Internal access to the site at the remote location via wifi
We have an internal site to A location and we have a 2 layer hose B location. When you use the ethernet connection, site B can access the site. What we want to do, is allow them to access via wifi with the VPN site to site (who currently works) hosted by of our Sonicwall.
How this is a problem is our network is separate; wifi at site B is on the DMZ. We added access rules to allow the DMZ-> VPN traffic on the site, which did not work; No ping, no traffic, no communication. We've also added policy NAT, same story.
My theory on why it does not work is because the VPN tunnel to one SW to another is related to X 0, but even after enabling access, it's the same result.
Any help would be appreciated. Thank you all!
Hello
Is DMZ subnet to site B added under 'Local networks' VPN B Site and under 'Remote Networks' policy in Site A VPN policy? If you have then SonicWALL auto-créera access rules to allow WiFi traffic. Basically, you need to add the DMZ subnet in site B the VPN policy.
You can also see the article: https://support.software.dell.com/kb/sw7725
Tags: Dell Tech
Similar Questions
-
Manage access to the credentials named via EMCLI
Hello dear colleagues,
does anyone know how to manage access to the powers named via EMCLI or did someone knows if this function exists in EMCLI.
We want to configure access through scripting, so that for example we can grant access to all administrators of database for all named credentials.
I would be very happy if someone has a solution.
Thanks in advance!
Best regards
Sönke
Yes, you emcli Word for it - http://docs.oracle.com/cd/E24628_01/em.121/e17786/cli_verb_ref.htm#CHEBIEED
in the emcli even guide, you can search credentials and find the relevant verb
-
Hello
I'm trying to solve a problem with the VPN, and I hope that someone could give me a helping hand.
We have 3 offices, each with an ASA 5505 like the router/firewall, connected to a cable modem
(NC Office) <----IPSEC----->(office of PA) <----IPSEC----->(TC Office)
Internally, we have a full mesh VPN, so all offices can talk to each other directly.
I have people at home, by using remote access VPN into the Office of PA, and I need them to be able to connect to two other offices there.
I was able to run for the Office of CT, but I can't seem to work for the Office of the NC. (I want to say is, users can remote access VPN in the PA Office and access resources in the offices of the PA and CT, but they can't get the Office of NC).
Someone could take a look at these 2 configs and let me know if I'm missing something? I am newer to this, so some of these configs do not have better naming conventions, but I'm getting there
PA OFFICE
Output of the command: "show run".
: Saved
:
ASA Version 8.2 (5)
!
hostname WayneASAnames of
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP 70.91.18.205 255.255.255.252
!
passive FTP mode
clock timezone IS - 5
clock to summer time EDT recurring
DNS lookup field inside
DNS domain-lookup outside
DNS server-group DefaultDNS
75.75.75.75 server name
75.75.76.76 server name
domain 3gtms.com
permit same-security-traffic intra-interface
object-group Protocol TCPUDP
object-protocol udp
object-tcp protocol
inside_access_in of access allowed any ip an extended list
IPSec_Access to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.2.0 255.255.255.0
IPSec_Access to access extended list ip 192.168.10.0 allow 255.255.255.224 192.168.2.0 255.255.255.0
IPSec_Access to access extended list ip 192.168.10.0 allow 255.255.255.224 192.168.5.0 255.255.255.0
inside_nat0 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.10.0 255.255.255.224
inside_nat0 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.2.0 255.255.255.0
inside_nat0 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.5.0 255.255.255.0
TunnelSplit1 list standard access allowed 192.168.10.0 255.255.255.224
TunnelSplit1 list standard access allowed 192.168.1.0 255.255.255.0
outside_1_cryptomap to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.2.0 255.255.255.0
outside_2_cryptomap to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.5.0 255.255.255.0
outside_cryptomap to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.5.0 255.255.255.0
RemoteTunnel_splitTunnelAcl list standard access allowed 192.168.1.0 255.255.255.0
RemoteTunnel_splitTunnelAcl_1 list standard access allowed 192.168.1.0 255.255.255.0
RemoteTunnel_splitTunnelAcl_1 list standard access allowed 192.168.2.0 255.255.255.0
RemoteTunnel_splitTunnelAcl_1 list standard access allowed 192.168.5.0 255.255.255.0
out_access_in list extended access udp allowed any SIP host 70.91.18.205 EQ
out_access_in list extended access permit tcp any host 70.91.18.205 eq 5000
out_access_in list extended access permits any udp host 70.91.18.205 range 9000-9049
out_access_in list extended access permit tcp any host 70.91.18.205 EQ SIP
out_access_in list extended access allowed object-group TCPUDP any host 70.91.18.205 eq 5090
out_access_in list extended access permit udp any host 70.91.18.205 eq 5000
Note to outside-nat0 access-list NAT0 for VPNPool to Remote Sites
outside-nat0 extended ip 192.168.10.0 access list allow 255.255.255.224 192.168.2.0 255.255.255.0
outside-nat0 extended ip 192.168.10.0 access list allow 255.255.255.224 192.168.5.0 255.255.255.0
pager lines 24
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU----IPSEC----->----IPSEC----->
IP mask 255.255.255.224 local pool VPNPool 192.168.10.1 - 192.168.10.30
no failover
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0-list of access inside_nat0
NAT (inside) 1 0.0.0.0 0.0.0.0
NAT (outside) 0-list of access outside-nat0
inside_access_in access to the interface inside group
Access-group out_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 70.91.18.206 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
the ssh LOCAL console AAA authentication
Enable http server
http 0.0.0.0 0.0.0.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set esp-3des esp-md5-hmac VPNTransformSet
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
card crypto IPSec_map 1 corresponds to the address IPSec_Access
card crypto IPSec_map 1 set peer 50.199.234.229
card crypto IPSec_map 1 the transform-set VPNTransformSet value
card crypto IPSec_map 2 corresponds to the address outside_2_cryptomap
card crypto IPSec_map 2 set pfs Group1
card crypto IPSec_map 2 set peer 98.101.139.210
card crypto IPSec_map 2 the transform-set VPNTransformSet value
card crypto IPSec_map 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
IPSec_map interface card crypto outside
card crypto outside_map 1 match address outside_1_cryptomap
peer set card crypto outside_map 1 50.199.234.229
crypto ISAKMP allow outside
crypto ISAKMP policy 1
preshared authentication
3des encryption
sha hash
Group 2
life 43200
Telnet 192.168.1.0 255.255.255.0 inside
Telnet timeout 5
SSH 0.0.0.0 0.0.0.0 inside
SSH timeout 60
Console timeout 0
management-access inside
dhcpd outside auto_config
!
dhcpd address 192.168.1.100 - 192.168.1.199 inside
dhcpd dns 75.75.75.75 75.75.76.76 interface inside
dhcpd allow inside
!a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
internal RemoteTunnel group strategy
attributes of Group Policy RemoteTunnel
value of server DNS 75.75.75.75 75.75.76.76
Protocol-tunnel-VPN IPSec
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list RemoteTunnel_splitTunnelAcl_1
dfavier vUA99P1dT3fvnDZy encrypted password username
username dfavier attributes
type of remote access service
rduske vu0Zdx0n3oZWFSaX encrypted password username
username rduske attributes
type of remote access service
eric 0vcSd5J/TLsFy7nU password user name encrypted privilege 15
lestofts URsSXKLozQMSeCBk username encrypted password
username lestofts attributes
type of remote access service
jpwiggins 3WyoRxmI6LZjGHZE encrypted password username
username jpwiggins attributes
type of remote access service
tomleonard cQXk0RJCBtxyzZ4K encrypted password username
username tomleonard attributes
type of remote access service
algobel 4AjIefFXCbu7.T9v encrypted password username
username algobel attributes
type of remote access service
type tunnel-group RemoteTunnel remote access
attributes global-tunnel-group RemoteTunnel
address pool VPNPool
Group Policy - by default-RemoteTunnel
IPSec-attributes tunnel-group RemoteTunnel
pre-shared key *.
tunnel-group 50.199.234.229 type ipsec-l2l
IPSec-attributes tunnel-group 50.199.234.229
pre-shared key *.
tunnel-group 98.101.139.210 type ipsec-l2l
IPSec-attributes tunnel-group 98.101.139.210
pre-shared key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
inspect the icmp
inspect the pptp
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
Cryptochecksum:6d1ffe8d570d467e1ea6fd60e9457ba1
: endCT OFFICE
Output of the command: "show run".
: Saved
:
ASA Version 8.2 (5)
!
hostname RaleighASA
activate the encrypted password of Ml95GJgphVRqpdJ7
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
192.168.5.1 IP address 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP 98.101.139.210 255.0.0.0
!
passive FTP mode
clock timezone IS - 5
clock to summer time EDT recurring
DNS lookup field inside
DNS server-group DefaultDNS
Server name 24.25.5.60
Server name 24.25.5.61
permit same-security-traffic intra-interface
object-group Protocol TCPUDP
object-protocol udp
object-tcp protocol
Wayne_Access to access extended list ip 192.168.5.0 allow 255.255.255.0 192.168.1.0 255.255.255.0
Wayne_Access to access extended list ip 192.168.5.0 allow 255.255.255.0 192.168.10.0 255.255.255.0
Shelton_Access to access extended list ip 192.168.5.0 allow 255.255.255.0 192.168.2.0 255.255.255.0
out_access_in list extended access permit tcp any host 98.101.139.210 eq www
out_access_in list extended access permit tcp any host 98.101.139.210 eq ftp
out_access_in list extended access permit udp any host 98.101.139.210 eq tftp
out_access_in list extended access udp allowed any SIP host 98.101.139.210 EQ
out_access_in list extended access permit tcp any host 98.101.139.210 eq 5090
out_access_in list extended access permit tcp any host 98.101.139.210 eq 2001
out_access_in list extended access permit tcp any host 98.101.139.210 eq 5080
out_access_in list extended access permit tcp any host 98.101.139.210 eq ssh
out_access_in list extended access permit tcp any host 98.101.139.210 eq 81
out_access_in list extended access permit tcp any host 98.101.139.210 eq 56774
out_access_in list extended access permit tcp any host 98.101.139.210 eq 5000
out_access_in list extended access permit tcp any host 98.101.139.210 eq 902
out_access_in list extended access permit tcp any host 98.101.139.210 eq netbios-ssn
out_access_in list extended access permit tcp any host 98.101.139.210 eq 445
out_access_in list extended access permit tcp any host 98.101.139.210 eq https
out_access_in list extended access allowed object-group TCPUDP any host 98.101.139.210 eq 3389
out_access_in list extended access allowed object-group TCPUDP range guest 98.101.139.210 5480 5487
out_access_in list extended access permits any udp host 98.101.139.210 range 9000-9050
inside_nat0 to access extended list ip 192.168.5.0 allow 255.255.255.0 192.168.1.0 255.255.255.0
inside_nat0 to access extended list ip 192.168.5.0 allow 255.255.255.0 192.168.2.0 255.255.255.0
inside_nat0 to access extended list ip 192.168.5.0 allow 255.255.255.0 192.168.10.0 255.255.255.0
pager lines 24
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0-list of access inside_nat0
NAT (inside) 1 0.0.0.0 0.0.0.0Access-group out_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 98.101.139.209 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
the ssh LOCAL console AAA authentication
Enable http server
http 0.0.0.0 0.0.0.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-3des esp-md5-hmac WayneTransform
Crypto ipsec transform-set esp-3des esp-md5-hmac SheltonTransform
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
card crypto IPSec_map 1 corresponds to the address Wayne_Access
card crypto IPSec_map 1 set pfs Group1
card crypto IPSec_map 1 set peer 70.91.18.205
card crypto IPSec_map 1 the transform-set WayneTransform value
card crypto IPSec_map 2 corresponds to the address Shelton_Access
card crypto IPSec_map 2 set pfs Group1
card crypto IPSec_map 2 set peer 50.199.234.229
card crypto IPSec_map 2 the transform-set SheltonTransform value
IPSec_map interface card crypto outside
crypto ISAKMP allow outside
crypto ISAKMP policy 1
preshared authentication
3des encryption
sha hash
Group 2
life 43200
Telnet timeout 5
SSH 0.0.0.0 0.0.0.0 inside
SSH timeout 5
Console timeout 0
management-access inside
dhcpd outside auto_config
!
dhcpd address 192.168.5.100 - 192.168.5.199 inside
dhcpd dns 24.25.5.60 24.25.5.61 interface inside
dhcpd allow inside
!a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
eric 0vcSd5J/TLsFy7nU password user name encrypted privilege 15
tunnel-group 50.199.234.229 type ipsec-l2l
IPSec-attributes tunnel-group 50.199.234.229
pre-shared key *.
tunnel-group 70.91.18.205 type ipsec-l2l
IPSec-attributes tunnel-group 70.91.18.205
pre-shared key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
inspect the icmp
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
Cryptochecksum:3d770ba9647ffdc22b3637e1e5b9a955
: endHello
I might have found the problem.
To be honest, I'm a little tired and concentration is difficult, especially when access between multiple device configurations. So second pair of eyes is perhaps in order.
At the moment it seems to me that this configuration is the problem on the SITE of PA
IPSec_Access to access extended list ip 192.168.10.0 allow 255.255.255.224 192.168.5.0 255.255.255.0
This is an ACL that defines networks the and remote for a connection VPN L2L.
Now, when we look at what connection VPN L2L this belong we see the following
card crypto IPSec_map 1 corresponds to the address IPSec_Access
card crypto IPSec_map 1 set peer 50.199.234.229
card crypto IPSec_map 1 the transform-set VPNTransformSet value
Now, we see that the peer IP address is 50.199.234.229. Is what site this? The IP address of the CT Site that works correctly?
Now what that said the ACL line I mentioned more early basically is that when the 192.168.10.0 network 255.255.255.224 wants to connect to the network 192.168.5.0/24 should be sent to the CT Site. And of course, this should not be the case as we want traffic to go on the NC Site
Also worth noting is that on the SITE of the above connection is configured with the '1' priority so it gets first compared a connection. If the VPN L2L configurations were in different order then the VPN Client connection can actually work. But it's just something that I wanted to point out. The actual resolution of the problem, of course, is to detach the configuration which is the cause of the real problem in which ASA attempts to route traffic to a completely wrong place.
So can you remove this line ACL of the ASA of PA
No IPSec_Access access list extended ip 192.168.10.0 allow 255.255.255.224 192.168.5.0 255.255.255.0
Then, test the VPN Client connection NC SITE again.
Hope that this will finally be the solution
-Jouni
-
Dreamweaver CS5 on PC with Windows 7 will not access (or sign in) to my remote or the Adobe called FTP server. Dreamweaver CS4 on the same machine will be. I exported the information on the site of CS4 and imported into CS5 as well as to look at a new site in CS5 everything with no success. It's probably not a firewall for access to the site problem CS4 works very well.
> It's probably not a firewall for access to the site problem CS4 works very well.
CS4 and CS5 are two different applications and have different, right firewall rules? Have you checked the firewall?
-
Filtering of VPN and local access to the remote site
Hello
I set up vpn, filtering on all my VPN l2l. I have limited access to remote resources at the local level to the specified ports. It works perfectly.
But I want to have as full access from local to remote networks (but still retain the remote access to the local level). VPN filter now works as I have two-way with a simple ACL. So is it possible to open all the traffic from the local to remote and all by limiting the remote to the local traffic?
ASA 5520 8.4 (3)
Thanks in advance
Tomasz Mowinski
Hello
Well let's say you have a filtering ACL rule when you allow http local network traffic to the remote host
LAN: 10.10.10.0/24
remote host: 192.168.10.10/32
The filter ACL rule is the following:
FILTER-ACL access-list permit tcp host 192.168.10.10 eq 80 10.10.10.0 255.255.255.0
I think that this ACL rule would mean also that until the remote host has been using source port TCP/80, it may access any port on any host tcp in your local network as long as it uses the source TCP/80 port.
I guess you could add a few ranges of ports or even service groups of objects to the ACL rules so that not all well-known ports would be accessible on the LAN. But I guess that could complicate the configurations.
We are usually management customer and completely different in ASA L2L VPN that allows us to all traffic on another filtering device and do not work in this kind of problems. But of course there are some of the situations/networks where this is not only possible and it is not a feasible option for some because of the costs of having an ASA extra.
Please indicate if you have found any useful information
-Jouni
-
What are the limitations of access to the remote system?
I've got a PXI-1042 remote controller 8108 and 5112, 6723 & 8420 PXI. I can see all the devices remotely from my laptop to the MAX 4.4 (under NIVisaServer). My problem is that I don't know if I can use all of these cards remotely?
I am programming in C++ of MS using VISA & DAQmx libraries and have been able to use the serial ports of the 8420 distance without any problem. But the programming remotely 6723 poses a greater challenge. On previous projects (not involving remote systems) I simply defined virtual world channels in NOR-MAX and DAQmx... used library calls to control. But I'm not able to access the Global virtual channels on the remote system and I can't create anything on my laptop that connect la carte 6723.
Also, I can't run OR-SCOPE Soft Front Panel on my laptop because it is impossible to find the 5112 digitizer.
Is it possible to have full access and the capacity for remote 5112 & 6723 card?
Ken
You are able to view the various devices on the network to the MAX, but unfortunately you can not create glodbal virtual channels or use the functionality of these cards. The best way to use these cards on the network is to use the remote façade (in LabVIEW only), Remote Desktop, etc. I have included some useful links to get more information.
Display of an Application or a front panel remote using LabVIEW
http://zone.NI.com/reference/en-XX/help/371361B-01/lvhowto/viewfrntpnlrmtlyusnglv/
Do the NI 5102, NI 5112, and NI 5911 Oscilloscope cards support remote device access (RDA)?
http://digital.NI.com/public.nsf/allkb/8AC1067C0944FACD8625697A005B92C8
What is device Remote Access (RDA) and where is the server?
http://digital.NI.com/public.nsf/allkb/5CC9792C6CD4A34C862565BC0072D5DF
-
Use the remote website via VPN site-to-site
Hi all
We have two sites, the site has and B. At site A, we have a Web site we want to share with all of site B. Currently, site B can access the site via the VPN site-to site on X 0, which is their LAN. Nothing outside X 0 cannot access or ping to the address.
We added access rules to allow access from the DMZ to this interface, but again, no ping and no communication at all. The other strange thing is that we see that no trip package for these access rules either.
Any help is appreciated. Thank you.
It seems that the demilitarized zone is not part of the VPN tunnel.
Can you confirm that the DMZ subnet is part of local destinations on the site B and a part of the local destinations on site?
Kevin
-
Hello
With the help of 11.2.0.3
SQL that accesses, one table of remote database link remote db - fonctionnee during over a link db months readonly
The remote database table has been abandoned and then recreatde.
Is there some other step needed to allow access to the table in the remote database?
Thank you
You have lost your privs when the table was dropped.
-
Internal access to the servers of the network security
Hi all
I'm trying to set up a html to Internet to our internal virtual desktop computer connection.
From our internal network, all network traffic through the login server located on the internal network, no problem.
On the Internet, the connection is established with the Security Server, but when we try to access our desktop from view, security server tries to join the bureau with his private address that is not reachable from the demilitarized zone.
Blast Secure Gateway seems to be configured correctly, and we try to avoid the NIC pluging 2nd on security for access to our private network server.
Any idea about this problem?
I read a lot of literature on this type of configuration, and it seems, that it should be possible without a second network adapter is not recommended.
Thanks a lot for your help.
Kind regards
Sylvain
To establish the Blast session via the Security Server, the SS will attempt to connect to the machine via TCP 22443 vDesktop, then Yes, you need to create a firewall rule that allows a NIC SS create a TCP 22443 with any IP virtual desktop connection.
This is essentially the reason why people add 2 interfaces to SS - a Public-facing DMZ network (can connect on the internet) and another private-DMZ in front of a network (not exposed to the Internet, only life SS here).
In the case of a single adapter, you must allow the Public DMZ network connections on your virtual desktop, which is not desirable in most cases.
Architecture 2nic 'Typical' or town:
Mighty Internet | Public-DMZ | Private-DMZ | Internal network
Customer > 443, 8443 | SSPubNic | SSPrivNIC > 22443 | Any virtual office
+ firewall rules that allow the communication of the SS (above SSPrivNic probably deal) with CS
Direct connections to the internal network from the Internet or Public-DMZ net are not allowed.
In case of a single NETWORK adapter for your SS:
Mighty Internet | DMZ | Internal network
Customer > 443, 8443 | SSPubNic > 22443 | Any virtual office
+ firewall rules that allow the communication of the SS with CS
In case of a single NETWORK adapter for your SS, you're allowing direct connections to a wide enough area of your network private directly from the network to the DMZ, which is exposed to the Internet and that should be attacked.
It should work. If it is acceptable from the point of view of security is something different and more likely to your security administrator.
Hope this helps and I hope that I forgot something important...
-
Help! I'm about to commit the homicide of the computer!
I have been troubleshooting for weeks and am now bald from ripping my hair!
Computer: Dell Inspiron 537 s Slim Desktop w / Pentium Dual - Core CPU E5200 @250 GHz
Network card: Realtek PCIe FE Family Controller (checked several times, through Windows, it works correctly)
System: Windows 7 Home Premium, 64-bit with Service Pack 1
Router: Netgear N600 model #: WNDR3400v2
Cable router: SBV5220 Surfboard Motorola
Now several months ago this desktop computer once more had SOME programs lose the ability to access the internet via an Ethernet cable.
Affected programs:
MS Internet Explorer
Mozilla Firefox
Avast! Security Suite
Work of MS Security Update
Ping works sites (Yahoo, etc.)
Other computers connected to this network via WiFi - no problem getting on the internet.
Run the network troubleshooter advises all is working properly, no suggestion.
Attempted fixes:
Turn off all extensions on IE (but don't forget Firefox and Avast! are also unable to access.)
Disabled all start-ups and the package process
Restarted in Safe Mode - still not able to access.
Ran check complete virus, then check virus run start. Minor ad-ware 'virus' not found, all corrected automatically.
Rebooted the router and the computer to infinity and beyond! s
Tried other computers using the same ethernet cable connected to this wireless routers cable, no problem accessing the internet.
Disabled functions package
Off MS Firewall
IP Reset configuration (memory: netsh ip net reset c:\resetlog.txt - without DOUBT NOT EXACT - OF THE MEMORY.) Command worked)
As I said, this had happened before and then miraculously fixed itself after a short period (less than 1 week). This time, no joy.
Of course, it's one of two things:
(1) a configuration problem I just can't find/understand.
(2) the problem of equipment more strange, more selective, in the universe.
Anyone? Anyone? Bueller?
Thank you more can I possibly Express for assistance.
You could win the lottery and have a lot of beautiful children!
(M.) Kel
Hello team zig - zag,
I wanted to thank you for your help. I finally broke down and reached out to our friends at Microsoft directly for assistance. They had me a role through all the things that you suggested (again). And finally (after many hours of phone and chat discussions) came up with an answer: "* shrug * we don't know what is the problem - choose a restore point and come back to that.» What I did. This has solved the problem of internet access, but created other problems I'm trying (nothing that I have to post here, they are specific to a particular program package).
Still, I wanted to thank you for your time and effort on my behalf. I'm very, very happy!
All my best,
Kel
-
is this allowed? materialized view the log for the remote database (via db lin
: Hi guys.
try to do
create materialized view log on user@xxx with sequence, rowid (col1, col2), including the new values;
where xxx is a remote db link
------
had this error
ORA-00949 - illegal reference to the remote database
Google but do not know whelther this error is an internal error or not allowed for mviews characteristic.
help pleaase!
Rgds,
Noobdo you mean that the materialized log should be created in the same location where the main table
YES. Of course, it must be there! Any update to the main table should also update the MV log that is created against it!
Hemant K Collette
-
Restrict access to the remote computer of single machine or the single IP address.
Hello
I have a server on which I want to prevent users from remote session. All I want is to give access to a user or machine or IP and that this machine/user/IP can access the server remotely.I tried the below mentioned step and it does not work for me, maybe I'm missing something.Control Panel > administrative tools > Windows Firewall with advanced security > inbound rules > Remote Desktop (TCP-In) and I tried every tab scope, users, computers, I am still able to access the server of any filling machine.Please suggest is possible I can prevent the other users, I can't create a new user account, I have to share the password what I can do is limited to the single machine/user/Ip address.Please suggest.Concerning
Yoann kassoum COULIBALYHi, VC.
I advise you to post this question in the Windows 7 IT PRO Forum /Networking. This community will be able to find solutions to your problems.
B Eddie
-
Database MS Access Access on the remote computer (shared folder)
Hello
I need help.
I did a program and it works fine on my computer, but several users will use program simultaneously, each on its own computer connected via a local area network to the computer of mine (data is on my computer in the shared folder).
When I try to access the data on the database (path is the path of the shared folder) I get error 5013 (no database). The problem only occurs when I'm reading something MS access database, but not if I try to read data from the .txt file, then it works fine...
I use ADO tools
Can someone help me, I would be very grateful?
Your code will be a connection string that specifies the odbc driver or your code has a dsn that specifies the odbc driver, or your code will point to a udl file that specifies the odbc driver. You don't need to worry about the details of the driver itself.
I would also echo what mike said about the jet database. It's the wrong choice for many customers. You can use a jet database to debug sql queries and the design of the table if you wish, but you need to move to a more robust db such as SQL Server or MySQL.
-
Problems connecting to the remote host via FTP from DreamWeaver
I have problems to connect to my remote host in DreamWeaver. I can connect via the Client File Zilla and was able to connect until my hard drive crashed. Now w/new drive, I get an error msg. I tried to create a new site, which connets when I test the connection, but when I go to view the files, a dialog box appears saying "(cannont get info dossier distant, accès refusé, etc) I tried selecting the different settings and combines following parameters: use firewall, secure ftp, ftp passive mode." Don't know what else to try at this point. I have WIN XP, Adobe Creative Suite CS3. I'd appreciate any help, thanks!
OK - it's good. I noticed that your host directory contains only the character ' / ' and that could be the source of your problems. What happens if you remove that, just leave this field blank?
-
Configuration of IP addresses by default of the CIVS-IPC-6400 cams from a remote location via MS
Hi guys,.
I know here is not a community of shell/bash programming, but I need emergency assistance. On my client's site, there is a place that don't have any DHCP server or any windows machine to change the default IPS of cams but ony race Media Server and back up with the IP address of the interfaces. I have a shell script that wget command allows to connect the camera to the default IP address and removes the sessionID and use it to replace the correct IP address. My problem is that when I tested the script cam turn on HTTP it works prefect. But when I run on the cams of default config it is unable to obtain the ID of session of cameras. Any ideas?
Here is my script changeCamIP - HTTPs.sh file;
#=================================
wget d - U "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; (Trident/6.0) ' - non-cocher-certificate - response from the Server - post-data = "version = 1.0 & action = login & userName = admin & password = admin»--non-cocher-certificat--restreindre-noms files = nocontrol o $1 https://$1/login.cs
pidof wget > wait
sessionID = $(cat $1 | grep \"sessionID\" | cut-d '='-f4 | cut-d ""'-f2)
echo $sessionID
wget - U "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" --no-check-certificate --restrict-file-names=nocontrol -O ret https://$1/ipaddressing.cs?version=1.0\&sessionID=$sessionID\&action=set\&ipVersion=1\&addressingType=2\&ipAddress=$2\&subnetMask=255.255.255.0\&defaultGatewayIPAddress=$3\&primaryDNSIPAddress=\&secondaryDNSIPAddress=
RM-fr $1
RM - en ret
echo 'OK '.#=================================
I am running the script with these settings: 192.168.0.100 New_IP New_GW #./changeCamIP-HTTPs.sh
Only option 3 is sufficient.
When I changed the https to http protocol, it works perfectly. But the default cams only supports HTTP...
Thanks for any help and ideas.
I'm ready to take a crack at it with you, if it's still a problem.
Chances are, by default / cameras NIB (New In Box) are present with an initialization screen when you set up an account initially? I don't have the cycles to figure out this part with you, but that's what comes to mind.
So what else * you actually on the site? Your own workstation? Media Server only?
Why not just turn a temporary DHCP daemon on the media server with a small stretch to grab your cameras temporarily so that you can get under management within VSOM and move them to static in this way? (Don't forget to decommision the DHCP daemon after it ;-)
Good luck!
PS - I have the feeling that I'm * realllllly * missing something here after thinking that he for a while... You say that you have not all Windows boxes on the site? How the customer would actually use... VSM in this case?
Maybe you are looking for
-
I want to see bill by imei iphone because I don't know where he is
I want to see bill by imei iphone because I don't know where he is right now
-
I'm glad my MN-700 and will not change if don't have to. I recently changed my modem (Motorola SB6120) with DOCSIS 3.0 technology (Comcast). When go directly from modem to pc = 35 Mbps download speed when the download speed of the modem to MN-700 ele
-
Make mistake while building/running bbutil with cascades app
Hi, I am trying to build an opengl are 2.0 app and have pretty much used the tutorial for a cube with waterfalls using a foreignwindow, but the code used opengl 1.0. Since then I tried to use the code from a basic tutorial but I had difficulties to g
-
Invalidate() missed my application
I create a game that uses the accelerometer to move an image around the screen. The application runs without problem, but if I add a background image for the game everything is mired. I tried to invalidate only the ball, but if you tilt the accelerom
-
Can connect to internet but not network
I'm on a large network at work, running Windows 7 Enterprise. I can connect (user based permission system) download internet, e-mail, can print on my printers network, access access to the other computers on my network via remote, but can not directl