cannot ftp DMZ

Similar Questions

• DW CS6 update and now I cannot FTP to any site

  Hello

  I have been using DW CS6 for a long time without problems with access to several FTP sites. I just downloaded the updated DW CS6 version 12.0 build 5861 and the update seems to go OK. Now I find that I am unable to FTP on multiple sites, it fails with an error message "an FTP error occurred - cannot establish a connection to the host. I contacted one of the hosts and their tech support says my params were correct and they managed to access my site with filezilla.

  I tried to delete my cache - not a chance and also my folder configuration - same failure message. This happens on multiple sites with multiple hosts, so I think the problem is with DW. Could anyone suggest how can I fix?

  Thank you

  Tony

  Thanks Jon. You gave me an idea of when you said turn off all firewalls, I had turned off the Windows Firewall and read somewhere else that when you perform this operation disables all firewall - which is not true. In any case, I checked my Norton Internet Security, and she has what we call "smart firewall. In the settings of NIS, there is an option to reset the firewall and when I did that the problem has been resolved.

  Thanks again,

  Tony

• cannot FTP on my domain with MX

  For years I have used Dreamweaver MX FTP my website to my domain host. Day before yesterday, FTP failed.
  
  'Host found... in waiting for the server... '. An FTP error occurred. Cannot establish a connection to the host. »
  
  The two odd parties: I can access this same area with other FTP tools, but not with Dreamweaver. And I can't FTP to my other domain with Dreamweaver, just this one area in question. So DW works, and the field accepts FTP. But the two won't work together on this one area... my only more important, of course.
  
  I deleted the "site" and rebuilt it from scratch. Still no luck. The same problem. Someone has seen something like this before?

  Well, I thought I'd tie this saga little. I decided to go with the big dollar solution. I upgraded to CS3, and it now works. Go figure. Worked fine on MX for years. Then one day stopped. New software fixed.

  Thanks for the help. I'm off to the races again.

• ASA Site, Remote Site cannot access DMZ to the Hub site

  So I've been scratching my head and I just can't visualize what I what and how I want to do.

  Here is the overview of my network:

  Headquarters: ASA 5505

  Site1: ASA 5505

  Site2: ASA 5505

  Training3: ASA 5505

  All Sites are connected L2L to the location of the Headquarters with VPN Site to Site.

  Since the HQ site I can ping each location by satellite, and each satellite location I can ping the HQ site. I will also mention that all other traffic is also correctly.

  Here's my number: HQ site, I have a DMZ set up with a web/mail server. This mail/web server is accessible from my HQ LAN, but not from the satellite location. I need allow that.

  What should I do?

  My second question is that I want for satellite sites to see networks of eachother. I should create a VPN network between sites, or can this be solved in the same way that the question of the DMZ?

  I enclose the show run from my ASA HQ

  See the race HQ ASA

  For the mail/web server that requires access on the remote site VPN tunnels, you must add the servers to the acl crypto, similar to the way you have it for network access. Make sure that both parties have the ACL in mirror. If you're natting from the DMZ to the outside, make sure you create an exemption from nat from the dmz to the outside for VPN traffic.

  For the second question, because you have only three sites, I would recommend creating a tunnel from site to site between two satellite sites.

  HTH

  PS. If you found this post useful, please note it.

• Cannot ftp to remote server, even if connection tests successfully

  I'll put up a site in 2014 CC DW and I set up my site as the server (using .php with MAMP PRO) test and adjustment to the top of my remote server with my host. (In the past I made changes in DW and serving Transmit FTP) I copied my settings of transmission and copied in the settings of server remote from DW and got a successful test. I created a test file and clicked on 'Put', but the file does not appear on the remote server. Flying over my mouse Put indicates that DW puts my test file on the Test Server, which is really just my local site. I want it to go to my remote server. I clicked on disconnect from the test server think that could force him to go on the remote server, but that did not work. What I am doing wrong?

  Thank you

  Randy

  Expand your files Panel.

  Click Connect to the remote server icon.

  Nancy O.

• cRIO FTP transfer file size limit

  Hello

  I generated a data file on my cRIO which is about 2.1 GB in size. I can't transfer this file to the cRIO via FTP. I tried windows FTP Explorer, the built in MAX file transfer utility, coreFTP and WinSCP. I am able to transfer other files on the cRIO which are smaller in size.

  Is there a file size of FTP transfer limit? It is around 2 GB? Is that all I can do to get this file out of the camera?

  Thank you!

  OK, I was informed that there is a CAR on this #252919 issue. VxWorks cRIO targets cannot FTP of files greater than 2 GB. The workarounds are to transfer on a USB key or upgrade to LV2013 and use WebDAV.

  https://decibel.NI.com/content/docs/doc-6103

  http://digital.natinst.com/public.nsf/webPreview/4EBE45E8A816B19386257B6C0071D025?OpenDocument

  Thanks to bouazza Whitaker from technical Applications.

• ASA5500 - anyconnect VPN not access Web server in DMZ

  I am at a loss. I enclose my config. I can access DMZ from within the network, but cannot access DMZ of VPN.

  Any help would be great.

  Rich

  Also have question access to management 0/0 (192.168.1.1) of the Interior of the E0/1 (192.168.2.0) network

  @richyanni1 ,

  For your VPN - DMZ problem, the following is the most likely cause of your problem:

  nat (inside,dmz) source static obj-dmz obj-dmz destination static obj-vpnpool obj-vpnpool

  You should have in place:

  nat (outside,dmz) source static obj-vpnpool obj-vpnpool static obj-dmz obj-dmz

  That's because VPN clients appear to come from the outside (to some purposes NAT) and the need to be exempt from NAT to access the resources of the DMZ. Management problems, the problem is asymmetric routing. When your packages arrive on the management UI, the ASA will try to send back traffic (starting with the 3-way TCP transfer protocol which will fail) through the inside interface but that won't work because ASA helped him, the source of the acknowledgement of receipt would SAA within the interface IP address, not the address of interface management in which the SYN sent. That's why most of the people have not historically used the management interface to ASA unless you have a real out-of-band network for management. Cisco recently introduced a separate fair management routing table, but you need to switch to 9.5 (1) or later to take advantage of that.

• Unable to ftp to my server, it gets to a point of jelly to 88%.

  I cannot ftp to my server, frozen at 88%, have tried several times.  I have to stop to MUSE and restart?

  BruceK.

  Hello

  When it freezes on 88% what this said about taking action. For example. Creating the folder the .assets etc.

  A screenshot would be really useful to find the root cause.

  If its stuck on the example I gave above please go to the current tab and remove all unused items and it should work.

  Concerning

  Vivek

• Can not download the latest firmware for RVS 4000

  I tried to download the latest firmware for a few weeks.  Download simply told to leave, and then times out after a few minutes.  The download page shows that 1.2.10 version was published on 02/09/2008 and I can download the information/notes very well.

  Probble because it is on an FTP server and the RVS4000 cannot FTP at all.  Once I got to spend 1.2 FTP now works fine. I had to download it from my office, rather than at home.  I must say, now FTP works fine.  They did a really great job on this version of the firmware.

• Implementation of VPN

  Hi all

  Two years ago I had (finally) updated vpn in place, but I had to nuke the configuration later (for a long time to remember why).

  My configuration:

  Accelerator edge of Cisco ASA 5505 (revision 0 x 0)

  Base license.

  Cisco Adaptive Security Appliance Software Version 8.4 (2)
  Version 6.4 Device Manager (5)

  I created a DMZ and an indoor and outdoor area.

  All servers are Linux servers without a head.

  (I recently had to re - create the servers because of a damaged drive).

  So Setup is as follows:

  A main linux server also works as virtualbox host.

  A dmz-www-server and a server-ftp-dmz.

  I'll add a server linux for git and a few others.

  My first goal is to be able to reach the primary server with SSH. Second, to reach other servers on the network.

  I also want to use the cisco vpn client open source Linux and cisco VPN client which I also use to connect to other customers.

  Here is my current setup:

  interface Ethernet0/0
  switchport access vlan 2
  Speed 100
  full duplex
  !
  interface Ethernet0/1
  !
  interface Ethernet0/2
  !
  interface Ethernet0/3
  !
  interface Ethernet0/4
  !
  interface Ethernet0/5

  switchport access vlan 300
  Speed 100
  full duplex
  !
  interface Ethernet0/6
  !
  interface Ethernet0/7
  !
  interface Vlan1
  nameif inside
  security-level 100
  IP 192.168.1.1 255.255.255.0
  !
  interface Vlan2
  nameif outside
  security-level 0
  DHCP IP address
  !
  interface Vlan300
  prior to interface Vlan1
  nameif dmz
  security-level 50
  IP 192.168.2.1 255.255.255.0
  !

  passive FTP mode
  clock timezone THATS 1
  clock to summer time recurring CEDT
  DNS lookup field inside
  DNS domain-lookup outside
  DNS domain-lookup dmz
  DNS server-group DefaultDNS
  name-server 192.168.1.8
  Server name 193.75.75.75
  Server name 193.75.75.193
  Name-Server 8.8.8.8
  domain name to inside - sport.no
  permit same-security-traffic inter-interface
  permit same-security-traffic intra-interface
  network obj_any object
  subnet 0.0.0.0 0.0.0.0
  the object to the Interior-net network
  subnet 192.168.1.0 255.255.255.0
  network dmz webserver object
  Home 192.168.2.100
  Web server host object description
  network dmz-ftpserver object
  Home 192.168.2.101
  Description purpose of FTP server host

  network of the DMZ.net object
  Subnet 192.168.2.0 255.255.255.0
  Service FTP object
  tcp source eq ftp service
  service object WWW
  tcp source eq www service
  outside_access_in list extended access permit tcp any host 192.168.2.101 eq ftp
  outside_access_in list extended access permit tcp any host 192.168.2.100 eq www
  inside_access_dmz list extended access permit tcp any object DMZ.net 1 65535 range
  pager lines 24
  Enable logging
  asdm of logging of information
  Within 1500 MTU
  Outside 1500 MTU
  MTU 1500 dmz
  ICMP unreachable rate-limit 1 burst-size 1
  don't allow no asdm history
  ARP timeout 14400
  NAT (dmz, external) source service interface static Web WWW WWW server dmz
  NAT (dmz, external) source service interface static dmz-ftpserver FTP FTP
  !
  network obj_any object
  NAT dynamic interface (indoor, outdoor)
  the object to the Interior-net network

  NAT dynamic interface (indoor, outdoor)
  network of the DMZ.net object
  NAT (dmz, outside) dynamic interface
  Access-group outside_access_in in interface outside
  Access-group inside_access_dmz in dmz interface
  Route outside 0.0.0.0 0.0.0.0 173.194.32.34 1
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  Floating conn timeout 0:00:00
  dynamic-access-policy-registration DfltAccessPolicy
  identity of the user by default-domain LOCAL
  the ssh LOCAL console AAA authentication
  AAA authentication enable LOCAL console
  AAA authentication http LOCAL console
  LOCAL AAA authorization command
  AAA authorization exec-authentication server
  Enable http server
  http 192.168.1.0 255.255.255.0 inside
  No snmp server location
  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
  Crypto ca trustpoint _SmartCallHome_ServerCA
  Configure CRL
  Crypto ca certificate chain _SmartCallHome_ServerCA
  certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
  308204 4 a0030201 d 308205ec 0202106e cc7aa5a7 032009b 8 cebcf4e9 52d 49130
  010105 05003081 09060355 04061302 55533117 ca310b30 0d 864886f7 0d06092a
  30150603 55040 has 13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
  13165665 72695369 676e2054 72757374 204e6574 776f726b 313 has 3038 06035504
  0b 133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
  20617574 7a 656420 75736520 6f6e6c79 31453043 06035504 03133c 56 686f7269
  65726953 69676e20 436c 6173 73203320 5075626c 69632050 72696 72792043 61 d
  65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
  30303230 38303030 3030305a 170d 3230 30323037 32333539 35395a 30 81b5310b
  30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
  496e632e 311f301d 06035504 0b 131656 65726953 69676e20 54727573 74204e65
  74776f72 6b313b30 5465726d 20757365 20617420 73206f66 39060355 040b 1332
  68747470 7777772e 733a2f2f 76657269 7369676e 2e636f6d 2f727061 20286329
  302d 0603 55040313 26566572 69536967 61737320 33205365 6e20436c 3130312f
  63757265 20536572 76657220 20473330 82012230 0d06092a 864886f7 4341202d
  010101 05000382 010f0030 82010 0d has 02 b187841f 82010100 c20c45f5 bcab2597
  a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
  9c688b2e 957b899b 13cae234 34c1f35b f3497b62 d188786c 83488174 0253f9bc
  7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b

  15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
  1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8 63cd
  18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
  4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
  81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 01 has 38201 02030100 df308201
  082b 0601 05050701 01042830 26302406 082 b 0601 db303406 05050730 01861868
  7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1 d 130101
  ff040830 02010030 70060355 b 200469 30673065 060, 6086 480186f8 1 d 060101ff
  45010717 03305630 2806082b 06010505 07020116 1 c 687474 70733a2f 2f777777
  2e766572 69736967 6e2e636f 6d2f6370 73302 has 06 082 b 0601 05050702 02301e1a
  1 c 687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
  03551d1f 042d302b 3029 has 027 a0258623 68747470 3a2f2f63 726c2e76 65726973
  69676e2e 636f6d2f 2d67352e 70636133 63726c 30 0e060355 1d0f0101 ff040403
  02010630 6d06082b 06010505 07010c 59305730 55160969 5da05b30 04 61305fa1
  6 d 616765 2f676966 3021301f 2b0e0302 30070605 1a04148f e5d31a86 ac8d8e6b
  c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
  69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
  1 b 311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301D 0603
  445 1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355 c 1604140d 551d0e04
  1 230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300 d 0609 d
  2a 864886 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80 f70d0101
  4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
  b2227055 d9203340 3307c 265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
  99 c 71928 8705 404167d 1 273aeddc 866d 24f78526 a2bed877 7d494aca 6decd018

  481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
  b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
  5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
  6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
  6c2527b9 deb78458 c61f381e a4c4cb66
  quit smoking
  Telnet timeout 5
  SSH 192.168.1.0 255.255.255.0 inside
  SSH 0.0.0.0 0.0.0.0 outdoors
  SSH timeout 30
  Console timeout 0
  management-access inside

  dhcpd dns 192.168.1.1 193.75.75.75
  dhcpd inner - sport.no
  dhcpd outside auto_config
  !
  dhcpd address 192.168.1.20 - 192.168.1.49 inside
  dhcpd dns 192.168.1.1 interface inside
  dhcpd sport.no area inside - inside interface
  dhcpd allow inside
  !
  a basic threat threat detection
  Statistics-list of access threat detection

  no statistical threat detection tcp-interception
  WebVPN
  Bernard of encrypted foooo privilege 15 password username
  th baaar of encrypted privilege 15 password username
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  maximum message length automatic of customer
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the preset_dns_map dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the rsh
  inspect the rtsp
  inspect esmtp
  inspect sqlnet
  inspect the skinny

  inspect sunrpc
  inspect xdmcp
  inspect the sip
  inspect the netbios
  inspect the tftp
  Review the ip options
  inspect the icmp
  !
  global service-policy global_policy
  context of prompt hostname
  anonymous reporting remote call
  Cryptochecksum:88cf7ca3aa1aa19ec0418f557cc0fedf

  If you are looking for just a remote access VPN configuration, you could do something like the following just change the names and IP addresses as needed:

  local IP 10.10.10.1 VPNPOOL pool - 10.10.10.10

  IKEv1 crypto policy 5
  preshared authentication
  aes encryption
  sha hash
  Group 5

  Crypto ipsec transform-set ikev1 VPNSET aes - esp esp-sha-hmac

  Dynamic crypto map DYNMAP 65535 ikev1 set transform-set VPNSET
  Dynamic crypto map DYNMAP reverse-route value 65535
  card crypto VPNMAP 65535-isakmp dynamic ipsec DYNMAP
  VPNMAP interface card crypto outside

  Crypto ikev1 allow outside

  tunnel-group VPNGROUP type remote access
  IPSec-attributes tunnel-group VPNGROUP
  IKEv1 pre-shared key PASSWORD

  management-access inside

  --

  Please do not forget to select a correct answer and rate useful posts

• PIX 501 for Cisco 3640 VPN router

  -Start ciscomoderator note - the following message has been changed to remove potentially sensitive information. Please refrain from publishing confidential information about the site to reduce the risk to the security of your network. -end of the note ciscomoderator-

  Have a 501 PIX and Cisco 3640 router. The 3640 is configured for dynamic map for VPN. The PIX 501 is set to pointing to the 3640 router static map. I can establish a tunnel linking the PIX to the router and telnet to a machine AIX on the inside network to the router. When I try to print on the network of the PIX 501 inside it fails.

  What Miss me? I added the configuration for the PIX and the router.

  Here are the PIX config:

  PIX Version 6.1 (1)

  ethernet0 nameif outside security0

  nameif ethernet1 inside the security100

  enable encrypted password xxxxxxxxxxxxxxxx

  xxxxxxxxxxxxx encrypted passwd

  pixfirewall hostname

  fixup protocol ftp 21

  fixup protocol http 80

  fixup protocol h323 1720

  fixup protocol rsh 514

  fixup protocol rtsp 554

  fixup protocol smtp 25

  fixup protocol sqlnet 1521

  fixup protocol sip 5060

  fixup protocol 2000 skinny

  names of

  pager lines 24

  interface ethernet0 10baset

  interface ethernet1 10full

  Outside 1500 MTU

  Within 1500 MTU

  IP address outside dhcp setroute

  IP address inside 192.168.1.1 255.255.255.0

  alarm action IP verification of information

  alarm action attack IP audit

  PDM logging 100 information

  history of PDM activate

  ARP timeout 14400

  Global 1 interface (outside)

  NAT (inside) 1 0.0.0.0 0.0.0.0 0 0

  Timeout xlate 0:05:00

  Timeout conn 01:00 half-closed 0: 10:00 udp 0:02:00 CPP 0: h323 from 10:00 0:05:00 sip 0:30:00 sip_media 0:02:00

  Timeout, uauth 0:05:00 absolute

  GANYMEDE + Protocol Ganymede + AAA-server

  RADIUS Protocol RADIUS AAA server

  Enable http server

  http 192.168.1.0 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  SNMP-Server Community public

  No trap to activate snmp Server

  enable floodguard

  No sysopt route dnat

  Telnet timeout 5

  SSH timeout 5

  dhcpd address 192.168.1.2 - 192.168.1.33 inside

  dhcpd lease 3600

  dhcpd ping_timeout 750

  dhcpd outside auto_config

  dhcpd allow inside

  Terminal width 80

  Cryptochecksum:XXXXXXXXXXXXXXXXXXX

  : end

  Here is the router config

  Router #sh runn

  Building configuration...

  Current configuration: 6500 bytes

  !

  version 12.2

  no service button

  tcp KeepAlive-component snap-in service

  a tcp-KeepAlive-quick service

  horodateurs service debug datetime localtime

  Log service timestamps datetime localtime

  no password encryption service

  !

  router host name

  !

  start the flash slot1:c3640 - ik9o3s - mz.122 - 16.bin system

  queue logging limit 100

  activate the password xxxxxxxxxxxxxxxxx

  !

  clock TimeZone Central - 6

  clock summer-time recurring CENTRAL

  IP subnet zero

  no ip source route

  !

  !

  no ip domain-lookup

  !

  no ip bootp Server

  inspect the name smtp Internet IP

  inspect the name Internet ftp IP

  inspect the name Internet tftp IP

  inspect the IP udp Internet name

  inspect the tcp IP Internet name

  inspect the name DMZ smtp IP

  inspect the name ftp DMZ IP

  inspect the name DMZ tftp IP

  inspect the name DMZ udp IP

  inspect the name DMZ tcp IP

  audit of IP notify Journal

  Max-events of po verification IP 100

  !

  crypto ISAKMP policy 1

  BA 3des

  preshared authentication

  Group 2

  !

  crypto ISAKMP policy 20

  BA 3des

  preshared authentication

  Group 2

  ISAKMP crypto key address x.x.180.133 xxxxxxxxxxx

  ISAKMP crypto keys xxxxxxxxxxx address 0.0.0.0 0.0.0.0

  !

  !

  Crypto ipsec transform-set esp-3des esp-sha-hmac vpn test

  Crypto ipsec transform-set esp-3des esp-sha-hmac PIXRMT

  !

  dynamic-map crypto dny - Sai 25

  game of transformation-PIXRMT

  match static address PIX1

  !

  !

  static-card 10 map ipsec-isakmp crypto

  the value of x.x.180.133 peer

  the transform-set vpn-test value

  match static address of Hunt

  !

  map ISCMAP 15-isakmp ipsec crypto dynamic dny - isc

  !

  call the rsvp-sync

  !

  !

  !

  controller T1 0/0

  framing ESF

  linecode b8zs

  Slots 1-12 channels-group 0 64 speed

  Description controller to the remote frame relay

  !

  controller T1 0/1

  framing ESF

  linecode b8zs

  Timeslots 1-24 of channel-group 0 64 speed

  Description controller for internet link SBIS

  !

  interface Serial0/0:0

  Description CKT ID 14.HXGK.785129 Frame Relay to Remote Sites

  bandwidth 768

  no ip address

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  encapsulation frame-relay

  frame-relay lmi-type ansi

  !

  interface Serial0 / point to point 0:0.17

  Description Frame Relay to xxxxxxxxxxx location

  IP unnumbered Ethernet1/0

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  IP nat inside

  No arp frame relay

  dlci 17 frame relay interface

  !

  interface Serial0 / point to point 0:0.18

  Description Frame Relay to xxxxxxxxxxx location

  IP unnumbered Ethernet1/0

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  IP nat inside

  No arp frame relay

  dlci 18 frame relay interface

  !

  interface Serial0 / point to point 0:0.19

  Description Frame Relay to xxxxxxxxxxx location

  IP unnumbered Ethernet1/0

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  IP nat inside

  No arp frame relay

  dlci 19 frame relay interface

  !

  interface Serial0 / point to point 0:0.20

  Description Frame Relay to xxxxxxxxxxxxx location

  IP unnumbered Ethernet1/0

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  IP nat inside

  No arp frame relay

  dlci 20 frame relay interface

  !

  interface Serial0 / point to point 0:0.21

  Description Frame Relay to xxxxxxxxxxxx

  IP unnumbered Ethernet1/0

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  IP nat inside

  No arp frame relay

  dlci 21 frame relay interface

  !

  interface Serial0 / point to point 0:0.101

  Description Frame Relay to xxxxxxxxxxx

  IP unnumbered Ethernet1/0

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  IP nat inside

  No arp frame relay

  dlci 101 frame relay interface

  !

  interface Serial0/1:0

  CKT ID 14.HCGS.785383 T1 to ITT description

  bandwidth 1536

  IP address x.x.76.14 255.255.255.252

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  NAT outside IP

  inspect the Internet IP on

  no ip route cache

  card crypto ISCMAP

  !

  interface Ethernet1/0

  IP 10.1.1.1 255.255.0.0

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  IP nat inside

  no ip route cache

  no ip mroute-cache

  Half duplex

  !

  interface Ethernet2/0

  IP 10.100.1.1 255.255.0.0

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  IP nat inside

  no ip route cache

  no ip mroute-cache

  Half duplex

  !

  router RIP

  10.0.0.0 network

  network 192.168.1.0

  !

  IP nat inside source list 112 interface Serial0/1: 0 overload

  IP nat inside source static tcp 10.1.3.4 443 209.184.71.138 443 extensible

  IP nat inside source static tcp 10.1.3.4 9869 209.184.71.138 9869 extensible

  IP nat inside source 10.1.3.2 static 209.184.71.140

  IP nat inside source static 10.1.3.6 209.184.71.139

  IP nat inside source static 10.1.3.8 209.184.71.136

  IP nat inside source static tcp 10.1.3.10 80 209.184.71.137 80 extensible

  IP classless

  IP route 0.0.0.0 0.0.0.0 x.x.76.13

  IP route 10.2.0.0 255.255.0.0 Serial0 / 0:0.19

  IP route 10.3.0.0 255.255.0.0 Serial0 / 0:0.18

  IP route 10.4.0.0 255.255.0.0 Serial0 / 0:0.17

  IP route 10.5.0.0 255.255.0.0 Serial0 / 0:0.20

  IP route 10.6.0.0 255.255.0.0 Serial0 / 0:0.21

  IP route 10.7.0.0 255.255.0.0 Serial0 / 0:0.101

  no ip address of the http server

  !

  !

  PIX1 static extended IP access list

  IP 10.1.0.0 allow 0.0.255.255 192.168.1.0 0.0.0.255

  IP access-list extended hunting-static

  IP 10.1.0.0 allow 0.0.255.255 192.168.1.0 0.0.0.255

  extended IP access vpn-static list

  ip permit 192.168.1.0 0.0.0.255 10.1.0.0 0.0.255.255

  IP 192.0.0.0 allow 0.255.255.255 10.1.0.0 0.0.255.255

  access-list 1 refuse 10.0.0.0 0.255.255.255

  access-list 1 permit one

  access-list 12 refuse 10.1.3.2

  access-list 12 allow 10.1.0.0 0.0.255.255

  access-list 12 allow 10.2.0.0 0.0.255.255

  access-list 12 allow 10.3.0.0 0.0.255.255

  access-list 12 allow 10.4.0.0 0.0.255.255

  access-list 12 allow 10.5.0.0 0.0.255.255

  access-list 12 allow 10.6.0.0 0.0.255.255

  access-list 12 allow 10.7.0.0 0.0.255.255

  access-list 112 deny ip host 10.1.3.2 everything

  access-list 112 refuse ip 10.1.0.0 0.0.255.255 192.168.1.0 0.0.0.255

  access-list 112 allow ip 10.1.0.0 0.0.255.255 everything

  access-list 112 allow ip 10.2.0.0 0.0.255.255 everything

  access-list 112 allow ip 10.3.0.0 0.0.255.255 everything

  access-list 112 allow ip 10.4.0.0 0.0.255.255 everything

  access-list 112 allow ip 10.5.0.0 0.0.255.255 everything

  access-list 112 allow ip 10.6.0.0 0.0.255.255 everything

  access-list 112 allow ip 10.7.0.0 0.0.255.255 everything

  access-list 120 allow ip host 10.100.1.10 10.1.3.7

  not run cdp

  !

  Dial-peer cor custom

  !

  !

  !

  !

  connection of the banner ^ CCC

  ******************************************************************

  WARNING - Unauthorized USE strictly PROHIBITED!

  ******************************************************************

  ^ C

  !

  Line con 0

  line to 0

  password xxxxxxxxxxxx

  local connection

  Modem InOut

  StopBits 1

  FlowControl hardware

  line vty 0 4

  exec-timeout 15 0

  password xxxxxxxxxxxxxx

  opening of session

  !

  end

  Router #.

  Add the following to the PIX:

  > permitted connection ipsec sysopt

  This indicates the PIX around all ACLs for IPsec traffic. Now that your IPSec traffic is still subject to the standard rules of PIX, so launched inside the traffic is allowed to go in, but off-initiated traffic is not.

• Urgent issue: remote vpn users cannot reach server dmz

  Hi all

  I have an asa5510 firewall in which remote vpn client users can connect but they cannot ping or access the dmz (192.168.3.5) Server

  They also can't ping the out interface (192.168.2.10), below is the show run, please help.

  SH run

  ASA5510 (config) # sh run
  : Saved
  :
  : Serial number: JMX1243L2BE
  : Material: ASA5510, 256 MB RAM, Pentium 4 Celeron 1599 MHz processor
  :
  ASA 5,0000 Version 55
  !
  Majed hostname
  activate the encrypted password of UFWSxxKWdnx8am8f
  2KFQnbNIdI.2KYOU encrypted passwd
  names of
  DNS-guard
  !
  interface Ethernet0/0
  nameif outside
  security-level 0
  IP 192.168.2.10 255.255.255.0
  !
  interface Ethernet0/1
  nameif inside
  security-level 100
  192.168.1.10 IP address 255.255.255.0
  !
  interface Ethernet0/2
  nameif servers
  security-level 90
  192.168.3.10 IP address 255.255.255.0
  !
  interface Ethernet0/3
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Management0/0
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  boot system Disk0: / asa825-55 - k8.bin
  passive FTP mode
  permit same-security-traffic inter-interface
  permit same-security-traffic intra-interface
  acl_outside to access extended list ip 192.168.5.0 allow 255.255.255.0 192.168.1.0 255.255.255.0
  acl_outside list extended access allow icmp 192.168.5.0 255.255.255.0 192.168.1.0 255.255.255.0
  acl_outside of access allowed any ip an extended list
  acl_outside list extended access permit icmp any one
  acl_inside list extended access allowed host ip 192.168.1.150 192.168.5.0 255.255.255.0
  acl_inside list extended access allowed host icmp 192.168.1.150 192.168.5.0 255.255.255.0
  acl_inside list extended access allowed host ip 192.168.1.200 192.168.5.0 255.255.255.0
  acl_inside list extended access allowed host icmp 192.168.1.200 192.168.5.0 255.255.255.0
  acl_inside list extended access allowed host ip 192.168.1.13 192.168.5.0 255.255.255.0
  acl_inside list extended access allowed host icmp 192.168.1.13 192.168.5.0 255.255.255.0
  acl_inside to access ip 192.168.1.0 scope list allow 255.255.255.0 host 192.168.3.5
  acl_inside list extended access allow icmp 192.168.1.0 255.255.255.0 host 192.168.3.5
  acl_inside list extended access deny ip 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255.0
  acl_inside list extended access deny icmp 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255.0
  acl_inside of access allowed any ip an extended list
  acl_inside list extended access permit icmp any one
  acl_server of access allowed any ip an extended list
  acl_server list extended access permit icmp any one
  Local_LAN_Access list standard access allowed 10.0.0.0 255.0.0.0
  Local_LAN_Access list standard access allowed 172.16.0.0 255.240.0.0
  Local_LAN_Access list standard access allowed 192.168.0.0 255.255.0.0
  access-list nat0 extended ip 192.168.0.0 allow 255.255.0.0 192.168.0.0 255.255.0.0
  allow acl_servers to access extensive ip list a whole
  acl_servers list extended access allow icmp a whole
  pager lines 24
  Outside 1500 MTU
  Within 1500 MTU
  MTU 1500 servers
  IP local pool 192.168.5.1 - 192.168.5.100 mask 255.255.255.0 vpnpool
  ICMP unreachable rate-limit 1 burst-size 1
  ASDM image disk0: / asdm - 621.bin
  don't allow no asdm history
  ARP timeout 14400
  Global 1 interface (outside)
  interface of global (servers) 1
  NAT (inside) 0 access-list nat0
  NAT (inside) 1 192.168.1.4 255.255.255.255
  NAT (inside) 1 192.168.1.9 255.255.255.255
  NAT (inside) 1 192.168.1.27 255.255.255.255
  NAT (inside) 1 192.168.1.56 255.255.255.255
  NAT (inside) 1 192.168.1.150 255.255.255.255
  NAT (inside) 1 192.168.1.200 255.255.255.255
  NAT (inside) 1 192.168.2.5 255.255.255.255
  NAT (inside) 1 192.168.1.0 255.255.255.0
  NAT (inside) 1 192.168.1.96 192.168.1.96
  NAT (servers) - access list 0 nat0
  NAT (servers) 1 192.168.3.5 255.255.255.255
  static (inside, servers) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
  static (servers, inside) 192.168.3.5 192.168.3.5 netmask 255.255.255.255
  Access-group acl_outside in interface outside
  Access-group acl_servers in the servers of the interface
  Route outside 0.0.0.0 0.0.0.0 192.168.2.15 1
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  Floating conn timeout 0:00:00
  dynamic-access-policy-registration DfltAccessPolicy
  Enable http server
  http 192.168.1.0 255.255.255.0 inside
  http 192.168.3.5 255.255.255.255 servers
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
  life crypto ipsec security association seconds 28800
  Crypto ipsec kilobytes of life - safety 4608000 association
  Crypto-map dynamic outside_dyn_map 10 the value transform-set ESP-3DES-SHA
  Crypto-map dynamic outside_dyn_map 10 set security-association life seconds288000
  Crypto-map dynamic outside_dyn_map 10 kilobytes of life together - the association of safety 4608000
  Crypto-map dynamic outside_dyn_map 10 the value reverse-road
  map Outside_map 10-isakmp ipsec crypto dynamic outside_dyn_map
  Outside_map interface card crypto outside
  ISAKMP crypto identity hostname
  crypto ISAKMP allow outside
  crypto ISAKMP policy 10
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  crypto ISAKMP policy 65535
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  No encryption isakmp nat-traversal
  Telnet 192.168.2.0 255.255.255.0 outside
  Telnet 192.168.1.0 255.255.255.0 inside
  Telnet 192.168.3.0 255.255.255.0 servers
  Telnet 192.168.38.0 255.255.255.0 servers
  Telnet timeout 5
  SSH timeout 5
  Console timeout 0
  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  WebVPN
  internal vpn group policy
  attributes of vpn group policy
  Protocol-tunnel-VPN IPSec
  Split-tunnel-policy tunnelspecified
  value of Split-tunnel-network-list Local_LAN_Access
  allow to NEM
  password encrypted qaedah Ipsf4W9G6cGueuSu user name
  password encrypted moneef FLlCyoJakDnWMxSQ user name
  chayma X7ESmrqNBIo5eQO9 username encrypted password
  sanaa2 zHa8FdVVTkIgfomY encrypted password username
  sanaa x5fVXsDxboIhq68A encrypted password username
  sanaa1 x5fVXsDxboIhq68A encrypted password username
  bajel encrypted DygNLmMkXoZQ3.DX privilege 15 password username
  daris BgGTY7d1Rfi8P2zH username encrypted password
  taiz Ip3HNgc.pYhYGaQT username encrypted password
  damt gz1OUfAq9Ro2NJoR encrypted privilege 15 password username
  aden MDmCEhcRe64OxrQv username encrypted password
  username hodaidah encrypted password of IYcjP/rqPitKHgyc
  username yareem encrypted password ctC9wXl2EwdhH2XY
  AMMD ZwYsE3.Hs2/vAChB username encrypted password
  haja Q25wF61GjmyJRkjS username encrypted password
  cisco 3USUcOPFUiMCO4Jk encrypted password username
  ibbmr CNnADp0CvQzcjBY5 username encrypted password
  IBBR oJNIDNCT0fBV3OSi encrypted password username
  ibbr 2Mx3uA4acAbE8UOp encrypted password username
  ibbr1 wiq4lRSHUb3geBaN encrypted password username
  password username: TORBA C0eUqr.qWxsD5WNj encrypted
  username, password shibam xJaTjWRZyXM34ou. encrypted
  ibbreef 2Mx3uA4acAbE8UOp encrypted password username
  username torbah encrypted password r3IGnotSy1cddNer
  thamar 1JatoqUxf3q9ivcu encrypted password username
  dhamar pJdo55.oSunKSvIO encrypted password username
  main jsQQRH/5GU772TkF encrypted password username
  main1 ef7y88xzPo6o9m1E encrypted password username
  password username Moussa encrypted OYXnAYHuV80bB0TH
  majed 7I3uhzgJNvIwi2qS encrypted password username
  lahj qOAZDON5RwD6GbnI encrypted password username
  vpn tunnel-group type remote access
  VPN tunnel-group general attributes
  address vpnpool pool
  Group Policy - by default-vpn
  Tunnel vpn ipsec-attributes group
  pre-shared key *.
  !
  class-map inspection_default
  match default-inspection-traffic
  !

  Hello brother Mohammed.

  "my asa5510 to work easy as Server & client vpn at the same time.?

  Yes, it can work as a client and a server at the same time.

  I have never seen anyone do it but many years of my understanding, I have no reason to think why it may be because the two configurations (client/server) are independent of each other.

  Your ASA function as server uses the "DefaultL2LGroup" or it uses standard group policy and tunnel-group are mapped to the remote clients ASA?

  Thank you

• Windows cannot connect to the Internet using HTTP, HTTPS or FTP. This is probably caused by the settings of firewall on this computer.

  I have a laptop Toshiba Satellite M105-S3041 with Windows XP Home Edition.  I received the error message listed above indicating that Windows cannot connect Internet using HTTP, HTTPS, or FTP.  When I open the wireless network connection status, I see packets sent and I also see that I get both packets.

  The opening to the top of Internet Explorer, I received the error message listed above.  When I go to the properties of my wireless adapter and examine the properties of the TCP/IP parameters, I see that I have "obtain an IP address automatically" and "Obtain DNS server address automatically" checked.  On the general tab of TCP/IP properties, I clicked on the tab advanced and click on the tab options to display the TCP/IP filtering settings and clicked the properties button.  Here, I see that the ports TCP, UDP and IP PROTOCOL.  I have a check the box 'enable TCP/IP filtering '.

  Please help me because I am still unable to connect to the internet.

  [snip]... On the general tab of TCP/IP properties, I clicked on the tab advanced and click on the tab options to display the TCP/IP filtering settings and clicked the properties button.  Here, I see that the ports TCP, UDP and IP PROTOCOL.  I have a check the box 'enable TCP/IP filtering '.

  In general, you don't want to have a check in the box "enable TCP/IP filtering.  Try to uncheck this box and see if it helps.

  If this does not help, two programs freeware difficulty sometimes of the problems of this kind...  Try to run LSPFix and/or WinSockXPFix.  Alternatively, you can try to reset your IP stack...

  "How to reset the Protocol Internet (TCP/IP)"
    <>http://support.Microsoft.com/kb/299357 >

  HTH,
  JW

• I set up ftp in iis for the file transfer. On the pc that I am currently in place I cannot transfer files to it via ftp. He says that the password is not accepted.

  FTP problem

  I set up ftp in iis for the file transfer.  On the pc that I am currently in place I cannot transfer files to it via ftp. He says that the password is not accepted.  When I look in the properties of the default ftp sites ftp I noticed that the Directory Security tab is not there as on the other pc.  How to return this tab or is it the windows software that's not fair.  I am running windows XP 2002 SP2 on it and I've updated to SP3.  I have no idea.

  Hello

  I suggest you to send your query to the link for assistance.

  http://forums.IIS.NET/

• Cannot access internet, check HTTP, FTP and HTTPS port settings

  Using Windows XP, cannot access internet.  The problems notified that Windows cannot connect Internet using HTTP HTTPS or FTP.  Said that it's probably caused by the settings of the firewall.  Adiveses to check the settings of the firewall for HTTP (80) port, the HTTPS port (443) and FTP port (21).  Did not inform how to do this.

  Any suggestion would be appreciated.

  Hello

  · What version of internet explore are you working on?

  · Were there any changes made on the computer before the show?

  I suggest you try the steps listed in the links below: how to manually open ports in Internet Connection Firewall in Windows XP: http://support.microsoft.com/kb/308127

  "Internet Explorer cannot display the webpage" error when you view a Web site in Internet Explorer: http://support.microsoft.com/kb/956196

  Troubleshooting settings of Windows Firewall in Windows XP Service Pack 2 for advanced users: http://support.microsoft.com/kb/875357