Can not reach internal hosts VPN clients

Similar Questions

• VPN concentrator + PIX on LAN-> customers can not reach local servers

  Hello

  I have a problem wrt. remote access clients coming via a VPN3000 concentrator and trying to access local servers.

  For the topology:

  The internal network is 10.0.1.0/24. It connects with the outside world, as well as via a PIX DMZ; the PIX has 10.0.1.1 in the internal network.

  On the same LAN (internal), I have the VPN concentrator for the inside address 10.0.1.5. It assigns addresses in the 10.0.100.0/24 range to the

  VPN client-PCs.

  I can sucessfully connect using the VPN client SW to the hub, i.e. remote access clients out addresses

  the 10.0.100.0/24 range.

  The problem: access from VPN clients to internal network is * not * possible; for example, a customer with 10.0.100.1 cannot connect to

  internal to the 10.0.1.28 server.

  To my knowledge, this is a routing problem because the server (10.0.1.28) has no idea on how to reach customers in

  10.0.100.0/24. The only thing that the server is a default static route pointing to the PIX, i.e. 10.0.1.1.

  So I set up a static route on the PIX for 10.0.100.0 pointing to the hub-VPN, that is

  Mylan route 10.0.100.0 255.255.255.0 10.0.1.5 1

  This does not solve my problem though.

  In the PIX logs, I see the entries as follows:

  % 3 PIX-106011: deny entering (no xlate) tcp src trainee: 10.0.1.28 (atlas) / 445 intern dst: 10.0.100.1 (pending) 1064

  The PIX seems to abandon return packages, i.e. traffic from the server back to the client

  To my knowledge, the problem seems to be:

  Short traffic VPN - client-> Concentrator VPN-> Server-> PIX - where it gets moved.

  My reasoning: the PIX only sees the package back, i.e. the package back from the server to the client - and therefore decreasing the

  package because he has not seen the package from the client to the server.

  So here are my questions:

  (o) how do I configure the PIX that I be connectivity between my remote VPN clients (10.0.100.0/24) and

  computers servers on the local network (10.0.1.0/24)?

  (o) someone else you have something like this going?

  PS: Please note that the first obvious idea, installation of static routes on all machines on the local network is not an option here.

  Thank you very much in advance for your help,.

  -ewald

  Hello, PIX the because can not route traffic on the same interface (prior to version 7.0 anyway), I suggest you two places your hub to the outside with the inside of the legs on a zone demilitarized or (if you can not do a makeover of the network) you remove your pool with 10.0.100.0 - addresses and create a pool with 10.0.1.0 - addresses which is a part of the address space. No, NOT all. A little book that it is not used inside.

  Best regards

  Robert Maras

• Help, I changed the password of root ESXi via powerCli, now I can not connect with the web client or the console.

  Help, I've changed the root ESXi via powerCli password, now I can not connect with the web client or the console, but I can still connect to powerCli. The command I used was;

  SE connect-VIServer esxihostname-user root - password newpasswd

  This production network btw, I have connected to each host and run the above command, these ESXi hosts are not on a domain

  y at - it something I have left out. I really appreciate any assistance that you people can provide.

  Thank you, Joe

  It is probably a longshot, but a lot of things in the land of windows is not sensitive to capital letters as Unix is.  I wonder if your new password you put through powerCLI mixed uppercase in it and if the capitalization was abandoned by command windows powerCLI Analyzer, or he interpreted as all capitals or something.   If you can still get through the powerCLI you could try to reset the password again to something simple without capitalization mixed case and if your password on ESXi strategy requires a special character, try something different than a "$", like a "_" (I find that a '_' is less likely than some other special characters (, as a '-' or a ' / ' to cause problems with analyzers.).

  Edit:

  Another thing, you can try before playing with the password once again, is to create a different username ESXi using powerCLI and see if the password ends up what you think, it should be, and if you can get with the client vsphere using it.  In this way, you can find out if there are some problems with certain characters or Cap through command powerCLI Analyzer without losing your remaining root by powerCLI access.  After some tests, you can understand what went wrong with your initial password change and may be able to fix it with less risk of losing access.  I also assume that you can not create a new username on ESXi who is able to change the root password no matter what authority give you it, otherwise, you could create a new username with PowerCLI, then connect to the client vsphere with it and change the password to root from there.

• My forum ID is connected to my Apple ID email, but when I log in to the forum with my Apple ID email, I get an error and can not reach the forum. How do I merge my accounts so my Apple sign-in ID is working again?

  My forum ID is connected to my Apple ID email, but when I log in to the forum with my Apple ID email, I get an error and can not reach the forum. How do I merge my accounts so my Apple sign-in ID is working again?

  Apple ID cannot be merged. We'll see if we can get to the bottom of your connection error...

  Tell us step by step, in detail what your actions.

  Tell us a story

  -with a beginning, middle and end. We need to figure out what you know and that you have lived.

  If this problem is new, tell us what immediately preceded its appearance - add software, upgrade or update? New equipment?

  Quoted by of Apple  'how to write a good question.

  To help other members in answering your question, give as much detail as possible.

  • Include your name (peripheral) product and specifications such as the speed of the processor, memory and storage capacity. Please do not include your serial number, IMEI, MEID or any other personal information.
  • Provide the version of your operating system and the relevant applications numbers, e.g. "OS X 10.4.11" or "Safari 4.1.3.
  • Describe the problem and include all the Details on what seems to make it.
  • The list of troubleshooting steps you have already tried, or temporary corrections that you discovered.

  For a detailed 'coaching', please see usage tips , help us help you on these forums and wrote an effective communities of Apple Support question

  "Keep it short and Simple"-take your time... but be thorough - CCC

• Can not reach the internal network on the VPN

  Hello

  So I've been setting up an ASA5510 to the best of my knowledge to allow the VPN to our internal network access and its riches. IPSEC is configured correctly.

  When connected I get an IP address from the VPN subnet with success, but I can't reach all internal hosts (failed pings). Also, I noticed that my default gateway uses a VPN subnet IP address.

  I have followed the guide Wizard and configuration Online but am still in the dark... it's all a bit new to me!

  I'll post the config if you need to see.

  Any help would be appreciated!

  Hi, just a few things I noticed. What group are you testing with? The tunnel of split for the two groups should be a standard ACL, well it doesn't have to be, but it is generally. I suspect that it doesn't because the ACL is defined in the wrong direction. You can therefore remove the first line of the RemoteVPNAccess of the ACL or replace it with a standard ACL. I recommend using a standard ACL.

  Also applies similarly to your nat not and inside the ACL, they should be allowing the subnets the to address of the pool. So you can delete the second line of the ACL sheep and ' inside_access_in access-list extended ip 10.10.200.0 allow 255.255.255.0 everything ' inside ACL.

  Also any tunnel or use a tunnel of split ACL but not both and also try to remove the filter from vpn, we can get to that after we have connectivity.

• Can not type 'url-list' without client Anyconnect VPN setup

  Hi I am trying set Anyconnect VPN client based on Cisco documents below. There is a command like below. When I typed 'url-list', I can't enter.

  Here is example of Cisco:

  WebVPN
  allow outside
   list of URLS ServerList "WSHAWLAP" cifs://10.2.2.2 1
   list of URLS ServerList "FOCUS_SRV_1" https://10.2.2.3 2
   list of URLS ServerList "FOCUS_SRV_2" http://10.2.2.4 3

  Here's my ASA:

  VPNFW-70/PRI/Act(config-WebVPN) # url -?

  set up the mode commands/options:
  URL-block url-url-cache server

  My ASA has no choice of the list of URLs when you type '?

  Can anyone give me some suggestions? Thank you.

  http://www.Cisco.com/c/en/us/support/docs/security/ASA-5500-x-series-NEX...

  Hello

  In the 7.x code all customizations without client was included in the running configuration.
  However, referring to this document from cisco:- http://goo.gl/XRkrcO, you can see that this command has been deprecated in 8.X ASA codes.

  The best way to configure the bookmarks will use the ASDM or create them on a server and then bring import them to ASA.

  Why we can not create bookmarks CLI?

  With the introduction of 8.x many more options have been added, allowing greater flexibility.  These new options would make the running configuration passes, so they were moved into separate xml files.  Indeed, it eliminated the ability to configure a list of bookmark via the CLI.

  For more information on this discussion, please refer to this thread: -.
  https://supportforums.Cisco.com/discussion/11010546/how-do-i-create-URL-bookmark-WebVPN-Portal-CLI

  Kind regards
  Dinesh Moudgil

  PS Please rate helpful messages.

• Where can I get a SSL VPN client?

  I don't know much about vpn technology, but used the cisco 5.x client software and the software vpn client that ships with windows xp. Now a customer asks me to connect using an ssl vpn. I don't think I can do it with either of the vpn client packages I've used before? So what am I supposed to use? I looked openvpn and couldn't make much sense out of it. I registered on this site, but apparently this is not enough for me to access the software vpn ssl client.

  Michael,

  If you are the client establishing the connection to the server RA via SSL the way that it works is using regular internet OS web browser as Internet Exprorer, as it supports SSL as webvpn SSL, and the user credentials to open a session in WEBVPN leads, that's all that you need to connect to the server of your customer RA.

  exmple to connect to the RA through webvpn would be like:

  https://

  There are two things you need as to the requirements, and I quote from the link below.

  Requirements

  Before this configuration, make sure that you follow the conditions for remote client stations:

  SSL compatible Web browser

  SUN Java JRE version 1.4 or newer

  Cookies enabled

  Blockers disabled popups

  Local administrator privileges (only not mandatory but highly recommended)

  Note: The latest version of SUN Java JRE is available as a free download from the Java Web site.

  http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a008072462a.shtml#PREREQ

  PLS note any useful message

  Rgds

  Jorge

• How can I send parameters preconfigured VPN client to a remote user

  Dear all,

  I have an ASA 5510 using VPN IP - SEC for remote users. I want to send all settings pre-configured for the VPN client.

  How can I save the configuration file and send to a remote user?

  Concerning

  Configure the vpn profile in your vpn client, and then send them the .pcf file located in the directory Program Files/Cisco Systems VPN/customer/profiles. Then all they have to do is import it into their client.

• NetMeeting does not not between the cisco vpn clients

  Hello

  I had posted the same query a weeks but did not get any reply.just adding more details and hoping som1 help me.

  Here's the real problem:

  We have a client that users use clients vpn cisco to connect LAN business from the public network and access as expected and also able to run netmeeting from his pc, but when users attempt to run netmeeting between two connected to the public network, vpn clients with same ip pool, it does not work.

  Thank you & best regards

  Madhu.

  Try to delete "nat (outside) 1 192.168.1.0 255.255.255.0" and try again.

  Or try adding something like this...

  outside_nat0 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.1.0 255.255.255.0

  NAT (outside) 0-list of access outside_nat0

• Can not reach the class methods

  Hi, I am a newbee to Flex and one I have this problem:
  
  I have the application MXML and actionscript class file User.as. Problem is that I can't reach the application MXML class method. I'm using Flex 3.0 beta 1 release.
  
  User.As: (stored in users/Users.as)
  
  users of package
  {
  public class User
  {
  private var connection: String;
  private var pass: String;
  private var email: String;
  private var firstname:String;
  private var lastname:String;
  
  public void User() {}
  This.Login = "";
  This.Pass = "";
  This.email = "";
  This.FirstName = "";
  This.LastName = "";
  }
  
  public void setLogin(log:String):void {}
  This.Login = log;
  }
  }
  }
  
  application:
  
  import the users. User; Import class
  var: the user = new User(); create the new object of class user
  Person.setLogin ("somelogin"); using a class method
  
  I got this error: "access of undefined property person.
  
  I'm looking for a solution. Any help much appreciated
  
  Thank you

  I found the solution!

  Person.setLogin ("somelogin"); Ant, it must be in the function

  example:

  private function init (): void
  {
  Person.setLogin ("petruska");
  }

  Thanks for your replies!

• Can not reach PIA signon screen

  Hello
  
  First of all, my setup is:
  
  Microsoft Windows Server 2003
  Database Oracle 10 g rel 2.
  PeopleTools 8.49
  HRMS 9.0
  
  I just finished installing PIA but I can't reach the signon screen at http://192.168.0.101:80/hrmsdmo/signon.html.
  
  I'm new to peoplesoft so I have also some other question on PIA.
  
  1 must run IIS?
  2. the Web server is a service that starts at the start of the OS, but I have to manually start the application server with appserv and database with oradim instance. Is - it there anyway all three can be run at startup?
  
  Thanks in advance for any help.

  I'm afraid that I still don't understand if it works very well if you start the Web server manually.
  What of the newspaper?

  Nicolas.

• Jet J3310A direct: can not reach the internal settings

  Hello

  I have a laserjet 2100TN and a tot of J3110A direct jet connect with my network.

  My goal is to change the IP address because I want to have a static address in the network. To do this, I try to open the page of the internal settings of the printer via the IP address of 192.168.0.106. All I get is a blank screen with only the button "help" and a link to HP.com. How can I change this?

  I think that if. Administrator Web jet is used by very large network administrators to control all their printers to set up to make the update firmware massive, etc.. It is a very powerful program, and as it uses its own java interface will not be a problem.

• Can not reach a particular site

  I am running Windows 7. Nine days, in the morning, I had no trouble to get to a site that I used every day.  Two hours later, I could reach is no longer. It is a form of social media, but not the type of current.  You use Internet Explorer, Chrome, and Firefox, no link.  I got the reports such as "the site was taking too long," site has expired and others.  I had a friend, with whom I Exchange normal email and talk about the site, contact administrators, because I couldn't.
  The answers I got, did not help.  To disable the pop-up blockers.  The other has been upgraded to Windows 10.  Software upgrade took 14 hours to download and then realized that he didn't know why, but he was able to complete the upgrade.
  I still get notifications by email on the site.  I can't get on the site, no matter what I do.  So, I can't believe that two things is the problem - some setting, unknown to me, needs to be changed, or an automatic Windows update that damn.

  My problem is that I don't know where to look and what to look for.  I spent hours trying.  Help, please.  I have friends on this site, from all around the world and, with the exception mentioned above, I can't contact them.
  So0:
  1. do you have an idea why the upgrade of Windows 10 would not work?  and

  2. what could be making it impossible to connect with this site?

  Thanks in advance.

  1 - can you get your logs from windows update?

  Please, collect logs of update by typing wscollect in an elevated command prompt.  Download the file to a disk or any file sharing site and put a link to it in your next post.

  2. can you tell us the site?

  Have you tried to clear the cookies from your browser?

  If you use a browser to access your mail more often that otherwise, you can solve the problem that you are experiencing by disabling all hides and cookies in your specific browser
  
  
  * For the browser Internet Explorer & MSN Butterfly: simultaneously press CTRL + SHIFT + DELETE, and then click on remove
  For Google Chrome: simultaneously press CTRL + SHIFT + DELETE, and then click clear browsing data
  * For Firefox: press CTRL + SHIFT + DELETE, and then click clean now
  For edges , they are in the settings (three points > history > cancel all settings)
  (other browsers are similar)

• Can not connect using vCenter Orchestrator Client

  I use the 5.5.1.0 version. The client used to connect successfully to the server. But recently, he can't. When I clicked on "Login", it displays "Login, please wait...". "for about 1 minute, then alerts in red, as shown below. I wonder what a network/firewall issue. Could you please help to propose a solution?

  

  Make sure that 8287 and 8286 ports are not blocked by a firewall.

• can not reach the optionlist field in std_edit_entry within the archiving of document

  Hello all,.
  I try to customize the page to save the document in a custom component that has a resource with std_edit_entry file, what I want to do is based on a specific value in the list in the field made a specific customization.
  
  but the problem is when I do the customization on a filed optionlist, nothing happened. given that I can't assign to this topic. only can test and verify text fields; No optionlist fields.
  
  Assume that my std_edit_entry as follows:
  
  < html >
  < head >
  < meta http-equiv = "Content-Type" content = text/html"; charset = utf-8 ">"
  < title >
  TestCheckin htmlIncludeOrString < / head >
  < body >
  < @dynamichtml std_edit_entry @ >
  < $if not isFieldTreeEdit$ >
  < $editEntryName = $fieldName >
  < $country = $ 'xCountry' >
  < $firstName = $ 'xFirstName' >
  < $curValue = $ xml (fieldValue) >
  < $if isStrictList and isMultiOption$ >
  [[% fieldId will point to popup link (or button) defined subsequently to %]]
  < $inputFieldId = $ fieldId & "_hidden" >
  < $else$ >
  < $inputFieldId = $ fieldId >
  < $endif$ >
  
  < entry id = "< $inputFieldId$ >" < $if isStrictList and isMultiOption$ > type = 'hidden' < $elseif fieldType as 'Password' $> type = "password" < $else$ > type = 'text' < $endif$ > name = "< $editEntryName$ >" size = "<$ $fieldEditWidth >»
  < $include std_edit_entry_inputfield_attributes$ >
  < $if fieldMaxLength and isEditMode$ > maxlength = "< $fieldMaxLength$ >" < $endif$ > value = "< $curValue$ >" < $include text_field_enter_for_search$ >
  < editEntryName $if as country$ > onblur = "testFunc ()" < $endif$ > "
  / >
  
  < script type = "text/javascript" >
  function testFunc() {}
  Alert (' this is xCountry field ');
  }
  < /script >
  [[% text field can be leaves % dependent on choice list]]
  < $if useSchema and not noSchema$ >
  
  < $if not hasOptionList and isTrue(#active. $IsDependentList) >
  < script >
  < $useCurrentValue = $ 1 >
  < $include js_set_schema_field_options$ >
  < $viewFieldId = $ inputFieldId >
  < $include js_register_schema_view$ >
  < /script >
  < $jsViewName = "" $> "."
  < $endif$ >
  < $endif$ >
  < $if isStrictList and isMultiOption$ >
  < $include std_select_entry_special_selections$ >
  < $endif$ >
  
  < $else$ >
  < $if isQuery$ > < name span = "< $fieldName$ > _displaySpan" > < / span > < $endif$ >
  < $endif$ >
  
  < @end @ >
  
  < / body >
  < / html >
  
  Suppose the xCountry field is a list of Table-see with countries. and the xFirstName field is that a text field can be filled out by your name.
  in the example above, the onblur function does not work because the field is list, if I change the field to be xFirstName text, the onblur function works fine.
  
  so I can't test on the value of the option list fields. I tried to do my check * < $if editEntryName as country$ > onblur = "testFunc ()" < $endif$ > * "
  inside a special control, also does not work as:
  -$if fieldIsOptionList$ >
  -$if fieldHasOptionList$ >
  -$if isOptionList$ >
  -$if hasOptionList$ >
  
  any help or any suggestion to reach and affect the fields in the list.
  
  Note: the version of the AAU is 11.1.1.1.6
  
  Published by: Najdawi on 6 may 2013 07:27

  But the problem now that what I'm trying to change it, nothing happened. try and javascript code, add static text, change ID--> but no reflection that's happened.

  Where have you changed it?

  Note that the same include can be included in multiple components (patches), and you need to change the one with the highest loadOrder or (recommended), create your own custom with a container resource component understanding and having raised enough loadOrder (that you will have to do anyway).

  Try doing a search for <@dynamichtml std_option_list_entry@=""> in standard and custom components. Brutal force might be to change each of them (I put a static text in front of the)<>

  Note that sometimes for the need to restart the server to enable changes (here, it shouldn't be necessary, but it will do no harm).