IOS Firewall (CBAC) + Path MTU Discovery
I was reading just through the 12.2 T documentation CBAC and saw the section on the icmp inspection and how he wildcards outside IP because no matter what a leap could return it with the responses of time exceeded and inaccessible destination.
See that made me wonder if this was true for TCP as well, especially in situations that involve Path MTU Discovery. If an internal system initiates an outgoing TCP connection that is inspected by the FW IOS, an external host responds with an ICMP Fragmentation needed but DF Bit set to message, the router will consider this part of the session and send it to the host internal?
Thanks in advance.
-Mason
Mason,
ICMP by CBAC inspection does not include packets 'package-too-great. Therefore, you must explicitly allow these packages in your ACL for PMTUD to work that the router would not consider these packages to be part of the TCP session and drop them.
See the link below for the types of ICMP packets supported by CBAC.
http://www.Cisco.com/en/us/products/ps6350/products_configuration_guide_chapter09186a0080455b0d.html
HTH,
Sundar
Tags: Cisco Security
Similar Questions
-
Path MTU issue when VPNed in of ASA5510 8.0 (4)
I have a new ASA just configure VPN access like any other ASA I ever install.
The VPN client connects fine, obtains an IP address, is capable of devices of ping on the corporate network.
I compared it to the other ASA I installed that work. I don't see the problem.
3 things:
I can't make a ping to the ASA LAN interface when VPN'ed in.
When I do a mturoute.exe to an IP inside it shows only a MTU of 196 when I use Cisco VPN dialer.
When I use the client VPN Shrewsoft I can set the MTU to 1380. When I do a mturoute.exe to an IP inside it shows 1380.
I think because it is not responding to a Ping on the local network of the SAA, which does not have the path MTU discovery.
Any help would be appreciated.
Thank you
Bert
My apologies for repeated postings but that's what you need to do
From a Windows device use this: C:\ > ping-f-l packet_size_in_bytes destination_IP_address.
The -f option is used to specify that the package cannot be fragmented. The -l option is used to specify the length of the packet. First try this with a packet of 1500 size. For example, ping -f - l 1500 192.168.100. If the fragmentation is required but cannot be performed, you receive a message like this: packages need to be fragmented but DF parameter.
suspended f in my last post
# You can try your command prompt
ping f-l 1380
so he sends a ping of 1380 bytes
then you should see something like this, if it does not receive through
C:\Documents and Settings\jathaval > ping 4.2.2.2 f-l 1380
4.2.2.2 ping with 1380 bytes of data:
Packet needs to be fragmented but DF parameter.
Packet needs to be fragmented but DF parameter.
Packet needs to be fragmented but DF parameter.
Packet needs to be fragmented but DF parameter. -
Using the tunnel path mtu-search command
Hello world
Need to know why to use the tunnel-search path mtu command--if we have the GRE tunnels at both ends?
Also the same command can be used if we have GRE over IPSEC VPN?
Thank you
MAhesh
You can read the description here:
It forces unattainable sending should exceed US MTU, rather the fragmentation occurs.
And Yes, it applies to GRE over IPsec and is quite a good feature in most cases.
-
Hello
What devices can I find ios firewall services, ZBF and url filtering? is it only the routers or there are PIX too?
Thank you
PIX and ASA devices support ZBF, URL filtering and firewall services. However almost all high mid-range to routers have firewall/ios function (Cisco3640 router with firewall IOS version 12.2 media services), SRI series routers support ZBF and URL filtering.
-
Deployment IOS firewall feature set
Hi all
We strive to deploy the 2811 router firewalls with version 2.5 of SDM. We chose basic firewall configuration option. It has forced us to choose the approved and unapproved interfaces and we did the same. She said entering the trust interface access list and inspect the ip on the interface of the United Nations-trusetd command.
Also, initially, we want to allow all traffic not reliable interface for the trust interface, so we manually ban ip allowed everything inside the network block? - is - right?
We have another question, we would be having another interface on the router to connect to a different network and preference is not to configure this interface as approved or not approved, in this scenario, if all traffic from undefined interface can access the interface of confidence or also not approved interface?
Any help would be really appreciated
Thank you
Concerning
Anantha Subramanian Natarajan
Hello André,
"In addition, initially we want to allow all traffic to untrusted interface" which would completely break the idea of the deployment of the IOS Firewall. Nature of the statefull firewall that comes with the firewall option IOS is to block all traffic from an untrusted by default interface, then only allow the return circulation of connections, initiated from a reliable interface (inspection). And you can also allow a portion of the traffic you trust manually.
"We have another question, we would be having another interface on the router to connect to a different network and preferably does not configure this interface as approved or not approved, in this scenario, if all traffic from undefined interface will be able to access the interface of confidence or also not approved interface?
If the inspection rule is applied in the direction of untrusted interface oubound, do not hesitate to unplugged other interfaces as being approved.
Concerning
-
1721 router + 4esw, WIC + IOS firewall
Hello
I have a router (192.168.157.254) Cisco 1721 with a 4port10/100 wic installed.
Is it possible to filter using IOS Firewall if wic address and lan are similar? I know it's that they have different ip addresses is possible, but if they are in the same LAN?
For example:
A server (192.168.157.10) connected directly to the router FILTER wic and using the LAN interface.
Is possible?
Best regards
Yes, the IOS Firewall can filter even if the address LAN and wic are similar. The following link can help you
http://www.Cisco.com/en/us/docs/iOS/12_4/secure/configuration/guide/schfirwl.html
-
IOS Firewall feature set and slow down access HTTP...
Recently turned on the firewall, on a router, and often feature some
Web sites are rather slow. I tweaked the ip inspect max-incomplete and
one - minutes, but the problem persists - deletion of IP inspect and these
command solves the problem.
ANY ideas on how to fix?
Sincerely,
Daniel Melameth
You inspect http traffic in particular? If Yes, I would like to remove this and just inspect other protocols and tcp and udp in general. Inspection of http is really useful if you want to stop the Java applets arrive, which to be honest, that almost person does. If you do not have something like this, remove the inspection of http as it slow down considerably.
That said, 12.2 (8) T has had a lot of performance improvements put into it for the CBAC specifically, you can also try the upgrade than or later to see if it solves the problem also. See http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/ftfirewl.htm
-
Multi-tenant IOS Firewall and security even subinterfaces 9.0
Hi all
I'm so used to< 8.3="" and="" am="" having="" great="" difficulty="" getting="" an="" environment="" working="" properly="" so="" i'm="" now="" going="" to="" leverage="" the="" cisco="">
We set up a network with clients behind a pair of 5510 s. All of these clients will have their own dedicated sous-interface in their own VLAN. Out the door, I got inter - allowed security-same interface and all networks communicate with each other. I certainly don't want that, so I have disabled this command and now each network client is unable to communicate with each other, as expected.
The problem now lies in networks where a customer have 2 VLANS separated (say a staging and a prod environment) where they need to communicate. Is it feasible if they are of the same security level and even security allowed inter-interface is disabled? I just need to create an ACL for the networks to talk? Is there a better way to do this with the same security allowed active inter-interface?
8.3 pre, I have same security allowed active inter-interface, but traffic could not speak to the other interface unless I created an exemption NAT and ACLs. Always create a NAT exemption?
Hello
The basic problem that you run with different software levels is the parameter 'nat-control' that exists in 8.2 (or earlier version), but does not exist in version 8.3 (or subsequent version of the Software ASA).
In the 8.2 and pre software you got with the nat configuration change 'control' of requiring a connection to have a NAT configuration to be able to pass traffic through the ASA. Of course this coupled with the 'security level' gave you more changes to control traffic without resorting to the ACL.
However, in the new software of 8.3 and later the "nat-control" level no longer exists and that a connection has a NAT configuration that be applied or not ASA still allows the connection (subject other ASA controls allow) so basically you won't need NAT configurations between your local interface. The most common NAT configurations should be between your local interface and the "external" ASA interface.
If you try to control traffic between interfaces with the global configuration commands you mention, you will eventually be 'juggling' with the 'security level' configurations autour constantly so that the correct rules for traffic is applied.
This question came up on these forums every now and then, and I almost always offer the same approach which is to set up an ACL on EACH interface of the ASA.
- Remember to leave the 'same-security-traffic"on the SAA configurations. It is because even if you have interface ACL allowing traffic, if they are for some reason any left with identical "security level"custom ACL be sufficient to allow the traffic. "
- Configure each interface an ACL
- Initially to configure the ACL to create a "object-group" that will contain EACH network behind your local interface of firewall (except the "outside" ofcourse)
- Use this category 'object' at THE start of ACL interface to BLOCK ALL traffic behind this interface to these networks
- After that allow or block different/Out Internet - linked as usual traffic
- In the same networks 2 (or more) behind the need of different interfaces to communicate with each other, set up a statement that allows early each ACL. The already existing 'decline' exposed with the 'object' group already will ensure that other traffic between networks are blocked
A very simple example, you might want to consider the following
Networks:
- LAN1: 10.10.10.0/24
- LAN2: 10.10.20.0/24
- DMZ1: 192.168.100.0/24
- DMZ2: 192.168.200.0/24
permit same-security-traffic inter-interface
Interface GigabitEthernet0/0
Description box
interface GigabitEthernet0/0.10
VLAN 10
nameif LAN1
security-level 100
IP 10.10.10.1 255.255.255.0
interface GigabitEthernet0/0.20
VLAN 20
nameif LAN2
security-level 100
IP 10.10.20.1 255.255.255.0
interface GigabitEthernet0/0.100
VLAN 100
nameif DMZ1
security-level 100
IP 192.168.100.1 address 255.255.255.0
interface GigabitEthernet0/0,200
VLAN 200
nameif DMZ2
security-level 100
192.168.200.1 IP address 255.255.255.0
object-group network BLOCK-LOCAL-NETWORKS
object-network 10.10.10.0 255.255.255.0
object-network 10.10.20.0 255.255.255.0
object-network 192.168.10.0 255.255.255.0
object-network 192.168.20.0 255.255.255.0
access-list LAN1 - IN note allow HTTP / HTTPS in the DMZ1 Server
access-list LAN1 - permit tcp 10.10.10.0 255.255.0 host 192.168.100.100 eq www
access-list LAN1 - permit tcp 10.10.10.0 255.255.0 host 192.168.100.100 eq https
LAN1-IN access-list note block traffic to another local network
access-list LAN1 - deny ip any object-group NETWORK-LOCAL-BLOCK
Note LAN1-IN access list allows any outbound
access-list IN LAN1 ip 10.10.10.0 allow 255.255.255.0 any
LAN1-IN group access to the LAN1 interface
And of course all other ACL would follow the same model in one form or another. You would really have to worry about traffic is allowed between interfaces, but rather the most work would probably add "allowed" in the upper part of each ACL when required for communication inter-interface. But I guess that the amount of these additions would remain also to a manageable level for FW admins.
Naturally in environments the biggest you would probably get a high-end ASA and virtualize it and separate each customer environment in their own security context where you would avoid this situation together. Naturally the biggest points against this solution usually can be fresh and the fact that virtualize the ASA multiple context mode disables some essential operational capability of the SAA, which the most important is probably the Client VPN connections (VPN L2L is supported in the software in multiple context Mode 9.x)
Hope this helps
Don't forget to mark the reply as the answer if it answered your question. And/or useful response rates
Request more if needed
-Jouni
-
IOS Firewall between network internal
Does anyone have an example of configuration or a guideline for the implementation of a standard firewall between a group internal?
The scenario is a 3640, with only 2 network interfaces to provide a firewall for a small network with only 3 customers on this subject who need access to internal LAN of business for an application only.
I have loads of info on all other types of scenario, but not one like this where no internet access is required or used and 2 networks are connected by frame relay or ISDN.
Any help would be greatly appreciated.
Claiming that only TCP applications are used and a specific web server. In addition, this example assumes that the 3640 is at the remote site. If the other access is desired you will need to check other protocols. Don't forget that you will need directions on the local and remote router to the appropriate subnets. For security, it would also make sense to limit
inspect the name fw tcp IP
interface ethernet0/0
customer group-access IP in
interface serial0/0
IP inspect fw in
customer IP extended access list
allow any host 192.168.1.2 eq 80
-
IOS firewall/Internet on DSL (PPPoE)
I have a Cisco 2651XM laying around and I want to implement a NAT (inside) firewall and the external interface to dial a number using PPPoE (it would be connected to t a DSL modem). How can I do this?
Thank you!
Also, make sure that your user name and the password that you use for pap authentication are correct. It won't hurt delete this statement and configure it again just to make sure that you did not a character during the first extra space that you inadvertently configured.
-
Using Cisco IOS Firewall VPN clinet
Hello
I configured RTR1 to support VPN Clients. RTR1 has a site 2 RTR 2 site VPN tunnel.
Customer VPN connected to RTR1 have RTR1 LAN IP connectivity. How can I get the VPN Client LAN to access the local network RTR2?
I've included the VPN Client LAN to be ecrypted in the VPN tunnel to the LAN RTR2 and Vice Versa. I also tried a static router configured on RTR2 for the LAN of Client VPN IP WAN RTR1 serving of next hop.
Still doesn't work is not for me. Any ideas?
Thank you
The other side added your remote VPN client pool to its configuration? The remote site must know its interesting traffic as well. Is RTR2 NAT'ing? Cleaned the configs for the two routers would help a lot.
-
Hello - I have a 3640 that is segment 2 internal LAN. There are 2 ports fastethernet on the box. I can't ping a network to another and vice versa. Even with all the icmp access allowed in both directions. I can however ping insofar as the router on both sides. The router can ping all customers on each side.
When I do a sh ip road, it shows the two directly connected networks even if it does not show 2 subnets divided into subnets. Also with controls different debugging, I see that the packages be droppped. Errors are no way of ip Routing, the udp port any source, ip address is our interface, there is even an error saying wrong cable type.
Here is a copy of the configuration.
!
horodateurs service debug uptime
Log service timestamps uptime
encryption password service
no service tcp-small-servers
no service udp-small-servers
!
hostname 3640GW
!
Enable
!
IP source-route
no ip-server name
!
IP subnet zero
no ip domain-lookup
IP routing
!
!
no ip inspect the audit trail
inspect the IP tcp synwait-time 30
inspect the IP tcp, finwait-time 5
inspect the IP tcp idle time 3600
inspect the IP udp downtime 30
inspect the IP dns-timeout 5
IP inspect a minute 900 low
IP inspect a high minute 1100
IP inspect 900 low max-incomplete
IP inspect high 1100 max-incomplete
inspect the tcp host incomplete-max 50 IP block-time 0
!
FA 0/0 interface
no downtime
Connected wireless description
IP 192.208.127.199 255.255.255.0
IP access-group 101 in
KeepAlive 10
!
FA 0/1 interface
no downtime
Connected to the CORP description
IP 192.208.126.199 255.255.255.0
IP access-group 100 to
KeepAlive 10
!
! Access control list 100
!
no access list 100
access-list 100 deny ip 192.208.127.0 0.0.0.255 any
access-list 100 permit udp any eq rip all rip eq
access-list 100 permit icmp any 192.208.127.0 0.0.0.255
!
! Access control list 101
!
no access list 101
access-list 101 deny ip 192.208.126.0 0.0.0.255 any
access-list 101 permit udp eq rip all rip eq
access-list 101 permit icmp any 192.208.126.0 0.0.0.255
!
router RIP
version 2
network 192.208.127.0
network 192.208.126.0
No Auto-resume
!
!
IP classless
no ip address of the http server
!
Any help is appreciated.
Gavin.
What exactly are you trying make here? In an ACL, 'ip' includes 'icmp', so the first line of your ACL 100 and 101 deny ICMP packets. The following two lines are probably not do anything since the two RIP UDP and ICMP, as I said, are included in "deny IP" on the first line.
In fact, your lst in each ACL line says allow packets in the interface with an IP address of the interface to other destination, will never happen.
In fact, more I watch this, looks like you have the ACL applied to each interface. If you apply ACL 100 to 101 for the fa0/1 and fa0/0 then this will probably do what you have to do.
-
VPN IPSec L2L between IOS and PIX 6.3 - MTU issue?
The side of the remote control (customer) is behind the 6.3 (5) PIX. And the side of the head end (server) is 2911 IOS on 15.0.
The IPSec tunnel rises very well and passes traffic. However, there is a server which are not fully accessible. Note, it is mainly the web traffic.
Client initiates a connection to the http://server:8000. They receive a redirect to go to http://server:8000 / somepage.jspa. Package caps show the customer acknowledges the redirect with a SYN - ACK response, but then the connection just hangs. And no other packets are received in return. I noticed that the redirected page is a .jsp and other pages that work OK are not. I also noticed that some MTU and TCP MSS configurations on the side of the head that are in place for another GRE VPN tunnel with another site. So I got in the way of the fragmentation of packets. The side PIX has all the standard configurations of IPSec as well as default MTU on the interface of the inside and outside.
When the MTU is set manually on the client computer to 1400, the access to the works of http://server:8000 / somepage.jspa very well. So I need to tweak the settings of PIX. I tried to adjust the MTU size on and abroad the interface as well as the parameter "sysopt connection tcp - mss. I don't know what else to do here.
Here is a summary of the MTU settings on the head of line:
End of the head:
int tunnel0 (it's the GRE tunnel)
IP mtu 1420
source of tunnel G0/0
dest X.X.X.X
tunnel path-mtu-discovery
card crypto vpn 1
tunnel GRE Description
blah blah blah
card crypto vpn 2
Description IPSec tunnel
blah blah blah
int g0/0 (external interface)
no ip redirection
no ip unreachable
no ip proxy-arp
Check IP unicast reverse
NAT outside IP
IP virtual-reassembly
vpn crypto card
int g0/1 (this is the interface to the server in question)
no ip redirection
no ip unreachable
no ip proxy-arp
IP nat inside
IP virtual-reassembly
IP tcp adjust-mss 1452
HA, sorry my bad. Read the previous post wrong.
(Note: Yes, the SMS on the tunnel interface should be 40 bytes less than MTU).
Do not twist the MTU, not for TCP problems (not as the first step), it is safer to play with the MSS. MTU may depend on other things (OSPF for example).
Make a sweep of a ping with DF bit set with the size (from 1300 bytes for example). By doing this, you want to check what is the maximum size of the package, which you can test through the IPsec tunnel. Once you have this value consider - subtract 40 and this defined as value MSS of the LAN interface (and adjust the value of PIX if you can).
M.
-
As a transparent (bypass) PIX firewall?
I'm doing a school project that involves the use of a firewall PIX between the ISP and the edge of the network router. The goal is to make the network as secure as possible using only the PIX. Ideally, I'd like that it if an attacker could not even see the PIX was there. It made me think if the PIX can act as a transparent firewall, otherwise said, not having all the IPS assigned to the interfaces nor do no routing, simply inspect/forward traffic between inside/outside interface. Otherwise, I'll have to create a small 30 between the ISP and the PIX from the outside, and the border router and the route PIX inside and between them.
If I do the latter, can you give me advice on how to secure more PIX? Here is my config:
interface ethernet0 10full
interface ethernet1 100full
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
activate the password encrypted x
passwd encrypted x
pixfirewall hostname
domain pix.local
fixup protocol dns-length maximum 512
No fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol 2000 skinny
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names of
access-list 100 permit icmp any any echo response
pager lines 24
Outside 1500 MTU
Within 1500 MTU
IP 10.0.0.1 address outside 255.255.255.252
IP address inside 10.0.0.5 255.255.255.252
IP verify reverse path to the outside interface
IP verify reverse path inside interface
IP audit name AttackPolicy attack action alarm down reset
IP audit name InfoPolicy info action alarm down reset
verification of IP outside the InfoPolicy interface
interface IP outside the AttackPolicy check
verification of IP within the InfoPolicy interface
verification of IP within the AttackPolicy interface
disable signing verification IP 2000
disable signing verification IP 2004
don't allow no history of pdm
ARP timeout 14400
NAT (inside) 0 0.0.0.0 0.0.0.0 0 0
Access-group 100 in external interface
Route outside 0.0.0.0 0.0.0.0 10.0.0.2 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225
H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00
Timeout, uauth 0:05:00 absolute
GANYMEDE + Protocol Ganymede + AAA-server
RADIUS Protocol RADIUS AAA server
AAA-server local LOCAL Protocol
No snmp server location
No snmp Server contact
SNMP-Server Community public
No trap to activate snmp Server
enable floodguard
Telnet timeout 5
SSH timeout 5
Console timeout 5
Terminal width 80
Any help is appreciated! Thank you!
Chris
The PIX can now act as a layer 2 firewall, this feature will be in the next major version of the code should be out later this year. For now you will need a small subnet between the ISP and the PIX.
If you do not want to see the PIX then the first thing is to make sure it does not meet the pings. Use the "icmp" command (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#wp1026574) for. Make sure you allow ICMP unreachable to the outside interface well and Path MTU Discovery can work properly (http://www.cisco.com/warp/public/105/38.shtml#pmtud_fail).
Other than that, it seems very good, pretty standard.
-
Dear!
When I start to download data - tunnel breaks down, when my speed more then 50 Mbps. In addition, my Cisco 3925 will restart and makes the crashdump file after that (it is empty). This occurs only when the speed more than 50 Mbit/s. At other times - it works very well.
Friends, give me please a few ideas... I need help
Between routers MPLS cloud.
Router
interface Tunnel20
Xxx description
bandwidth 100000
IP vrf forwarding has
IP 192.168.199.51 255.255.255.254
IP 1400 MTU
Security LAN of the Member's area
IP tcp adjust-mss 1360
delay of 40000
QoS before filing
tunnel source 192.168.199.49
tunnel destination 192.168.199.48
tunnel path-mtu-discovery
Profile of tunnel ipsec protection hasInterface Port - channel1.200
MPLS-LINK description
bandwidth 100000
encapsulation dot1Q 200
IP 192.168.199.49 255.255.255.254
Security LAN of the Member's area
service-policy output Shaperclass-map correspondence nyc
traffic SMB Description
game group-access 192
voice of match class-map
traffic of voice Description
match ip rtp 16384 to 16383
game group-access 191
match class-map signaling
Description
game group-access 190Expand the list to access IP 190
10 permit tcp any any eq 5060
20 permit udp any how any eq 5060Expand IP 191 access list
10 permit udp everything any 16384 32767 Beach (298122 matches)
20 permit udp any any priority critical
30 permit udp any any ef dscpExpand the IP 192 access list
10 permit ip 192.168.46.0 0.0.0.255 (1842151 matches)
20 ip allow any 192.168.46.0 0.0.0.255policy-SPEECH card
voice of the class
percentage of priority 5
New York class
percentage of priority 35
signalling of class
percentage of priority 2
class class by default
Fair/fair-queue
Policy-map Shaper
class class by default
form average 100000000
VOICE of service-policySH ver
Cisco IOS software, software of C3900e (C3900e-UNIVERSALK9-M), Version 15.3 (3) M6, RELEASE SOFTWARE (fc1)
Technical support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.Router B
As a router has but the IP 192.168.199.50 255.255.255.254
Crypto
Profile of crypto ipsec has
game of transformation-ESP-3DES-SHACrypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
tunnel modeYou almost certainly have the buggy software. I would recommend that you pass to the output 15.4.3M5 gold star. You need a Cisco maintenance contract to get the software, for example a SmartNet.
Maybe you are looking for
-
ReadyNAS hardware compatibility list is too old. Can I use some 6 TB of HDD with this NAS?
-
UPDATE OF THE BIOS ACER E5-573-32 D 9
Hello. I have a brand new D-E5-573-32 9 with an outdated BIOS. Sure to update with 1.37 (1. N16S-GT 4 G vbios to 82.08.46.00.44 update 2. Table update of brightness) as of 10/03/2016? Thank you
-
Windows XP appearing is not in the startup of Windows 7
Well, that's how all passed down, I was given an Acer Aspire 5532 to a friend who found and had no inside hardrive. Naturally, I have a blank hard drive and I installed Windows XP on my new laptop computer. EVERYTHING worked perfectly as Windows XP h
-
IRQL_NOT_LESS_OR_EQUAL BSOD Windows 8
My computer has recently been blocked every time the screen goes blue and it says the cause of was irql_not_less_or_equal, has happened four times now, I have reinstalled my graphics drivers from AMD, twice, twice the completely uninstalled and then
-
Hierarchy of language 2 Adobe muse
Adobe Muse. Can someone please show me the site map hierarchy when creating a 2 language site example swe / engl bound by two flags.I know I must connect the flags to two different home pages...I would love to see the structure. PleaseEva[Ask in the