ACL should be applied to the port in closed mode

Similar Questions

• What is exactly in place at the port before RDP on WebVPN on ASA?

  I've seen discussion elsewhere to use WebVPN of ASA and then using mstsc on Windows to send a normal RDP session through the VPN connection. Success is reported, but the recipe is not specified. I get the notion that it should involve setting up the port forwarding on the ASA. So if for example the forwarded port is 50001, then on the client system would connect through:

  mstsc /v:127.0.0.1:50001

  Who is suggested to http://microsoft-server-operating-systems.hostweb.com/TopicMessages/microsoft.public.windows.terminal_services/781703/1/Default.aspx - there are has similar partial reports elsewhere, as in http://hardforum.com/showpost.php?p=1035146809&postcount=5.

  In our case, that administration of Cisco is in other hands - we are in a situation that is hosted behind an ASA dedicated to our use. What exactly should we ask them to obtain regular Windows RDP works this way? We tried Java and ActiveX, plugins but those are limited in different ways and do not always work on all client systems, so we want to try to use the RDP of MS client instead. We are not in a situation to require our users to install a VPN client software, so we need a way that works with the WebVPN. It is encouraging that other people have of this work. But we can not yet found where everyone has published a recipe in sufficient detail to pass on the exact instructions to our third ASA admins.

  Port transfers the key for this? Or a "smart tunnel" would be an option? Thanks for any advice.

  Pentecost,

  Let's take a step back.

  It works a lot like forwarding with SSH port forwarding. You indicate that some remote host/port will be available via this port locally (and Yes, that you connect through localhost:localport), java applet bit takes care of the rest.

  Now smart tunnel (for programs) is a tricky beast, it is initially essentially all instances of a program to establish sockets via the tunnel.
  Result? You specify that you want to connect to anything on the remote side, as if the program would be remote. Don't know if that makes sense

  It is also smart tunneling of the bookrmaks and home pages, but it is a completely different matter.

  If you are looking for something simple, but maybe not so... easy to use port forwarding should be fine.

  Marcin

  P. S.

  I'm not familiar with the limits of the performance of the Terminal Server services in a tunnel smart (not to say that there is not).

• Port on which I check and apply in the window properties (XP) when you use a hp photosmart C4280

  Hello, help?

  Can someone please tell me what port should I check and apply in the properties when you use a Deskstop PC running Windows XP on a HP photosmart C4280 printer?

  When I checked the ports in the properties, none have been checked

  Thank you

  Poacherpete wrote: Hello, help? Can someone please tell me what port should I check and apply in the properties when you use a Deskstop PC running Windows XP on a HP photosmart C4280 printer? When I checked the ports in the properties, none have been checked. Thank you

  Hello Poacherpete, I would download the latest version of the software for your printer for Windows XP that's found its

  It is a link that contains information on how to set up your printer in Windows XP. It is a USB cable to the printer connection

• What should be the port/security settings for Windows Mail with Vista - I think they changed?

  I had to reinstall Vista when my hard drive crashed, and Windows Mail does not work completely correctly. I think remember me an email from Microsoft told me to change the ports/security settings. Could someone tell me what they should be?

  A "error message indicating", what exactly? No error code or the relevant text?
   
  Make sure these settings match exactly.
   
  Set up Windows Mail for E-mail XFINITY/Comcast
  http://customer.Comcast.com/help-and-support/Internet/configuring-Windows-Mail-Xfinity-email
   
  
  Leave messages on the server and it clutter?
   
   

• Something similar to groups of objects, but for the ports? (must be used on an ACL)

  Hello community!

  I'm fairly new, when it comes to firewalls, but I have some experience with routers and switches, so I'm not completely lost.

  Practically, we all know that a group object is a large bucket to throw things and then managing them as a single group, which is very useful for many reasons... so is there something similar that we can use in an ACL for the port?

  Say so, let that I want to allow the following ports:

  • 80
  • 443
  • 25
  • 30500
  • 20500
  • 8080
  • 14600
  • 21
  • 753
  • 22

  And instead of doing something like this:

  dmz_access_in list extended access permit tcp host WEB host EXT - WEB eq 80

  dmz_access_in list extended access permit tcp host WEB host EXT - WEB eq 443

  dmz_access_in list extended access permit tcp host WEB host EXT - WEB eq 25

  dmz_access_in list extended access permit tcp host WEB host EXT - WEB eq 30500

  dmz_access_in list extended access permit tcp host WEB host EXT - WEB eq 20500

  access-list extended dmz_access_in permit tcp host WEB host WEB-EXT eq 8080

  dmz_access_in list extended access permit tcp host WEB host EXT - WEB eq 14600

  dmz_access_in list extended access permit tcp host WEB host EXT - WEB eq 21

  dmz_access_in list extended access permit tcp host WEB host EXT - WEB eq 753

  dmz_access_in list extended access permit tcp host WEB host EXT - WEB eq 22

  do something like:

  dmz_access_in list extended access permit tcp host WEB host WEB-EXT eq PORT_LIST1

  Thank you!!

  PD: Excuse me if some port above are not TCP, if just one example. I just start typing all the numbers that came to my head.

  Hey Rolando,

  On a SAA, you can combine services and protocols based on the source/destination in an object-group service oriented. Your example would look like this:

   object-group service PORT_LIST1 service-object tcp destination range 21 22 service-object tcp destination eq 25 service-object tcp destination eq 80 service-object tcp destination eq 443 service-object tcp destination eq 753 service-object tcp destination eq 8080 service-object tcp-udp destination eq 14600 service-object tcp destination eq 20500 service-object tcp destination eq 30500

  You can create also integrate groups:

   object-group service WEB_PORTS service-object tcp destination eq 80 service-object tcp destination eq 443 object-group service PORT_LIST1 group-object WEB_PORTS service-object ...

  This type of group is going where the Protocol is specified in the ACL:

   access-list dmz_access_in extended permit object-group PORT_LIST1 object HOST object EXT-WEB

• ACL for only the port UDP Internet Permittin

  Hello

  I'm setting up a 3560 switch has 3 VLAN that is

  VLAN 223 - Server - 10.4.223.0/24 - 10.4.223.1

  VLAN 224 - user - 10.4.224.0/24 - 10.4.224.1

  VLAN 225. -internet - 10.4.225.0/24 - 10.4.225.2

  10.4.225.1 is the Gulf war to the ISP of the switch which I use as a jump on the switch.

  VLAN 225 in which an Internet service provider is talk to internet, I want to only allow only udp to 10.4.223.2. IPS of rest should not go to the internet but vlan 224 and vlan 225 should access vlan 223.

  I write access list, but it does not work

  Subnet_Vlan223 extended IP access list

  allow udp all 10.4.223.1 0.0.0.255 eq 53

  refuse the host ip 10.4.225.1 10.4.224.3 0.0.0.252 - I want to 10.4.224.3 - 254 host must be prevented to communicate with 10.4.225.1

  allow an ip

  interface Vlan223

  IP access-group Subnet_Vlan223 in

  concerning

  Sliman

  The first IP address must be the source and the destination of the second. Since it is an inbound access list, your ACL look backward.

  The deny statement may need to be written as two lines: permettre.2 to acces.1, refuse all the class C network to a.1

• ACL lost after reboot of the switch

  I have a Dell PowerConnect 5448. I created an acl using the CLI. I have telnet'ed in the switch and created and ACLs on port 19. This works well. He does his job and even after that I reload the switch (or the loss of power of the switch), the acl on the 19 port is never lost.

  I now copy the same acl using the graphical interface, using a web browser - Dell OpenManage Switch Administrator for different ports. For example, I click on Switch - network - links ACL security. I can see the acl on port 19 I created using the cli interface. I use the web gui to copy this acl in a lot of different ports. "bind acl at interface" other ports on the switch. I save the changes. But, after I restart the switch (or lose power to the switch), these "copied" ACLs are lost. I still have the original acl I have created using the CLI, but lost the ones I copied to other ports by using the GUI.

  Is this a normal behavior to lose these 'copied acl"using the web gui?

  I never lose the acl that I created using the CLI, but after a loss to reboot or power, I always lose the acl that I copied using the web gui. Why? Am I missing a step?

  Thanks in advance for any advice or suggestions!

  By clicking on apply changes is just going to implement changes to the running configuration. To save the changes so that they remain after a reboot, the running configuration must be copied to the startup configuration.

  

  See you soon.

• What priority should I put in the QOS to work with IP voice service

  I have a new router Cisco RV180W and don't know which priority should I put in the high, medium, low possibility of QOS

  in order to work properly with the Ip voice device.

  The default values are 61, 31 y 10 but in a net with 12 PCs

  I think that this configuration 61 voice Ip and only 31 to the rest of the net

  is a value that is too low. This is definition 2 VLANs.

  How I can well criteria to configure these values of priorities?

  In the previous (a WR210 of Cisco router), the only thing that was

  set up which was the Ip voice connected in Lan 2 Port number with a high priority.

  I'm stuck with this matter and it should resolve quickly

  Thank you very much

  Daniel Di Matteo

  Hi Daniel, the claim of LAN should not affect the performance of the internet. All that is on the local interconnection, make queries on the local network will not use an internet connection. So as long as your servers/computers/cameras, etc. are using Cat6 cable and are all active GigE products, it will not be a large part of the review.

  But for your connection internet, you may be correct. 4/1 connection is not much.

  I need you to understand however, the WAN QoS for download speed only. Is not for download speed.

  You can make the profile works in 2 ways. You can keep the amount of download speed to a device or you can ensure that a device does not take more than he should.

  To set up a WAN profile correctly-

  QoS-> WAN QoS profiles

  Choose the maximum flow

  Specify your bandwidth

  Save

  Back to WAN QoS profiles, at the bottom there is a WAN QoS profile table, click Add. In the drop-down list, select the priority. Set the minimum and maximum bandwidth, and then click Save.

  Then you have to bound the profiles for the traffic selector. Go to QoS-> binding profile

  There is a service drop down choose which desired protocol

  Then choose the QOS profile you had a precedent set

  The last part, choose the IP address you want to assign.

  You can do this individually or in sequence. If you choose to be forbidden to use a device too download so that the beginning and the IP is the same. Conversely, if you have a range of devices, you can use their IP ranges if they are consecutive.

  Apply the profile, restart the router.

  I hope that I wrote this clearly for you.

  -Tom
  Please mark replied messages useful

• Separator for set two sets of headphones to the port single external microphone on iMac

  We want two people appear on the screen even when talking to anyone else on Skype. Is there a splitter available that would allow me to set the two sets of headphones to the port single external mic so that we can use the headset mic and get good sound quality?

  All divisor inexpensive listener should be able to do, for example that I found on Amazon:

  https://www.Amazon.com/Belkin-speaker-and-headphone-splitter/DP/B000067RC4/ref=s r_1_2? ie = UTF8 & qid = 1473882646 & sr = 8-2 & keywords = earpiece + separator

• Tecra Z50-A-12 X is not properly connected to the Port Replicator III

  Hello

  I just bought a TECRA Z50-A-12 X with HI-speed III 120 replicator Port Replicator.

  It works but the computer is not stable and I fear that this will eventually damage the port see me problems when using.

  Indeed, the PC sits well in the Replicator.

  Is there a solution or did not have this app?

  Thank you for your response.

  Nice day

  Hello

  Please don't get me wrong, but you should clarify this with Toshiba directly. Here on this forum, you can hear some useful opinions and comments, but I think you should get info straight from Toshiba directly.

  You can also do is to contact the nearest Toshiba service provider and ask for help. You can visit ASP and demonstrate how it works and I hope that you will get a professional opinion on this problem.

  Long ago I had a Tecra laptop with port replicator, and he was well in place and really does so port replicator he not there no danger of damage to the small port located in the lower corner.

• Reference number for the Port Replicator for Toshiba Tecra A10 - 11I necessary

  Hello

  I hope my question short and precise to get a short response and precise.

  To search for the product mentioned on the Internet, I would need the model number Toshiba Replicator port for Tecra A10 - 11I. I am sure that such a product is, I think I saw somewhere.

  Thank you

  bwprius

  Hello

  I think you could use the Express Port Replicator Docking Station PA3508E-1PRP

  It should be compatible with the Tecra A10 series.

  Search in google for this part number and you should find some nice offers

• Portege R500: external monitor does not work with the Port Replicator Port 2 and DVI

  I have a Portege R500 running Vista with a slim Port Replicator II and digital monitor Viewsonic.
  I connected the monitor to the DVI port on the port replicator and got it to work OK.
  Press fn + F5 would switch between the computer screen and the external monitor.

  Then it stopped working, and I can't make it work at all. F5 recognizes just the laptop screen.

  If I connect an analog display, it is fine, and I can pass between the two screens without difficulty.

  The strangest thing is that, if I reboot when the Portege R500 is docked, the digital monitor begins by displaying the boot sequence, but then the signal is lost as soon as the screen stops the display of the progress (in low resolution) bar.

  I spent an hour on the phone to support Friday, and he made me nowhere.
  They finished by saying that he should never have worked! So what is the DVI port because then?

  Any ideas?

  David

  Connect your monitor directly to your laptop and see if it is recognized and you can go through FN + F5 between the two views.
  If it works, then connect with port replicator, and then try again.

  It's probably best if you reinstall display drivers. Maybe there are new too on the download page.

• Re: Tecra A10 - USB problem on the port replicator

  I have a Tecra A10 and sometimes, when I work with her, the devices USB stopped responding if they are connected to the port replicator.
  If I connect them to the laptop, they work fine.

  I tried to update the BIOS but now when I turn on the laptop it freezes when Toshiba red letters are displayed on the screen. I can work with the laptop properly deattached starting from port replicator.

  Have you tried to load the default settings in the BIOS after the update?

  If you have external devices connected to the laptop they remove and try again in the duplicator.
  Maybe you should also update your laptop chip set driver. You can find them on the Toshiba site.

• Tecra A8: Problem with the USB printer connected to the Port Replicator III

  Hi all

  I have a problem with my Tecra A8, year Advanced Port Replicator III and a USB printer. With the printer connected to a USB port on the Port Replicator, I have to wait 2 minutes for printing to start. When it is connected directly to a USB port on the laptop and the laptop disconnected from the Port, printing starts immediately. I have the latest drivers from the Isensys of Canon LBP 2900 installed and Windows Vista professional as the operating system.

  I called the technical support of my country, but her is not recorded similar problems.

  A person with similar problem? Some help would be very appreciated.

  Thanks in advance.

  Hello

  Seems like a strange question... Already done the standard procedure in the event of such errors? :)

  The standard procedure is somehow similar to the following:

  -Update your BIOS
  -Update all the drivers for your machine
  -Update your printer drivers
  -Update your operating system

  If all else fails, then try an another Portrep if available, maybe you need to contact your dealer for an another portrep for the test.

  Something like this should be your way. And then you sucessfully made a TROUBLESHOOTIN´ ;)

  I'd be happy to hear feedback from you on your situation...

  Welcome them

• How to run the Xbox 360 via the port monitor on Qosmio G20

  I just bought an Xbox 360 on eBay with a VGA cable which must connect the console directly to the port external monitor on my Qosmio, theoretically allowing me to use the screen on my laptop as screen for my video games.

  I'm just a little worried that this port at the back of my Qosmio is technically to connect another monitor, not an input device, so it will work? And if so, how do I do?

  I intend to spend a little time DIY autour with it when the console gets, but I guess it should be as simple hanging everything and then do it through media library or even simply initialize the TV itself rather than with the laptop everything?

  Ideas, ideas, tips or advice (especially if you did before or know someone who has) would be appreciated.

  A similar topic has already been discussed here in the forum. I recommend you research a bit.

  XBOX
  http://forums.computers.Toshiba-Europe.com/forums/thread.jspa?threadID=11183&MessageID=40470
  http://forums.computers.Toshiba-Europe.com/forums/thread.jspa?threadID=15102&MessageID=55091

  XBOX 360
  http://forums.computers.Toshiba-Europe.com/forums/thread.jspa?threadID=9575&MessageID=33794