AnyConnect users can access internal network

Similar Questions

• Cannot access internal network so AnyConnect SSL VPN, ASA 9.1 (6)

  Hello Cisco community support,

  I have a lab which consists of two virtual environments connected to a 3750-G switch that is connected to a 2901 router which is connected to an ASA 5512 - X which is connected to my ISP gateway. I configured SSL VPN using AnyConnect and can establish a VPN to the ASA from the outside but once connected, I can't access internal network resources or access the internet. My information network and ASA configuration is listed below. Thank you for any assistance you can offer.

  ISP network gateway: 10.1.10.0/24

  ASA to the router network: 10.1.40.0/30

  Pool DHCP VPN: 10.1.30.0/24

  Network of the range: 10.1.20.0/24

  Development network: 10.1.10.0/24

  : Saved
  :
  : Serial number: FCH18477CPT
  : Material: ASA5512, 4096 MB RAM, CPU Clarkdale 2793 MHz, 1 CPU (2 cores)
  :
  ASA 6,0000 Version 1
  !
  hostname ctcndasa01
  activate bcn1WtX5vuf3YzS3 encrypted password
  names of
  cnd-vpn-dhcp-pool 10.1.30.1 mask - 255.255.255.0 IP local pool 10.1.30.200
  !
  interface GigabitEthernet0/0
  nameif inside
  security-level 100
  IP 10.1.40.1 255.255.255.252
  !
  interface GigabitEthernet0/1
  nameif outside
  security-level 0
  address IP X.X.X.237 255.255.255.248
  !
  interface GigabitEthernet0/2
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface GigabitEthernet0/3
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface GigabitEthernet0/4
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface GigabitEthernet0/5
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Management0/0
  management only
  nameif management
  security-level 100
  IP 192.168.1.1 255.255.255.0
  !
  boot system Disk0: / asa916-1-smp - k8.bin
  boot system Disk0: / asa912-smp - k8.bin
  passive FTP mode
  permit same-security-traffic intra-interface
  network of the NETWORK_OBJ_10.1.30.0_24 object
  10.1.30.0 subnet 255.255.255.0
  network obj_any object
  network obj_10.1.40.0 object
  10.1.40.0 subnet 255.255.255.0
  network obj_10.1.30.0 object
  10.1.30.0 subnet 255.255.255.0
  outside_access_in list extended access permitted ip object NETWORK_OBJ_10.1.30.0_24 all
  FREE access-list extended ip 10.1.40.0 NAT allow 255.255.255.0 10.1.30.0 255.255.255.0
  access-list 101 extended allow any4 any4-answer icmp echo
  access-list standard split allow 10.1.40.0 255.255.255.0
  pager lines 24
  Enable logging
  asdm of logging of information
  Within 1500 MTU
  Outside 1500 MTU
  management of MTU 1500
  ICMP unreachable rate-limit 1 burst-size 1
  ICMP allow any inside
  ICMP allow all outside
  ASDM image disk0: / asdm - 743.bin
  don't allow no asdm history
  ARP timeout 14400
  no permit-nonconnected arp
  NAT (inside, outside) source obj_10.1.40.0 destination obj_10.1.40.0 static static obj_10.1.30.0 obj_10.1.30.0 non-proxy-arp-search to itinerary
  NAT (inside, outside) static source any any static destination NETWORK_OBJ_10.1.30.0_24 NETWORK_OBJ_10.1.30.0_24 non-proxy-arp-search to itinerary
  Access-group outside_access_in in interface outside
  !
  Router eigrp 1
  Network 10.1.10.0 255.255.255.0
  Network 10.1.20.0 255.255.255.0
  Network 10.1.30.0 255.255.255.0
  Network 10.1.40.0 255.255.255.252
  !
  Route outside 0.0.0.0 0.0.0.0 10.1.10.1 1
  Timeout xlate 03:00
  Pat-xlate timeout 0:00:30
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  Floating conn timeout 0:00:00
  dynamic-access-policy-registration DfltAccessPolicy
  without activating the user identity
  identity of the user by default-domain LOCAL
  Enable http server
  http 192.168.1.0 255.255.255.0 management
  http 192.168.1.0 255.255.255.0 inside
  http X.X.X.238 255.255.255.255 outside
  No snmp server location
  No snmp Server contact
  Crypto ipsec pmtu aging infinite - the security association
  Crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
  registration auto
  full domain name no
  name of the object CN = 10.1.30.254, CN = ctcndasa01
  ASDM_LAUNCHER key pair
  Configure CRL
  trustpool crypto ca policy
  string encryption ca ASDM_Launcher_Access_TrustPoint_0 certificates
  certificate c902a155
  308201cd 30820136 a0030201 020204c 0d06092a 864886f7 0d 010105 9 02a 15530
  0500302b 31133011 06035504 03130 has 63 61736130 31311430 12060355 74636e64
  0403130 31302e31 2e33302e 32353430 1e170d31 35303731 32303530 3133315a b
  170d 3235 30373039 30353031 33315 has 30 2 b 311330 0403130a 11060355 6374636e
  64617361 30313114 30120603 55040313 0b31302e 312e3330 2e323534 30819f30
  0d06092a 864886f7 010101 05000381 8 d 0d 003081 89028181 00a47cfc 6b5f8b9e
  9b106ad6 857ec34c 01028f71 d35fb7b5 6a61ea33 569fefca 3791657f eeee91f2
  705ab2ea 09207c4f dfbbc18a 749b19ae d3ca8aa7 3370510b a5a96fd4 f9e06332
  4355 db1a4b88 475f96a1 318f7031 40668a4d afa44384 819d fa164c05 2e586ccc
  3ea59b78 5976f685 2abbdcf6 f3b448e5 30aa96a8 1ed4e178 0001300 020301 4 d d
  06092a 86 01010505 00038181 0093656f 639e138e 90b69e66 b50190fc 4886f70d
  42d9b4a8 11828da4 e0765d9c 52d84f8b 8e70747e e760de88 c43dc5eb 1808bd0f
  fd2230c1 53f68ea1 00f3e956 97eb313e 26cc49d7 25b927b5 43d8d3fa f212fcaf
  59eb8104 98e3a1d9 e05d3bcb 428cd7c6 61b530f5 fe193d15 ef8c7f08 37ad16f5
  d8966b50 917a88bb f4f30d82 6f8b58ba 61
  quit smoking
  Telnet timeout 5
  SSH stricthostkeycheck
  SSH timeout 5
  SSH group dh-Group1-sha1 key exchange
  Console timeout 0
  VPN-addr-assign local reuse / 360 time
  management of 192.168.1.2 - dhcpd address 192.168.1.254
  enable dhcpd management
  !
  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  Trust ASDM_Launcher_Access_TrustPoint_0 vpnlb-ip SSL-point
  SSL-trust outside ASDM_Launcher_Access_TrustPoint_0 point
  WebVPN
  allow outside
  AnyConnect image disk0:/anyconnect-linux-3.1.09013-k9.pkg 4
  AnyConnect image disk0:/anyconnect-macosx-i386-3.1.09013-k9.pkg 5
  AnyConnect image disk0:/anyconnect-win-3.1.09013-k9.pkg 6
  AnyConnect enable
  tunnel-group-list activate
  internal GroupPolicy_cnd-vpn group policy
  GroupPolicy_cnd-vpn group policy attributes
  WINS server no
  value of server DNS 8.8.8.8
  client ssl-VPN-tunnel-Protocol
  by default no
  xxxx GCOh1bma8K1tKZHa username encrypted password
  type tunnel-group cnd - vpn remote access
  tunnel-group global cnd-vpn-attributes
  address-cnd-vpn-dhcp-pool
  strategy-group-by default GroupPolicy_cnd-vpn
  tunnel-group cnd - vpn webvpn-attributes
  activation of the alias group cnd - vpn
  !
  ICMP-class class-map
  match default-inspection-traffic
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  maximum message length automatic of customer
  message-length maximum 512
  Policy-map icmp_policy
  icmp category
  inspect the icmp
  Policy-map global_policy
  class inspection_default
  inspect the preset_dns_map dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the rsh
  inspect the rtsp
  inspect esmtp
  inspect sqlnet
  inspect the skinny
  inspect sunrpc
  inspect xdmcp
  inspect the sip
  inspect the netbios
  inspect the tftp
  Review the ip options
  inspect the icmp
  !
  global service-policy global_policy
  service-policy icmp_policy outside interface
  context of prompt hostname
  no remote anonymous reporting call
  Cryptochecksum:261228832f3b57983bcc2b4ed5a8a9d0
  : end
  ASDM image disk0: / asdm - 743.bin
  don't allow no asdm history

  Can you confirm that this is correct, your diagram shows your IP address public on ASA as 30 while you have assinged on 'outside' interface like 29?

• Privacy of user account: my daughter (standard user) can access my files on my Administrators account

  My daughter (standard user) can access my files on my Administrators account via his account by clicking on the C drive, then users on my account. How can I change this to my documents remain private.

  I have now managed to do my private account managers. I'm pretty sure by default, it is created to share with my standard account of girls and no password is required to access my documents. It would be interesting to know if anyone has had this problem I only stumbled on this. Thanks for the everyone entry.

• How I want to condigurer my firewall windows 7 so I can access my network.

  Hi, the windows firewall 7 blocks access to my network and I can not see my other computers on the network and my network printer. When I turn off the windows firewall 7 so that everything works. I would like to condigurer my firewall windows 7, so I can access my network. Can you help me?

  Thank you very much!

  Hi Alain,

  You have an installed third-party antivirus program? If so, does include any firewall integrated with it?

  If you have changed some Windows Firewall settings and you want to cancel your changes, you can restore the firewall settings to the original (default) settings.

  You can restore the default settings of the firewall and will remove all the rules, if you have defined.

  Restore Windows Firewall settings

  http://Windows.Microsoft.com/en-in/Windows7/restore-Windows-Firewall-settings

  For more information, see the articles.

  Open a port in Windows Firewall

  http://Windows.Microsoft.com/en-in/Windows7/open-a-port-in-Windows-Firewall

  Allow a program to communicate through Windows Firewall

  http://Windows.Microsoft.com/en-in/Windows7/allow-a-program-to-communicate-through-Windows-Firewall

  Understanding Windows Firewall settings

  http://Windows.Microsoft.com/en-in/Windows7/Understanding-Windows-Firewall-settings

  Hope this information helps. Response with status so that we can help you.

• Can I create pages that only authorized users can access?

  I need to create pages that only authorized users can access, is - it possible to do away with the Muse?

  Site manager should be included in section admin, please give me the url of the site to take a peek.

  Regarding the other question, you want to create an intranet site for employees of the company or site of secure content where users would have to login before they can access the content?

  If its with intranet then it would not be possible with BC because that website hosting in British Colombia will be on the web and may not be restricted on the intranet site, you can create the site of Muse and upload to the server of third party or company where it can be used as intranet site.

  With a secure content, you can secure pages and the content created on end of BC and use the connection on the home page.

  Thank you

  Sanjit

• Create a user can access a single schema - please help!

  Hi all
  
  I want to create a user in an Oracle database that can only access a single schema. I did the following:
  
  
  
  CREATE THE USER 'TEST' PROFILE 'DEFAULT.
  
  IDENTIFIED BY 'test' TABLESPACE DEFAULT 'USERS '.
  
  TEMPORARY TABLESPACE "TEMP".
  
  RELEASE OF ACCOUNT;
  
  GRANT SELECT ON "TESTDTA". "" F0007 ' TO 'TEST '.
  
  GRANT 'CONNECT' TO THE 'TEST ';
  
  
  I did a test and the TEST user can access all schemas, when I only gave the explicit permissions for the TESTDTA schema.
  
  Any suggestion/precision?
  
  Thanks in advance.
  
  Victor.

  Maybe worth looking at what has been given to t PUBLIC:

  Select * from dba_sys_privs
  where dealer = "PUBLIC";

  Select * from dba_role_privs
  where dealer = "PUBLIC";

  Select * from dba_tab_privs
  where dealer = 'PUBLIC '.
  and the owner = "PRODDTA";

  A.

• WebVPN cannot access internal network on 2821

  Hello, I'm trying to configure WebVPN to my internal network. The client is connected to the router, but I can't ping from my internal network. Also, I've lost ping between hosts on the internal network. I can ping only gateway (192.168.162.0)

  IOS Version 15.1 (4) M9

  webvpn-pool IP local pool 192.168.162.212 192.168.162.218

  IP nat inside source list 1 interface GigabitEthernet0/0 overload

  access-list 1 permit 192.168.162.0 0.0.0.255

  Gateway Gateway-WebVPN-Cisco WebVPN
  address IP X.X.X.X port 1025
  SSL rc4 - md5 encryption
  SSL trustpoint trustpoint-my
  development
  !
  WebVPN context Cisco WebVPN
  Easy VPN title. "
  SSL authentication check all
  !
  list of URLS "rewrite".
  !
  ACL "ssl - acl.
  allow IP 192.168.162.0 255.255.255.0 192.168.162.0 255.255.255.0
  !
  login message "Cisco Secure WebVPN"
  !
  webvpnpolicy political group
  functions compatible svc
  functions required svc
  filter tunnel ssl - acl
  SVC-pool of addresses 'webvpn-pool' netmask 255.255.255.0
  generate a new key SVC new-tunnel method
  SVC split include 192.168.162.0 255.255.255.0
  Group Policy - by default-webvpnpolicy
  AAA authentication list sslvpn
  Gateway Cisco WebVPN bridge
  Max-users 2
  development
  !

  Hello

  I saw the VPN configuration:

  webvpnpolicy political group
  functions compatible svc
  functions required svc
  filter tunnel ssl - acl
  SVC-pool of addresses 'webvpn-pool' netmask 255.255.255.0
  generate a new key SVC new-tunnel method
  SVC split include 192.168.162.0 255.255.255.0
  Group Policy - by default-webvpnpolicy
  AAA authentication list sslvpn
  Gateway Cisco WebVPN bridge
  Max-users 2
  development

  ACL "ssl - acl.
  allow IP 192.168.162.0 255.255.255.0 192.168.162.0 255.255.255.0

  webvpn-pool IP local pool 192.168.162.212 192.168.162.218

  IP nat inside source list 1 interface GigabitEthernet0/0 overload

  access-list 1 permit 192.168.162.0 0.0.0.255

  I recommend the following:

  1 use a local IP pool with a different range that is used in the internal network (routing wise issues)

  2. removed the VPN filter, it is completely useless, since it's the same for which the (Split tunnel is):

  webvpnpolicy political group

  no tunnel ssl - acl filter

  3 use an ACL on the NAT and create the NAT exemption for the network to the IP pool inside local outdoors:

  NAT extended IP access list

  deny ip 192.168.162.0 0.0.0.255 XXXX XXXXX--> network IP of the IP pool

  Licensing ip 192.168.0.0 0.0.0.255 any

  IOverload nat inside source list NAT interface GigabitEthernet0/0 p

  What are the appropriate changes, I recommend you to apply.

  Please don't forget to rate and score as correct the helpful post!

  David Castro,

• EZ - VPN Cisco cannot access internal network

  Hello

  I configured an EZ - VPN on my router, but after a login successful in the VPN, I can't ping my internal network or access all the resources. Also, I can't ping my router VPN Client IP address.

  Can someone take a look at my Config?

  Here is my config:

  Current configuration: 7730 bytes

  !

  ! Last configuration change at 16:24:55 UTC Tuesday, June 14, 2011 by suncci

  ! NVRAM config update at 20:21:30 UTC Friday, June 10, 2011 by suncci

  !

  version 12.4

  horodateurs service debug datetime msec

  Log service timestamps datetime msec

  no password encryption service

  !

  router host name

  !

  boot-start-marker

  boot-end-marker

  !

  no set record in buffered memory

  no console logging

  !

  AAA new-model

  !

  !

  AAA authentication login default local

  local AUTH_VPN AAA authentication login

  AAA authorization exec default local

  local AUTHORIZE_VPN AAA authorization network

  !

  !

  AAA - the id of the joint session

  IP cef

  !

  !

  !

  !

  name-server IP 208.67.222.222

  name of the IP-server 205.188.146.145

  !

  Authenticated MultiLink bundle-name Panel

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  Crypto pki trustpoint TP-self-signed-1861908046

  enrollment selfsigned

  name of the object cn = IOS - Self - signed - certificate - 1861908046

  revocation checking no

  rsakeypair TP-self-signed-1861908046

  !

  !

  TP-self-signed-1861908046 crypto pki certificate chain

  certificate self-signed 01

  3082023E 308201A 7 A0030201 02020101 300 D 0609 2A 864886 F70D0101 04050030

  2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30

  69666963 31383631 39303830 6174652D 3436301E 170 3032 30333031 30313431

  30365A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D

  4F532D53 5369676E 656C662D 43 65727469 66696361 74652 31 38363139 65642D

  30383034 3630819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101

  8100AD30 FB88278D F9010218 AD58E479 21C00A39 76974 HAS 87 DF43C948 D56E65CC

  98F484A1 1F5BA429 449E416F B3C5729C 78598186 8873 HAS 168 DB9EEAAA B0521523

  C8011877 14888C9A 193E43E3 C3575491 74A940A2 B2970549 FE436E4A 4DA6FB23

  C 21, 20110 0CD3A8F6 32EAD292 648F9E32 7EE6C86F 181FC3C2 8F91DA66 A3886F5C

  0203 010001A 3 66306430 1 130101 FF040530 030101FF 30110603 0F060355 467D

  1104 A 0, 300882 06526F75 74657230 551D 1 230418 30168014 FD800727 1F060355

  5FA9AD41 6EAE99B0 1EDA2735 C0DBBBCC 301D 0603 551D0E04 160414FD 8007275F

  A9AD416E AE99B01E DA2735C0 DBBBCC30 0D06092A 864886F7 0D 010104 05000381

  810076CE E5030E51 5BD6FE9F A8A42483 53E7D250 CDE09E87 6AD77195 09D225AF

  25858304 034D146B C4970C31 F6EF496B 7F57C772 7A1F0DFE 8A06B878 919AFD58

  212E475A 0346ADA6 D629BDFC AE58C42A 36D971D1 3BAB8541 EAC0AA10 919816A 1

  E22F5015 52086757 2171A4C7 6832C2BC 89ADEF72 95A81A51 0B888B1C 9EE9EE58 8E65

  quit smoking

  !

  !

  username privilege 15 password 0 xxxxx xxxxxx

  Archives

  The config log

  hidekeys

  !

  !

  crypto ISAKMP policy 1

  BA aes

  preshared authentication

  Group 2

  !

  crypto ISAKMP policy 10

  BA 3des

  preshared authentication

  Group 2

  ISAKMP crypto nat keepalive 5

  !

  crypto ISAKMP client VPN-Sun-group configuration group

  key to 12345

  DNS 208.67.222.222

  pool VPN_Pool

  ACL VPN_Test

  Crypto isakmp ISAKMP_Profile_EZVPN profile

  Group of Sun-VPN-Group identity match

  list of authentication of client AUTH_VPN

  AUTHORIZE_VPN of ISAKMP authorization list.

  client configuration address respond

  Client configuration group Sun-VPN-Group

  virtual-model 1

  !

  !

  Crypto ipsec transform-set Sun-VPN aes - esp esp-sha-hmac

  !

  Profile of crypto ipsec IPSEC_Profile_EZVPN

  game of transformation-Sun-VPN

  ISAKMP_Profile_EZVPN Set isakmp-profile

  !

  !

  !

  !

  !

  !

  !

  !

  type of class-card inspect all internal match

  tcp protocol match

  udp Protocol game

  dns protocol game

  http protocol game

  https protocol game

  match icmp Protocol

  type of class-card inspect entire game Internet

  tcp protocol match

  udp Protocol game

  match icmp Protocol

  type of class-card inspect match, all the traffic-IntraNet-InterNet

  tcp protocol match

  udp Protocol game

  match icmp Protocol

  match the group-access InterNet-to-IntraNet-ACL name

  type of class-card inspect match, all the traffic-InterNet-IntraNet

  tcp protocol match

  udp Protocol game

  match icmp Protocol

  !

  !

  type of policy-card inspect InterNet-IntraNet-policy

  class type inspect traffic-IntraNet-InterNet

  inspect

  class class by default

  drop

  type of policy-card inspect IntraNet-InterNet-policy

  class type inspect traffic-InterNet-IntraNet

  inspect

  class class by default

  drop

  type of policy-card inspect sdm-policy-Internet

  class type inspect Internet

  inspect

  class class by default

  type of policy-card inspect internal sdm-policy

  class type inspect internal

  inspect

  class class by default

  drop

  !

  Security for the Internet zone

  security of the inner area

  the IntraNet zone security

  Description Interfaces all connected to the Intranet

  Security for the InterNet zone

  Description of all Interfaces connected to the Internet

  destination inner security zone-pair source sdm-zp-internal-self self

  type of service-strategy inspect sdm-policy-Internet

  zone-pair security IntraNet - InterNet source IntraNet InterNet destination

  type of service-strategy inspect IntraNet-InterNet-policy

  InterNet - IntraNet source InterNet destination IntraNet security zone-pair

  inspect the type of service-strategy InterNet-IntraNet-policy

  !

  !

  !

  !

  interface Loopback0

  IP 192.168.1.1 255.255.255.0

  !

  interface FastEthernet0/0

  Description external PPPOE Interface ETH - WAN$

  no ip address

  response to IP mask

  NAT outside IP

  IP virtual-reassembly

  automatic speed

  PPPoE enable global group

  PPPoE-client dial-pool-number 1

  No cdp enable

  !

  interface FastEthernet0/1

  switchport access vlan 10

  !

  interface FastEthernet0/2

  switchport access vlan 10

  !

  interface FastEthernet0/3

  switchport access vlan 10

  !

  interface FastEthernet0/4

  switchport access vlan 10

  !

  type of interface virtual-Template1 tunnel

  IP unnumbered Loopback0

  members of the IntraNet zone security

  source of Dialer1 tunnel

  ipv4 ipsec tunnel mode

  Tunnel IPSEC_Profile_EZVPN ipsec protection profile

  !

  interface Vlan10

  Description $FW_INSIDE$

  IP 192.168.0.3 255.255.255.0

  response to IP mask

  no ip redirection

  no ip unreachable

  IP nat inside

  IP virtual-reassembly

  members of the IntraNet zone security

  route IP cache flow

  !

  interface Dialer1

  Description $FW_OUTSIDE$

  the negotiated IP address

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  IP mtu 1492

  NAT outside IP

  IP virtual-reassembly

  the Member's area InterNet security

  encapsulation ppp

  IP tcp adjust-mss 1452

  Dialer pool 1

  Dialer-Group 1

  No cdp enable

  PPP authentication chap callin pap

  PPP chap hostname pty/69733

  password PPP chap 0 DSLconnect

  PPP pap sent-username pty/69733 password 0 DSLconnect

  !

  IP pool local VPN_Pool 192.168.1.30 192.168.1.40

  IP forward-Protocol ND

  IP route 0.0.0.0 0.0.0.0 Dialer1

  IP route 192.168.1.0 255.255.255.0 Dialer1

  !

  !

  IP http server

  local IP http authentication

  IP http secure server

  IP nat inside source overload map route NAT interface Dialer1

  !

  InterNet-to-IntraNet-ACL extended IP access list

  permit tcp any 192.168.0.0 0.0.0.255

  allow udp all 192.168.0.0 0.0.0.255

  allow icmp any 192.168.0.0 0.0.0.255

  refuse an entire ip

  Internet extended IP access list

  Note Internet

  Remark SDM_ACL = 2 category

  Notice all THE

  allow a full tcp

  allow a udp

  allow icmp a whole

  allow an ip

  NAT extended IP access list

  Licensing ip 192.168.0.0 0.0.0.255 any

  deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

  VPN_Test extended IP access list

  Licensing ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

  !

  Remark SDM_ACL category of access list 1 = 2

  access-list 1 permit 192.168.0.0 0.0.0.255

  access-list 1 permit 192.168.1.0 0.0.0.255

  Note access-list 2 = 2 SDM_ACL category

  access-list 2 allow to 192.168.1.0 0.0.0.255

  access-list 5 permit one

  access-list 10 permit 192.168.0.0 0.0.0.255

  access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

  access-list 102 permit ip 192.168.0.0 0.0.0.255 any

  not run cdp

  !

  !

  !

  route NAT allowed 10 map

  corresponds to the IP NAT

  !

  !

  !

  control plan

  !

  !

  !

  !

  !

  !

  !

  !

  !

  Line con 0

  line to 0

  line vty 0 4

  exec-timeout 30 12

  privilege level 15

  Synchronous recording

  transport input telnet ssh

  !

  NTP-period clock 17208070

  NTP 17.151.16.21 Server

  end

  As I've mentioned earlier, you can of course ping from router to 192.168.0.2 because they are in the same subnet. It uses ARP instead of routing to the device when you are pinging on the same subnet.

  The switch is configured with the correct default gateway? The switch must be configured with the default gateway 192.168.0.3.

  You also mention that you can ping 192.168.0.30 which is beyond the router. This means that it is not the router VPN configuration error, but rather the terminal that you are trying to ping since you can ping 192.168.0.30.

• Users can access Essbase 7.1.3

  Hi all
  
  We use 7.1.3, essbase and we want to define the access of the user like this:
  
  1. the user have access to only some of the all calculation scripts
  2. the user has read/write access to the data of the current year, period
  
  How can get us this done?
  
  Our problem is
  1. If we give 'calculation' access to a user and assign calc scripts to the user. the user sees only his scripts as expected, but he is able to read/write data in the database. Even we have filters assigned to the user. Is this a bug?
  
  2. If we give the 'designer' access to a user, the user is affected by the assigned filter. but he is able to perceive all the script maps calc...
  
  Thank you for your advice. Thank you in advance!

  That's how it worked since I started working on Essbase in version 3. The user will be allowed to lock parts of the database that enables its filter. But can can calculate anything in the database that is in a calculation, to which he has access. It's funny, loading rules comply with the access to the filter.

• 2 users can access the record even

  Hi all
  
  I have 2 users: sales person and his assistant, they receive the same role as sales. Both have the ability to create a new record and access the other each record.
  
  How to create this type of user and what privilege should pay for them?
  
  Thank you
  HP

  Hi HP.

  You can do this by creating groups. You can add the user to the group, and whenever any user in that group will create a folder; all the other default user will receive full access to the records. You can have more group and another. But a single user can only be added to a group. This grouping will not only allow them to share files, but also allow them to share their calendar by default, so better synchronization while working.

  Here are the steps of the creation of the groups

  1. go on Admin - Business Administration - activate "Group sharing" feature
  2. go on admin - users - group of sharing Public - Management create group
  3. create the Group and add users to the Group

  Note-
  1. the records was created before activation group will not add users to the group to record team
  2. the user of the Group should be the owner of the record
  3. after activation of the Group feature, if you want to remove the user from any particular record team, you can do. Or if you want to add any user, you can also add to the team of this particular record.

  If you find any problem in that, please do not hesitate to ask

  All the best

  Nisman

• Cisco ASA 5515 - Anyconnect users can connect to ASA, but cannot ping inside the local IP address

  Hello!

  I have a 5515 ASA with the configuration below. I have configure the ASA as remote access with anyconnect VPN server, now my problem is that I can connect but I can not ping.

  ASA Version 9.1 (1)

  !

  ASA host name

  domain xxx.xx

  names of

  local pool VPN_CLIENT_POOL 192.168.12.1 - 192.168.12.254 255.255.255.0 IP mask

  !

  interface GigabitEthernet0/0

  nameif inside

  security-level 100

  192.168.11.1 IP address 255.255.255.0

  !

  interface GigabitEthernet0/1

  Description Interface_to_VPN

  nameif outside

  security-level 0

  IP 111.222.333.444 255.255.255.240

  !

  interface GigabitEthernet0/2

  Shutdown

  No nameif

  no level of security

  no ip address

  !

  interface GigabitEthernet0/3

  Shutdown

  No nameif

  no level of security

  no ip address

  !

  interface GigabitEthernet0/4

  Shutdown

  No nameif

  no level of security

  no ip address

  !

  interface GigabitEthernet0/5

  Shutdown

  No nameif

  no level of security

  no ip address

  !

  interface Management0/0

  management only

  nameif management

  security-level 100

  192.168.5.1 IP address 255.255.255.0

  !

  passive FTP mode

  DNS server-group DefaultDNS

  www.ww domain name

  permit same-security-traffic intra-interface

  the object of the LAN network

  subnet 192.168.11.0 255.255.255.0

  LAN description

  network of the SSLVPN_POOL object

  255.255.255.0 subnet 192.168.12.0

  VPN_CLIENT_ACL list standard access allowed 192.168.11.0 255.255.255.0

  pager lines 24

  Enable logging

  asdm of logging of information

  Within 1500 MTU

  Outside 1500 MTU

  management of MTU 1500

  no failover

  ICMP unreachable rate-limit 1 burst-size 1

  ASDM image disk0: / asdm - 711.bin

  don't allow no asdm history

  ARP timeout 14400

  no permit-nonconnected arp

  NAT (exterior, Interior) static source SSLVPN_POOL SSLVPN_POOL static destination LAN LAN

  Route outside 0.0.0.0 0.0.0.0 111.222.333.443 1

  Timeout xlate 03:00

  Pat-xlate timeout 0:00:30

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  WebVPN

  list of URLS no

  identity of the user by default-domain LOCAL

  the ssh LOCAL console AAA authentication

  AAA authentication http LOCAL console

  LOCAL AAA authorization exec

  Enable http server

  http 192.168.5.0 255.255.255.0 management

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start

  Crypto ipsec pmtu aging infinite - the security association

  Crypto ca trustpoint ASDM_TrustPoint5

  Terminal registration

  E-mail [email protected] / * /

  name of the object CN = ASA

  address-IP 111.222.333.444

  Configure CRL

  Crypto ca trustpoint ASDM_TrustPoint6

  Terminal registration

  domain name full vpn.domain.com

  E-mail [email protected] / * /

  name of the object CN = vpn.domain.com

  address-IP 111.222.333.444

  pair of keys sslvpn

  Configure CRL

  trustpool crypto ca policy

  string encryption ca ASDM_TrustPoint6 certificates

  Telnet timeout 5

  SSH 192.168.11.0 255.255.255.0 inside

  SSH timeout 30

  Console timeout 0

  No ipv6-vpn-addr-assign aaa

  no local ipv6-vpn-addr-assign

  192.168.5.2 management - dhcpd addresses 192.168.5.254

  !

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  SSL-trust outside ASDM_TrustPoint6 point

  WebVPN

  allow outside

  CSD image disk0:/csd_3.5.2008-k9.pkg

  AnyConnect image disk0:/anyconnect-win-3.1.04066-k9.pkg 1

  AnyConnect enable

  tunnel-group-list activate

  attributes of Group Policy DfltGrpPolicy

  Ikev1 VPN-tunnel-Protocol l2tp ipsec without ssl-client

  internal VPN_CLIENT_POLICY group policy

  VPN_CLIENT_POLICY group policy attributes

  WINS server no

  value of server DNS 192.168.11.198

  VPN - 5 concurrent connections

  VPN-session-timeout 480

  client ssl-VPN-tunnel-Protocol

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list VPN_CLIENT_ACL

  myComp.local value by default-field

  the address value VPN_CLIENT_POOL pools

  WebVPN

  activate AnyConnect ssl dtls

  AnyConnect Dungeon-Installer installed

  AnyConnect ssl keepalive 20

  time to generate a new key 30 AnyConnect ssl

  AnyConnect ssl generate a new method ssl key

  AnyConnect client of dpd-interval 30

  dpd-interval gateway AnyConnect 30

  AnyConnect dtls lzs compression

  AnyConnect modules value vpngina

  value of customization DfltCustomization

  internal IT_POLICY group policy

  IT_POLICY group policy attributes

  WINS server no

  value of server DNS 192.168.11.198

  VPN - connections 3

  VPN-session-timeout 120

  Protocol-tunnel-VPN-client ssl clientless ssl

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list VPN_CLIENT_ACL

  field default value societe.com

  the address value VPN_CLIENT_POOL pools

  WebVPN

  activate AnyConnect ssl dtls

  AnyConnect Dungeon-Installer installed

  AnyConnect ssl keepalive 20

  AnyConnect dtls lzs compression

  value of customization DfltCustomization

  username vpnuser password PA$ encrypted $WORD

  vpnuser username attributes

  VPN-group-policy VPN_CLIENT_POLICY

  type of remote access service

  Username vpnuser2 password PA$ encrypted $W

  username vpnuser2 attributes

  type of remote access service

  username admin password ADMINPA$ $ encrypted privilege 15

  VPN Tunnel-group type remote access

  General-attributes of VPN Tunnel-group

  address VPN_CLIENT_POOL pool

  Group Policy - by default-VPN_CLIENT_POLICY

  VPN Tunnel-group webvpn-attributes

  the aaa authentication certificate

  enable VPN_to_R group-alias

  type tunnel-group IT_PROFILE remote access

  attributes global-tunnel-group IT_PROFILE

  address VPN_CLIENT_POOL pool

  Group Policy - by default-IT_POLICY

  tunnel-group IT_PROFILE webvpn-attributes

  the aaa authentication certificate

  enable IT Group-alias

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  maximum message length automatic of customer

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  Review the ip options

  inspect the icmp

  !

  global service-policy global_policy

  context of prompt hostname

  no remote anonymous reporting call

  : end

  Help me please! Thank you!

  Hello

  Please set ACLs to allow ICMP between these two subnets (192.168.11.0 and 192.168.12.0) and check. It should ping. Let me know if it does not work.

  Thank you

  swap

• After the death of firewall router in an outtage power yesterday I replaced my router have restored internet access, but none of my corporate office offices can access our network printer/scanner.

  yerterday morning, that we had a power outage at my place of business. When power has been restored we can't access internet from any one of our desktop computers. After working with a material MFG co troubleshotter. our firewall router NETGEAR, it has been determined that the equipment was defective. They offered to replace the camera for only the shipping charges, I felt an acceptable solution. Then I was told that with bureaucracy, it would take two weeks to get the new unit. Well, my choice was then to set for two weeks and slowly go out of business or buying a new router. I have relpaced the unit with another mod. Netgear router and this quickly got back up again, at least if we could access our system of internal accounting and the internet. My problem is as it is now that I can't access our office network printer.scanner (kyoceraMita) of any one of my desktops. At this point, I'd appreciate any help. I own my business, but am not a computer guy of any measurment known to man. I have this idea, maybe it's a simple software for all fit everyone access to what they need, but I don't know what it is maybe. If sufficient information, in my view, that I could probably fix the problem myself without providing any benefits of outdoor programming.

  The problem now is that the router has changed, the addresses IP, subnet mask, default gateway address, network security wireless network wireless security password and other settings no longer correspond to the original router.  As you said that the SCP can all see each other, you need to see Kyocera and network user's guide 'unit' in order to find the IP address, subnet mask and other network setting the configuration parameters 'method '.

• Guest user can access the system tools?

  Start menu > all programs > Accessories > system tools

  This allows the user access to computer, control panel (and running and same command prompt), although I selected "don't display this item" through properties > Start Menu > customize. Is there something I don't understand? I don't want a guest user to gain access to ANY 'system tools '. How can I accomplish this?

  Hi Jim,.

  Thanks for posting your query in Microsoft Community.

  The guest account providing minimum privileges to perform tasks not requiring administrative privileges.  People using the guest account cannot install software or hardware, change settings, or create a password. Because the guest account allows a user to log on to a network, browse the Internet, and shut down the computer, you must disable the guest account when not in use.

  You can open the command prompt in elevated mode (with administrative privileges), which is actually necessary to run multiple commands that can affect your system. If you use Windows 7 Professional or higher edition, group policy can be edited privileges for the guest account. To learn more, you can re-post your query in the TechNet forums calling for changes in the group policies for the guest account.

  For more information, see:

  Enable or disable the guest account the

  Hope this information is useful. Let us know if you need more help, we will be happy to help you.

• XP Home only 2 users can access the internet

  I have a laptop Dell Inspiron 1300 Windows XP sp3.  I'm the only user for a few years until I've added my son as a different user (with administrator privileges).

  I have been using a USB WiFi dongle with success.
  However when my son connects, it cannot access the internet - not even with a link of ethernet wired router to wide band.
  I can ping sites like yahoo.com, but not access via a browser.
  Help, please
  Thank you
  David E.

  Hi David,

  1. what browser do you use to visit Web sites?

  2. If you are using Internet Explorer, then what is the version?

  3. What is the error message when you access a Web site?

  4. what security software is installed on the computer?

  I suggest you try the following steps if you use Internet Explorer to browse.

  Method 1: How to reset Internet Explorer settings

  http://support.Microsoft.com/kb/923737

  Note: Reset the Internet Explorer settings can reset security settings or privacy settings that you have added to the list of Trusted Sites. Reset the Internet Explorer settings can also reset parental control settings. We recommend that you note these sites before you use the reset Internet Explorer settings

  Check if the problem persists.

  Method 2: Create a new user account

  The user account may be damaged and because who you may not have access to the Internet. I suggest to create a new account and check.

  To add a new user to the computer

  http://www.Microsoft.com/resources/documentation/Windows/XP/all/proddocs/en-us/usercpl_add_user.mspx?mfr=true

  If the problem does not occur in the new user account, and then transfer the data from the old account to the new account.

  How to copy data from a corrupted to a new profile in Windows XP user profile

  http://support.Microsoft.com/kb/811151

  Let us know the results.

• The locked but user can access with other users

  Hi all

  I blocked a user in oracle and trying to "Account is locked out" displaying messages of connection.

  But I am able user from other users query tables. How do I block it?

  For example:

  I had blocked a user User1. When I logged in a user named USER2 and when I call SELECT * FROM USER1. Table_name, displays the data.

  I need to block this question from other USERS.

  Help, please

  Thanks in advance...

  Account lockout does not prevent others to get access on user objects. The only change is that the user won't be able to connect more.

  To block others access to objects of this scheme can be done by defining the privileges of law for other users, or with the vault of the database by creating a Kingdom

  around this blocked scheme (DV requires an additional license).