 51, length 0
16:10:02.823468 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:02.823524 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 3010, win 59, length 0
16:10:02.826161 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [P.], ack 656, win 54, length 536
16:10:02.826216 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 3546, win 67, length 0
16:10:02.828020 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:02.828042 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 3546, win 67, length 0
16:10:02.828807 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:02.828824 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 4618, win 76, length 0
16:10:02.829747 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:02.829766 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 5154, win 84, length 0
16:10:02.918759 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:02.918787 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 5690, win 93, length 0
16:10:02.920392 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:02.920449 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 6226, win 101, length 0
16:10:02.923307 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [P.], ack 656, win 54, length 536
16:10:02.923334 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 6226, win 101, length 0
16:10:02.924339 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [P.], ack 656, win 54, length 536
16:10:02.924356 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 6762, win 109, length 0
16:10:02.926423 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:02.926441 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 6762, win 109, length 0
16:10:02.927912 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:02.927927 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 8370, win 118, length 0
16:10:02.928379 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:02.928398 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 8370, win 118, length 0
16:10:02.929324 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:02.929347 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 9442, win 126, length 0
16:10:02.930903 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:02.930924 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 9978, win 134, length 0
16:10:03.015360 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:03.015399 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 10514, win 143, length 0
16:10:03.016434 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:03.016496 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 11050, win 151, length 0
16:10:03.017549 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [P.], ack 656, win 54, length 536
16:10:03.017604 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 11586, win 160, length 0
16:10:03.019564 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:03.019611 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 12122, win 168, length 0
16:10:03.020917 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [P.], ack 656, win 54, length 501
16:10:03.020936 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 12623, win 176, length 0
16:10:03.022810 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:03.022830 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 12623, win 176, length 0
16:10:03.024203 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 656, win 54, length 536
16:10:03.024218 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 13695, win 185, length 0
16:10:03.024931 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [P.], ack 656, win 54, length 210
16:10:03.024948 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 13905, win 193, length 0
16:10:03.025535 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [P.], ack 656, win 54, length 7
16:10:03.025553 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [.], ack 13912, win 193, length 0
16:10:03.025565 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [F.], seq 13912, ack 656, win 54, length 0
16:10:03.025685 IP 10.110.81.195.37877 > 208.69.38.150.80: Flags [F.], seq 656, ack 13913, win 193, length 0
16:10:03.123024 IP 208.69.38.150.80 > 10.110.81.195.37877: Flags [.], ack 657, win 54, length 0
16:10:04.683194 IP 10.110.81.195.37884 > 208.69.38.150.80: Flags [S], seq 1201807023, win 2144, options [mss 536,sackOK,TS val 13806874 ecr 0,nop,wscale 7], length 0
16:10:04.692852 IP 208.69.38.150.80 > 10.110.81.195.37884: Flags [S.], seq 26796320, ack 1201807024, win 8760, options [mss 1460,wscale 0,eol], length 0
16:10:04.692919 IP 10.110.81.195.37884 > 208.69.38.150.80: Flags [.], ack 1, win 17, length 0
16:10:04.692994 IP 10.110.81.195.37884 > 208.69.38.150.80: Flags [.], ack 1, win 17, length 536
16:10:04.693004 IP 10.110.81.195.37884 > 208.69.38.150.80: Flags [P.], ack 1, win 17, length 224
16:10:04.706404 IP 208.69.38.150.80 > 10.110.81.195.37884: Flags [.], ack 537, win 32696, length 0
16:10:04.706452 IP 208.69.38.150.80 > 10.110.81.195.37884: Flags [.], ack 761, win 32584, length 0
16:10:04.908541 IP 208.69.38.150.80 > 10.110.81.195.37884: Flags [.], ack 761, win 32964, length 536
16:10:04.908584 IP 10.110.81.195.37884 > 208.69.38.150.80: Flags [.], ack 537, win 26, length 0
16:10:04.909880 IP 208.69.38.150.80 > 10.110.81.195.37884: Flags [P.], ack 761, win 32964, length 286
16:10:04.909917 IP 10.110.81.195.37884 > 208.69.38.150.80: Flags [.], ack 823, win 34, length 0
WINDOWS DUMP
tcpdump -i eth0 -n tcp and host opendns.com
16:09:42.130172 IP 10.110.81.195.1583 > 208.69.38.150.80: Flags [.], ack 9975834, win 64240, length 536
16:09:42.130216 IP 10.110.81.195.1583 > 208.69.38.150.80: Flags [P.], ack 1, win 64240, length 133
16:09:42.335734 IP 208.69.38.150.80 > 10.110.81.195.1583: Flags [.], ack 0, win 5840, length 0
16:09:42.335774 IP 208.69.38.150.80 > 10.110.81.195.1583: Flags [.], ack 669, win 6432, length 0
16:09:42.404828 IP 208.69.38.150.80 > 10.110.81.195.1583: Flags [P.], ack 669, win 6432, length 329
16:09:42.405647 IP 208.69.38.150.80 > 10.110.81.195.1583: Flags [.], ack 669, win 6432, length 1380
16:09:42.406125 IP 10.110.81.195.1583 > 208.69.38.150.80: Flags [.], ack 1710, win 64240, length 0
16:09:42.508888 IP 208.69.38.150.80 > 10.110.81.195.1583: Flags [.], ack 669, win 6432, length 1380
16:09:42.509202 IP 10.110.81.195.1583 > 208.69.38.150.80: Flags [.], ack 1710, win 64240, length 0
16:09:42.511601 IP 208.69.38.150.80 > 10.110.81.195.1583: Flags [.], ack 669, win 6432, length 1380
16:09:42.512218 IP 10.110.81.195.1583 > 208.69.38.150.80: Flags [.], ack 4470, win 64240, length 0
16:09:42.514308 IP 208.69.38.150.80 > 10.110.81.195.1583: Flags [.], ack 669, win 6432, length 1380
16:09:42.514994 IP 10.110.81.195.1583 > 208.69.38.150.80: Flags [.], ack 5850, win 64240, length 0
16:09:42.608441 IP 208.69.38.150.80 > 10.110.81.195.1583: Flags [.], ack 669, win 6432, length 1380
16:09:42.611712 IP 208.69.38.150.80 > 10.110.81.195.1583: Flags [.], ack 669, win 6432, length 1380
16:09:42.614715 IP 10.110.81.195.1583 > 208.69.38.150.80: Flags [.], ack 7230, win 64240, length 0
16:09:42.616634 IP 208.69.38.150.80 > 10.110.81.195.1583: Flags [.], ack 669, win 6432, length 1380
16:09:42.617770 IP 10.110.81.195.1583 > 208.69.38.150.80: Flags [.], ack 9990, win 64240, length 0
16:09:42.619459 IP 208.69.38.150.80 > 10.110.81.195.1583: Flags [.], ack 669, win 6432, length 1380
16:09:42.620802 IP 10.110.81.195.1583 > 208.69.38.150.80: Flags [.], ack 11370, win 64240, length 0
16:09:42.622500 IP 208.69.38.150.80 > 10.110.81.195.1583: Flags [P.], ack 669, win 6432, length 1253
16:09:42.711272 IP 208.69.38.150.80 > 10.110.81.195.1583: Flags [P.], ack 669, win 6432, length 7
16:09:42.711735 IP 10.110.81.195.1583 > 208.69.38.150.80: Flags [.], ack 12623, win 64240, length 0
16:09:42.711757 IP 208.69.38.150.80 > 10.110.81.195.1583: Flags [P.], ack 669, win 6432, length 1282
16:09:42.712316 IP 10.110.81.195.1583 > 208.69.38.150.80: Flags [.], ack 13912, win 64240, length 0
16:09:42.712351 IP 10.110.81.195.1583 > 208.69.38.150.80: Flags [F.], seq 669, ack 13912, win 64240, length 0
16:09:42.713234 IP 208.69.38.150.80 > 10.110.81.195.1583: Flags [F.], seq 13912, ack 669, win 6432, length 0
16:09:42.714178 IP 10.110.81.195.1583 > 208.69.38.150.80: Flags [.], ack 13913, win 64240, length 0
16:09:42.819594 IP 208.69.38.150.80 > 10.110.81.195.1583: Flags [.], ack 670, win 6432, length 0
16:09:43.752660 IP 10.110.81.195.1585 > 208.69.38.150.80: Flags [S], seq 1619761946, win 64240, options [mss 1460,nop,nop,sackOK], length 0
16:09:43.802954 IP 208.69.38.150.80 > 10.110.81.195.1585: Flags [S.], seq 12220252, ack 1619761947, win 8760, options [mss 1460,eol], length 0
16:09:43.803630 IP 10.110.81.195.1585 > 208.69.38.150.80: Flags [.], ack 1, win 64240, length 0
16:09:43.803662 IP 10.110.81.195.1585 > 208.69.38.150.80: Flags [.], ack 1, win 64240, length 536
16:09:43.803677 IP 10.110.81.195.1585 > 208.69.38.150.80: Flags [P.], ack 1, win 64240, length 237
16:09:43.814162 IP 208.69.38.150.80 > 10.110.81.195.1585: Flags [.], ack 537, win 65164, length 0
16:09:43.814258 IP 208.69.38.150.80 > 10.110.81.195.1585: Flags [.], ack 774, win 64927, length 0
16:09:44.017480 IP 208.69.38.150.80 > 10.110.81.195.1585: Flags [P.], ack 774, win 65535, length 823
16:09:44.186029 IP 10.110.81.195.1585 > 208.69.38.150.80: Flags [.], ack 824, win 64240, length 0
ULTRA SLOW ARCHLINUX DUMP (this is from just one request!)
tcpdump -i eth0 -n tcp and host opendns.com
http://pastebin.com/m15ee1831
What's going on here? I'm really lost. I'll really appreciate all the help you can give.
Edgar Merino
Last edited by bimbo (2009-10-27 02:46:12)if you search Maximum Transmission Unit it's a setting in routers and can be set in windows/linux. It's the default size of a tpc packet. Or the maximum a tcp packet can be. If you can set the mtu in arch as much the windows maybe it will help. I don't really know how to do that but by looking at your tcpdump I'd say the windows mtu is 1380 and arch's is 536. Arch would need about 2.5 more packets per transmission. I think routers are set to 1400 - 1440 or so setting it above 1400 is a probably a bad idea.
-
Really Slow web surfing through ZBF with IOS Content filter
Edited: attached partial output of "sh policy-map type inspect zone-pair urlfilter"
Hey, all
We have a 1921 router with IOS Content filter subscribsion and it is also configured as ZBF running latest IOS v15.1. End-user keep complaining about slow web surfing. I connected to network and tested myself and found intermittent surfing experience.
For example, access to www.ibm.com or www.cnn.com hangs 7 times of 10 attempts and maybe only loads reasonablly quick in 1-2 time of the 3. This also affects the speed of download from websites.
I have the case openned with Cisco TAC and CCIE checked my configure but nothing caught his eyes...
I decide to post the issue here in case we both missed something:
Current configuration : 18977 bytes
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname abc_1921
boot-start-marker
boot system flash:/c1900-universalk9-mz.SPA.151-4.M4.bin
boot-end-marker
aaa new-model
aaa authentication login default local
aaa authentication login NONE_LOGIN none
aaa authorization exec default local
aaa session-id common
clock timezone AST -4 0
clock summer-time ADT recurring 3 Sun Mar 2:00 2 Sun Nov 2:00
no ipv6 cef
ip source-route
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
ip cef
ip dhcp excluded-address 192.168.1.1 192.168.1.9
ip dhcp excluded-address 192.168.1.111 192.168.1.254
ip dhcp pool DHCPPOOL
import all
network 192.168.1.0 255.255.255.0
domain-name abc.local
dns-server 192.168.10.200 192.168.10.202
netbios-name-server 4.2.2.4
default-router 192.168.1.150
option 202 ip 192.168.1.218
lease 8
ip domain name abc.locol
ip name-server 8.8.8.8
ip name-server 4.2.2.2
ip port-map user-port-1 port tcp 5080
ip port-map user-port-2 port tcp 3389
ip inspect log drop-pkt
multilink bundle-name authenticated
parameter-map type inspect global
log dropped-packets enable
parameter-map type urlfpolicy trend cprepdenyregex0
allow-mode on
block-page message "The website you have accessed is blocked as per corporate policy"
parameter-map type urlf-glob cpaddbnwlocparapermit2
pattern www.alc.ca
pattern www.espn.com
pattern www.bestcarriers.com
pattern www.gulfpacificseafood.com
pattern www.lafermeblackriver.ca
pattern 69.156.240.29
pattern www.tyson.com
pattern www.citybrewery.com
pattern www.canadianbusinessdirectory.ca
pattern www.homedepot.ca
pattern ai.fmcsa.dot.gov
pattern www.mtq.gouv.qc.ca
pattern licenseinfo.oregon.gov
pattern www.summitfoods.com
pattern www.marine-atlantic.ca
pattern www.larway.com
pattern www.rtlmotor.ca
pattern *.abc.com
pattern *.kijiji.ca
pattern *.linkedin.com
pattern *.skype.com
pattern toronto.bluejays.mlb.com
pattern *.gstatic.com
parameter-map type urlf-glob cpaddbnwlocparadeny3
pattern www.facebook.com
pattern www.radiofreecolorado.net
pattern facebook.com
pattern worldofwarcraft.com
pattern identityunknown.net
pattern static.break.com
pattern lyris01.media.com
pattern www.saltofreight.com
pattern reality-check.com
pattern reality-check.ca
parameter-map type ooo global
tcp reassembly timeout 5
tcp reassembly queue length 128
tcp reassembly memory limit 8192
parameter-map type trend-global global-param-map
cache-size maximum-memory 5000
crypto pki token default removal timeout 0
crypto pki trustpoint Equifax_Secure_CA
revocation-check none
crypto pki trustpoint NetworkSolutions_CA
revocation-check none
crypto pki trustpoint trps1_server
revocation-check none
crypto pki trustpoint TP-self-signed-3538579429
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3538579429
revocation-check none
rsakeypair TP-self-signed-3538579429
!! CERTIFICATE OMITED !!
redundancy
ip ssh version 2
class-map type inspect match-any INCOMING_VPN_TRAFFIC_MAP
match access-group name REMOTE_SITE_SUBNET
class-map type inspect match-all PPTP_GRE_INSPECT_MAP
match access-group name ALLOW_GRE
class-map type inspect match-all INSPECT_SKINNY_MAP
match protocol skinny
class-map type inspect match-all INVALID_SOURCE_MAP
match access-group name INVALID_SOURCE
class-map type inspect match-all ALLOW_PING_MAP
match protocol icmp
class-map type urlfilter match-any cpaddbnwlocclasspermit2
match server-domain urlf-glob cpaddbnwlocparapermit2
class-map type urlfilter match-any cpaddbnwlocclassdeny3
match server-domain urlf-glob cpaddbnwlocparadeny3
class-map type urlfilter trend match-any cpcatdenyclass2
class-map type inspect match-all cpinspectclass1
match protocol http
class-map type inspect match-any CUSTOMIZED_PROTOCOL_216
match protocol citriximaclient
match protocol ica
match protocol http
match protocol https
class-map type inspect match-any INSPECT_SIP_MAP
match protocol sip
class-map type urlfilter trend match-any cptrendclasscatdeny1
match url category Abortion
match url category Activist-Groups
match url category Adult-Mature-Content
match url category Chat-Instant-Messaging
match url category Cult-Occult
match url category Cultural-Institutions
match url category Gambling
match url category Games
match url category Illegal-Drugs
match url category Illegal-Questionable
match url category Internet-Radio-and-TV
match url category Joke-Programs
match url category Military
match url category Nudity
match url category Pay-to-surf
match url category Peer-to-Peer
match url category Personals-Dating
match url category Pornography
match url category Proxy-Avoidance
match url category Sex-education
match url category Social-Networking
match url category Spam
match url category Tasteless
match url category Violence-hate-racism
class-map type inspect match-any INSPECT_PROTOCOLS_MAP
match protocol pptp
match protocol dns
match protocol ftp
match protocol https
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
match protocol icmp
class-map type urlfilter trend match-any cptrendclassrepdeny1
match url reputation ADWARE
match url reputation DIALER
match url reputation DISEASE-VECTOR
match url reputation HACKING
match url reputation PASSWORD-CRACKING-APPLICATIONS
match url reputation PHISHING
match url reputation POTENTIALLY-MALICIOUS-SOFTWARE
match url reputation SPYWARE
match url reputation VIRUS-ACCOMPLICE
class-map type inspect match-all CUSTOMIZED_NAT_MAP_1
match access-group name CUSTOMIZED_NAT_1
match protocol user-port-1
class-map type inspect match-all CUSTOMIZED_NAT_MAP_2
match access-group name CUSTOMIZED_NAT_2
match protocol user-port-2
class-map type inspect match-any INSPECT_H323_MAP
match protocol h323
match protocol h323-nxg
match protocol h323-annexe
class-map type inspect match-all INSPECT_H225_MAP
match protocol h225ras
class-map type inspect match-all CUSTOMIZED_216_MAP
match class-map CUSTOMIZED_PROTOCOL_216
match access-group name CUSTOMIZED_NAT_216
policy-map type inspect OUT-IN-INSPECT-POLICY
class type inspect INCOMING_VPN_TRAFFIC_MAP
inspect
class type inspect PPTP_GRE_INSPECT_MAP
pass
class type inspect CUSTOMIZED_NAT_MAP_1
inspect
class type inspect CUSTOMIZED_NAT_MAP_2
inspect
class type inspect CUSTOMIZED_216_MAP
inspect
class class-default
drop
policy-map type inspect urlfilter cppolicymap-1
description Default abc Policy Filter
parameter type urlfpolicy trend cprepdenyregex0
class type urlfilter cpaddbnwlocclasspermit2
allow
class type urlfilter cpaddbnwlocclassdeny3
reset
log
class type urlfilter trend cptrendclasscatdeny1
reset
log
class type urlfilter trend cptrendclassrepdeny1
reset
log
policy-map type inspect IN-OUT-INSPECT-POLICY
class type inspect cpinspectclass1
inspect
service-policy urlfilter cppolicymap-1
class type inspect INSPECT_PROTOCOLS_MAP
inspect
class type inspect INVALID_SOURCE_MAP
inspect
class type inspect INSPECT_SIP_MAP
inspect
class type inspect ALLOW_PING_MAP
inspect
class type inspect INSPECT_SKINNY_MAP
inspect
class type inspect INSPECT_H225_MAP
inspect
class type inspect INSPECT_H323_MAP
inspect
class class-default
drop
zone security inside
description INTERNAL_NETWORK
zone security outside
description PUBLIC_NETWORK
zone-pair security INSIDE_2_OUTSIDE source inside destination outside
service-policy type inspect IN-OUT-INSPECT-POLICY
zone-pair security OUTSIDE_2_INSIDE source outside destination inside
service-policy type inspect OUT-IN-INSPECT-POLICY
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key password address 11.22.3.1
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set TunnelToCold esp-3des
crypto map TunnelsToRemoteSites 10 ipsec-isakmp
set peer 11.22.3.1
set transform-set TunnelToCold
match address TUNNEL_TRAFFIC2Cold
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description OUTSIDE_INTERFACE
ip address 1.1.1.186 255.255.255.248
ip nat outside
ip virtual-reassembly in
zone-member security outside
duplex full
speed 1000
crypto map TunnelsToRemoteSites
crypto ipsec df-bit clear
interface GigabitEthernet0/1
description INSIDE_INTERFACE
ip address 192.168.1.150 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security inside
duplex full
speed 1000
ip forward-protocol nd
ip http server
ip http access-class 10
ip http authentication local
ip http secure-server
ip nat inside source static tcp 192.168.1.217 5080 interface GigabitEthernet0/0 5080
ip nat inside source route-map NAT_MAP interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.1.216 80 1.1.1.187 80 extendable
ip nat inside source static tcp 192.168.1.216 443 1.1.1.187 443 extendable
ip nat inside source static tcp 192.168.1.216 1494 1.1.1.187 1494 extendable
ip nat inside source static tcp 192.168.1.216 2598 1.1.1.187 2598 extendable
ip nat inside source static tcp 192.168.1.213 3389 1.1.1.187 3390 extendable
ip nat inside source static tcp 192.168.1.216 5080 1.1.1.187 5080 extendable
ip route 0.0.0.0 0.0.0.0 1.1.1.185
ip access-list standard LINE_ACCESS_CONTROL
permit 192.168.1.0 0.0.0.255
ip access-list extended ALLOW_ESP_AH
permit esp any any
permit ahp any any
ip access-list extended ALLOW_GRE
permit gre any any
ip access-list extended CUSTOMIZED_NAT_1
permit ip any host 192.168.1.217
permit ip any host 192.168.1.216
ip access-list extended CUSTOMIZED_NAT_2
permit ip any host 192.168.1.216
permit ip any host 192.168.1.212
permit ip any host 192.168.1.213
ip access-list extended CUSTOMIZED_NAT_216
permit ip any host 192.168.1.216
ip access-list extended INVALID_SOURCE
permit ip host 255.255.255.255 any
permit ip 127.0.0.0 0.255.255.255 any
ip access-list extended NAT_RULES
deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.6.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.8.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.9.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended REMOTE_SITE_SUBNET
permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.8.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2ABM
permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2Bridgewater
permit ip 192.168.1.0 0.0.0.255 192.168.8.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2ColdbrookDispatch
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2ColdbrookETL
permit ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2ColdbrookTrailershop
permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2Moncton
permit ip 192.168.1.0 0.0.0.255 192.168.6.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2MountPearl
permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2Ontoria
permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
ip access-list extended WEB_TRAFFIC
permit tcp 192.168.1.0 0.0.0.255 any eq www
access-list 10 permit 192.168.1.0 0.0.0.255
route-map NAT_MAP permit 10
match ip address NAT_RULES
snmp-server community 1publicl RO
control-plane
line con 0
logging synchronous
login authentication NONE_LOGIN
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class LINE_ACCESS_CONTROL in
exec-timeout 30 0
logging synchronous
transport input all
scheduler allocate 20000 1000
ntp server 0.ca.pool.ntp.org prefer
ntp server 1.ca.pool.ntp.org
endHi,
I know this is for a different platform but have a look at this link:
https://supportforums.cisco.com/thread/2089462
Read through it to get some idea of the similarity, but in particular note the last entry almost a year after the original post.
I too am having trouble with http inspection, if I do layers 3 & 4 inspection there is no issue whatsoever, but as soon as I enable layer 7 inspection then I have intermittent browsing issues.
The easy solution here is to leave it at layers 3 & 4, which doesn't give you the flixibility to do cool things like blocking websites, IM, regex expression matching etc... but in my opinion I just don't think these routers can handle it.
It appears to be a hit and miss affair, and going on the last post from the above link, you might be better off in having the unit replaced under warranty.
The alternative is wasting a lot of time and effort and impacting your users to get something up and running that in the end is so flaky that you have no confidence in the solution and you are then in a situation where ALL future issues users are facing MIGHT be because of this layer 7 inspection bug/hardware issue etc?
I would recommend you use the router as a frontline firewall with inbound/outbound acl's (no inspection), and then invest a few $ in getting an ASA dedicated firewall (but that's just me ) -
Diable Safe Web Surfing Manually?
I recently got the M10 valet (hardware version 1) and instally noticed the website loading problem, which is all over the forums. I updated the firmware to the latest (2.0.0.1) and that improved my performance. Its obvious that the issue is the Safe Web Surfing feature which scans websites to determine if they are safe.
I scoured the interface through the browser, but I cannot find a way to turn this feature off without using the CISCO connect software which fails to run on my computer because I don't have a wireless card??
Has anyone found a way to disable this feature using the web management method?
ThanksWhen Safe Web Surfing is turned ON as you’re surfing the Internet and are about to open a potentially harmful site, an alert displays in your browser telling you that the site may be harmful to your computer or to your personal data. There are certain sites on the Internet that are “flagged” as potentially harmful, meaning they may contain viruses, install malware on your computer, or attempt to access your personal data. You can continue on to the site, or decide not to open it. When Safe Web Surfing is turned on, it applies to all computers connected to the Valet or Valet Plus.
I think it is not possible to disable the safe web surfing feature using the web interface.
You need to install the Cisco connect software on your main computer.
What error message do you get when you try to install Cisco connect software on your main computer?
You have already upgraded the firmware on your router.
After upgrading the firmware on the router, it is recommended that you should reset the router and reconfigure it. Press and hold the reset button on the router for 30 seconds. Release the reset button and wait for 10 seconds. Power cycle the router and try to run the Cisco connect on your main computer. -
I am using ARD 3.3 to manage the Macs in my building. I am having troubles with 11 out of 21 of the MacBook 4,1 model computers that are not showing up on the Scanner / All Computers list with ARD. Those not on the list show up as black icons with IP Addresses signifying that they can be pinged but have no client response from those computers. They are running Client Software v. 3.3.1 and access the network wirelessly, same as the Admin Comp.
I have opened the Sharing system pref and turned ARD on/off, modified the access privileges and restarted all machines to no avail. What else can I try to get these computers to be managed via ARD?They are running Client Software v. 3.3.1 and access the network wirelessly
Are the appropriate ports open and forwarded in the wireless router to those workstations? You'll need to do some special setup to be able to manage multiple systems behind an NAT (see "Setting Up the Network" in the Remote Desktop Help). -
I want to delete a group on my iChat list, but it doesn't go away when I right click and delete it. No ones in the group and I tried the plus button on the bottom left of the list and I can't find "edit groups"
WordPress is in a class of it's own. It began it's open source life as a blogging system but it has evolved into a powerful, feature-rich CMS (content management system). In short, if you elect to use WordPress on your domain, you might just as well use it for your entire web site.
To work with WordPress, you will need a firm understanding of HTML, CSS and how PHP includes work.
WP requires you to set-up a dynamic work environment (see links below)
Find a WP Theme you like that won't require much customizing on your part.
Related Links:
http://wordpress.org/
Get one of the following testing servers for your OS and follow the installation instructions.
WAMP for Windows
http://www.wampserver.com/en/
XAMPP for Windows
http://www.apachefriends.org/en/xampp-windows.html
XAMPP for Mac
http://www.apachefriends.org/en/xampp-macosx.html
MAMP for Mac
http://www.mamp.info/en/downloads/index.html
Setting up a PHP development environment for Dreamweaver
http://www.adobe.com/devnet/dreamweaver/articles/setting_up_php_05.html
Creating a WordPress Theme in DW
http://www.adobe.com/devnet/dreamweaver/articles/creating_wordpress_theme_with_dreamweaver _pt1.html
Best of luck,
Nancy O.
Alt-Web Design & Publishing
Web | Graphics | Print | Media Specialists
http://alt-web.com/
http://twitter.com/altweb
http://alt-web-design.blogspot.com/ -
Is it possible to allow ICMP ping responce on the public interface for WRT54G?
Hi I need to remotely monitor a WRT45G from a remote host on the Internet. As such, I want to allow ICMP ping replies on the public Internet interface. However, I have found no feature to allow me to do this. Similar Netgear devices do allow this feature. I suspect the answer is, "you can't do that".
Yes this is possible. I just managed it on a WRT54GL.
On the routers default configuration page: 192.168.1.1 (or whatever you set it to) select the Security-tab, click sub-tab Firewall, uncheck the box next to "Block Anonymous Internet Requests", save settings. - I guess there's a risk involved, but it works. -
When I've been doing a lot of web surfing - especially on a single site - Firefox slows down and barely more. Toolbar functions and cursor movement also slow. There's a long delay when typing information into online forms - I'm usually several words ahead of what's been entered. It usually strikes suddenly -- first signs of sluggishness usually quickly followed by everything barely moving. Even when I Quit Firefox, there's a very delayed response in all action. But after quitting and rebooting, Firefox opens and is running fine again.
I have this using 3.6.23
-
Why would you allow firefox to update computer web-browsers if you have an idea that it will no longer work after the update? And why would you not include instructions for, how to fix the problem? Help Please! Can I go back to the old one?
Ron Bell
[email protected]Mozilla, like many other software companies, thoroughly test their software before releasing it to the public and I'm sure that no problem you are having is intentional.
I do not work for Mozilla but I do have experience of releasing software for public usage.
Firefox has no way of knowing what other software is already on your computer and with millions of combinations it isn't always possible to test for every scenario.
You can go back to the old version of Firefox but that won't always solve your problem.
The web site below tells you how:
https://support.mozilla.com/en-US/kb/Installing%20a%20previous%20version%20of%20Firefox -
our Broadband went down over the weekend and i spent 6 hours on the phone with BT yesterday. i have two net gear routers which i have had tested yesterday and both work, but i cant get broadband with either. BT can ping my router and i can ping google but i cant get web pages up. my ipad gets email but no web pages.
i have now been referred to "wholesale" whatever that means to check the line. any ideas how to fix the probelm or speed up the line checks?if your internet is working please can you post the adsl stats from your router may need to 'show detail' to get all stats (if hub enter 192.168.1.254 in your browser and navigate to adsl or use a-z, if netgear enter 192.168.0.1) and run btspeedtester http://speedtester.bt.com and post the results.
Someone may then be able to offer help/assistance/suggestions to your problem
Your ISP is BT retail and the exchange is owned by BT wholesale. BTw have been asked to checked tou connection at the exchange to see if there is a problem
If you like a post, or want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side of the post.
If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’. -
ISight works with iChat & iMovie but not with 3rd-party apps
Hi,
I cannot get iSight to work at all with aMSN, Mercury Messenger or Yahoo. It is fine with the Apple apps. My son has a G4 iBook and the same iSight works fine on this with the Apple apps and aMSN. We have looked at all the settings we can think of, and they are the same on both computers. There must surely be a very simple answer...
Any help greatly appreciated.
Bob.
PowerBook G4 Mac OS X (10.4.3)Hello Bob. If you unhook your son's iBook from the ethernet cable, plug in your PowerBook where his iBook was, and still have the same problem, you likely need some work on your Mac.
It may be an issue of the relative health of your Mac versus the vagaries of some third party software:• Be sure you Mac OS X maintenance is up to date.
• If you have not already done so, try re-applying the 10.4.3 Combo Update. Unless you have a "tried and tested" update method, I suggest a technique such as How I Update My Mac OS X.If that does not help, and if your Mac works with all your other apps, see the app's Help, Readme, or other documentation that came with the download for the problem app(s). If that fails, see the Support sections of the third party app web site to find out its known issues with your Mac and for help on how to install and use their applications. If they cannot help you use their application, you may want to try a different app.
In the worst case, you may want to get a PC if you must connect to the PC versions of Microsoft or Yahoo! Messenger. These apps are better supported for the PC platform, although they do not offer the features of iChat AV 3.
The simpler answer is iChat AV, but iChat AV will not connect for video with your chosen third party apps.
Maybe you are looking for
-
How can I create a link that allows users to convert a Wiki pages into PDF format.
I am working on an enterprise Wiki library site collection, but I want to create a link named "Convert to PDF" , which allow users to convert the current Wiki into a pdf file. I need this link to be displayed some where in all the exsiting Wikis page
-
Sound Clip Organization Software?
Hello, I recently acquired a Tascam portable recorder, and I am wondering if there is any software that I could use to organize and keyword my sound clips. Do you have any suggestions? Thanks in Advance, Spencer ><>
-
How can I use other endnote bibliography formats in Pages '13?
It's really stupid program. In my uni, we use our own reference style, and I'm using endnote X7. I have used whole time today to change endnote format in pages'13. But, I could note change. the bibliography formats are fix to some popular referencing
-
Hi all I have a strange behaviour of my Mac MIni 2012. The mini is connected to the internet by LAN. When I download a file via http or ftp everything is very fast (arround 95mbit/s). But when I try to open a website in Safari, Chrome or Firefox i ha
-
Editor will not work Elements 8
I have elements 8, running on windows 7. The organizer works but the editing tool will not open. any suggestions? I have uninstalled and reinstalled twice.