With Timed Access List on, Guest users cannot access Guest network.
I have a ABS with 7.5 version. In the Timed Access window i have default set to "no access". Then, all the computers that are allowed access to the main network are on the list. Then i have the main network hidden. My guest network is broadcasting but when a user tries to connect to it, they get a "Unable to connect". If I change the default access in Timed Access to "Everyday", users are then able to connect to the Guest network again.
Obviously, this is a bug. I don't want people accessing the main network that aren't on the timed access list. However, I still want guest users to access the Guest Network.
It looks to me that the Timed Access window is controlling the restriction of the Guest and Main network, when it should only be controlling the Main only.
Hopefully, apple has noted this issue and will be fixed on the new update. If other people are experiencing this problem, Please let me know.
-Ghost
Apple just updated the airport to 7.5.1. But there is still a problem with the the guest network not allowing access. If the "Unlimited" is set to "No Access" in the access list it prevents anybody from accessing the guest network. It should only deny your Main wireless Network.
In other words, the Access List is controlling the access for both wireless networks(Guest and Main network)
Either apple needs to create two Access Lists, One for Main network, and One for guest network. Or just have to option to choose which Network you want to restrict leaving the second one open for all.
-Ghost
Similar Messages
-
hi,
i am new to this forum,i have one doubt,
user cannot access one authorization field , how can i analysis this issue, i know su 53 for find the authorization field...but user have 100 roles... how can i find the which role and object...plz help me..Hi Hassan,
This is not the correct category. This message should be opened under security item. However, you can find the whole required authorization objects list, by using ST01 trace.
Best regards,
Orkun Gedik -
I am in the final stages of a cross-forest migration. Users have Windows 7 workstations with redirected folders on a Windows Server 2012 box running in the old forest. User accounts were not migrated. The accounts in use have always
been in the "new" forest. One of our challenges was the large volume of data in redirected folders. I made sure users in the target forest had continued to have access to their redirected folders in the old forest and robocopied
the entire users share, copying the permissions with the files. By doing incremental robocopies, we can get a final copy done now in about six hours. The plan was simple: copy the files, do an incremental copy every night, on the night of the cutover
change the folder redirection policy Documents path from
\\oldserver\users\%USERNAME% to
\\newserver\users\%USERNAME%. The policy is configured to NOT copy user files from the existing folder to the new redirected folder. Everything was going well until I tested the policy change. After the folder redirection policy is updated
and applied, the user cannot access the private Documents folder. For example, user Chester Tester logs on as ctester. I open Windows Explorer and click the Documents shortcut. I see one subfolder, which is subfolder of Public Documents.
So I can look at Public Documents but when I click on the Documents folder (Under the Documents library link) I get an access denied error. Now for the kicker, if I open another Windows Explorer window and edit the address bar to
\\newserver\users\ctester, I can navigate the Documents folder tree and see my thousands of documents. What the ....?
I'm hoping this is something really simple to fix!
TIAHI Vivian,
Thank you for your reply. Yes, the path in Group Policy Folder Redirection Root Path was updated to
\\NEWSERVER\users. I had planned to point this to the distributed file system, so the first used was actually
\\domain\dfs\users. To simplify things I have backed off to copying to just a normal share
\\newserver\users.
We are using BASIC folder redirection and we create a folder for each user under the root path.
We did not want the policy to move content, as we were seeing users requiring 15-20 minute logon times (or higher) after the policy is changed.
Grant the User exclusive right to Documents - Disabled
Move the contents of Documents to the new location - Disabled
Related folder settings
Video - Follow Documents
Music - Follow Documents
Pictures - Follow Documents
Now when I change the folder redirection from old server to new server I now have TWO My Documents folders in the user's redirection folder on the server. The redirected Documents points to an empty folder set. The copied folders with all user
data are there, but folder redirection refuses to recognize the original folder.
I am looking at the full view of the folder, nothing hidden, so I'm wondering how a folder can have two subfolders with the exact same name. For now, I just want the redirection to move from the old server to the new server properly. I deleted
the new My Documents folder, rebooted the user's workstation and tried again. The behavior repeats itself, i.e., a new My Documents folder is always created when the redirection policy is changed from the old server to the new server. The environment
has about 1500 users with approximately 1.3TB of data in the redirected Documents folders. OUCH! -
Remote site to site VPN user cannot access LAN resources
Users in remote site can get ping response but no http service from local web server where the local web server also has NAT rule allowing access from WAN. In the below config, users in remote 10.10.10.160/27 can ping 10.10.10.30 and 10.10.10.95, but http packets are not returned.
What do I need to do to fix this?
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname SFGallery
boot-start-marker
boot-end-marker
no logging buffered
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authentication login ciscocp_vpn_xauth_ml_3 group radius local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa session-id common
clock timezone PCTime -7 0
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ipv6 cef
ip source-route
ip cef
ip dhcp excluded-address 172.16.0.1 172.16.3.99
ip dhcp excluded-address 172.16.3.200 172.16.3.254
ip dhcp pool SFGallery172
import all
network 172.16.0.0 255.255.252.0
domain-name xxxxxxxxxxxx
dns-server 10.10.10.10
default-router 10.10.10.94
netbios-name-server 10.10.10.10
ip domain name gpgallery.com
ip name-server 10.10.10.10
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip name-server 10.10.10.80
multilink bundle-name authenticated
crypto pki token default removal timeout 0
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name [email protected]
revocation-check crl
crypto pki trustpoint SFGallery_Certificate
enrollment selfsigned
serial-number none
ip-address none
revocation-check crl
rsakeypair SFGallery_Certificate_RSAKey 512
crypto pki certificate chain test_trustpoint_config_created_for_sdm
crypto pki certificate chain SFGallery_Certificate
certificate self-signed 01
xxxxxx
quit
license udi pid CISCO2911/K9 sn FTX1542AKJ3
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
hw-module sm 1
object-group network Corp
172.16.4.0 255.255.252.0
10.10.10.128 255.255.255.224
object-group network SFGallery
172.16.0.0 255.255.252.0
10.10.10.0 255.255.255.128
object-group network NY
10.10.10.160 255.255.255.224
172.16.16.0 255.255.252.0
object-group network GPAll
group-object SFGallery
group-object NY
group-object Corp
username xxx
username xxx
username xxx
username xxx
redundancy
no ip ftp passive
ip ssh version 1
class-map type inspect match-all CCP_SSLVPN
match access-group name CCP_IP
policy-map type inspect ccp-sslvpn-pol
class type inspect CCP_SSLVPN
pass
zone security sslvpn-zone
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key TempVPN1# address xx.xx.xx.xx
crypto isakmp client configuration group SFGallery
key Peters2011
dns 10.10.10.10 10.10.10.80
wins 10.10.10.10 10.10.10.80
domain gpgallery.com
pool SDM_POOL_1
acl 111
save-password
split-dns gpgallery.com
max-users 25
max-logins 3
netmask 255.255.252.0
banner ^CYou are now connected to the Santa Fe Gallery and Corp. ^C
crypto isakmp profile ciscocp-ike-profile-1
match identity group SFGallery
client authentication list ciscocp_vpn_xauth_ml_3
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 3
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set security-association idle-time 43200
set transform-set ESP-3DES-SHA3
set isakmp-profile ciscocp-ike-profile-1
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel toxx.xx.xx.xx
set peer xx.xx.xx.xx
set transform-set ESP-3DES-SHA1
match address 107
reverse-route
interface Loopback1
ip address 192.168.5.1 255.255.255.0
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description T1 Cybermesa$ETH-WAN$
ip address xx.xx.xx.xx 255.255.255.240
ip access-group 105 in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map SDM_CMAP_1
interface GigabitEthernet0/1
description LANOverloadNet$ETH-WAN$
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/2
description LAN$ETH-LAN$
ip address 10.10.10.2 255.255.255.128
ip access-group 100 in
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/0/0
ip address 192.168.100.1 255.255.255.0
ip access-group ReplicationIN out
duplex auto
speed auto
interface GigabitEthernet1/0
description $ETH-LAN$
ip address 172.16.0.1 255.255.252.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet1/1
description Internal switch interface connected to EtherSwitch Service Module
no ip address
interface Virtual-Template1 type tunnel
ip unnumbered Loopback1
interface Virtual-Template2
ip unnumbered Loopback1
zone-member security sslvpn-zone
interface Virtual-Template3 type tunnel
ip unnumbered GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Vlan1
no ip address
ip local pool SDM_POOL_1 172.16.3.200 172.16.3.254
ip forward-protocol nd
ip http server
ip http access-class 1
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-top-talkers
top 10
sort-by bytes
cache-timeout 60000
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/0 overload
ip nat inside source route-map SDM_RMAP_4 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.10.10.95 22 xx.xx.xx.xx extendable
ip nat inside source static udp 10.10.10.95 22 xx.xx.xx.xx extendable
ip nat inside source static tcp 10.10.10.95 25 xx.xx.xx.xx extendable
ip nat inside source static udp 10.10.10.95 25 xx.xx.xx.xx 25 extendable
ip nat inside source static tcp 10.10.10.95 80 xx.xx.xx.xx 80 extendable
ip nat inside source static udp 10.10.10.95 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 10.10.10.95 443 xx.xx.xx.xx 443 extendable
ip nat inside source static udp 10.10.10.95 443 xx.xx.xx.xx 443 extendable
ip nat inside source static tcp 10.10.10.30 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 10.10.10.104 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 10.10.10.37 26 xx.xx.xx.xx 25 extendable
ip nat inside source static udp 10.10.10.37 26 xx.xx.xx.xx 25 extendable
ip nat inside source static tcp 10.10.10.115 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 10.10.10.115 443 xx.xx.xx.xx 443 extendable
ip nat inside source static tcp 10.10.10.80 443 xx.xx.xx.xx 443 extendable
ip nat inside source static tcp 10.10.10.47 26 xx.xx.xx.xx 25 extendable
ip nat inside source static udp 10.10.10.47 26 xx.xx.xx.xx 25 extendable
ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx permanent
ip route 10.10.10.0 255.255.255.128 GigabitEthernet0/2 10 permanent
ip route 10.10.10.44 255.255.255.255 10.10.10.1 permanent
ip route 10.10.10.128 255.255.255.224 10.10.10.126 permanent
ip route 10.10.10.172 255.255.255.255 10.10.10.3 permanent
ip route 10.10.10.175 255.255.255.255 10.10.10.3 permanent
ip route 10.10.10.177 255.255.255.255 10.10.10.3 permanent
ip route 172.16.4.0 255.255.252.0 10.10.10.126 permanent
ip route 192.168.100.0 255.255.255.0 FastEthernet0/0/0 permanent
ip route 192.168.101.0 255.255.255.0 10.10.10.126 permanent
ip access-list extended CCP_IP
remark CCP_ACL Category=128
permit ip any any
ip access-list extended ReplicationIN
remark CCP_ACL Category=1
permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
deny ip any any
ip access-list extended ReplicationOUT
remark CCP_ACL Category=1
deny ip any any
no logging trap
logging 10.10.10.107
access-list 1 permit 192.168.1.2
access-list 1 remark CCP_ACL Category=1
access-list 1 permit 72.216.51.56 0.0.0.7
access-list 1 permit 172.16.0.0 0.0.3.255
access-list 1 permit 172.16.4.0 0.0.3.255
access-list 1 permit 10.10.10.128 0.0.0.31
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 permit xx.xx.xx.xx 0.0.0.15
access-list 1 permit 10.10.10.0 0.0.0.127
access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark CCP_ACL Category=1
access-list 100 permit tcp object-group GPAll object-group NY eq www
access-list 100 permit udp host 10.10.10.10 eq 1645 host 10.10.10.2
access-list 100 permit udp host 10.10.10.10 eq 1646 host 10.10.10.2
access-list 100 permit ip any host 10.10.10.2
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq telnet
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq telnet
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq telnet
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq telnet
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq 22
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq 22
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq 22
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq 22
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq www
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq www
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq www
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq www
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq 443
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq 443
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq 443
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq 443
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq cmd
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq cmd
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq cmd
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq cmd
access-list 100 deny tcp any host 10.10.10.2 eq telnet
access-list 100 deny tcp any host 10.10.10.2 eq 22
access-list 100 deny tcp any host 10.10.10.2 eq www
access-list 100 deny tcp any host 10.10.10.2 eq 443
access-list 100 deny tcp any host 10.10.10.2 eq cmd
access-list 100 deny udp any host 10.10.10.2 eq snmp
access-list 100 permit udp any eq domain host 10.10.10.2
access-list 100 permit udp host 10.10.10.80 eq domain any
access-list 100 permit udp host 10.10.10.10 eq domain any
access-list 100 permit ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark CCP_ACL Category=1
access-list 101 permit ip 72.216.51.56 0.0.0.7 any
access-list 101 permit ip 172.16.0.0 0.0.3.255 any
access-list 101 permit ip 172.16.4.0 0.0.3.255 any
access-list 101 permit ip 10.10.10.128 0.0.0.31 any
access-list 101 permit ip xx.xx.xx.xx 0.0.0.15 any
access-list 101 permit ip host 192.168.1.2 any
access-list 101 permit ip 10.10.10.0 0.0.0.127 any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark CCP_ACL Category=1
access-list 102 permit ip 72.216.51.56 0.0.0.7 any
access-list 102 permit ip 172.16.0.0 0.0.3.255 any
access-list 102 permit ip 172.16.4.0 0.0.3.255 any
access-list 102 permit ip 10.10.10.128 0.0.0.31 any
access-list 102 permit ip xx.xx.xx.xx 0.0.0.15 any
access-list 102 permit ip host 192.168.1.2 any
access-list 102 permit ip 10.10.10.0 0.0.0.127 any
access-list 103 remark Auto generated by SDM Management Access feature
access-list 103 remark CCP_ACL Category=1
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq telnet
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq 22
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq www
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq 443
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq cmd
access-list 103 deny tcp any host 172.16.0.1 eq telnet
access-list 103 deny tcp any host 172.16.0.1 eq 22
access-list 103 deny tcp any host 172.16.0.1 eq www
access-list 103 deny tcp any host 172.16.0.1 eq 443
access-list 103 deny tcp any host 172.16.0.1 eq cmd
access-list 103 deny udp any host 172.16.0.1 eq snmp
access-list 103 permit ip any any
access-list 104 remark CCP_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 10.10.10.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 104 permit ip 10.10.10.0 0.0.0.255 10.10.10.160 0.0.0.31
access-list 105 remark Auto generated by SDM Management Access feature
access-list 105 remark CCP_ACL Category=1
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.10.10.160 0.0.0.31 10.10.10.128 0.0.0.31
access-list 105 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.10.10.160 0.0.0.31 172.16.0.0 0.0.255.255
access-list 105 permit ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 105 permit ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 105 permit ip 172.16.0.0 0.0.255.255 10.10.10.0 0.0.0.255
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq telnet
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq telnet
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq telnet
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq 22
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq 22
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq 22
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq www
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq www
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq www
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq 443
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq 443
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq 443
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq cmd
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq cmd
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq cmd
access-list 105 deny tcp any host xx.xx.xx.xx eq telnet
access-list 105 deny tcp any host xx.xx.xx.xx eq 22
access-list 105 deny tcp any host xx.xx.xx.xx eq www
access-list 105 deny tcp any host xx.xx.xx.xx eq 443
access-list 105 deny tcp any host xx.xx.xx.xx eq cmd
access-list 105 deny udp any host xx.xx.xx.xx eq snmp
access-list 105 permit tcp any host xx.xx.xx.xx eq 443
access-list 105 permit ip 10.10.10.160 0.0.0.31 10.10.10.0 0.0.0.127
access-list 105 permit udp any eq domain host xx.xx.xx.xx
access-list 105 permit ahp host 209.101.19.226 host xx.xx.xx.xx
access-list 105 permit esp host 209.101.19.226 host xx.xx.xx.xx
access-list 105 permit udp host 209.101.19.226 host xx.xx.xx.xx eq isakmp
access-list 105 permit udp host 209.101.19.226 host xx.xx.xx.xx eq non500-isakmp
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.10.10.0 0.0.0.127 10.10.10.0 0.0.0.127
access-list 105 permit ip any any
access-list 106 remark CCP_ACL Category=2
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.10.10.128 0.0.0.31 10.10.10.160 0.0.0.31
access-list 106 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 172.16.0.0 0.0.255.255 10.10.10.160 0.0.0.31
access-list 106 deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 106 deny ip 172.16.0.0 0.0.255.255 10.10.10.0 0.0.0.255
access-list 106 deny ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 106 deny ip 10.10.10.0 0.0.0.127 10.10.10.160 0.0.0.31
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.10.10.0 0.0.0.127 10.10.10.0 0.0.0.127
access-list 106 permit ip 10.10.10.0 0.0.0.255 any
access-list 107 remark CCP_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.10.10.0 0.0.0.127 10.10.10.160 0.0.0.31
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.10.10.128 0.0.0.31 10.10.10.160 0.0.0.31
access-list 107 remark IPSec Rule
access-list 107 permit ip 172.16.0.0 0.0.255.255 10.10.10.160 0.0.0.31
access-list 107 permit ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 107 permit ip 172.16.0.0 0.0.255.255 10.10.10.0 0.0.0.255
access-list 107 permit ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 107 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 107 remark IPSec Rule
access-list 107 deny ip 172.16.0.0 0.0.255.255 host 10.10.10.177
access-list 108 remark CCP_ACL Category=2
access-list 108 remark IPSec Rule
access-list 108 deny ip 10.10.10.0 0.0.0.255 10.10.10.160 0.0.0.31
access-list 108 permit ip 70.56.215.0 0.0.0.255 any
access-list 109 remark CCP_ACL Category=2
access-list 109 remark IPSec Rule
access-list 109 deny ip 10.10.10.128 0.0.0.31 10.10.10.160 0.0.0.31
access-list 109 remark IPSec Rule
access-list 109 deny ip 10.10.10.0 0.0.0.127 10.10.10.160 0.0.0.31
access-list 109 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 109 remark IPSec Rule
access-list 109 deny ip 172.16.0.0 0.0.255.255 10.10.10.160 0.0.0.31
access-list 109 deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 109 deny ip 172.16.0.0 0.0.255.255 10.10.10.0 0.0.0.255
access-list 109 deny ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 109 permit ip 172.16.0.0 0.0.255.255 any
access-list 111 remark CCP_ACL Category=4
access-list 111 permit ip 10.10.10.0 0.0.0.127 any
access-list 111 permit ip 10.10.10.128 0.0.0.31 any
access-list 111 permit ip 172.16.0.0 0.0.3.255 any
access-list 111 permit ip 172.16.4.0 0.0.3.255 any
access-list 111 permit ip 10.10.10.160 0.0.0.31 any
route-map SDM_RMAP_4 permit 1
match ip address 109
route-map SDM_RMAP_1 permit 1
match ip address 106
route-map SDM_RMAP_2 permit 1
match ip address 108
snmp-server community public RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps transceiver all
snmp-server enable traps ds1
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps license
snmp-server enable traps envmon
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps flash insertion removal
snmp-server enable traps c3g
snmp-server enable traps ds3
snmp-server enable traps adslline
snmp-server enable traps vdsl2line
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps energywise
snmp-server enable traps vstack
snmp-server enable traps mac-notification
snmp-server enable traps bgp
snmp-server enable traps isis
snmp-server enable traps rf
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps ipsla
snmp-server enable traps bfd
snmp-server enable traps firewall serverstatus
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server host 10.10.10.107 public
radius-server host 10.10.10.10 key HelloSFGal1#
control-plane
banner login ^CCCWelcome to Santa Fe Gallery Cisco 2911 router 10.10.10.1.^C
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
flowcontrol software
line vty 0 4
access-class 102 in
transport input telnet
line vty 5 15
access-class 101 in
transport input telnet
scheduler allocate 20000 1000
endThanks so much, Herbert.
As an alternative to what you suggest, what do you think of this? I got it from Cisco's support document, http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml
I would delete these lines:
no ip nat inside source static tcp 10.10.10.95 80 [outside IP) 80 extendable
no ip nat inside source static udp 10.10.10.95 80 [outside IP) 80 extendable
no ip nat inside source static tcp 10.10.10.95 443 [outside IP) 443 extendable
no ip nat inside source static udp 10.10.10.95 443 [outside IP) 443 extendable
no ip nat inside source static tcp 10.10.10.30 80 [outside IP) 80 extendable
and replace with these
ip nat inside source static tcp 10.10.10.95 80 [outside IP) 80 route-map nonat extendable
ip nat inside source static udp 10.10.10.95 80 [outside IP) 80 route-map nonat extendable
ip nat inside source static tcp 10.10.10.95 443 [outside IP) 443 route-map nonat extendable
ip nat inside source static udp 10.10.10.95 443 [outside IP) 443 route-map nonat extendable
ip nat inside source static tcp 10.10.10.30 80 [outside IP) 80 route-map nonat extendable
Then add:
access-list 150 deny ip host 10.10.10.95 10.10.10.160 0.0.0.31
access-list 150 deny ip host 10.10.10.95 172.16.8.0 0.0.3.255
access-list 150 deny ip host 10.10.10.130 10.10.10.160 0.0.0.31
access-list 150 deny ip host 10.10.10.130 172.16.8.0 0.0.3.255
access-list 150 permit ip host 10.10.10.95 any
access-list 150 permit ip host 10.10.10.130 any
route-map nonat permit 10
match ip address 150 -
Non-admin user cannot access Essbase server level variables
Version 11.1.1.3
Essbase Substitution variables are created at server level. Users are getting error in FR report that uses the Subsitution Variable -- Essbase Error(1051085): You do not have sufficient access to get this substitution variable. Also, users cannot access Substitution variable in SmartView. However, users can access variables created at database level. Users are provisioned as "Server Access" to Essbase and filter access to ASO application "MGTRPTG", where MGTRPTG is an ASO essbase application for reporting. We tried the same provisioning in two other environments and it seems to be working fine.
User is type "Essbase and Planning" provisioned with essbase "server access", application mgtrptg "filter", Reporting and Analysis "analyst", "dynamic viewer" and "Explorer". In addition, it is given a filter "REP_DME_GALB" which restricts 2 dimensions (Division and Geography).
Steps taken to resolve:
1. Existing users were deprovisioned and reprovisioned with no effect.
2. Created brand new identically provisioned users in Prod and QA. QA user can access the server level var and Prod user cannot
3. Created a brand new server level variable in Prod and this cannot be accessed.
4. All services have already been restarted several times.
5. SR has been opened.
Temporary workaround:
By creating a duplicate of the same set of variables at the database level, the reports work. This can only be a temporary workaround as the client cannot be expected to maintain two sets of substitution variables since there are 3 applications using these server level variables.
Thank you for any ideas!
JenniferYou have stumbled on a defect which is resolved in the Hyperion Planning 9.3.1 patch 6 and above. If you have your planning preferences set to indent members it will cause forms which have page selections to show as invalid in SmartView.
You can either patch Planning or turn off the preference. The patches are available from http://metalink3.oracle.com and require account which has been associated with your client ID.
P.S. Usually it's not a good practice to use the admin id.
Regards,
-John
Edited by: Jbooth on Nov 3, 2008 2:12 PM -
PIX Users Cannot Access Other Websites & Email Servers on Same-Shared T1 Co
We are sharing a T1 connection with another business in our building. They have their own separate network environment from mine. I have a Windows 2003 Small Business Server behind a PIX-501 and the users in my network connect to the Internet via Windows Server?s DHCP and Internet sharing (NAT) services.
All Internet and email traffic is accessible except for those hosted by the other company who we're sharing a connection with. My users cannot access that company?s web server or send email to their email server (we all get 4.4.7 SMTP errors? days later after sending the message).
They have no firewall on their end; which is why I think there may be something wrong with my PIX configuration (see attached config file). I'm sort of a newbie with the PIX CLI, so any help I can get could be great. Thanks in advanced!The problem is not with PIX. This is a common problem when sharing a T1 link as it creates a routing problem since routing cannot be done based on shared T1 channels. Your PIX config is fine and has nothing to do with this issue.
-
Users cannot access Document Library althouth they have Edit permissions
Hello,
I have a strange SharePoint 2013 case, or at least it's strange to me.
Users from the company cannot access a Document Library although I've granted them Edit permissions. The Inheritance from the parent have been broken, all inherited groups have been removed and all users have unique permissions to this library. Here is the
setup:
Web App -> Sub Site A -> Sub Site B -> Sub Site C -> Sub Site D -> Library
So these users have Read access from the Web App down to Sub Site B. They cannot see Sub Site C and D because these sites are also with broken inheritance and unique permissions. But I've granted Edit permissions for these users to the Library.
If I assign View permissions for these users to the Sub Site D then they can upload and edit documents in the library, but still cannot see Sub Site C which was my intention anyway. Again i don't want them to see Sub Site D either, but if i remove the View
permissions they can't access the library.
On SP 2010 this was not an issue. I'm not sure if here the permissions are different or not, but I've never seen such issue before.
Any ideas will be much appreciated. I hope the explanation is good enough to describe the issue.
Many Thanks in advance.
IvoHi Ivaylo,
According to your description, my understanding is that the user with only Edit permission on the library cannot access the library.
I recommend to check if the Limited-access user permission lockdown mode feature is deactivated in root site.
If it is not, deactivate it and then test to see if the issue still occurs.
To deactivate the feature, please go to the root site > Site Settings > Site collection features > deactivate Limited-access user permission lockdown mode.
Best regards.
Thanks
Victoria Xia
TechNet Community Support -
Computer clock that user cannot access
I have made a game that i published on Kongregate using C# language with Unity.
I have a serious issue though. If the player stays offline, he gets some bonus in game when he returns. The more he is offline the bigger bonus. The issue is that if someone while he is offline changes the clock of his computer to 1 day or 10 years in the
future he gets so much bonus that he ruins the game.
Is there any way to avoid that without having a server to get time?
In the webplayer i cannot use NTP due to security limitations, so i am trying to find a clock that the user cannot access.
Thanks in advance for any possible answers!The software house where I'm working as a phone app which uses a timestamp on data it sends to a server.
There are frequent issues with users messing with the time on their devices for games like candy crush.
This causes no end of problems since you get data which is sent as if it happened like yesterday or some such and bad stuff happens.
You definitely don't want to rely on the time on the users computer.
Get the time when you start up or support bonus for save to server only and apply it retrospectively.
Use a timer to see how long they play between saves if necessary.
Or change the game and ditch the bonus mechanism.
Hope that helps.
Technet articles: Uneventful MVVM;
All my Technet Articles -
I am trying to allow guests on windows to connect to shares on my Lion server but it keeps asking for a password for guest. I have allow guest users to access this share enabled but it still does not work.
Ditto. Guest accounts shouldn't have a password. No way to enter one in System Prefs...
-
Users cannot access removable devices after you enable and then disable a Group Policy setting on Windows 7 64 bit machines.
on the 32 bit machines I was able to apply this hotfix
http://support2.microsoft.com/kb/2738898
But it will not install on 64 bit machines.
Is there a hotfix for 64 bit? If not, what is the work around?
Thanks!
RobertSelect "Show hotfixes for all platforms and languages", then download x64 hotfix:
Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks. -
BOX31 - Users cannot access InfoView
After upgrading BOXIR2 to BOX31 the users cannot access InfoView. The following message is shown:
Account Information Not Recognized: Enterprise authentication could not log you on ...
As administrator I can access OK.
What has changed between BOXIR2 and BOX31 in terms of user authentication?
Thank you in advance.The structure of the users is as follow:
Management (at the top)
- Accounting
- Marketing
- Sales, etc
Users can then access one of the above, only one.
Universe restrictions has been applied to allow users to see information related to their department only.
We do not use any Windows AD authentication, it is just Business Objects.
Thank you. -
Guest users cannot see or connect to shares on Snow Leopard 10.6.1
I recently upgraded to Snow Leopard from 10.5. After upgrading, users connecting as "guest" to my computer cannot see any of the shares (and therefore cannot connect to them).
If I connect as my administrator user from another computer, I can see all the shares, as well as all the volumes.
I have verified that the Guest Account is enabled (Allow guests to log in to this computer) in the Accounts preference pane, and of course File Sharing is turned on in the Sharing pane, and all the shares are listed with the correct permissions.
This is a very strange and perplexing problem. Any help would be most appreciated!If they are connecting as a registered user they can see all the shares....but as a guest they cannot...I'm trying to find what might causes that problem....I really cannot think any logical reason... Everything in my options seems to be ok... So after the 10.6.2 update your problem solved ? I think that you were very lucky man...If you find any answer to that problem please let me know...
Anyway,Thank you for your reply! -
[Solved] Non-root user cannot access mounted ntfs filesystem
Hi -,
i have a dualboot system (arch/xfce + win7) and i use a ntfs partition /dev/sda2 to store files i use with both operating systems. I added the partition to fstab and it gets mounted, but i cannot access it with my non-root user. With root it works fine...
My fstab:
# cat /etc/fstab
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
LABEL=home /home ext4 defaults 0 1
LABEL=root / ext4 defaults 0 1
LABEL=swap swap swap defaults 0 0
/dev/sda2 /media/sda2 ntfs defaults 0 2
Is there any option that allows all users to use the mounted device? Or how is this usually done ...
Last edited by muzzel (2012-05-30 20:39:58)See: NTFS-3G for important setup information.
My fstab line looks like:
/dev/sdb1 /media/Win_USB ntfs-3g uid=1000,gid=users,fmask=113,dmask=0022 0 0
This sets up some important parameters which the NTFS-3G Wiki Page covers. Basically, "ntfs" is only a basic driver and is built into the kernel. "ntfs-3g" is a much better, and less disk-eating, driver that you should install and use if you need the drive in Linux any more than occasionally. My fstab line makes my user (1000) the owner and the masks lets me write and etc to it. When you install NTFS-3G it is automatically used when you use the mount command to mount NTFS drives. In fstab, as above, you would specify it explicitly.
You can find your own user number by entering "id" at a terminal. -
Users cannot access calenders from outlook after migration to exchange 2013
I have a strange situation after upgrading to exchange 2013 some users are reporting that they cannot open or create calender appointments for calenders they used to be able to manage. we currently are using outlook 2010. also when the users access the calenders
with the webmail they are reporting that they can access the calenders and are able to do all the things they need to do.
i have tried reinstalling office and adding their exchange accounts but this does not help.
another stange thing is that to be sure i had setup the correct access policy i have reset all the security entries on all the calendars with the help of powershell. this seemed to have helped but after a couple of hours some users started reporting that they
could not access calendar items again!Hi,
Is there any error description when the problematic users cannot open or create calendar items? Since the issue only happens to some users instead of all users and all calendars can work well in OWA, I think the calendar in the mailbox
should be configured properly.
Please configure the problematic user’s Outlook account in a clean computer with new installed Outlook to check whether the issue persists.
Thanks,
Winnie Liang
TechNet Community Support -
AnyConnect users cannot access internet
When AnyConnect users try to connect to the internet it will not let them out. I've included a copy of my config below. Also, I have a 5505 with base license but the AnyConnect for mobile is disabled. I got what seems to be a demo license from Cisco for 91 days. I thought that the base license came with AnyConnect for 2 devices. Why is the AnyConnect for mobile disabled by default?
ASA Version 8.4(2)
hostname ASA5505
domain-name <removed>
enable password <removed>
passwd <removed>
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.10.10.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
banner motd
banner motd +...................................................-+
banner motd | |
banner motd | *** Unauthorized Use or Access Prohibited *** |
banner motd | |
banner motd | For Authorized Official Use Only |
banner motd | You must have explicit permission to access or |
banner motd | configure this device. All activities performed |
banner motd | on this device will be logged, and violations of |
banner motd | this policy may result in disciplinary action, and |
banner motd | may be reported to law enforcement authorities. |
banner motd | |
banner motd | There is no right to privacy on this device. |
banner motd | |
banner motd +...................................................-+
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 68.105.28.12
name-server 68.105.29.12
domain-name ok.cox.net
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network INSIDE-HOSTS
subnet 10.10.10.0 255.255.255.0
object network AnyConnect-INET
subnet 192.168.10.0 255.255.255.0
access-list Internet_IN extended permit icmp any interface outside echo-reply
access-list Internet_IN extended permit icmp any interface outside
pager lines 24
logging enable
logging timestamp
logging buffered informational
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 192.168.10.1-192.168.10.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any echo-reply inside
icmp permit any echo-reply outside
icmp permit any outside
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic AnyConnect-INET interface
object network INSIDE-HOSTS
nat (inside,outside) dynamic interface
access-group Internet_IN in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 10.10.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 10.10.10.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd update dns both
dhcpd address 10.10.10.25-10.10.10.50 inside
dhcpd dns 68.105.28.12 68.105.29.12 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy "Client Group" internal
group-policy "Client Group" attributes
wins-server none
dns-server value <removed>
vpn-tunnel-protocol ikev1 ikev2 ssl-client ssl-clientless
split-tunnel-policy tunnelall
default-domain value <removed>
split-dns value <removed>
webvpn
anyconnect ssl rekey time none
anyconnect ssl rekey method ssl
anyconnect ask none default anyconnect
username <removed> password <removed> privilege 15
username <removed> attributes
webvpn
anyconnect ask none default anyconnect
username <removed> password <removed> privilege 15
tunnel-group TunnelGroup1 type remote-access
tunnel-group TunnelGroup1 general-attributes
address-pool vpnpool
default-group-policy "Client Group"
tunnel-group TunnelGroup1 webvpn-attributes
group-alias ssl_group_users enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:943c1846a54a525f95905e6ebe313048
: endI found part of my problem. There wasn't nat (outside,outside) dynamic interface applyed to the AnyConnect object network. The other half of my question is still a mystery. How come the AnyConnect for Mobile is off by default on a base license when it's supposed to come with 2 AnyConnect mobile licenses installed?
Maybe you are looking for
-
But then there was still no Internet access even after I have disconnected all other home computers (a total of four including the Macbook and one iMac desktop. For simplicity, I shall categorically called them Mac hereafter unless otherwise specifi
-
Watermarking with Photoshop Elements 10
I am trying to watermark some of my photos, I have learned to do them individually. I have also learned to do them with the "process multiple files" , however I have tried over half of the fonts, and even at 72 they are too small. Some of them you ca
-
How to use substitution variables in Microsoft Word using Hyperion Smart view
Can we use Substitution Variables in copy data points and refresh in Microsoft Word? I tried it and it does not work dynamically (copy data points only copies what was in excel cell at that point). It only copies the static value of that variable fro
-
How do I plug a non-USB microphone into a Mac Pro?
Question from an audio newbie....I've got a 2009 Mac Pro desktop computer. I just bought a microphone headset. The headset has a two-pronged plug in, a green one for the headset (speakers) and a pink one for the microphone. My Mac Pro has two speaker
-
I have been trying to play video from ipad to HDTV. The sound comes through great, i have used HDMI cable and component connections and niether has worked. Has anyone had any success in getting it to work. The video streaming comes from xfinity onli