Access to the remote site VPN

Similar Questions

• Filtering of VPN and local access to the remote site

  Hello

  I set up vpn, filtering on all my VPN l2l. I have limited access to remote resources at the local level to the specified ports. It works perfectly.

  But I want to have as full access from local to remote networks (but still retain the remote access to the local level). VPN filter now works as I have two-way with a simple ACL. So is it possible to open all the traffic from the local to remote and all by limiting the remote to the local traffic?

  ASA 5520 8.4 (3)

  Thanks in advance

  Tomasz Mowinski

  Hello

  Well let's say you have a filtering ACL rule when you allow http local network traffic to the remote host

  LAN: 10.10.10.0/24

  remote host: 192.168.10.10/32

  The filter ACL rule is the following:

  FILTER-ACL access-list permit tcp host 192.168.10.10 eq 80 10.10.10.0 255.255.255.0

  I think that this ACL rule would mean also that until the remote host has been using source port TCP/80, it may access any port on any host tcp in your local network as long as it uses the source TCP/80 port.

  I guess you could add a few ranges of ports or even service groups of objects to the ACL rules so that not all well-known ports would be accessible on the LAN. But I guess that could complicate the configurations.

  We are usually management customer and completely different in ASA L2L VPN that allows us to all traffic on another filtering device and do not work in this kind of problems. But of course there are some of the situations/networks where this is not only possible and it is not a feasible option for some because of the costs of having an ASA extra.

  Please indicate if you have found any useful information

  -Jouni

• Access to the remote site

  Dreamweaver CS5 on PC with Windows 7 will not access (or sign in) to my remote or the Adobe called FTP server. Dreamweaver CS4 on the same machine will be. I exported the information on the site of CS4 and imported into CS5 as well as to look at a new site in CS5 everything with no success. It's probably not a firewall for access to the site problem CS4 works very well.

  > It's probably not a firewall for access to the site problem CS4 works very well.

  CS4 and CS5 are two different applications and have different, right firewall rules? Have you checked the firewall?

• Do not do a ping ASA inside IP port of the remote site VPN L2L with her

  The established VPN L2L OK between ASA-1/ASA-2:

  ASA-2# see the crypto isakmp his

  KEv1 SAs:

  ITS enabled: 1

  Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)

  Total SA IKE: 1

  1 peer IKE: 207.140.28.102

  Type: L2L role: answering machine

  Generate a new key: no State: MM_ACTIVE

  There are no SAs IKEv2

  QUESTION: 3750-2, we ping 3750-1 (10.10.2.253) are OK, but not ASA-1 inside port (10.10.2.254).

  Debug icmp ASA-1 data:

  ASA-1 debug icmp trace #.

  trace of icmp debug enabled at level 1

  Echo ICMP Internet request: 10.100.2.252 server: 10.10.2.253 ID = 400 seq = 0 len = 72

  ICMP echo response from the server: 10.10.2.253 Internet: 10.100.2.252 ID = 400 seq = 0 len = 72

  Echo ICMP Internet request: 10.100.2.252 server: 10.10.2.253 ID = 400 seq = 1 len = 72

  ICMP echo response from the server: 10.10.2.253 Internet: 10.100.2.252 ID = 400 seq = 1 len = 72

  Echo request ICMP 10.100.2.252 to 10.10.2.254 ID = 401 seq = 0 len = 72

  Echo request ICMP 10.100.2.252 to 10.10.2.254 ID = 401 seq = 1 len = 72

  Echo request ICMP 10.100.2.252 to 10.10.2.254 ID = 401 seq = 2 len = 72

  Make sure you have access to the administration # inside

  lt me know f This allows.

• Traffic redirect Internet from the remote site on the main site using the tunel of vpn ipsec

  Hi all

  I have a problem to redirect internet traffic from my remote to the main site by the IPSEC VPN tunnel. The remote site is a Cisco 2801 router with ios (c2800nm-advipservicesk9 - mz.124 - 22.T) and the remote site has ios (C870-ADVSECURITYK9-M, Version 12.4 (15) T12, fc3 SOFTWARE VERSION). This redirect does not work and the last jump with extended traceroute form the remote site is the ip wan of the main site.

  Is there someone who can help me with the right settings this redirection via VPN?

  the remote site config file:

  / * Style definitions * / table. MsoNormalTable {mso-style-name : « Tableau Normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 cm 5.4pt cm 0 5.4pt ; mso-para-marge-haut : 0 cm ; mso-para-marge-droit : 0 cm ; mso-para-marge-bas : 10.0pt ; mso-para-marge-gauche : 0 cm ; ligne-hauteur : 115 % ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ;}

  crypto ISAKMP policy 8

  BA 3des

  md5 hash

  preshared authentication

  ISAKMP crypto key dgsn2010 address 41.223.X.X

  !

  !

  Crypto ipsec transform-set esp-3des vpn

  !

  vpndgsn 10 ipsec-isakmp crypto map

  Description at HQ

  set of peer 41.223.X.X

  Set transform-set vpn

  match address VPNHQ

  !

  interface FastEthernet0

  IP 41.223.X.X 255.255.255.0

  NAT outside IP

  IP virtual-reassembly

  IP tcp adjust-mss 1300

  automatic duplex

  automatic speed

  vpndgsn card crypto

  !

  interface FastEthernet 4

  192.168.11.1 IP address 255.255.255.0

  IP nat inside

  no ip virtual-reassembly

  !

  IP route 0.0.0.0 0.0.0.0 41.223.X.X

  VPNHQ extended IP access list

  ip licensing 192.168.11.0 0.0.0.255 any

  !

  the main site config file:

  / * Style definitions * / table. MsoNormalTable {mso-style-name : « Tableau Normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 cm 5.4pt cm 0 5.4pt ; mso-para-marge-haut : 0 cm ; mso-para-marge-droit : 0 cm ; mso-para-marge-bas : 10.0pt ; mso-para-marge-gauche : 0 cm ; ligne-hauteur : 115 % ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ;}

  crypto ISAKMP policy 10

  BA 3des

  md5 hash

  preshared authentication

  ISAKMP crypto key dgsn2010 address 41.223.X.X

  !

  !

  Crypto ipsec transform-set esp-3des vpn

  !

  vpncreo 10 ipsec-isakmp crypto map

  Description FOR bastos

  set of peer 41.205.X.X

  Set transform-set vpn

  match address 110

  !

  interface FastEthernet0/0

  Description OF WAN

  IP 41.223.X.X 255.255.255.240

  NAT outside IP

  IP tcp adjust-mss 1492

  vpncreo card crypto

  !

  interface FastEthernet0/1

  Description OF LAN

  IP 192.168.10.1 255.255.255.0

  IP nat inside

  automatic duplex

  automatic speed

  !

  overload of IP nat inside source list NAT interface FastEthernet0/0

  IP route 0.0.0.0 0.0.0.0 41.223.31.241

  access-list 110 permit ip any 192.168.11.0 0.0.0.255

  NAT extended IP access list

  deny ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255 any

  permit ip 192.168.10.0 0.0.0.255 any

  ip licensing 192.168.11.0 0.0.0.255 any

  !

  You must configure the routing policy based closure for NAT can be invoked on the main site.

  Here is an example configuration for your reference:

  http://www.Cisco.com/en/us/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml

  Additionally, make sure that you don't do any NATing at your remote end, IE: you must configure the NAT exemption for all traffic from 192.168.11.0/24 to any (Internet).

  Hope that helps.

• ORA-19846: cannot read the header of the data file of the remote site 21

  Hello

  I have a situation or I can say a scenario. It is purely for testing base. Database is on 12.1.0.1 on a Linux box using ASM (OMF).

  Standby is created on another machine with the same platform and who also uses ASM (OMF) and is in phase with the primary. Now, suppose I have create a PDB file on the primary of the SEED and it is created successfully.

  After that is a couple of log, do it again passes to the waiting, but MRP fails because of naming conventions. Agree with that! Now, on the primary, I remove the newly created PDB (coward the PDB newly created). Once again a couple of switches of newspapers which is passed on to the wait. Of course, the wait is always out of sync.

  Now, how to get back my watch in sync with the primary? I can't roll method until the required data (new PDB) file does not exist on the main site as well. I get the following error:

  RMAN > recover database service prim noredo using backupset compressed;

  To go back to November 8, 15

  using the control file of the target instead of recovery catalog database

  allocated channel: ORA_DISK_1

  channel ORA_DISK_1: SID = 70 = device = DISK stby type instance

  RMAN-00571: ===========================================================

  RMAN-00569: = ERROR MESSAGE STACK FOLLOWS =.

  RMAN-00571: ===========================================================

  RMAN-03002: failure of the command recover at the 18:55:32 08/11/2015

  ORA-19846: cannot read the header of the data file of the remote site 21

  The clues on how to I go ahead? Of course, recreating the eve is an option as its only based on test, but I don't want recreation.

  Thank you.

  I tried like below:

  1 a incremental backup of the primary of the CNS where off the eve also taken primary backup controlfile as Eve format.

  2 copy the backup of the watch parts, catalogged them on the day before.

  3 recovered Eve with noredo option - it fails here with the same error pointing to the 21 data file.

  OK, understood. Try not to get back the day before first, rather than restore the controlfile and then perform the restoration.

  Make it like:

  1. take incremental backup of primary SNA, also ensures the backup controlfile format.

  2. copy pending, get the location of the data file (names) by querying v$ datafile on the eve. Restore the controlfile ensures from the backup controlfile you took on primary and mount.

  3. Since you are using OMF, the path of primary and standby data file will be different. (/). If you require catalog data from the database files pending.

  (Reason: you restore controlfile from elementary to step 2, which takes place from the main access road). Use the details that you obtained in step 2 and catalog them.

  4. turn the database copy by RMAN. (RMAN > switch database to copy ;))

  5 Catalog backup items that you copied in step 2.

  6. recover the standby database using 'noredo' option.

  7. finally start the MRP. This should solve your problem.

  The reason I say this works is because here, you restore the controlfile to primary first, which will not have details 21, datafile, and then you are recovering. So it must succeed.

  In the previous method, you tried to first collect all the day before, and then restore the controlfile. While remedial classes, always watch seeks datafile 21 as he controlfile is not yet updated.

  HTH

  -Jonathan Rolland

• Adobe flash player 11.0 blocks access to the Web site home pages

  Why is Adobe flash player 11.0, allowed to block access to the Web site home pages, until their trash is installed?  They should be prosecuted for punishment of the loss of time by Internet users, who spend countless hours trying to fix their garbage, which takes control of the web and blocks PCs access to their program settings, unless it is done according to their specific updates. N ' ILS OWN INTERNET and everything on it, or what?

  Are you sure he blocked it, or the web page requires Flash Player to see this?

  Most web pages require an element of Adobe Flash Player.

  First of all, try to enable Active Scripting in the areas of Sites Internet Options, security settings, trust.

  You should also add a corrupted on.

  Click Start, type: Internet Options

  Press enter

  Select the "Advanced" tab

  Under reset Internet Explorer settings, click "reset".

  This should restore the Internet Explorer default settings.

  Then reinstall Flash Player

  http://get.Adobe.com/flashplayer/

  ----------

  Flash Player

  Troubleshoot installation of Flash Player for Windows

  http://kb2.Adobe.com/CPS/191/tn_19166.html

  Troubleshooting player stability and performance

  http://blogs.Adobe.com/JD/2010/02/troubleshooting_player_stabili.html

  Uninstaller

  http://kb2.Adobe.com/CPS/141/tn_14157.html

  Flash Player Support Forum

  http://forums.Adobe.com/community/webplayers/flash_player

• Why can't I preview the changes before putting them live on the remote site in a browser?

  Help, please! I have inherited a website for editing and can't seem to get a preview of my changes without them going to live first. When I click on 'Live', the program hangs and I have to reopen. When I click on 'Preview in browser' he asks me to save the file or not and puts them on the remote site as well. I'm not particularly web savvy and learn on the way. I use CS6 on a Macbook OS X Yosemite.

  Your test server (Mamp) works?  If this isn't the case, you must start it.

  Nancy O.

• Site Web is updated online, but seem to update the remote site pane?

  I use Dreamweaver 8.

  I am updating a website I have created initially.  I did this summer with success, until I did a major synchronization in order to cleanse the body of some really old files and make the site easier to manage for everyone.  Sync seems fine, but got it wrong in the end and ended up with the 'old' mainwebsite file and a mainwebsite file 'new '.  I then synced and it deleted the 'old' main site file (which is what I wanted to do).

  Now, when I do updates and put them on the remote site... they do not appear online.  Update the side "remote" site of the box of files.

  I tried to remove the site and then re - get the whole thing as if I've ever been in, but it is not yet published on the web.

  When I "re-" the site, he came with the old main site file, so I'm not sure what the field is SEO.  The old site file could be hiding somewhere on the FTP?

  Any ideas I could try?

  Sorry if I don't am not worded this correctly, I am new to Dreamweaver and use this site to learn the basics.  Thanks in advance!

  You need to be sure the site definitions are contained properly, if we're wrong, local or remote, you will have problems that you have.

  http://TV.Adobe.com/#VI+f1592v1760 Watch this video for a better explanation I can give.

  Brad Lawryk
  Adobe, Dreamweaver community expert
  Northern British Columbia Adobe User Group, Adobe user group manager

• How to check if the link exists in the remote site

  Hi all:
  
  Guys please can you me if there is a way I can check if the link exists in the remote site? for example
  
  < cfif hyper link to www.mysite.com exists in www.remotesite.com >
  good... We will continue
  < cfelse >
  Please add link to www.mysite.com before continuing
  < / cfif >
  
  Is this possible... you have to use the spider? If yes how?
  
  Thanks guys,.
  A
  

  to develop the excellent suggestion of tclaremont:

  You can use refindnocase() to search the returned by cfhttp filecontent
  call us at:

  http://www.yourwebsite.com">
  method http://www.VisitorsPage' = 'GET' result = 'Foobar '.
  ResolveUrl = "yes" getasbinary = "auto" >
  <>
  foobar. StatusCode is "200 OK" >
  ] * href [^ >] *' & replace (myurl, '. ',' \.',)
  'all') & '[^>]*>(.*?) <\>', Foobar.filecontent) >
  link
  
  no link...
  
  
  ... connection error or the web page you requested does not exist...
  

  of course, if the www.VisitorsPage site is sneaky and has the link to
  your site code page, but hide it with css/javascript, it's going to
  be difficult to discover using regexp... better just go and watch their
  Web site...

  Azadi Saryev
  SABAI - Dee.com
  http://www.SABAI-Dee.com/

• Refuse the remote user VPN to access PC using VPN from Site users to partner Site

  Hi Experts,

  Installation program:

  We have configured IPSEC Site - Site VPN between Cisco ASA 5510 and Sonicwall.

  Tunnel is in place and working well, we are able to access the remote workstation to partner and Vis Versa.

  
  

  Requirment: We want to deny remote VPN users, who are our partners access to the workstation.

  Example:

  Remote IP address range: 192.168.200.x/2r4

  Local IP address range: 192.168.10.x/24

  Deny traffic from 192.168.200.x/24 to 192.168.10.x/24

  Thanks in advance

  Kiran Kumar CH

  Hi Kiran,

  You want to deny certain IP addresses of the Remote LAN (of the L2L tunnel), to connect to your workstation?

  Thus, if the remote network 192.168.200.0/24, want to deny some of these machines to connect to 192.168.10.x?

  If this is the case, you can create ACL VPN (VPN filters) on the SAA to restrictive traffic through the tunnel from the IPs.

  Please clarify if I have misunderstood.

  Federico.

• PIX - ASA, allow RA VPN clients to access servers at remote sites

  I got L2L tunnels set up for a couple of remote sites (PIX) for several months now. We have a VPN concentrator, which will go EOL soon, so I'm working on moving our existing customers of RA our ASA. I have a problem, allowing RA clients access to a server to one of our remote sites. PIX and ASA (main site) relevant config is shown below. The error I get on the remote PIX when you try a ping on the VPN client is:

  Group = 204.14. *. *, IP = 204.14. *. * cheque card static Crypto Card = outside_map, seq = 40, ACL does not proxy IDs src:172.16.200.0 dst: 172.16.26.0

  The config:

  Hand ASA config

  access extensive list ip 172.16.0.0 inside_nat0_outbound allow 255.255.255.0 172.16.26.0 255.255.255.0

  access extensive list ip 172.16.1.0 inside_nat0_outbound allow 255.255.255.0 172.16.26.0 255.255.255.0

  access extensive list ip 172.16.22.0 inside_nat0_outbound allow 255.255.255.0 172.16.26.0 255.255.255.0

  access extensive list ip 172.16.200.0 inside_nat0_outbound allow 255.255.255.0 172.16.26.0 255.255.255.0

  access extensive list ip 172.16.0.0 inside_nat0_outbound allow 255.255.255.0 172.16.200.0 255.255.255.0

  access extensive list ip 172.16.0.0 outside_cryptomap_60 allow 255.255.255.0 172.16.26.0 255.255.255.0

  access extensive list ip 172.16.1.0 outside_cryptomap_60 allow 255.255.255.0 172.16.26.0 255.255.255.0

  access extensive list ip 172.16.22.0 outside_cryptomap_60 allow 255.255.255.0 172.16.26.0 255.255.255.0

  access extensive list ip 172.16.200.0 outside_cryptomap_60 allow 255.255.255.0 172.16.26.0 255.255.255.0

  card crypto outside_map 60 match address outside_cryptomap_60

  outside_map 60 set crypto map peer 24.97. *. *

  card crypto outside_map 60 the transform-set ESP-3DES-MD5 value

  map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map

  outside_map interface card crypto outside

  =========================================

  Remote config PIX

  access extensive list ip 172.16.26.0 inside_nat0_outbound allow 255.255.255.0 172.16.0.0 255.255.255.0

  access extensive list ip 172.16.26.0 inside_nat0_outbound allow 255.255.255.0 172.16.1.0 255.255.255.0

  access extensive list ip 172.16.26.0 inside_nat0_outbound allow 255.255.255.0 172.16.22.0 255.255.255.0

  access extensive list ip 172.16.26.0 inside_nat0_outbound allow 255.255.255.0 172.16.200.0 255.255.255.0

  access extensive list ip 172.16.26.0 outside_cryptomap_60 allow 255.255.255.0 172.16.0.0 255.255.255.0

  access extensive list ip 172.16.26.0 outside_cryptomap_60 allow 255.255.255.0 172.16.1.0 255.255.255.0

  access extensive list ip 172.16.26.0 outside_cryptomap_60 allow 255.255.255.0 172.16.22.0 255.255.255.0

  access extensive list ip 172.16.26.0 outside_cryptomap_60 allow 255.255.255.0 172.16.200.0 255.255.255.0

  card crypto outside_map 60 match address outside_cryptomap_60

  peer set card crypto outside_map 60 204.14. *. *

  card crypto outside_map 60 the transform-set ESP-3DES-MD5 value

  outside_map interface card crypto outside

  EDIT: Guess, I might add, remote site is 172.16.26.0/24 VLAN VPN is 172.16.200.0/24...

  What you want to do is 'tunnelall', which is not split tunneling. This will still allow customers to join the main and remote site, but not allow them to access internet... unless you have expressly authorized to make a 'nat (outside)"or something. Your journey on the client will be, Secured route 0.0.0.0 0.0.0.0

  attributes of group policy

  Split-tunnel-policy tunnelall

  Who is your current config, I don't see where the acl of walton is attributed to what to split tunnel?

• Access even if remote site 2 site VPN

  Hello

  I'm under VPN between two sites using 2 ASA 5505.

  Also, I want that RA - VPN which is accommodated in the two ASA.

  My need is to remove one of access VPN - RA and keep only one, but must be able to reach the second site.

  I did a split with two LANs tunnel. But I still not able to get the directions in my computer when I connect to the RA - VPN.

  Is this possible? And how?

  A few things that should be configured to access remote access vpn remote vpn site to site LAN:

  (1) on cryptography from site to site tunnel ACL, it must include the subnet remote vpn client ip pool as follows:

  On the SAA ending the vpn client: ip allow

  On the ASA distance that ends the tunnel from site to site: ip allow

  (2) on the SAA ending the vpn client: same-security-traffic permit intra interface

  (3) on the ASA distance that ends the tunnel from site to site: NAT ACL exemption must include the Remote LAN traffic to the subnet IP Pool.

  In addition, ACL split tunnel which includes two subnets which I believe you already configured.

  Hope that helps.

• Cannot ping computers on the subnet remote site vpn while to set up

  Hi all

  I encountered a problem of site to site vpn for ping answered nothing of machines of remote subnet.

  the ipsec tunnel is ok but I can ping the ASA distance inside the interface ip

  Here is my scenario:

  LAN1 - ASA5510 - ASA5505 - LAN2 - ordinateur_distant

  LAN1: 192.168.x.0/24

  LAN2: 172.25.88.0/24

  remote_machine_ip: 172.25.87.30

  LAN1 can ping to ASA5505 inside interface (172.25.88.1)

  but cannot ping ordinateur_distant (172.25.87.30)

  Inside of the interface ASA5505 can ping ordinateur_distant

  LAN2 can ASA5510 ping inside the machines on LAN1 and interface

  Is there something I missed?

  Thanks much for the reply

  I don't think it's something you really want to do.

  If you PAT the whole subnet to LAN1 ip (192.168.1.0/24) to 172.25.249.1, then LAN2, will not be able to reach the specific host on LAN1, cause now, you represent the LAN1 network, with a single ip address.

  So traffic will become a way from LAN1 can reach LAN2 and get the response of LAN2 through the PAT on 172.25.249.1

  But LAN2, is no longer specific hosts LAN1 ip traffic, since you only have 172.25.249.1, to represent the subnet to LAN1.

  If you still want to PAT the whole subnet to LAN1 (192.168.1.0/24) ip to 172.25.249.1, then you have to do outside the NAT.

  http://www.Cisco.com/en/us/customer/docs/security/ASA/asa80/command/reference/no.html#wp1737858

  Kind regards

• access to a remote site even tunnel pix

  I have a 515 running ASDM 5.2 and have configured remote access VPN. That works fine, but when you try to add a site to the other tunnel it seems my crypto card is crushed for my remote VPN configuration, and the configuration of remote access stops working. I guess you can have remote access and tunnels running on the same PIX, but know that you can have only a single encryption card assigned to an interface. Is there a good note on the configuration of the two to run at the same time, or is this edition of this single card encryption from the command line and with the IPSec policy for the tunnel? Here are some of my config that relates to the config for my configuration of remote access vpn

  Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

  Dynamic crypto map outside_dyn_map 20 match address outside_cryptomap_dyn_20

  Crypto-map dynamic outside_dyn_map 20 the value transform-set ESP-AES-256-SHA ESP-AES-128-SHA ESP-AES-128-MD5 ESP-3DES-SHA ESP-3DES-MD5

  map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map

  outside_map interface card crypto outside

  crypto isakmp identity address

  crypto ISAKMP allow outside

  crypto ISAKMP policy 20

  preshared authentication

  aes-256 encryption

  sha hash

  Group 2

  life 86400

  Crypto isakmp nat-traversal 20

  crypto ISAKMP ipsec-over-tcp port 10000

  Thank you

  Bill

  Bill

  Yes, you can configure the vpn and site to site access to the customer on the same pix, have a look here:

  http://www.Cisco.com/en/us/products/HW/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml

  Let me know if you need help and or explanation and please rate poster if it helps.

  Jay