A global Access List for possible VPN3005?

Hello

I want to what the VPN users and LAN-to-LAN-profiles are allowed to.

for example. to block the RPC (tcp135) ports for all traffic from any profile

Is this possible?

Kind regards

Chris

You can create this filter in one place and then just apply it to each group of users and each configuration of tunnel L2L.

Go to Config - Mgmt policy - traffic Mgmt - rules, add an inbound rule, drop, Protocol = TCP, Source and Dest everything (leave them as what), range from 135 to 135 TCP DEst ports.

Go to config - Mgmt - traffic Mgmt - political filters, add a filter whose default action is to transfer, and then add the rule that you just created to this filter.

Now, you can apply to all users by going under the Group and on the tab general and addition of th efilter in there. You can also go into the tunnel L2L config and add the filter to the tunnel directly.

Note that you want to test this first, I didn't do all the tests and perhaps the source/dest or inbound/outbound in the wrong way or something like that.

Tags: Cisco Security

Similar Questions

Question of access list for Cisco 1710 performing the 3DES VPN tunnel

I have a question about the use of access lists in the configuration of a router Cisco 1710 that uses access lists to control traffic through the VPN tunnel.

For example the following lines in a configuration on the remote router. My question is whether or not the traffic that matches the definition of list access-130 (something other than 192.168.100.0/24), cross the VPN tunnel or go directly to the Ethernet0 interface.

My understanding is that traffic that matches the access list 120 would be encrypted and sent through the IPSec tunnel. If there was "ban" set out in the statements of 120 access-list, the traffic for those would be sent through the IPSec tunnel but not encrypted (if possible). And finally, given that the definition of crypto card reference only "adapt to 120", any traffic that matches 130 access list would be sent Ethernet0 but not associated with the card encryption and thus not sent through the IPSec tunnel. "

Any input or assistance would be greatly appreciated.

Map Test 11 ipsec-isakmp crypto

..

match address 120

Interface Ethernet0

..

card crypto Test

IP nat inside source overload map route sheep interface Ethernet0

access-list 120 allow ip 192.168.100.0 0.0.0.255 10.10.0.0 0.0.255.255

access-list 130 refuse ip 192.168.100.0 0.0.0.255 10.10.0.0 0.0.255.255

access-list 130 allow ip 192.168.100.0 0.0.0.255 any

sheep allowed 10 route map

corresponds to the IP 130

He would go through the interface e0 to the Internet in clear text without going above the tunnel

Jean Marc

access list for traffic crossing and IPSEC

Hi, just a question fast and easy if everything goes well as im on thinking that he. IM on the establishment of the IPSEC between a Cisco router to another Cisco router. I want to only allow RDP through IPSEC.

I of course implement the ACL for the SHEEP, but I'll have to implement another ACL application outside? interface allowing a specific RDP server and denying everything.

Thank you

David

I have extracted this router to work. I changed some details to conceal the source, but it should illustrate what you need to do.

!
crypto ISAKMP policy 1
BA aes 256
preshared authentication
Group 2
address of examplekey key crypto isakmp 2.3.4.5
!
!
Crypto ipsec transform-set esp - aes 256 esp-sha-hmac AES256SHA
tunnel mode
!
cust_map 10 ipsec-isakmp crypto map
defined peer 2.3.4.5
game of transformation-AES256SHA
match the address crypto_acl
!
interface GigabitEthernet8
cust_map card crypto
!
crypto_acl extended IP access list
host ip 192.168.25.52 permit 172.24.0.0 0.0.7.255
!

HTH

Rick

Different 'outside_cryptomap access-list"for each VPN?

Hello

Just for my understanding.

I have a VPN connected to my Cisco ASA 5520 when I tried to add an another VPN, the I must create a 2nd cryptomap, can I not create a group so there is only one card encryption?

Currently I have:

access-list 1 permit line outside_cryptomap_1 extended ip 0.0.0.0 0.0.0.0 172.19.15.0 255.255.255.0

I just added outside_cryptomap_2 line access-list 1 permit extended ip 0.0.0.0 0.0.0.0 172.19.2.0 255.255.255.0

But I was wondering if I could use something like:

access-list 1 permit line outside_mycryptomap extended ip 0.0.0.0 0.0.0.0 VPN_Remote_Networks object-group

When I do this, but I guess that this will cause a problem with the address in hand?

You must use different access-list in cryptomap for each VPN.

Access list for a single host 6248

Hello

I'm trying to setp an ACL on a powerconnect 6248 switch that allows traffic from certain hosts on a VIRTUAL LAN to another VIRTUAL local network. I tried the setting up of an ACL to do this, but it does not work. What would be the correct syntac for an ACL allow traffic to a certain vlan only to certain hosts?

Please advise, ideas or recommendations would be greatly appreciated.

Thank you

Marlon

A possible bug related to the Cisco ASA "show access-list"?

We had a strange problem in our configuration of ASA.

In the "show running-config:

Inside_access_in access-list CM000067 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:http_access

Inside_access_in access-list CM000458 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:https_access

Note to inside_access_in to access test 11111111111111111111111111 EXP:1/16/2014 OWN list: IT_Security BZU:Network_Security

access-list extended inside_access_in permit tcp host 1.1.1.1 host 192.168.20.86 eq 81 Journal

access-list inside_access_in note CM000260 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:netbios - dgm

access-list inside_access_in note CM006598 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:netbios - ns

access-list inside_access_in note CM000220 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:netbios - ssn

access-list inside_access_in note CM000223 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:tcp / 445

inside_access_in list extended access permitted tcp 172.31.254.0 255.255.255.0 any eq www log

inside_access_in allowed extended access list tcp 172.31.254.0 255.255.255.0 any https eq connect

inside_access_in list extended access permit udp 172.31.254.0 255.255.255.0 any eq netbios-dgm log

inside_access_in list extended access permit udp 172.31.254.0 255.255.255.0 connect any eq netbios-ns

inside_access_in list extended access permitted tcp 172.31.254.0 255.255.255.0 any eq netbios-ssn log

inside_access_in list extended access permitted tcp 172.31.254.0 connect any EQ 445 255.255.255.0

Inside_access_in access-list CM000280 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:domain

inside_access_in list extended access permitted tcp object 172.31.254.2 any newspaper domain eq

inside_access_in list extended access permitted udp object 172.31.254.2 any newspaper domain eq

Inside_access_in access-list CM000220 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:catch_all

inside_access_in list extended access permitted ip object 172.31.254.2 any newspaper

Inside_access_in access-list CM0000086 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:SSH_internal

inside_access_in list extended access permitted tcp 172.31.254.0 255.255.255.0 interface inside the eq ssh log

Inside_access_in access-list CM0000011 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:PortRange

inside_access_in list extended access allow object TCPPortRange 172.31.254.0 255.255.255.0 host log 192.168.20.91

Inside_access_in access-list CM0000012 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:FTP

access-list extended inside_access_in permitted tcp object inside_range 1024 45000 192.168.20.91 host range eq ftp log

Inside_access_in access-list CM0000088 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:PortRange

inside_access_in access list extended ip 192.168.20.0 255.255.255.0 allow no matter what paper

Inside_access_in access-list CM0000014 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:DropIP

inside_access_in list extended access permitted ip object windowsusageVM any newspaper

inside_access_in list of allowed ip extended access any object testCSM

inside_access_in access list extended ip 172.31.254.0 255.255.255.0 allow no matter what paper

Inside_access_in access-list CM0000065 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:IP

inside_access_in list extended access permit ip host 172.31.254.2 any log

Inside_access_in access-list CM0000658 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security

inside_access_in list extended access permit tcp host 192.168.20.95 any log eq www

In the "show access-list":

access-list inside_access_in line 1 comment CM000067 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:http_access

access-list inside_access_in line 2 Note CM000458 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:https_access

Line note 3 access-list inside_access_in test 11111111111111111111111111 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security

4 extended access-list inside_access_in line allowed tcp host 1.1.1.1 host 192.168.20.86 eq newsletter interval 300 (hitcnt = 0) 81 0x0a 3bacc1

line access list 5 Note CM000260 EXP:1/16/2014 OWN inside_access_in: IT_Security BZU:Network_Security JST:netbios - dgm

line access list 6 Note CM006598 EXP:1/16/2014 OWN inside_access_in: IT_Security BZU:Network_Security JST:netbios - ns

line access list 7 Note CM000220 EXP:1/16/2014 OWN inside_access_in: IT_Security BZU:Network_Security JST:netbios - ssn

line access list 8 Note CM000223 EXP:1/16/2014 OWN inside_access_in: IT_Security BZU:Network_Security JST:tcp / 445

allowed to Access-list inside_access_in line 9 extended tcp 172.31.254.0 255.255.255.0 any interval information eq www journal 300 (hitcnt = 0) 0 x 06 85254 has

allowed to Access-list inside_access_in 10 line extended tcp 172.31.254.0 255.255.255.0 any https eq log of information interval 300 (hitcnt = 0) 0 x7e7ca5a7

allowed for line access list 11 extended udp 172.31.254.0 inside_access_in 255.255.255.0 any netbios-dgm eq log of information interval 300 (hitcn t = 0) 0x02a111af

allowed to Access-list inside_access_in line 12 extended udp 172.31.254.0 255.255.255.0 any netbios-ns eq log of information interval 300 (hitcnt = 0) 0 x 19244261

allowed for line access list 13 extended tcp 172.31.254.0 inside_access_in 255.255.255.0 any netbios-ssn eq log of information interval 300 (hitcn t = 0) 0x0dbff051

allowed to Access-list inside_access_in line 14 extended tcp 172.31.254.0 255.255.255.0 no matter what eq 445 300 (hitcnt = 0) registration information interval 0 x 7 b798b0e

access-list inside_access_in 15 Note CM000280 EXP:1/16/2014 OWN line: IT_Security BZU:Network_Security JST:domain

allowed to Access-list inside_access_in line 16 extended tcp object 172.31.254.2 any interval information journal field eq 300 (hitcnt = 0) 0x6c416 81 b

allowed to Access-list inside_access_in line 16 extended host tcp 172.31.254.2 any interval information journal field eq 300 (hitcnt = 0) 0x6c416 81 b

allowed to Access-list inside_access_in line 17 extended udp object 172.31.254.2 any interval information journal field eq 300 (hitcnt = 0) 227 0xc53bf

allowed to Access-list inside_access_in line 17 extended udp host 172.31.254.2 all interval information journal field eq 300 (hitcnt = 0) 227 0xc53bf

access-list inside_access_in 18 Note CM000220 EXP:1/16/2014 OWN line: IT_Security BZU:Network_Security JST:catch_all

allowed to Access-list inside_access_in line 19 scope ip object 172.31.254.2 no matter what information recording interval 300 (hitcnt = 0) 0xd063707c

allowed to Access-list inside_access_in line 19 scope ip host 172.31.254.2 any which information recording interval 300 (hitcnt = 0) 0xd063707c

access-list inside_access_in line 20 note CM0000086 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:SSH_internal

permit for line access list extended 21 tcp 172.31.254.0 inside_access_in 255.255.255.0 interface inside the eq ssh information recording interval 300 (hitcnt = 0) 0x4951b794

access-list inside_access_in line 22 NOTE CM0000011 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:PortRange

permit for access list 23 inside_access_in line scope object TCPPortRange 172.31.254.0 255.255.255.0 192.168.20.91 host registration information interval 300 (hitcnt = 0) 0x441e6d68

allowed for line access list 23 extended tcp 172.31.254.0 inside_access_in 255.255.255.0 192.168.20.91 host range ftp smtp log information interval 300 (hitcnt = 0) 0x441e6d68

access-list inside_access_in line 24 Note CM0000012 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:FTP

25 extended access-list inside_access_in line allowed tcp object inside_range Beach 1024 45000 host 192.168.20.91 eq ftp interval 300 0xe848acd5 newsletter

allowed for access list 25 extended range tcp 12.89.235.2 inside_access_in line 12.89.235.5 range 1024 45000 host 192.168.20.91 eq ftp interval 300 (hitcnt = 0) newsletter 0xe848acd5

permit for access list 26 inside_access_in line scope ip 192.168.20.0 255.255.255.0 no interval 300 (hitcnt = 0) newsletter 0xb6c1be37

access-list inside_access_in line 27 Note CM0000014 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:DropIP

allowed to Access-list inside_access_in line 28 scope ip object windowsusageVM no matter what information recording interval 300 (hitcnt = 0) 0 x 22170368

allowed to Access-list inside_access_in line 28 scope ip host 172.31.254.250 any which information recording interval 300 (hitcnt = 0) 0 x 22170368

allowed to Access-list inside_access_in line 29 scope ip testCSM any object (hitcnt = 0) 0xa3fcb334

allowed to Access-list inside_access_in line 29 scope ip any host 255.255.255.255 (hitcnt = 0) 0xa3fcb334

permit for access list 30 inside_access_in line scope ip 172.31.254.0 255.255.255.0 no interval 300 (hitcnt = 0) newsletter 0xe361b6ed

access-list inside_access_in line 31 Note CM0000065 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:IP

allowed to Access-list inside_access_in line 32 scope ip host 172.31.254.2 any which information recording interval 300 (hitcnt = 0) 0xed7670e1

access-list inside_access_in line 33 note CM0000658 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security

allowed to Access-list inside_access_in line 34 extended host tcp 192.168.20.95 any interval information eq www 300 newspapers (hitcnt = 0) 0x8d07d70b

There is a comment in the running configuration: (line 26)

Inside_access_in access-list CM0000088 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:PortRange

This comment is missing in 'display the access-list '. In the access list, for all lines after this comment, the line number is more correct. This poses problems when trying to use the line number to insert a new rule.

Everyone knows about this problem before? Is this a known issue? I am happy to provide more information if necessary.

Thanks in advance.

See the version:

Cisco Adaptive Security Appliance Software Version 4,0000 1

Version 7.1 Device Manager (3)

Updated Friday, June 14, 12 and 11:20 by manufacturers

System image file is "disk0: / asa844-1 - k8.bin.

The configuration file to the startup was "startup-config '.

fmciscoasa up to 1 hour 56 minutes

Material: ASA5505, 512 MB RAM, 500 MHz Geode Processor

Internal ATA Compact Flash, 128 MB

BIOS Flash M50FW016 @ 0xfff00000, 2048KB

Hardware encryption device: Cisco ASA-5505 Accelerator Board (revision 0 x 0)

Start firmware: CN1000-MC-BOOT - 2.00

SSL/IKE firmware: CNLite-MC-Smls-PLUS - 2.03

Microcode IPSec:-CNlite-MC-IPSECm-HAND - 2.06

Number of Accelerators: 1

Could be linked to the following bug:

CSCtq12090: ACL note line is missing when the object range is set to ACL

The 8.4 fixed (6), so update to a newer version and observe again.

--
Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
http://www.Kiva.org/invitedBy/karsteni

Cisco 837 and access list

Hi all

Sorry if my question sounds stupid, but I had a lot of problems with the syntax of the access list, especially to remove a line in an access list, for example:

Here is my list of access

access-list 120 allow ip 192.168.6.0 0.0.0.255 172.16.0.0 0.0.255.255

access-list 120 allow ip 192.168.6.0 0.0.0.255 172.20.0.0 0.0.255.255

access-list 120 allow ip 192.168.6.0 0.0.0.255 172.17.0.0 0.0.255.255

If I want to delete only this line

access-list 120 allow ip 192.168.6.0 0.0.0.255 172.16.0.0 0.0.255.255

I do not know how, I if do:

no access-list 120 allow ip 192.168.6.0 0.0.0.255 172.16.0.0 0.0.255.255

all the access-list 120 is removed!

Help, please!

Olivier

Hi, this is the usual behavior, if you delete the access list of the entire statement with sequence number is deleted.

You can create a named extended access-list and have the sequence number for each statements.

!

Standard IP access list note

permit 172.10.0.0 0.0.255.255

10.1.1.0 permit 0.0.0.255

permit 192.168.1.0 0.0.0.255

deny all

!

and if you want to delete something in between, or any particular line, you can run the command like this that will remove this line instead of the entire ACL itself...

Standard note of access-list (config) #ip

(config-std-nacl) #no 3

This configuration lines will remove the third line only (which is to allow the 192.168.1.0 0.0.0.255, leaving the other statements)

regds

access-list with PAT

Hi guys,.

I would like to know if the accesslist with PAT, you can refuse statements. IE reject the order under the access list for the traffic that you do not want to be PATed.

example:

access list acl-pat deny ip 10.0.0.1 0.0.0.0 all

permit access-list acl - pat ip 10.0.0.0 0.0.0.255 any

If I won't 10.0.0.1 PATed.

Hello

It's perfectly legal and quite a common practice.

Hope that help - rate pls post if it does.

Paresh

Levels of security and access lists

I have DMZ1 (security50) that needs to access DMZ2 (security20). However, for access to the work I need to modify the access list that controls access of DMZ1 inside (Security 100). My understanding is that you only need statements of access list for the access of low to high not top-to-bottom.

I simply get it wrong?

Andrew,

In general what you say is true. That is how the PIX is designed. But, once you apply the acl on the security interface higher than its interior or the demilitarized zone, default behavior is no longer there. In this case, you must allow exclusively the superior traffic lower. So, it's flexibility as security engineer to check our our strictly secure LAN traffic. Although we know that the inside is always fixed, but an acl can be applied to control which traffic is allowed outside or dmz. Your case is a classic example of why you need a lower LCD of higher security interface.

I hope this helps! Thank you

Renault

card crypto access lists / problem if more than one entry?

Access list for IPSec enabled traffic.

I've been recently setting up a VPN between two sites and I came across the following problem:

I wanted to install a VPN that only 2 posts from site A to site B, a class C network

So I created a list of access as follows:

access-list 101 permit IP 192.168.0.1 host 192.168.1.0 0.0.0.255

access-list 101 permit IP 192.168.0.2 host 192.168.1.0 0.0.0.255

When I applied the access list above to map (match address 101) encryption, I quickly realized that only the first host (192.168.0.1) was successfully encrypted beeing while the other could not. I've been geeting on ipsec debugging errors saying that traffic to 192.168.0.2 denyed by the access list.

When I changed the access list above with the following

access-list 101 permit IP 192.168.0.1 0.0.0.255 192.168.1.0 0.0.0.255

two items of work could successfully encrypted through IPSec tunnel.

To look further into it, I realized that only the first entry of the IPsec access list has been really tested for the corresponding traffic!

Is this a normal behavior or a known Bug? No work around for this problem?

Kind regards.

If you have ipsec-manual crypto map in crypto ACL, you can specify that an ACE. Check 12.2 docs:

Access lists for labelled as ipsec-manual crypto map entries are limited to a single permit entry and the following entries are ignored. In other words, the security associations established by this particular entry card crypto are only for a single data stream. To be able to support several manually created security for different types of traffic associations, define multiple crypto access lists and then apply each a separate entrance card crypto ipsec-manual. Each access list should include a statement to define which traffic to protect.

I use AOL for email and Firefox 9.0.1. Problem started 2 days ago. Before that I put in the two first letters of an email address and he gave me a list of possible. Now I get "undefined" for each possible instead of the email address.

There is no problem after updating to Firefox 9.0.1. My contact list always displays as he did before that this problem occurred. When I type the first letter or two of the email address, it used to give me a list of possible. Now t shows just as "undefined" e-mail address when he gives me suggestions for the address that I type in the invoice line. This means that instead of being able to click on my choice in the possible he gives me, I have to go to my contact list, find the name and then click on it if I send email to a person. If it passes in more ways than one, I either enter the full address or use copy and paste from the list of contacts. It is a huge hassle. Any help is appreciated.

You use like CCleaner cleaning software?

It is possible that there is a problem with the file that stores the data for the "saved form.

Rename or delete the formhistory.sqlite (more formhistory.sqlite - log and formhistory.sqlite.corrupt, if they exist) in the profile folder of Firefox in the case where there is a problem with the file that stores the data for the "saved form.

Which will remove all the data forms, so you can rename formhistory.sqlite to formhistory.sqlite.sav or move the file to another folder in case you need to retrieve recorded data.

If that worked, then you can delete the files renamed.

Start Firefox in Firefox to solve the issues in Safe Mode to check if one of the extensions or if hardware acceleration is the cause of the problem (switch to the DEFAULT theme: Firefox (Tools) > Add-ons > appearance/themes).
- Makes no changes on the start safe mode window.
- https://support.Mozilla.org/KB/safe+mode

Is it possible to create a mailing list for labels in numbers in El Capitan 3.6.1 Avery?

Is it possible to create a mailing list for Avery 8160 labels in numbers 3.6.1 in El Capitan?

The short answer is, no, the number is not a good tool for this work. Or (I think) is the current version of Pages.

SG

XML - a list of possible values for filtering
Hello world

I have a bunch of data from AMFPHP to be edited by flex. The data is a combination of data is is attached to various SQL tables. The format is similar to:

< date = October 10, 2008 ">"
... < grade_number rank = "1" >
... < name of the subject 'English' = >
... < name type = 'homework' >
... < input id = "1" >
... < entry_e > create new homework < / entry_e >
... < date > 10/10/2008 < / date >
... < object > 10/10/2008 < / topic >
... < Adder > 1 < / Adder >
... < / Entry >
...

I used to send these data on an object, and then use a collection of grouping and a filter function to extract relevant data when an opportunity chose the date, subject, category, type. This barely worked and given with the binding problems. I feel, the best solution is to use an EX4 object instead. To do this, however, I need the following information:
-A list of all possible values for each grade, subject, date and type. These values would then fill controls to choose fields to filter data to allow the user to drill down to the entry they wish to change.

I'm on the right track with this idea? How do you get a single list of all possible values, you can filter the dataset? It is d ' assign focus in the books about how to filter data with an e4x expression, but little discussion of how to get all possiblve values so that the filter (for example to fill a combo box that lists the possible values)

In addition, when the data is returned via an e4x expression, is a copy or a pointer to the source data? IE, if I change the data returned, does it also change it in the source data?

Thank you

Stone
I don't know how your application is designed, but does a good job up front in the design data exchange will save you tons of time/bandwidth later.

In my application, there are semi-static data, driven by the table (for example, tables search db). These data do not change frequently (for example, possible to assign grades a student 'A, B, C, D, F').

Then, the user starts the questioning of the system (for example, the list of students in a course). In the query result, the information may be changed (for example, assign a student a grade from the menu drop-down). Once all changes have been made, a 'Save' may be issued. A 'Cancel' might pull down new data (i.e., re-run the last query) and reset the visible screen to a non-altered state.

Quote:
So from what I understand you query the PB often enough?

Not really. The initial list of data loading can be slow... but we did things like caching server-side to speed up a bit. This initial list of data is retrieved only ONCE per logon session.

Queries are short and return summary of results. The entire record of the data extraction is fast enough because things are indexed on the back-end.

Quote:
I tried to limit the bandwidth by downloading a copy of the week and then classes allowing the user to "save changes". I'm not too worried about getting a data collision since the classes are unique to each connection.

Looks like your application protocol design is simple. The user logs and data are extracted by user id. The user updates the data and record visits. Fact.

In this scenario, if I'm right about your application, I would always break cela in two different HttpService calls to get a sort of simultaneous treatment. A HttpService would be responsible for downloading the data to fill in the boxes on the menu drop down. The other to download the classes for that day there.

In fact, this raises the question; the user can update the other than just the current day? If so, looks like you will need to allow the user to choose a day, extract the data for this date, allow updates/save, then choose another day to update.

In this scenario, the separation of the HttpServices is paying off, since the query to extract semi-static data to fill drop-down list boxes is done only once when the user connects to the departure.

Again, I'm not sure the design of your application, so I talk only through different scenarios.

Quote:
Therefore, there is no way to obtain the unique values of the dataset object directly?

I'm not sure that understand this issue. You would get the values to fill your combo boxes through a HttpService (for semi-static data). It can then return something like:

....
........ English Spanish Spanglish
....
....
........
....

Then you might have something like:

I hope this helps.

could not access a file. possible anti-virus protection is running. error (0x80070005)

could not access a file. possible anti-virus protection is running. error (0x80070005)

Try a system restore to a Date before the problem began.

Restore point:

http://www.howtogeek.com/HOWTO/Windows-Vista/using-Windows-Vista-system-restore/

Do Safe Mode system restore, if it is impossible to do in Normal Mode.

Try typing F8 at startup and in the list of Boot selections, select Mode safe using ARROW top to go there > and then press ENTER.

Try a restore of the system once, to choose a Restore Point prior to your problem...

Click Start > programs > Accessories > system tools > system restore > choose another time > next > etc.

http://www.windowsvistauserguide.com/system_restore.htm

Read the above for a very good graph shows how backward more than 5 days in the System Restore Points by checking the correct box.

See you soon.

Mick Murphy - Microsoft partner

allow icmpv6 in ipv4-access list in the tunnel

Hello

I have a little problem with an access list ipv4 blocking my ipv6 tunnel.

My tunnel works and is as follows:

interface Tunnel0

no ip address

IPv6 address

enable IPv6

source of tunnel

ipv6ip tunnel mode

tunnel destination

So when I apply the below, access list to the WAN interface on the sense IN, IPV6 stops working (everything works on IPV4 when the access list is applied). I mean, I cannot ping ipv6.google.com or ipv6.google.coms IP. I can still ping the IP ipv6 remote tunnel ().

Access list that I apply is the following:

allow tcp any a Workbench

allowed UDP any eq field all

allowed any EQ 67 udp no matter what eq 68

allowed UDP any eq 123 everything

allowed UDP any eq 3740 everything

allowed UDP any eq 41 everything

allowed UDP any eq 5072 everything

allow icmp a whole

deny ip any any newspaper

Here are the requirements to the supplier of tunnel, and one of the entries is ICMPv6. Is it possible to allow icmp v6 on a Cisco access list?

TCP 3874	TIC.sixxs.net	IPv4	ICT (Information Tunnel & Control Protocol)	Used to retrieve the information of tunnel (for instance AICCU)	Uses the TCP protocol and should work without problems
UDP 3740	PoP	IPv4	Heartbeat Protocol	Used for signalling where is the endpoint current IPv4 of the tunnel and he's alive	the user only to pop out
Protocol 41	PoP	IPv4	IPv6 over IPv4 (6 in 4 tunnel)	Used for tunneling IPv6 over IPv4 (static tunnels + heartbeat)	We have to appoint the internal host as the DMZ host that leaves usually passes the NAT
UDP 5072	PoP	IPv4	AYIYA (anything in anything)	Used for tunneling IPv6 over IPv4 (AYIYA tunnels)	Must cross most NAT and even firewalls without any problem
ICMPv6 echo response.	Tunnel endpoints	IPv6	Internet Control Message Protocol for IPv6	Used to test if a tunnel is alive in scathing tunnel endpoint (tunnel: 2) on the side PoP of the tunnel (tunnel: 1) on the tunnel	No, because it is happening inside the tunnel

I missed something?

sidequestion: I added the "deny ip any any newspaper" in the access list, but it adds no registration entry in the log (show log). I'm sure it hits because when I run "display lists access": 110 deny ip any any newspaper (2210 matches).

Hope someone can help me.

Hello

In the ACL above you are atleast specifying source and destination UDP and 41 SOURCE ports

If you specify IPv6 over an IPv4 ACL I guess that the format would be to "allow 41 a whole" for example.

Although I have barely touched IPv6 myself yet. Wouldn't it be possible to configure ACL Ipv4 and IPv6 ACL and attach them to the same interface?

But looking at my own router it does not support these commands so that other devices to make. Maybe something related model/software I guess.

-Jouni

A global Access List for possible VPN3005?

Similar Questions

Maybe you are looking for