Attempt to create overlay route map with...

Similar Questions

• Any attempt to create an interactive map with flash - errors with my actionscript

  I currently have a problem by creating a set of buttons that are supposed to put the individual layers on and off.  The layers I have are: places of fishing, facilities, trails, map elements, aerial photo and car parks.  He is in error #s 1119 and 1120.  Anyone could explain the possible reasons I get these errors.

  It might be worth mentioning that I used a tutorial made with Flash CS4, but I write the code in CS5.  This is the exact code I use:

  spots._visible = false;

  facilities._visible = false;

  parking._visible = false;

  Elements._visible = true;

  Aerial._visible = false;

  Trails._visible = false;

  displayedSpots._visible = false;

  displayedFacs._visible = false;

  displayedTrails._visible = false;

  displayedEles._visible = true;

  displayedAerial._visible = false;

  displayedPark._visible = false;

  fsbtn.onPress = function() {}

  If (spots._visible == false) {}

  spots._visible = true;

  displayedSpots._visible = true;

  } else {}

  spots._visible = false;

  displayedSpots._visible = false;

  }

  }

  facbtn.onPress = function() {}

  If (facilities._visible == false) {}

  facilities._visible = true;

  displayedFacs._visible = true;

  } else {}

  facilities._visible = false;

  displayedFacs._visible = false;

  }

  }

  trbtn.onPress = function() {}

  If (trails._visible == false) {}

  Trails._visible = true;

  displayedTrails._visible = true;

  } else {}

  Trails._visible = false;

  displayedTrails._visible = false;

  }

  }

  mebtn.onPress = function() {}

  If (elements._visible == false) {}

  Elements._visible = true;

  displayedEles._visible = true;

  } else {}

  Elements._visible = false;

  displayedEles._visible = false;

  }

  }

  aebtn.onPress = function() {}

  If (aerial._visible == false) {}

  Aerial._visible = true;

  displayedAerial._visible = true;

  } else {}

  Aerial._visible = false;

  displayedAerial._visible = false;

  }

  }

  pbtn.onPress = function() {}

  If (parking._visible == false) {}

  parking._visible = true;

  displayedPark._visible = true;

  } else {}

  parking._visible = false;

  displayedPark._visible = false;

  }

  }

  First of all, your use of == versus = is correct, as you have.  == to test for equality, = is for value assignment.  As a shortcut under test for true false you can avoid it altogether however because the conditional is just test the value of what is inside the parenthesis... If (parking._visible is false) {may simply be if (! parking._visible) {}}

  The next thing, check to make sure that your publication settings are fixed for Actionscript 2.  Those who seem to be the AS3 error numbers that mean your file are implemented for AS3, but you use AS2 code.

  If the problem persists, you must include the entire error messages in your ad

• Can I create a Google Map with several points?

  I am building a Web site for a company with several companies, and they want all appear on the map. In the standard Google maps widget, you can add only one address. Is it possible to add multiple addresses without scripting?

  You can always add placements more once you have published the site by editing the source code. Otherwise simply don't use the widget and enter the code clean Google according to custom HTML.

  Mylenium

• Integration of Google map with Map Viewer does not work

  Hi team,

  My MapViewer Version: Ver11_1_1_7_B130111

  I created a Google Map (with the Source as "Google Maps" map Type) in the map viewer Oracle and I could see google map in Oracle Map Viewer (using 'show Map').

  I wanted to show a theme of map of the village on the google map above in a web page and I use Jdeveloper to integrate with data from the Village map viewer. I could see that the google maps within Jdeveloper however when I run the code Jdeveloper google map does not appear within the web page.

  I tried with Oracle Maps, Bing Maps as 'source' in the map viewer and tried to integrate within Jdeveloper and achieved the same result (white screen). However, when I tried an another mapviewer (Base map ELOCATION. OracleFMW MapViewer House WORLD_MAP) I could see the map on the web page.

  I could get all the other basic maps (created with "internal" as the source of the map") on the web page, so there is something that I'm missing with Google Maps, Bing Maps, Oracle cards. Could you please help me what I'm missing or point to a resource to help?

  Thank you
  Nag

  You need a newer version of JDev (like 11.1.2.x.x or later).

  Geomap DVT (if that's what you use) includes a local copy of oraclemaps.js.

  This must be a newer version.

• Windows cannot create the network map. Responses of the other devices on the network are delayed or on the network, there is a router incapatible

  Original title: no network card
  I installed a NETGEAR N300 Wireless USB Adapter on my computer which is a desk top Dell 64-bit running Windows 7 Edition Home Premium. There are five computers on my network. Two of the others use the same model of NETGEAR wireless USB adapt. I removed the Ethernet cable after the installation of the wireless adapter. I can say that the new wireless adapter works fine. When I tried to map the network I got the same message that appears in some of these problems: "Windows cannot create the network map. Responses of the other devices on the network are delayed or there is a router on the network incapatible". I have restarted this computer in SafeMode as suggested in the above problems. I tried other things like disabling the wired connection has always existed for the cable. No effect. Then I tried mapping the network on the other computers. All failed with the same message. All the other four computers are 32-bit. Three of these computers are also running Windows 7 Home Premium. They are the best desktop computers. The other computer is a Windows 7 Starter netbook running. It is the 32-bit computer, always using a cable. That will be replaced with the same wireless adapter model NETGEAR. Anyone know how to fix this or is this a bug? It would be nice of the network software of Windows 7 has worked as it is supposed to. TO.

  I went the last wired wireless computer and the problem disappeared. The five computers can view the map now without any problems.

• Problem with creating an image map

  I struggled to create a simple image with Dreamweaver CC map.

  I'm in Design view and have a simple flowchart that I would have on my site with each network diagram box with a link to an additional page with more depth on the subject content.

  If I click on the image in live view, the properties toolbar does not show the part of image map (see first image).

  

  However, if I click on the code from the image map controls appear (see the second image).

  

  Now, behold, where the question is...

  If I click on the rectangular selection tool in the map properties bar and then try to select the portion of the image to have a point of access/link; the part of the map of the toolbar disappears and returns to the appearance of the first view?

  Therefore, I can't make a selection or create the HotSpot...?

  Please help with advice you may have.

  The site is responsive, and I decided to recreate this image as an SVG, so that it can scale - with a sensitive site, but I just want to experiment with the layout before generating the final graph.

  Thanks for any help you may have!

  Problem is that you are in LIVE view mode.  Switch to DESIGN view for working with image maps.

  

  What happened to the use of SVG for your tree?

  Nancy O.

• Understand the NAT translation with route map

  Hello

  I try to configure the server EZVPN on SAA and EZVPN client on router 881. I found on the documentation to the NAT translation on the client side

  My confusion is that I should use the deny on the access list statement? If anyone can explain this, enjoy it.

  IP nat inside source overload map route EzVPN1 interface FastEthernet4

  access-list 103 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
  access-list 103 allow ip 192.168.3.0 0.0.0.255 any

  allowed EzVPN1 1 route map
  corresponds to the IP 103

  Hello

  So that's the explanation for the statement "denied" on the ACL for NATing.

  Based on the config, 192.168.3.x here is the network behind your 881 and 192.168.2.x is the network behind the ASA. Let's suppose you're trying to install between 192.168.2.10 and 192.168.3.10. When this package is delivered to the 881, it checks first the characteristics of penetration on the incoming interface (such as the ACL, political, policy-services, etc.) and before checking the 'IPSEC security associations", it checks the NAT configuration.

  Now, your IPSec security association will specify for 192.168.2.x 192.168.3.x traffic to be encrypted and then sent. If we do not have the declaration of 'decline' in the ACL, the 881 will be NAT incoming packets and then the IP source in the package will get changed the IP address of the interface of SA4.

  This match is no longer the configuration of IPSEC SA and therefore not get encrypted. Therefore, we must have the statements 'decline' to ensure that VPN traffic is not coordinated and is therefore correctly.

  Hope this helps!

• There is an error with my computer, it does not connect with my router. It works with my usb 3g modem, but not with my router. My router works with other devices.

  There is an error with my computer, it does not connect with my router. It works with my usb 3g modem, but not with my router. My router works with other devices.
  I tried to connect my xbox to my computer to xbox live via the 3g router, but I was unable to. According to me, there is something wrong with the network card, since neither the wifi (wlan?) nor the lan connection seem to work.
  I harnessed connected my iPod, Xbox 360 and Nintendo DS for her, but not my computer. Please help me, what wrong with my computer?

  original title: problem with the map?

  Hi GustavTak,

  1. you have made no changes to the computer before the broadcast took place?
  2. do you get an error message?

  Try the steps from the following link:

  Windows wireless and wired network connection problems
  http://Windows.Microsoft.com/en-us/Windows/help/wired-and-wireless-network-connection-problems-in-Windows

  Additional information:
  Network connection problems
  http://Windows.Microsoft.com/en-us/Windows-Vista/troubleshoot-network-connection-problems

  Set up a wireless router
  http://Windows.Microsoft.com/en-us/Windows-Vista/set-up-a-wireless-router

• Any attempt to create results by "Access denied" error zip file

  Windows 7 Professional 64 bit.  I am logged in as administrator.  UAC is not active on this machine.

  Any attempt to create a zip file results in a dialog box stating "unable to complete the operation.  Access is denied. "

  If I select a file or group of files/folders, do a right click and say 'Send to Zip', I get this error.  Interestingly, while the error dialog box is still open, the zip file will be displayed in the current folder.  Clicking OK in the box dialog error cancels the dialog box and deletes the zip file.

  This seems to be some sort of permissions thing.  Can I create a zipfile by clicking right in the Explorer window by clicking on "new", then "compressed (zipped) folder", and it will create the file very well.  I can even give it a name.  Any attempt to copy anything in this new zip file generates an error "file not found or no read permission.  Try to delete the zip file says 'you need permission from administrators to make changes to this file.
  So now, I open the properties for the zip file and go to the Security tab.  It was there that I discovered that this file has no owner are entrusted to him.  I can then change owners, add my name as the owner of the file, assign full control to myself, apply the changes, and now the zip file can be read/written/removed normally.
  So whenever I need to create a zip file, I have to go through the steps of creating-> change the properties of the-> Assign owner-> Apply-> add files to the Zip file.  It's a royal pain in the keester.
  My question is: what changes to do to confide as the owner by default when a zip file is created?  This seems to happen with only zip files, any other type of file gives me this problem.  What happened since I got this computer brand new with Windows 7 64 - bit on it.  I can't say that it is a "Virgin" installation, he was photographed by a group of COMPUTER companies (I work for a fairly large company).  This group is a clue what happens and apparently others in our society do not report this problem.

  Solved! The problem is with the permissions on the 'TEMP' directory which is used during the process of zip. See this announcement and scroll down to "more useful answer.

  http://answers.Microsoft.com/en-us/Windows/Forum/windows_vista-files/when-i-try-to-use-the-send-to-compressed-zipped/264ba861-1262-4181-94ed-0f00325604f5

• How to set up in the community of the 4-byte ASN route map?

  Hi all

  I want to do AS-prefix for one of my ISPs. I have map route this ISP and when I try to configure 'set the 64704:xxxxxx community' under the route map configuration mode, I get an error (it's 6 figures in my number of ACEs).

  in the configuration guides always mentioned ASN "well known." I found 'set extcommunity rt' but I think, and it seems that is not what I want to achieve.

  so, how can I include 4-byte ASN in my 'community set?

  Thank you

  Hi Ruslan,

  Just to comment on the 4B ASN support - there are a few pitfalls. A the community attribute is a value of 4 b itself. So if you store your own ASN 4B in a community standard, there is no space left in it for the remaining part of the value of the community. As the set community command manipulates only standard communities, it is impossible to use 4B ASN with her. Extended communities could be the solution, because they are long 8B; However, the type of extended community to use is called AS specific BGP extended community and is defined in RFC 5668. Unfortunately, IOS does not seem to take this type of community - and even if it did, your ISP would not seek for it according to the output of BLACKBERRIES from the database. The particular kind of wider community, you tried to use is called road target, and it serves a different purpose.

  That being said, I must say that I clearly don't understand the use of communities as indicated by your neighbor. Note that there are two communities:

  remarks:         64700:ASN - do not announce to AS ASNremarks:         64709:ASN - announce to AS ASN

  They say - do not advertise or advertise, to the ASN such AS specified in the lower part of the community. But how could your ISP perform filtering for an independent arbitrary system there if it isn't directly peering with it? It seems to me that if the ASN here in this description may be made by a defined limited ASN ot want to peer with your ISP and not an ASN preceded. In addition, when you read carefully:

  remarks:         64701:ASN - prepend 1x to AS ASNremarks:         64702:ASN - prepend 2x to AS ASNremarks:         64704:ASN - prepend 4x to AS ASNremarks:         64706:ASN - prepend 6x to AS ASN

  It is said "prefix N times to AS ASN" - but to precede what? And what it means when they say "precede"? I would say that at this point, it would be better to call your ISP and to clarify the precise meaning and operation of these values of the community until we try to find a solution to your needs. It might be possible that these communities leads to a different prepending operation than what we think. Best regards, Peter

• Route map!

  Hi all

  I installed the VPN and VPN connections are OK. Internet access (with NAT overload) is also OK.

  The ping between HUB = SPOKE1 and SPOKE2 = HUB is good.

  But the ping between SPOK1 and SPOKE2 is bad.

  I see that the map(ACL 105) road is deny certain packets, when I check the hit counters list (ACL 105).

  Can help some body on it, y at - it all the parameters that miss me.

  Why the route-map(ACL 105) private packages? The HUB ping = SPOK1 and SPOKE2 = HUB is 100% but in route map see the increase to deny the meter (105 ACL).

  Here are the details of config:

  ISR2821 #show run

  version 12.3

  no service button

  tcp KeepAlive-component snap-in service

  a tcp-KeepAlive-quick service

  horodateurs service debug datetime localtime show-timezone msec

  Log service timestamps datetime localtime show-timezone msec

  encryption password service

  sequence numbers service

  hostname ISR2821

  boot-start-marker

  boot-end-marker

  Security of authentication failure rate 3 log

  Passwords security min-length 6

  no set record in buffered memory

  recording console critical

  enable secret 5%

  enable password 7%

  username & password $7

  No aaa new-model

  IP subnet zero

  no ip source route

  synwait-time of tcp IP 10

  IP cef

  no ip bootp Server

  property intellectual ssh time 60

  property intellectual ssh authentication-2 retries

  inspect the IP name def cuseeme

  inspect the name def ftp IP

  inspect the name def h323 IP

  inspect the IP name def netshow

  inspect the IP rcmd def name

  inspect the name def realaudio IP

  inspect the name def rtsp IP

  inspect the name def smtp IP

  inspect the name def sqlnet IP

  inspect the name def streamworks IP

  inspect the name def tftp IP

  inspect the name def tcp IP

  inspect the name def udp IP

  inspect the name def vdolive IP

  inspect the name def icmp IP

  Max-in. IP 100 ips events

  No ftp server enable write

  crypto ISAKMP policy 1

  BA 3des

  preshared authentication

  Group 2

  crypto ISAKMP policy 2

  preshared authentication

  life 3600

  key # address A.B.C.39 255.255.255.0 crypto ISAKMP xauth No.

  key # address A.B.C.38 255.255.255.0 crypto ISAKMP xauth No.

  Crypto ipsec transform-set esp - esp-sha-hmac ISRTest

  map SDM_CMAP_1 1 ipsec-isakmp crypto

  Description Tunnel toA.B.C.38

  defined by peer A.B.C.38

  game of transformation-ISRTest

  match address 103

  map SDM_CMAP_1 2 ipsec-isakmp crypto

  Description Tunnel toA.B.C.39

  defined by peer A.B.C.39

  game of transformation-ISRTest

  match address 104

  Null0 interface

  no ip unreachable

  interface GigabitEthernet0/0

  IP 172.29.160.1 255.255.255.0

  IP access-group 100 to

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  IP nat inside

  IP virtual-reassembly

  route IP cache flow

  automatic duplex

  automatic speed

  No mop enabled

  interface GigabitEthernet0/1

  address IP A.B.C.40 255.255.255.0

  IP access-group 101 in

  Check IP unicast reverse path

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  NAT outside IP

  inspect the def on IP

  IP virtual-reassembly

  route IP cache flow

  automatic duplex

  automatic speed

  No mop enabled

  map SDM_CMAP_1 crypto

  Have you tried an upgrade in the code for 12.3.14T and see if that helps?

• IOS mixed Crypto Maps with Checkpoint Firewall

  I have a config encryption that works very well with a remote CheckPoint Firewall:

  -------------- \/ CONFIG 1 \/--------------------

  crypto ISAKMP policy 5

  BA 3des

  md5 hash

  preshared authentication

  !

  ISAKMP crypto key address 1.2.3.4 cryptokey1

  !

  Crypto ipsec transform-set esp-3des esp-md5-hmac txfrmset1

  !

  crypto dynamic-map vpn Dynamics 10

  Set transform-set txfrmset1

  !

  secure1_in card crypto ipsec isakmp 1

  defined by peer 205.245.184.2

  Set transform-set txfrmset1

  match address 105

  !

  IP nat inside source overload map route sheep interface Ethernet0

  !

  sheep allowed 10 route map

  corresponds to the IP 110

  !

  access-list 105 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

  ------------/\ CONFIG 1 /\ --------------------

  I need to add a card for remote clients using the Cisco VPN 3.6 client.

  I have a card encryption that has worked great for me in the past. The combination

  Both looks like this:

  ---------------\/ CONFIG 2 \/ --------------------------

  Nine AAA

  AAA authentication login userauthen local

  AAA authorization groupauthor LAN

  crypto ISAKMP policy 5

  BA 3des

  md5 hash

  preshared authentication

  !

  crypto ISAKMP policy 10

  BA 3des

  md5 hash

  preshared authentication

  Group 2

  !

  cryptokey1 key crypto isakmp address 1.2.3.4 No.-xauth

  !

  Crypto ipsec transform-set esp-3des esp-md5-hmac txfrmset1

  !

  crypto dynamic-map vpn Dynamics 10

  Set transform-set txfrmset1

  ISAKMP crypto client configuration group remote1

  cryptokey2 key

  DNS 10.0.0.4

  WINS 10.0.0.5

  VPN-pool

  !

  card crypto client secure1_in of authentication list userathen

  card crypto isakmp authorization list groupauthor secure1_in

  client configuration address card crypto secure1_in answer

  secure1_in map ipsec-isakmp crypto 5

  defined peer 1.2.3.4

  Set transform-set txfrmset1

  match address 105

  vpnclient 10-isakmp ipsec vpn dynamic-dynamic crypto map

  !

  IP VPN-pool pool 172.16.30.1 room 172.16.30.254

  IP nat inside source overload map route sheep interface Ethernet0

  access-list 105 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

  !

  access-list 110 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

  access-list 110 permit ip 192.168.0.0 0.0.0.255 any

  !

  sheep allowed 10 route map

  corresponds to the IP 110

  ---------------/\ CONFIG 2 /\---------------------------

  It's classic crypto right out of the playbook of Cisco. This card works

  very well with the Cisco VPN client, but produced the following errors after a

  successful with Checkpoint Firewall P1 installation:

  --------------\/ ERROR OUTPUT \/ -----------------------

  05:13:02: ISAKMP (0:2): send package to 1.2.3.4 (R) MM_KEY_EXCH

  05:13:02: ISAKMP (0:2): entry = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

  Former State = new State IKE_R_MM5 = IKE_P1_COMPLETE

  05:13:02: ISAKMP (0:2): need to config/address

  05:13:02: ISAKMP (0:2): need to config/address

  05:13:02: ISAKMP: node set 1502565681 to CONF_ADDR

  05:13:02: ISAKMP (0:2): pool of IP addresses not defined for ISAKMP.

  05:13:02: ISAKMP (0:2): node 1502565681 error suppression FALSE reason «»

  05:13:02: ISAKMP (0:2): entry = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE

  Former State = new State IKE_P1_COMPLETE = IKE_CONFIG_MODE_SET_SENT

  05:13:02: ISAKMP (0:2): 1.2.3.4 received packet (R) CONF_ADDR

  05:13:02: ISAKMP: node set-1848822857 to CONF_ADDR

  05:13:02: ISAKMP (0:2): entry unknown: status = IKE_CONFIG_MODE_SET_SENT, major, minor = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE

  05:13:04: ISAKMP (0:2): 1.2.3.4 received packet (R) CONF_ADDR

  --------------/\ ERROR OUTPUT /\--------------------------

  This does not happen to config 1. If it's a PIX, I would use the

  No.-config-mode keyword after the No.-xauth on isakmp crypto "key."

  command line. It is not available on IOS IPSEC and I have never

  needed to do before. I am running Cisco IOS 12.2 (5.4) T on a VPN of 1721

  router. The static map seems to work by itself. What I am doing wrong?

  I saw her a couple of times and to be honest have never taken down to an exact cause, although in this case it looks like almost to the point of control request an IP address which is weird. Try the following:

  1. Add "card crypto secure1_in client configuration address to initiate" and see what it does.

  2. try 12.2 (8) code T5 with it, I had a previous user running 12.2 (11) T and we got the same error messages, returning to this level of code it is resolved.

  In addition, you wouldn't need:

  > access-list 110 deny ip 192.168.10.0 0.0.0.255 172.16.30.0 0.0.0.255

  for example, so that you do not NAT client VPN traffic?

• Based on the IOS VPN Lan-to-Lan (NAT and route map Questions)

  Hello world

  I worked on my review of CCNA security and I have a question about this stage

  LAN1 192.168.0.0/24---(routeur HQ)--10.10.10.0/30--(INTERNET)--20.20.20.0/30--(routeur Branch) - LAN2 192.168.1.0/24

  I use 10.10.10.0/30 and 20.20.20.0/30 networks assuming that these are public addresses (is just a laboratory).

  I read that if I want to make the VPN tunnel while I using NAT I must exclude valuable traffic from the NAT process so I look on the database of cisco for more help and I found this (look at the 3660 router configuration):

  http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a008045a2d2.shtml#T1

  so, I applied this config for my routers, so the config is:

  IP nat inside source map route sheep interface fastEthernet0/1

  access list 110 deny ip 192.168.0.0. 0.0.0.255 192.168.1.0 0.0.0.255

  access list 119 permit ip 192.168.0.0. 0.0.0.255 any

  sheep allowed 10 route map

  corresponds to the IP 110

  I didn't really understand who is using the command route-map here, so I made this configuration:

  IP nat inside list sheep interface FastEthernet0/1

  sheep extended IP access list

  deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

  Licensing ip 192.168.0.0 0.0.0.255 any

  Two of them worked I could translate my LAN addresses to the public to address internet and also could establish the VPN tunnel. So my questions are:

  1. What is the purpose of the road-map command?

  2. What is the difference between these two configuration?

  3. which one I should use and in what cases?

  Thanks in advance

  Jose

  Jose,

  Very good questions and in fact no need to the road map it.

  Personally, I like using course maps because it allows much more flexibility than simply ACL setup, but in order to bypass the NAT source IPs, there is no need of route-maps and you can do this with the ACL directly.

  I personally always use road-maps just because I can (route-maps are cool) haha

  Route-maps are very useful in other scenarios where you need to put more of conditions or factors.

  Remember that it is almost always more than one method to accomplish a task... which is one of those cases.

  It will be useful.

  Federico.

• Newbie question route-map/access-list

  I am quite new to the thing whole cisco here.  I'm very hesitant to make changes as I am not sure that I take down the entire network of 200%. (We are a very small company)

  We have a router cisco 1811 (yes I know its old)

  We now have a road map and I'm trying to understand it to make it work the way we want.  Basically, we have a few servers and we do not want some servers to use our cable internet connection, we want to use our T1.  Our T1 uses an ASA5505 as a router.  I don't know why, I know its not the best practice but I was just hired and that's all I have to say on this subject.  I am doing as a result.  Web traffic currently out our interface cable, everything, including the speed of transfer on speedtest.net out our T1.  This makes the bad, bad VoIP phone calls. We also have a tunnel punch in Q1 of our other offices as well as our server Exchange2010 using T1.   If our cable goes down, everything for the T1 (by design).  We have a long list of defined access our route map - use corresponding ip.  I want to change the access list to not allow local network IP addresses.  I know that if I put in a whole ip allow it break our network and nothing comes out of the T1 line, and no one can get to our mail server more.  So, I was thinking of adding some statements, but I was wondering if someone could help me with logic, so I know not if I will break the network.  I wouldn't pull the laminated cord and use the console.  (I really need get a USB serial interface).  Now, you understand a little more about my situation now for all numbers, etc.

  Network internal 90.0.0.0/24, 192.168.0.0/24 192.168.30.0/24, 172.20.0.0/16 (we use only 40 addresses, why they chose 16 is beyond me, stupid really)

  PTP VPN: 192.168.116.0/24 comes and goes out our T1.

  1811 router: 90.0.0.254/192.168.30.254/192.168.0.254

  ASA: 90.0.0.50

  !

  follow the accessibility of ALS 40 ip 40

  delay the decline 90 60

  !

  interface Vlan1

  Description * INTERFACE LAN 90.0.0.x network * $FW_INSIDE$

  IP 90.0.0.254 255.255.255.0

  IP nat inside

  IP virtual-reassembly

  IP tcp adjust-mss 1452

  route WEBPBR card intellectual property policy

  !

  interface Vlan10

  Description * INTERFACE LAN NET 192.168.0.x * $FW_INSIDE$

  IP 192.168.0.254 255.255.255.0

  IP nat inside

  IP helper 90.0.0.2

  IP virtual-reassembly

  route WEBPBR card intellectual property policy

  !

  ! Static routes

  IP forward-Protocol ND

  IP route 0.0.0.0 0.0.0.0 90.0.0.50 track 20

  IP route 0.0.0.0 0.0.0.0 197.164.245.109 200

  IP route 8.8.8.8 255.255.255.255 197.164.245.109 permanent

  IP route 10.250.10.0 255.255.255.0 90.0.0.50 permanent

  IP route 172.20.0.0 255.255.0.0 90.0.0.50 permanent

  IP route 208.67.220.220 255.255.255.255 197.164.245.109 permanent

  WEBTRAFFIC extended IP access list
  deny ip any host 208.67.222.222
  deny ip any 172.20.0.0 0.0.255.255
  refuse the host tcp 90.0.0.2 any eq www
  refuse 90.0.0.14 tcp host any eq www
  refuse 90.0.0.235 tcp host any eq www
  refuse the host ip 192.168.0.40 everything
  deny ip any host 192.168.0.40
  refuse the host ip 192.168.0.41 all
  deny ip any host 192.168.0.41
  deny ip any host 192.168.0.221
  refuse the host ip 192.168.0.221 all
  refuse the host ip 192.168.0.225 all
  refuse 90.0.0.10 tcp host any eq www
  deny ip any host 192.168.0.225
  refuse 90.0.0.11 tcp host any eq www
  refuse 90.0.0.9 tcp host any eq www
  refuse 90.0.0.8 tcp host any eq www
  refuse 90.0.0.7 tcp host any eq www
  refuse 90.0.0.6 tcp host any eq www
  refuse the 90.0.0.1 tcp host any eq www
  refuse 90.0.0.13 tcp host any eq www
  refuse 90.0.0.200 tcp host any eq www
  permit tcp any any eq www
  allow the host ip 192.168.0.131 one
  allow the host ip 192.168.0.130 one
  allow the host ip 192.168.0.132 one
  allow the host ip 192.168.0.133 one
  allow the host ip 192.168.0.134 one
  allow the host ip 192.168.0.135 one
  allow the host ip 192.168.0.136 one
  allow the host ip 192.168.0.137 one
  allow the host ip 192.168.0.138 one
  allow the host ip 192.168.0.139 one
  allow the host ip 192.168.0.140 one
  allow the host ip 192.168.0.141 one
  allow the host ip 192.168.0.142 one
  allow the host ip 192.168.0.143 one
  allow the host ip 192.168.0.144 a
  allow the host ip 192.168.0.145 one
  allow the host ip 192.168.0.146 one
  allow the host ip 192.168.0.147 one
  allow the host ip 192.168.0.148 one
  allow the host ip 192.168.0.149 one
  allow the host ip 192.168.0.150 one
  allow the host ip 90.0.0.80 one
  allow the host ip 90.0.0.81 one
  allow the host ip 90.0.0.82 one
  allow the host ip 90.0.0.83 one
  allow the host ip 90.0.0.84 one
  allow the host ip 90.0.0.85 one
  allow the host ip 90.0.0.86 one
  allow the host ip 90.0.0.87 one
  allow the host ip 90.0.0.88 one
  allow the host ip 90.0.0.89 one
  allow the host ip 90.0.0.90 one
  allow the host ip 90.0.0.91 one
  allow the host ip 90.0.0.92 one
  allow the host ip 90.0.0.93 one
  allow the host ip 90.0.0.94 one
  allow the host ip 90.0.0.95 one
  refuse the host tcp 90.0.0.3 any eq www

  ALS IP 40

  208.67.220.220 ICMP echo source interface Vlan1

  Timeout 6000

  frequency 20

  ALS annex IP 40 life never start-time now

  allowed WEBPBR 2 route map

  corresponds to the IP WEBTRAFFIC

  set ip next-hop to check the availability of the 197.164.245.109 1 track 40

  That is how we have it set up right now.  If I put in a few lines above WEBTRAFFIC with:

  deny ip any 192.168.0.0 0.0.0.255

  deny ip any 90.0.0.0 0.0.0.255

  deny ip any 192.168.116.0 0.0.0.255

  !  Etc with all internal networks

  * And then put at the bottom:

  allow an ip

  who will ALL break so we can not communicate with anything?  Or is that what I did to do this, we get internal routing etc.?  Also, I guess I'd put in 15 IP addresses that are coming in the SAA as well?  (We have public IPS 14 (one for the T1 gateway) that would go as well?)  I don't want to try to put in those at the top and make sure no one can do anything.  I hope I made clear what I'm doing...

  Post edited by: Ryan Young

  I have not read this thread well enough to be able to talk to the intricacies of the issue whether this access will make what you want. But I can answer the specific question you are asking. Yes - the access list is top-down, transformed and if a few more top line in the access list matches, then treatment for this package will not get the license at the bottom of the access list.

  HTH

  Rick

• During ANY installation of a program (e.g. Skype), I get the "year error occurred while attempting to create the directory C:\Program\Microsoft\Windows\Start Menu.

  original title: facilities program

  During ANY installation of a program (e.g. Skype), I get the "year error occurred while attempting to create the directory C:\Program\Microsoft\Windows\Start Menu. What happened with cd installs, but also downloads on the internet.  I already "took possession" of the computer, which is still delayed freaking, but am still unable to fight through all the questions of security, I guess that.  Any help would be greatly appreciated as I'm about to DOWNGRADE to something more user-friendly.  Thank you

  BTW, this is WINDOWS 7 Home Premium

  I had this problem for a long time on Windows 7. Finally, by pure chance I came across this solution that solved the problem. -Take the shortcut of the property

  http://www.SevenForums.com/tutorials/1911-take-ownership-shortcut.html

  You will need to run the "fusion" in the context menu of a reg file, published as part of the solution to change some registry settings. On any folder, you'll get a context menu 'Take Ownership' which restores the property correctly. This solves a lot of problems installing.

  Many people have trouble with this and therefore decided to post here.

  Gem of a solution. Thanks to GRIM and Brink on Windows 7 Forum!

  -Jayawanth