ZBF self zone and IPSec/L2TP dialin

Similar Messages

• Can a Cisco 2600 router do PPTP,L2TP, and IPSec?

  General question.

  2600 supports L2TP and PPTP with MPPE with an IP PLUS version, and IPsec with a firewall version.

• Limited number of 5 concurrent VPN (ipsec/l2tp) connections to OSX Server

  We've configured OS X 10.6 Server on XServe to accept VPN connections either via PPTP or via IPSEC/L2TP using a PreSharedKey.
  When multiple clients try to connect using IPSec/L2TP, we experience problems as soon as 5 users are connected. No additional ipsec/l2tp connections can be created until one of the 5 existing connections is terminated, but then a new connection can start immediately.
  Sniffing with tcpdump, the following can be seen on the server side:
  09:24:45.349541 IP clientIP.isakmp > serverIP.isakmp: isakmp: phase 1 I ident
  09:24:45.354978 IP serverIP.isakmp > clientIP.isakmp: isakmp: phase 1 R ident
  09:24:45.358233 IP clientIP.isakmp > serverIP.isakmp: isakmp: phase 1 I ident[E]
  09:24:45.365359 IP serverIP.isakmp > clientIP.isakmp: isakmp: phase 1 R ident[E]
  09:24:45.367222 IP clientIP.isakmp > serverIP.isakmp: isakmp: phase 2/others I oakley-quick[E]
  09:24:47.365936 IP clientIP.isakmp > serverIP.isakmp: isakmp: phase 2/others I oakley-quick[E]
  09:24:50.365799 IP clientIP.isakmp > serverIP.isakmp: isakmp: phase 2/others I oakley-quick[E]
  The last lines are repeated several times, until the connection attempt times out.
  When using PPTP connections, we don't experience these problems, and in addition PPTP connections can even be created when 5 ipsec/l2tp connections are already established.
  Does anyone know if there is some kind of limitation for the number of concurrent ipsec/l2tp connections built into OS X server? So far, we have not seen anything like this in the docs.

  Ok, IMAP server almost universally allow multiple connections. Thunderbird as you would have observed uses 5 if they are available. As Airmail suggested, iphones just use more and more until they exhaust the available connections. There is no set maximum option.
  However there are other things that can consume connections and some may surprise you.
  Anti spam tools such as mail washer
  Anti virus programs in their anti spam or anti phishing roles
  Web mail.
  The wife sharing the same account on her laptop.
  That is from the top of my head. So could any of those apply.

• Yosemite IPsec L2TP wrong router IP

  Since upgrading from Maverick to Yosemite, IPsec L2TP connections seem to be setup wrong. Data delivered in the local network works, but data that should be routed through the gateway is being dropped. When looking at control panel Network -> Advanced -> TCP/IP when the tunnel is up I see difference between both OS versions.
  Mavericks: IP address 10.1.2.2, router IP 10.1.2.1 (working)
  Yosemite: IP address 10.1.2.2, router IP 10.1.2.2 (no routing at all working)
  In my setup I require that 'Send all traffic over VPN connection' is off and manual routing is automatically added (see http://superuser.com/questions/4904/how-to-selectively-route-network-traffic-thr ough-vpn-on-mac-os-x-leopard).
  I have deleted and recreated the VPN connections and it worked for a short while until I had to reboot.
  Andre

  Pulling up the routing tables, the differences are clear:
  Mavericks routing with IPsec L2TP VPN
  Destination        Gateway            Flags        Refs      Use  Netif Expire
  default            10.0.0.1          UGSc          22        0    en0
  default            10.1.2.1          UGScI          2        0    ppp0
  10/24              link#4            UCS            4        0    en0
  10.0.0.136        127.0.0.1          UHS            0      66    lo0
  10.1.2/24          ppp0              USc            0        0    ppp0
  10.1.2.1          10.1.2.2          UHr            5    1577    ppp0
  xx.xx.xx.226      10.0.0.1          UGHS            0        0    en0
  Yosemite routing with IPsec L2TP VPN
  Destination        Gateway            Flags        Refs      Use  Netif Expire
  default          10.0.0.1          UGSc          89        0    en3
  default            link#12            UCSI            0        0    ppp0
  10/24              link#10            UCS            5        0    en3
  10.0.0.1/32        link#10            UCS            2        0    en3
  10.0.0.101/32      link#10            UCS            1        0    en3
  10.1.1/24          10.1.2.1          UGSc            0        0    ppp0
  10.1.2/24          ppp0              USc            0        0    ppp0
  10.1.2.1          10.1.2.3          UH            40      481    ppp0
  10.1.128/24        10.1.2.1          UGSc            0        0    ppp0
  xx.xx.xx.226      10.0.0.1          UGHS            0        0    en3

• Bonjour/mDNS over IPSEC/L2TP?

  Hi there,
  has anyone managed to get Bonjour / mDNS sharing working over Ipsec / L2tp Links? Can this be configured somehow? As far as I see it, ipsec / l2tp links appear as point-to-point devices which the mDNSresponder doesn't pick up for broadcasts - can this be enabled somehow?
  Best regards,
  abrax5

  This makes no sense to me. I have been researching this topic for a while, and the general consensus seems to be that Bonjour simply is not available over a VPN connection. Isn't the purpose of a VPN to join a computer securely to a remote network? The remote computer is connected to the corporate network via a VPN, is on the *same subnet* as the corporate network, and responds to broadcast PINGs sent to the broadcast address -- indicating to me, at least, that broadcast capability is present. Why, then, can't Bonjour broadcasts be sent to the remote computer?
  I have seen "solutions" detailing the use of Wide-Area Bonjour in other posts (see here: http://discussions.apple.com/thread.jspa?messageID=6917732), but this is unnecessary when the simple solution should be to forward Bonjour broadcasts to VPN-connected computers on the same subnet. I would really like to see this resolved.

• HT1657 I downloaded a movie from iTunes on my iPhone 4S, went out of the wifi zone and now my movie is no where to be found. I can't find it on my iPhone, Mac or iPad. Where is it?

  I downloaded a movie from iTunes on my iPhone 4S, went out of the wifi zone and now my movie is no where to be found. I can't find it on my iPhone, Mac or iPad. Where is it?

  Sounds like the movie didn't finish downloading before the Wi-Fi signal dropping ...
  Try re downloading. You won't be charged again.
  Downloading past purchases from the App Store, iBookstore, and iTunes Store

• Self Registration and Attestation is not working in OIM 9.1.0.4

  Hi,
  i have setup a new OIM environment using OC4J. I am able to create users and provision IT resource but self registration and attestation is not working. not sure it is OC4J issue or OIM issue. For self registration it says request is submitted but when I login as xelsysadm and dlon't see any pending request and same thing happens for attestation. It dowsn't display any error but never gets completed and don't see this also in pending request list. If anybody has idea to debug the issue then let me know and thanks for help.
  Thanks,
  HC

  As per given bug it is looking for jars which is missing
  have you install connector using deployment manager?? if yes it copy required jars at target location. verify if not there copy jars in Scheduled Task folder.
  Check the document if any external jars required and same put at ThirdParty folder

• Firm Zone and Trade off Zone in Scheduling Agreement

  Dear All
  Please explain in detailed the concept of Firm Zone and Trade off Zone in Scheduling Agreement, and it's effects in MRP run, i.e. If i take a MRP run for a material whci is having firm zone as 30 days and trade off zone as 60 days then what will be the result of MRP. The Material MRP type is VB
  Thanks and Regards
  Manoj

  Hi,
  Firm zone is the time frame in which you cannot change your orders (schedule lines) that you have ordered from a vendor in any way (Date change nor quantity change).
  Trade off zone is time frame within which you can make changes to your procurement proposals, these changes are acceptable from vendor's side.
  These time frames are agreed with the Vendor and then inserted for each scheduling agreement in 'Additional data'.
  For your example if you take firm zone 30 days and trade-off zone 60 days, the check starts from current day on which MRP runs. For exampe current day is 1st Oct, all the procurement proposals with delivery date within 30 days that is till 1st September are firm orders, which MRP will not change in any case (You can find such orders with * in front of them in MD04 list). Beyond 1st september they are in trade off zone, in which MRP can modify them.
  MRP types (VB in your case) have no correlation with these zones.
  Amit G

• I'm trying to burn a dvd from idvd but I keep getting error message, broken assets, but when I check my drop zones and their content there's no error messages on any of them?

  I'm trying to burn a dvd from idvd but I keep getting error message, broken assets, but when I check my drop zones and their content there's no error messages on any of them?

  Hi
  And if You change view - in main "window/view field" so that You see the box-plot structure.
  No exclamation marks there either ?
  and non at the front page ?
  iDVD do not copy Your material - only points to where it is stored. So if on any external hard disks, USB-memories, CDs or DVDs are missing - assetts are broken.
  Or if You changed location of any material or directed iPhoto or iTunes or GarageBand to a new Library - Then iMovie/iDVD also get's lost.
  Yours Bengt W

• Is it possible to patch Global Zone and only specific Non-Global Zones?

  Hi Champs,
  Is it possible to patch Global Zone and only specific Non-Global Zones? Idea is to patch DEV-zones only on the system & test applications and then patch only the STG-zones on same server!
  Not sure if it is possible but just throwing a question...
  Cheers,
  Nitin

  M10vir wrote:
  Yes, if you have branded (non-sparse) zone!Branded zones and sparse zones don't have the relation that you imply. In Solaris 10, native zones can be sparse or whole-root (non-sparse, as you say). Zones that are not native zones are branded zones. Branded zones on Solaris 10 include Solaris Legacy Containers, previously known as Solaris 8 Containers and Solaris 9 Containers. That add-on product allows you to run Solaris 8 and Solaris 9 application environments under a thin layer of virtualization provided by the brands framework. solaris8 and solaris9 branded zones can be patched independently of each other and of the global zone.
  Solaris 11 has no "native zones" - all zones use the brands framework. The "solaris" brand does no emulation and in that respect is very similar to native zones on Solaris 10. Solaris 11 also provides Solaris 10 Zones via the solaris10 brand. This allows zones or the global zone from a Solaris 10 system to be transferred to a Solaris 11 system and run as solaris10 zones. When running on Solaris 11, solaris10 zones can each be patched independently from each other and the Solaris 11 global zone. Technically, Solaris 11 doesn't have patches - it just has newer versions of packages to which the system is updated.

• To break out of a non-global zone and become root user in the global zone

  Hi folks
  "to break out of a non-global zone and become root user in the global zone through a kernel bug exploit"
  Is this possible and has SUN allready a fix/workaround/patch for that?
  Cheers

  Is it possible there's a bug in the kernel? Sure.
  Someone would need to find and identify such a bug before it could be fixed. I've not heard of the discovery of a bug like this. You could check the bug database at www.opensolaris.org.
  Darren

• Can external users change their language, time zone, and locale settings?

  Hi,
  We’re migrating our hosts from WebEx cloud to our on-prem solution right now (CWMS 1.5.1.323.A).
  We’ve learned that CWMS 1.5 does not provide an online address book where hosts could customize language, time zone, and locale settings for their external attendees.
  Do external users have any chance at all to change their language, time zone and locale settings individually?
  Thank you,
  Helge

  Hi Dejan,
  "external users" are those participants, who do not have an LDAP account in our deployment, since they are not intendet to act as hosts: our stakeholders, partners, customers, clients.
  It looks, as if these people would stick to the systems' default language / time zone / locale.
  We are wondering if there might be a CWMS-component like this:
  https://artcom.webex.com/cmp0307l/webcomponents/widget/preference.do?serviceType=MC&siteurl=artcom&target=Page&backUrl=%2Fmw0307l%2Fmywebex%2Fdefault.do%3Fsiteurl%3Dartcom%26service%3D1
  to allow those "extenal" participants to make their adjustments.
  Thank you,
  Helge

• All DVD's inserted, self eject and don't play, why?

  When I try to insert a blank or recorded DVD in my iMac it self ejects and won't play, is there a problem with settings or does anyone know how to fix it?

  Another help source (if you haven't already done so).
  Go to your OS Help Menu.  In the search field type dvd
  Click on all the troubleshooting topics & Support Articles that pertain to  your issue.
  You can also do the same in Disk Utility.  Open same up.
  At the bottom left of the window, click on the purple button w/the "?" in the middle.
  This will bring up the Help Menu.
  ===============
  Try a different brand.  Top forum favorites
  CDs
  FUJI
  TDK
  Verbatim
  DVDs
  Maxell
  Verbatim
  Make sure the DVDs are not dirty, smudged and/or scratched.
  http://docs.info.apple.com/article.html?artnum=50448  How to Handle and Clean CD and DVD Discs
  Your drive may need cleaning.  Cleaning kits can be purchased from any store that sells CD/DVDs.

• Dedicating physical CPUs to a zone and migrating a Solaris 8 box to a zone?

  If I have a machine with a large number of cores (say 24), and dedicate 4 of the CPUs to the zone, psrinfo shows the number of CPU's dedicated to that zone as 4, however, the global zone still shows 24.
  Does this mean that if there's enough stuff running in global that it can preempt the stuff running inside the zone? The concern here is that the stuff we want to run in the zone is a bit more critical than in global, so we wouldn't want global to eat up CPU resources of the zone. (I suppose we could repurpose the stuff running inside global and the zone, but then we'd get the reverse isolation issue at some other point.)
  The other questions is that there's an old E450 running Solaris 8 and it's got a bunch of stuff installed on it. Would it be possible to somehow convert all the software and data of that E450 into a container or zone and run that on a more modern machine - say a T5420 which runs Solaris 10 (without upgrading the stuff running under the E450 to Solaris 10?)

  you can create a flar archive of the entire system and then import it as a solaris 8 zone. if you are doing this on a cool threads system, beware of the processor. it does well with threads. if what you run on the 450 is mostly single threaded or needs a decent cpu, the coolthreads servers are not a good fit.

• Time Zone and WLS6SP1 and date time problem

  Hi,
  We are having our development WebLogic server on a Solaris 2.8 machine. The time
  zone of that machine is GMT+5
  How ever when we start weblogic in the telnet console, we see this
  LD_LIBRARY_PATH=.......
  <Jul 5, 2001 1:19:46 AM GMT-05:00> <Info> <Security> <Getting boot password from
  user.>
  Enter password to boot WebLogic server:
  It shows the time as GMT-5.
  All our application client machines are at GMT+5.30.So when we update from our
  application, the datetime fields go as one day lesser(we have our own serializable
  component which does the updating). If i enter Dec 10 2000 in our applet client
  and try updating, it goes as Dec 9 2000 into the database.
  We tried on a NT machine which had GMT+5.30 as the time zone and it showed GMT+5.30
  while starting weblogic. And the dates are updated properly.
  Does WLS on Solaris take the timezone,etc from some other place?
  Is there any workaround for this?
  Thanks in Advance,
  Ramkumar

  We had the same thing using ReflectionX to connect. Users connection with Telnet
  caused weblogic to log with the default timezone ( which included the effects of
  daylight savings time ), while those users who connected with Rexec caused weblogic
  to use GMT in its logging. This was with weblogic 6.0 sp2
  "Joe" <[email protected].spam.com> wrote:
  >
  How are you starting up your server? We had a similar situation at our
  site, and
  it was due to the fact that we were using exceed to log into our sun box.
  Exceed
  was grabbing the users timezone info off of his/her local windows box.
  is this what is happening for you?
  "Ramkumar" <[email protected]> wrote:
  Hi,
  We are having our development WebLogic server on a Solaris 2.8 machine.
  The time
  zone of that machine is GMT+5
  How ever when we start weblogic in the telnet console, we see this
  LD_LIBRARY_PATH=.......
  <Jul 5, 2001 1:19:46 AM GMT-05:00> <Info> <Security> <Getting boot password
  from
  user.>
  Enter password to boot WebLogic server:
  It shows the time as GMT-5.
  All our application client machines are at GMT+5.30.So when we update
  from our
  application, the datetime fields go as one day lesser(we have our own
  serializable
  component which does the updating). If i enter Dec 10 2000 in our applet
  client
  and try updating, it goes as Dec 9 2000 into the database.
  We tried on a NT machine which had GMT+5.30 as the time zone and it
  showed GMT+5.30
  while starting weblogic. And the dates are updated properly.
  Does WLS on Solaris take the timezone,etc from some other place?
  Is there any workaround for this?
  Thanks in Advance,
  Ramkumar