GANYMEDE + Console mode
Is there a way to use GANYMEDE + to assign a user activate level when connect you through the console (con 0) - as Ganymede has the
activate the command use-Ganymede.
When the user telnet to the router, they are automatically placed in the mode. But when the console user on the router, they must enter set mode and then enable password. We use GBA ver 4.2.
I'm looking for is the command to use-Ganymede enable for GANYMEDE.
Hello
You have the command 'console aaa authorization' activated? If this isn't the case, you can give it a try?
Thank you
Wen
Tags: Cisco Security
Similar Questions
-
Cannot open Microsoft Management Console mode author because of current computer policies
Hello, I use Windows 7 Ultimate 64 bit.
When I type "mmc", I get the following error. I am logged in as administrator.
---------------------------
Microsoft Management Console
---------------------------
You cannot open Microsoft Management Console mode author because of current computer policies.
---------------------------
Ok
---------------------------Is this a normal behavior of the default Windows 7? If so, how to launch mmc or not if yes, how can I find the setting that causes this message?
I found the parameter restrict access, which has been the Local computer policy > User Configuration > administrative templates > Windows components > Microsoft Management Console > prevent the user from author, Enabled.
When I turned this option off, I could run mmc.
-
Concerns of servcie performance with connections "Console Mode" Console
What is the maximum number of connections "VM console" can support a single ESX Server?
Can what steps I take to ensure performance as the number of users swings more than 150 at the same time?
: Pei no, I can't use remote, VNC, etc. already tried desktop. Corp Policy says nothing.
from my understanding, and I'm wrong, because I have never really tested. The guide I posted is said:
Number of remote consoles to a virtual machine 10
then, as the SSH for the COS connections may have a connection as well max, I think that a single remote console on a virtual machine would always to 10 simultaneous connections.
-
Hello
I am trying to build a Ganymede + config on my network devices. I have an ACS do the authentication. I want to do is to have GBA authenticate my users and allow them access. However, I would like to leave a console access using both local and local user name select the password so that I have a backdoor in case of future problems. I have everything working except the ability to go to activate the console mode using the local enable password. I get an auth error, because I think that the device tries to ACS auth password enable result:
the AAA authentication enable default group Ganymede + activate
I can get around it by applying a level 15 privlive to next line directly in the activation of the mode, but it seems less sure.
Any ideas?
Here's my config relevent bits (and I don't have a local user name and enable defined)
AAA new-model
AAA authentication login default group Ganymede + local
AAA authentication local console connection
the AAA authentication enable default group Ganymede + activate
default AAA authorization exec group Ganymede + local no
Console exec AAA local authorization
0 default AAA authorization commands group Ganymede + local no
default 1 AAA authorization commands group Ganymede + local no
default 15 AAA authorization commands group Ganymede + local no
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 0 arrhythmic default group Ganymede +.
orders accounting AAA 1 by default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
AAA - the id of the joint sessionLine con 0
password 7
console login authenticationThanks in advance
Hi Rose,
Unfortunately, there is no way to apply a specific method list for the enable authentication to apply to the console.
Named method list for enable authentication is not supported.
Regards,
~JGDo rate helpful posts
-
Alienware Alpha help - Desktop Mode
Hey, just got my Alpha today. His game to the top and works fine in console mode. However, I connect my Logitech wireless keyboard, restart the device and never get the screen that lets me select the desktop mode. I can use the arrow keys, etc. on the keyboard so I know its connected.
What Miss me?
In order to enter the desktop mode, you will need to enter the Alpha user interface and then go to the power and select go to the office, make sure that the keyboard is connected otherwise that option will be grayed out.
-
Oracle Mobile App Designer installation in silent mode
Hi all
We are currently trying to install the Mobile App Designer in OBIEE version 11.1.1.7.141014 by following this guide: http://docs.oracle.com/cd/E28280_01/bi.1111/e48576/toc.htm#BIEMI101.
The only problem is that our machines do not have a GUI enabled so that everything must be done silently. This isn't a problem for opatch but at the end of the installation, it is necessary to extend a weblogic domain, I can't find a way to do it in silent mode.
Can someone help me with this problem?
Thank you very much!The Weblogic domain extension can be done in command line (instead of GUI is full text, but the same process/options).
Just d'executer./config.sh and you get a message like "cannot instantiate GUI, or by default in the console mode.»
-
"console View" is grayed out when the user is sharing with another user config
The subject pretty much sums up it. LM 4.0 running and some of my users have stated that when they share configs they have with other users (in the same organization), the added users cannot "Console Mode". It is grayed out. I checked the properties of these roles and roles (the list of options is amazing) and returned to the LM 4.0 User Guide.
I can't move. When the owner is going to share their config with a user, the only available access level is "read only". I have the same problem and I am a global system administrator.
Why is this?
Sorry about that, I realized I have not really solve your problem.
I'm curious though; Under sharing, if you chose the ' users selected in the workspace: hand ' rahtner that ' everyone in the workspace: hand ' and then specify individual users, you are able to change their level of access to 'Edit' or 'total control '. On my setup, it seems that you cannot change the level of access beyond Read-Only "unless you are addressing the specific workspace.
-
(Redirected) Alienware Alpha modes
I bought my alpha today and I chose to run mode desktop for the first time. Now I want to start it in console mode, but I don't know how. Help, please!
Better in this position in the Alienware owners Club Forum, here:
http://en.community.Dell.com/Owners-Club/Alienware/default.aspx
Bev.
-
Cannot access remote network by VPN Site to Site ASA
Hello everyone
First of all I must say that I have configured the VPN site-to site a million times before. Stuck with it. First of all I can't ping outside the interface of my ASA remote. Secondly, VPN is in place, but no connectivity between local networks
ASA local:
hostname gyd - asa
domain bct.az
activate the encrypted password of XeY1QWHKPK75Y48j
XeY1QWHKPK75Y48j encrypted passwd
names of
DNS-guard
!
interface GigabitEthernet0/0
Shutdown
nameif vpnswc
security-level 0
IP 10.254.17.41 255.255.255.248
!
interface GigabitEthernet0/1
Vpn-turan-Baku description
nameif outside Baku
security-level 0
IP 10.254.17.9 255.255.255.248
!
interface GigabitEthernet0/2
Vpn-ganja description
nameif outside-Ganja
security-level 0
IP 10.254.17.17 255.255.255.248
!
interface GigabitEthernet0/2.30
Description remote access
VLAN 30
nameif remote access
security-level 0
IP 85.*. *. * 255.255.255.0
!
interface GigabitEthernet0/3
Description BCT_Inside
nameif inside-Bct
security-level 100
IP 10.40.50.65 255.255.255.252
!
interface Management0/0
nameif management
security-level 100
IP 192.168.251.1 255.255.255.0
management only
!
boot system Disk0: / asa823 - k8.bin
passive FTP mode
DNS server-group DefaultDNS
name-server 192.168.1.3
domain bct.az
permit same-security-traffic intra-interface
object-group network obj - 192.168.121.0
object-group network obj - 10.40.60.0
object-group network obj - 10.40.50.0
object-group network obj - 192.168.0.0
object-group network obj - 172.26.0.0
object-group network obj - 10.254.17.0
object-group network obj - 192.168.122.0
object-group service obj-tcp-eq-22
object-group network obj - 10.254.17.18
object-group network obj - 10.254.17.10
object-group network obj - 10.254.17.26
access-list 110 scope ip allow a whole
NAT list extended access permit tcp any host 10.254.17.10 eq ssh
NAT list extended access permit tcp any host 10.254.17.26 eq ssh
access-list extended ip allowed any one sheep
icmp_inside list extended access permit icmp any one
icmp_inside of access allowed any ip an extended list
access list nat-ganja extended permit tcp any host 10.254.17.18 eq ssh
RDP list extended access permit tcp any host 192.168.45.3 eq 3389
rdp extended permitted any one ip access list
sheep-vpn access-list extended permits all ip 192.168.121.0 255.255.255.0
NAT-vpn-internet access-list extended ip 192.168.121.0 allow 255.255.255.0 any
NAT-vpn-internet access-list extended ip 172.26.0.0 allow 255.255.255.0 any
NAT-vpn-internet access-list extended ip 192.168.122.0 allow 255.255.255.0 any
access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 10.40.60.0 255.255.255.0
access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 10.40.50.0 255.255.255.0
access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 192.168.0.0 255.255.0.0
access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 172.26.0.0 255.255.255.0
access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 10.254.17.0 255.255.255.0
GHC-ganja-internet access-list extended ip 192.168.45.0 allow 255.255.255.0 any
Standard access list Split_Tunnel_List allow 192.168.16.0 255.255.255.0
azans 192.168.69.0 ip extended access-list allow 255.255.255.0 any
permit inside_nat0_outbound to access extended list ip 192.168.0.0 255.255.0.0 192.168.121.0 255.255.255.0
permit inside_nat0_outbound to access extended list ip 192.168.0.0 255.255.0.0 192.168.80.0 255.255.255.0
pager lines 24
Enable logging
emblem of logging
recording of debug console
recording of debug trap
asdm of logging of information
Interior-Bct 192.168.1.27 host connection
flow-export destination inside-Bct 192.168.1.27 9996
vpnswc MTU 1500
outside Baku MTU 1500
outside-Ganja MTU 1500
MTU 1500 remote access
Interior-Bct MTU 1500
management of MTU 1500
IP local pool raccess 192.168.121.60 - 192.168.121.120 mask 255.255.255.0
IP local pool ssl 192.168.121.130 - 192.168.121.200 mask 255.255.255.0
no failover
ICMP unreachable rate-limit 1 burst-size 1
ICMP allow any outside Baku
ICMP allow access remotely
ICMP allow any interior-Bct
ASDM image disk0: / asdm - 621.bin
don't allow no asdm history
ARP timeout 14400
global (outside-Baku) 1 interface
global (outside-Ganja) interface 2
3 overall (RAS) interface
azans access-list NAT 3 (outside-Ganja)
NAT (remote access) 0 access-list sheep-vpn-city
NAT 3 list nat-vpn-internet access (remote access)
NAT (inside-Bct) 0-list of access inside_nat0_outbound
NAT (inside-Bct) 2-nat-ganja access list
NAT (inside-Bct) 1 access list nat
Access-group rdp on interface outside-Ganja
!
Router eigrp 2008
No Auto-resume
neighbor 10.254.17.10 interface outside Baku
neighbor 10.40.50.66 Interior-Bct interface
Network 10.40.50.64 255.255.255.252
Network 10.250.25.0 255.255.255.0
Network 10.254.17.8 255.255.255.248
Network 10.254.17.16 255.255.255.248
redistribute static
!
Access remote 0.0.0.0 0.0.0.0 85.*. *. * 1
Outside-Baku route 10.0.11.0 255.255.255.0 10.254.17.10 1
Outside-Baku route 10.0.33.0 255.255.255.0 10.254.17.10 1
Outside-Baku route 10.0.150.0 255.255.255.0 10.254.17.10 1
Outside-Baku route 10.0.170.0 255.255.255.0 10.254.17.10 1
Route outside Baku 10.254.17.24 255.255.255.248 10.254.17.10 1
Route outside Baku 10.254.17.32 255.255.255.248 10.254.17.10 1
Route outside Baku 192.1.1.0 255.255.255.0 10.254.17.10 1
Outside-Baku route 192.168.27.0 255.255.255.0 10.254.17.10 1
Outside-Baku route 192.168.39.0 255.255.255.0 10.254.17.10 1
Route outside-Ganja 192.168.45.0 255.255.255.0 10.254.17.18 1
Route outside-Ganja 192.168.66.0 255.255.255.0 10.254.17.18 1
Route outside-Ganja 192.168.69.0 255.255.255.0 10.254.17.18 1
Outside-Baku route 192.168.80.0 255.255.255.0 10.254.17.11 1
Access remote 192.168.121.0 255.255.255.0 85.132.43.1 1
Route outside-Ganja 192.168.184.0 255.255.255.0 10.254.17.18 1
Route outside Baku 192.168.208.16 255.255.255.240 10.254.17.10 1
Route outside-Ganja 192.168.208.112 255.255.255.240 10.254.17.18 1
Route inside-Bct 192.168.254.0 255.255.255.0 10.40.50.66 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
AAA-server protocol Ganymede GANYMEDE +.
AAA-server GANYMEDE (Interior-Bct) 192.168.1.8
key *.
AAA-server GANYMEDE (Interior-Bct) 192.168.22.46
key *.
RADIUS protocol AAA-server TACACS1
AAA-server TACACS1 (Interior-Bct) host 192.168.1.8
key *.
AAA-server TACACS1 (Interior-Bct) host 192.168.22.46
key *.
authentication AAA ssh console LOCAL GANYMEDE
Console to enable AAA authentication RADIUS LOCAL
Console Telnet AAA authentication RADIUS LOCAL
AAA accounting ssh console GANYMEDE
Console Telnet accounting AAA GANYMEDE
Enable http server
http 192.168.1.0 255.255.255.0 management
http 192.168.1.0 255.255.255.0 Interior-Bct
http 192.168.139.0 255.255.255.0 Interior-Bct
http 192.168.0.0 255.255.255.0 Interior-Bct
Survey community SNMP-server host inside-Bct 192.168.1.27
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-3des esp-md5-hmac RIGHT
Crypto ipsec transform-set newset aes - esp esp-md5-hmac
Crypto ipsec transform-set esp-3des esp-sha-hmac myset2
Crypto ipsec transform-set esp-3des esp-md5-hmac raccess
Crypto ipsec transform-set esp-3des esp-sha-hmac vpnclienttrans
Crypto ipsec transform-set vpnclienttrans transport mode
life crypto ipsec security association seconds 2147483646
Crypto ipsec kilobytes of life security-association 2147483646
raccess 1 set transform-set vpnclienttrans crypto dyn1 dynamic-map
correspondence address card crypto mymap 10 110
card crypto mymap 10 peers set 10.254.17.10
card crypto mymap 10 transform-set RIGHT
correspondence address card crypto mymap 20 110
card crypto mymap 20 peers set 10.254.17.11
mymap 20 transform-set myset2 crypto card
card crypto mymap interface outside Baku
correspondence address card crypto ganja 10 110
10 ganja crypto map peer set 10.254.17.18
card crypto ganja 10 transform-set RIGHT
card crypto interface outside-Ganja ganja
correspondence address card crypto vpntest 20 110
peer set card crypto vpntest 20 10.250.25.1
newset vpntest 20 transform-set card crypto
card crypto vpntest interface vpnswc
vpnclientmap 30 card crypto ipsec-isakmp dynamic dyn1
card crypto interface for remote access vpnclientmap
Crypto ca trustpoint ASDM_TrustPoint0
registration auto
name of the object CN = gyd - asa .az .bct
sslvpnkeypair key pair
Configure CRL
map of crypto DefaultCertificateMap 10 ca certificatecrypto isakmp identity address
ISAKMP crypto enable vpnswc
ISAKMP crypto enable outside-Baku
ISAKMP crypto enable outside-Ganja
crypto ISAKMP enable remote access
ISAKMP crypto enable Interior-Bct
crypto ISAKMP policy 10
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
crypto ISAKMP policy 20
preshared authentication
aes encryption
md5 hash
Group 2
life 86400
crypto ISAKMP policy 30
preshared authentication
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 40
preshared authentication
aes encryption
sha hash
Group 2
life 86400
Crypto isakmp nat-traversal 30
No vpn-addr-assign aaa
Telnet timeout 5
SSH 192.168.0.0 255.255.255.0 Interior-Bct
SSH timeout 35
Console timeout 0
priority queue outside Baku
queue-limit 2046
TX-ring-limit 254
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
Server NTP 192.168.1.3
SSL encryption, 3des-sha1 rc4 - md5 aes128-sha1 sha1-aes256
SSL-trust point ASDM_TrustPoint0 to vpnlb-ip remote access
SSL-trust ASDM_TrustPoint0 remote access point
WebVPN
turn on remote access
SVC disk0:/anyconnect-win-2.4.1012-k9.pkg 1 image
enable SVC
tunnel-group-list activate
attributes of Group Policy DfltGrpPolicy
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
internal group ssl policy
attributes of group ssl policy
banner welcome to SW value
value of DNS-server 192.168.1.3
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
group-lock value SSL
WebVPN
value of the SPS URL-list
internal vpn group policy
attributes of vpn group policy
value of DNS-server 192.168.1.3
Protocol-tunnel-VPN IPSec l2tp ipsec
disable the PFS
BCT.AZ value by default-field
ssl VPN-group-strategy
WebVPN
value of the SPS URL-list
IPSec-attributes tunnel-group DefaultL2LGroup
ISAKMP retry threshold 20 keepalive 5
attributes global-tunnel-group DefaultRAGroup
raccess address pool
Group-RADIUS authentication server
Group Policy - by default-vpn
IPSec-attributes tunnel-group DefaultRAGroup
pre-shared key *.
ISAKMP retry threshold 20 keepalive 5
IPSec-attributes tunnel-group DefaultWEBVPNGroup
ISAKMP retry threshold 20 keepalive 5
tunnel-group 10.254.17.10 type ipsec-l2l
IPSec-attributes tunnel-group 10.254.17.10
pre-shared key *.
ISAKMP retry threshold 20 keepalive 5
type SSL tunnel-group remote access
attributes global-group-tunnel SSL
ssl address pool
Authentication (remote access) LOCAL servers group
Group Policy - by default-ssl
certificate-use-set-name username
Group-tunnel SSL webvpn-attributes
enable SSL group-alias
Group-url https://85. *. *. * / activate
tunnel-group 10.254.17.18 type ipsec-l2l
IPSec-attributes tunnel-group 10.254.17.18
pre-shared key *.
ISAKMP retry threshold 20 keepalive 5
tunnel-group 10.254.17.11 type ipsec-l2l
IPSec-attributes tunnel-group 10.254.17.11
pre-shared key *.
ISAKMP retry threshold 20 keepalive 5
type tunnel-group DefaultSWITGroup remote access
attributes global-tunnel-group DefaultSWITGroup
raccess address pool
Group-RADIUS authentication server
Group Policy - by default-vpn
IPSec-attributes tunnel-group DefaultSWITGroup
pre-shared key *.
!
type of policy-card inspect dns migrated_dns_map_1
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the migrated_dns_map_1 dns
inspect the rsh
inspect the rtsp
inspect sqlnet
inspect sunrpc
inspect xdmcp
inspect the netbios
Review the ip options
class flow_export_cl
flow-export-type of event all the destination 192.168.1.27
class class by default
flow-export-type of event all the destination 192.168.1.27
Policy-map Voicepolicy
class voice
priority
The class data
police release 80000000
!
global service-policy global_policy
service-policy interface outside Baku Voicepolicy
context of prompt hostnameCryptochecksum:4f35f975ba7a0c11f7f46dfd541d266f
: end
GYD - asa #.ASA remote:
ASA Version 8.2 (3)
!
ciscoasa hostname
activate the encrypted password of XeY1QWHKPK75Y48j
2KFQnbNIdI.2KYOU encrypted passwd
names of
DNS-guard
!
interface Ethernet0/0
nameif inside
security-level 100
IP 192.168.80.14 255.255.255.0
!
interface Ethernet0/1
nameif outside
security-level 0
IP 10.254.17.11 255.255.255.248
!
interface Ethernet0/2
Shutdown
No nameif
no level of security
no ip address
!
interface Ethernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
Shutdown
nameif management
security-level 100
no ip address
management only
!
boot system Disk0: / asa823 - k8.bin
passive FTP mode
access-list 110 scope ip allow a whole
192.168.80.0 IP Access-list extended sheep 255.255.255.0 allow 192.168.0.0 255.255.0.0
pager lines 24
Enable logging
asdm of logging of information
Outside 1500 MTU
management of MTU 1500
Within 1500 MTU
no failover
ICMP unreachable rate-limit 1 burst-size 1
ICMP allow all outside
ICMP allow any inside
ASDM image disk0: / asdm - 621.bin
don't allow no asdm history
ARP timeout 14400
NAT (inside) 0 access-list sheep
Route outside 0.0.0.0 0.0.0.0 10.254.17.9 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
Enable http server
http 192.168.1.0 255.255.255.0 management
http 192.168.80.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-3des esp-md5-hmac RIGHT
Crypto ipsec transform-set newset aes - esp esp-md5-hmac
Crypto ipsec transform-set esp-3des esp-sha-hmac myset2
life crypto ipsec security association seconds 2147483646
Crypto ipsec kilobytes of life security-association 2147483646
correspondence address card crypto mymap 10 110
card crypto mymap 10 peers set 10.254.17.9
mymap 10 transform-set myset2 crypto card
mymap outside crypto map interface
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
crypto ISAKMP policy 20
preshared authentication
aes encryption
md5 hash
Group 2
life 86400
crypto ISAKMP policy 30
preshared authentication
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 40
preshared authentication
aes encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH timeout 5
Console timeout 0
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPNtunnel-group 10.254.17.9 type ipsec-l2l
IPSec-attributes tunnel-group 10.254.17.9
pre-shared key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns migrated_dns_map_1
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the migrated_dns_map_1 dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
context of prompt hostnameCryptochecksum:1c1ac60e2fb84f65269d15d53f27c21b
: end
ciscoasa # $Still, I can't ping ASA remote outside from outside of the Local interface. And there is no connectivity between the 192.168.80.0 distance and local don't say 192.168.1.0. I have run out of ideas
Would appreciate any help. Thank you in advance...
If the tunnel is up (phase 1), but no traffic passing the best test is the following:
Add order management-access to the Interior , and then try to PING the intellectual property inside ASA counterpart.
inside x.x.x.x ping --> x.x.x.x is the IP of the ASA peer inside
The test above shows if the traffic passes through the tunnel (check encrypted/decrypted packets of sh cry ips its).
Test on both directions.
Please post the results.
Federico.
-
C640 satellite - installation of Ubuntu 10.10
Hi all...
Here is what happened with me...
I bought new toshiba satellite C640 with windows 7, I don't want to use windows... so I switched to ubuntu...
now here what I have suffered for 5 days...
I managed to install ubuntu 10.10 64 bit version on my machine... after that I gave her acpi = off option... (which i could not install ubuntu without this option)
then once the successful installation I can't start up of my hard drive... even when I change the file of grup to acpi = off. .. I will return to console mode not graphics mode...
Please guys please... I need help to get out me of this pain... any comment or idea... ?Toshiba a665d-s6091 couldn't get ubuntu 8, 9, load to load from direct c. ubuntu 10 and 11. 11, all I had to do was select in Start menu and it started end of the live cd. 10 is the long term support so I installed to sdhc that is not reconigzed at startup. I then installed to restart computer usb thumb drive, and only windows would charge. Ubuntu is on the menu, but it does not load. Then I removed the usb drive that is enabled on the computer and nothing. My computer is not something with usb output. Toshiba, that I thought was a good brand and still cant belive I have this right and wrong to get ubuntu to run
-
What is normal for the backup of XP SP3 and the startup type of the removable storage service?
I was getting ready to plan and attempt a clean full backup for tonight. I have the backups created on several entities, currently backup but have a very stable system at the moment and wanted to try to make a clean backup file. That day has finally arrived after been forced a corrupted system files hard drive failure "repair" critical and forced me to go back to SP1a (my Windows Genuine valid CD which I highly appreciate) in order to obtain any boot system, including safe mode and console mode. Repair has presented many incompatibilities at the level of program and system, including the basic WMI and COM of the corruption system. Three months later... it of time to update my backups and recovery procedures and hope that this does not happen!
In preparation, I decided to refresh my memory on the use of the backup and by browsing the Help and Support Service Center files. One of the first things I noticed was "storage removable service must be started for the backup works correctly." Audit and inspection of my existing Services using computer (Local) management, I have observed that after a normal windows startup, the removable storage service is not started with manual startup type. I use a USB drive connected as my backup media, and it is fully operational as a normally formatted NTFS data disk volume. I have windows indexing disabled on this volume. Is the type of service required removable storage of normal manual started? The backup program will automatically start this service? I know I've never manually started it myself and backups seem to work well. Should we change the startup type to automatic?
-Thanks, Jerry
I would like to leave as a textbook.
The Service will start (if capable) as soon as ntbackup.exe begins.
If you want to see, with your Services window related to the function of RS place and it will not work and the manual.
Click Start, run and enter in the box:
Ntbackup.exe
Click OK to start the backup and the Restore Wizard.
Go back to your Services window and press F5 to refresh and SR Service should now work.
When you exit the backup and the Restore Wizard, the RS Service stops (it may take a few minutes), and you may need to close the Services applet and reopen it to notice she's moved to manual and not running.
You will see things like present to the event system log viewer:
Event type: Information
Event source: Service Control Manager
Event category: no
Event ID: 7036
The removable storage service entered the running state.(this is when you go out the backup and the Restore Wizard and wait a few minutes... then the Service stops itself...)
Event type: Information
Event source: Service Control Manager
Event category: no
Event ID: 7036
Description:
The removable storage service entered the stopped state.It's like aid and assistance... Most of the people (including the technical support engineers who are hired by Microsoft) say to set the Startup Type to automatic, but you don't have to... Set it to manual and it will start fine when he needs start (if he can).
There is no need for these Services (and many other Services in XP) as starting at each restart and run all day without doing anything.
Here is a good list that will help you understand your XP Services:
-
Hello
We use Windows XP Professional. A user reported that machine has been suspended. Then it restarted the machine. It stops after WINDOWS LOGO & before the login screen.
I received STOP: error c0000135 {Unable to locate component}. I copied the file kernel32.dll in recvery console mode. There is no work.
Also repaired OS by using the Windows XP CD did not work.
Kind regards
Carter SHello Thomas,.
Thank you for visiting the Microsoft answers community.
Take a look at this KB article.
Hope this helps Chris.H
Microsoft Answers Support Engineer
Visit our Microsoft answers feedback Forum and let us know what you think. -
Assignment of VLANS by MAC address on a 6248
Hello
We have a mixture of 5548 and 6248 switch batteries, all updated to the latest fw, grouped on a 8024f.
We add 560 Polycom phones to our network and want to assign phones to the voice VLAN and use the internal switch on the phone to the computer workstation.
The 5548 have the handy table YES, the:
VLAN voice Yes-table add 00907 Polycom/Veritel_phone___
It works a treat and the assignment of VLANS for phone and PC works beautifully on the 5548.
However, the 6248 legacy does not have this feature.
Am I right assuming that we cannot assign addresses MAC Polycom-issued to one VLAN specific on switches 62XX as 55XX switches on? We are left with assigning simply labeled the voice VLAN? I'm afraid non-voix tag traffic for some applications will be treated badly as voice.
What is the best way to do it? Here are the General config we will stop for the 6248:
Configure
database of VLAN
VLAN 10 100interface vlan 10
name "VoIP."
outputinterface vlan 100
name 'data network '.
Routing
IP 10.1.10.1 255.255.255.0
outputExample config for a switchport with Polycom and PC phone
!
interface ethernet 1/g1
switchport mode general
switchport General pvid 100
No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 100
switchport general allowed vlan add 10 tag
switchport vlan allowed General remove 1
output
!The 6248 uses a Broadcom firmware and the 5548 uses a Marvell firmware, that's why we see the differences in the characteristics. The 6248 has no YES table as the 5548. Here is the basic configuration of VLAN voice on the 6248.
1.
To start creating a VLAN voice, create it first VLAN database mode for VLAN.
Console # console (config) # vlan database console(config-vlan) # vlan 2 console (config - vlan) #exit console (config) #.
2.
Then, globally enable the Vlan voice.
Console (config) # vlan VoIP
3.
In the configuration of interface for the desired port mode, assign it VLAN to the port using general mode. Then, assign it VLAN voice on the port with the command vlan vlan id #.
Console (config) # interface console item in gi1/0/10 # switchport general console mode # vlan 2 voice
There is also this white page that goes over the process.
www.Dell.com/.../pwcnt_voice_VLAN_support.pdf
A workstation sends no marked traffic, and will be placed on the general mode port PVID. In this case, it seems that your PVID is VLAN 100, therefore all workstation traffic will go to this VLAN. I'm not aware of a situation where the traffic of the workstation would be confused with traffic voice and placed on the VLAN incorrect, you have a specific situation / application where you think this can happen? I can do some research on this scenario to help alleviate any concerns.
Thank you
-
Freezing of frequent and sound distortion - Win7 - 64 bit
Hello
I use Windows 7-64 bit on a Dell XPS 15z.
My computer used to freeze that rarely (maybe all the ~ 10 h) how would the sound be too distorted. Nothing could run for a few seconds and then it could continue operating as if nothing had happened.
Since the last windows updates (12.02.15) frost got much more frequent (every two minutes), but much shorter. Freezes come about half a second. Always the same appearance, nothing works, his distorted bodyguard, then run as if nothing had happened. There seems to be no relationship between the workload on the aspect computing and lag.
Steps I took to try to resolve the problem:
- File Checker system - sfc/scannow in admin in console mode. No problem found.
- No advanced tools to solve Performance issues - reported no problem.
- Uninstalled Realtek High Definition Audio Driver - manually reinstalled the latest version.
- Uninstalled the IDE ATA / ATAPI drivers - let Windows reinstall them automatically.
- Run the check errors on the C: drive.
- Looked at the details of performance in the event log - no cases listed at the time of the freeze. However error during startup and caution on shutdown are indicated in the case log event log attached to error starting at the end of the present.
More information about the system
-C: drive is an OCZ 60 GB agility, D: drive WD 750 GB.
-BitDefender Antivirus software and SpyBot S & D
-One now uninstalled Avira Antivirus,
-All installed Windows updates
-All drivers automatically checked for the latest version
-No external equipment connected, with the exception of the speakers and mouse Logitech
-Gels happen that both plug and battery
Error: Startup performance monitoring
-System
-Supplier
[Name] Microsoft-Windows-Diagnostics-Performance
[Guid] {CFC18EC0-96B1-4EBA-961B-622CAEE05B0A}Event ID 100
Version 2
Level 2
Task 4002
Opcode 34
Keywords 0 x 8000000000010000
-TimeCreated
[SystemTime] 2015-02 - 12 T 04: 22:30.059627200Z
EventRecordID 6071
-Correlation
[ActivityID] {03702C50-F800-0002-2944-EE377B46D001}
-Execution
[ProcessID] 1804
[ThreadID] 1820Channel Microsoft-Windows-Diagnostics-Performance/Operational
Johannes of computer-PC
-Security
[User name] S-1-5-19
-EventData
BootTsVersion 2
BootStartTime 2015 - 02-12T 04: 20:22.702800300Z
BootEndTime 2015 - 02-12T 04: 22:27.922423500Z
2788 SystemBootInstance
UserBootInstance 2743
Distribution 78795
MainPathBootTime 23395
BootKernelInitTime 23
479 BootDriverInitTime
BootDevicesInitTime 1909
BootPrefetchInitTime 0
BootPrefetchBytes 0
BootAutoChkTime 0
BootSmssInitTime 9463
BootCriticalServicesInitTime 509
BootUserProfileProcessingTime 850
BootMachineProfileProcessingTime 3
BootExplorerInitTime 1605
BootNumStartupApps 17
BootPostBootTime 55400
Fake BootIsRebootAfterInstall
BootRootCauseStepImprovementBits 0
BootRootCauseGradualImprovementBits 0
BootRootCauseStepDegradationBits 0
BootRootCauseGradualDegradationBits 0
Fake BootIsDegradation
Fake BootIsStepDegradation
Fake BootIsGradualDegradation
BootImprovementDelta 0
BootDegradationDelta 0
Fake BootIsRootCauseIdentified
1185 OSLoaderDuration
BootPNPInitStartTimeMS 23
BootPNPInitDuration 1964
3412 OtherKernelInitDuration
SystemPNPInitStartTimeMS 5368
424 SystemPNPInitDuration
SessionInitStartTimeMS 5801
Session0InitDuration 1887
547 Session1InitDuration
SessionInitOtherDuration 7027
WinLogonStartTimeMS 15264
5671 OtherLogonInitActivityDuration
290 UserLogonWaitDurationThanks for the tips. Today I have not had everything freezes more :) I guess that the SSD firmware update did the trick, although there are still a few freezes yesterday after I had updated.
I have updated the firmware of my 3 OCZ agility.
The tool to create a bootable USB key to update the SSD if it is drive C: can be found here: http://ocz.com/consumer/download/firmware
I ran the DELL, diagnostic tool, which did not find any problem.
I have conducted an audit of the memory on the system during startup. Not the questions or the other.
-
Administration of the ASA via IPSec VPN
Recently, I upgraded my ASA5505 8.2.1 7.2 and curiously lost the ability to manage a VPN (via ASDM or SSH) unit. Before the upgrade, I was able to connect via a method without problem through the VPN. Internally, I still have no problem.
The fault on the ASDM client message when I try to connect to remote is "Impossible to launch the 10.x.x.x:4444 Device Manager." If I look at the output of the console mode of information, I see later that there is a "completed by interception TCP Flow' regarding the conversation between ASA and my system remotely.
The config lines are (I've got running on 443 webvpn):
http server enable 4444
255.x.x.x http inside 10.x.x.x
http 192.x.x.x outside 255.x.x.x
The 192 is located the beach DHCP VPN that get VPN clients (and I checked) such that these systems are able to connect to the ASDM or SSH management interface.
Is there another ACL I need to make this work? Not sure why it worked without problem on 7.2 and as soon as I upgraded to 8.2.1, he stopped, without changing the config (manual).
Thanks in advance for the help!
Point VPN network ssh interface inside rather than the outside, should work, while vpn - ssh to the asa inside the ip address of the interface.
without ssh 192.x.x.x 255.x.x.x outdoors.
SSH 192.x.x.x 255.x.x.x inside.
Concerning
Maybe you are looking for
-
launchd works but the script is run?
I have looked for answers here, but could not find them. So my question is this: I created a launchd like this: com.schedule.arp.plist <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/D
-
Satellite U200-179 often does not start after the installation of Ubuntu Live CD
I'm installing Ubuntu edgy on my new computer toshiba laptop U200-179.I install linux without problems from the live CD, but when I try to restart the pc, often it does not start. During booting linux runs the utility to check the file system, althou
-
while trying to install virgin mobile broadband2go
-
Impossible to install Wi - Fi - Latitude 10 driver
I reinstalled Windows 8 (not 8.1) on my Latitude 10, although of course most of the drivers were not installed because they were not in the value default Windows installation, including the Wi - Fi driver disc. I tried to install it by downloading th
-
can not find the drivers for my computer windows laptop 7 g6-2311ex