No not removed from the external interface access-list access list?
PIX515
customer wanted to modify the access list (add a new line)
so he has first publish no access-list command can
apply the change to the access list, but the access list has been
removed from the interface outside
is this a normal behavior? on routers access list stay connected
for the event of the interface if you issue no access-list command
Thanks in advance for any comments
JYP
Hi Thibault-
No, it is not a normal behavior, sounds more like an error by the customer. It's always a good idea to copy the required ACL on a text editor (Notepad) do not forget to include "access-group command" i.e. "access-group interface inside inside' or 'access-group out in interface outside' - when copying the required ACL and then issues a 'no access-list inside' or 'no access-list outside' the first line in the ACL copied on your notebook before copy you it to the PIX , also make sure that you are using the config and make an "m wr" (write memory) after the ACL modified have been applied on the PIX.
Hope this helps-
Tags: Cisco Security
Similar Questions
-
How to restore pictures that have been deleted from Lightroom, but not removed from the 'drive '? Also, how can I restore photos after saving Lightroom. I started to remove some files and it removed ALL of them! I chose the option "cancel delete files" and them brought back, she says they are all "missing or offline. I tried to 'find' a different folder and it deleted the folder all together and now I don't know where he is. Help, please!
How to restore pictures that have been deleted from Lightroom, but not removed from the 'drive '?
You need a backup of your Lightroom catalog file before deleting the photos made. You have such a backup? If so, find the backup catalog, open it (double click on it) and then search for the photos you want and select them and then file-> export catalogue; Then go to your original catalog file, open it and select file-> import from another catalog and points to the catalog that you just exported.
If you do not have a backup of your catalog file, then the only thing you can do is to import the photos again, and Lightroom will treat them as totally new photos with no editing and no metadata provided by the user.
Moreover, the idea of importing photos into Lightroom and then later removing them to Lightroom should is limited to photos you will EVER want such a photos that are so overexposed or underexposed or blurred that they are essentially useless. The photos that you care enough to run a task on (including editing) should never be removed from Lightroom.
Also, how can I restore photos after saving Lightroom.
Is this the same problem as above, or another?
I chose the option "cancel delete files" and them brought back, she says they are all "missing or offline.
Is it possible that you actually deleted pictures from the hard disk, as well as from Lightroom? Anyway, Lightroom cannot find the photos and you first need to find photos on your hard drives and then direct Lightroom to the location of the photo on your hard drive, using these instructions Adobe Lightroom - find folders and files moved or missing
-
ASDM does not work in the external interface
Hello
I'm new to ASA. I have ASA 5510 and strives to enable ASDM access through the external interface. but is not working for me... not. I set up a public ip address on the external interface and activated the ssh and asdm. SSH works but asdm does not work. This is a test environment, so I have not yet set up an ACL.
VPN-TEST # show version
Cisco Adaptive Security Appliance Version 8.2 software (1)
Version 6.2 Device Manager (1)
Updated Wednesday, 5 May 09 22:45 by manufacturers
System image file is "disk0: / asa821 - k8.bin.
The configuration file to the startup was "startup-config '.
VPN TEST up to 4 hours and 33 minutes
Material: ASA5510, 1024 MB RAM, Pentium 4 Celeron 1600 MHz processor
Internal ATA Compact Flash, 256 MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024 KB
Hardware encryption device: edge Cisco ASA - 55 x 0 Accelerator (revision 0 x 0)
Start firmware: CN1000-MC-BOOT - 2.00
SSL/IKE firmware: CNLite-MC-Smls-PLUS - 2.03
Microcode IPSec:-CNlite-MC-IPSECm-HAND - 2.04
0: Ext: Ethernet0/0: the address is d0d0.fd1d.8758, irq 9
1: Ext: Ethernet0/1: the address is d0d0.fd1d.8759, irq 9
2: Ext: Ethernet0/2: the address is d0d0.fd1d.875a, irq 9
3: Ext: Ethernet0/3: the address is d0d0.fd1d.875b, irq 9
4: Ext: Management0/0: the address is d0d0.fd1d.8757, irq 11
5: Int: not used: irq 11
6: Int: not used: irq 5
The devices allowed for this platform:
The maximum physical Interfaces: unlimited
VLAN maximum: 50
Internal hosts: unlimited
Failover: disabled
VPN - A: enabled
VPN-3DES-AES: enabled
Security contexts: 0
GTP/GPRS: disabled
SSL VPN peers: 2
The VPN peers total: 250
Sharing license: disabled
AnyConnect for Mobile: disabled
AnyConnect for Linksys phone: disabled
AnyConnect Essentials: disabled
Assessment of Advanced endpoint: disabled
Proxy sessions for the UC phone: 2
Total number of Sessions of Proxy UC: 2
Botnet traffic filter: disabled
This platform includes a basic license.
VPN-TEST # http see race
Enable http server
http 0.0.0.0 0.0.0.0 outdoors
VPN-TEST # display running asdm
ASDM image disk0: / asdm - 621.bin
enable ASDM history
Could someone please help me know what Miss me?
Kind regards
Praveen
That's it, please add any combination of encryption by using the command "ssl encryption" algorithms, please add them in one line next to each other, and you can use '? ' to check available combinations.
Kind regards
Mohammad
-
Can't ssh on pix from the external interface
I am using s/w ver 7.0 (4).
The config for ssh is:
generate crypto module rsa keys 1024
WR mem
SSH a.b.c.d 255.255.255.255 outside
but it does not work.
Help, please
Yes, if your external interface is mapped to y.y.y.y, then you will be not able to ssh to x.x.x.x as it will be pass on to y.y.y.y.
You can change the static 1 to 1 to the port for each particular port address translation you need sent to y.y.y.y.
Please evaluate the useful messages.
-
Enemies do not removed from the scene if clicked with the mouse.
I encountered another problem, I wrote the code for when I click on an enemy, it does not add one point to the score and it does not remove the enemy, I have a textfield called messageDisplay which is linked to the clickEnemy function.
Here is the piece of code.
stage.addEventListener (MouseEvent.CLICK, clickEnemy);
function clickEnemy(event:MouseEvent):void
{
If (Cursor.hitTestObject (enemyAppear))
{
Note ++
messageDisplay.text = String (score);
enemyAppear.parent.removeChild (enemyAppear);
}
}
stage.removeEventListener (MouseEvent.CLICK, clickEnemy);Any help is appreciated, thanks Casey.
you remove your click listener so that it never works. Difficulty to fix your problem.
-
Dynamic content hidden element is not removed from the div
Hello
I have a few dynamic symbols horizontally
for example
.......
Symb. CSS ({"background-size': 'contain', 'position': 'absolute', 'left': i * 86 +"px"," top ":"0px"})
the result is similar like below:
Pen pencil car laptop power book
If I hide the car symbol and the food, the result is
Pen pencil phone book
It hides, but without putting the symbol than forgotten laptop.
How can we get that laptop symbol moved to the positions of hiden?
If I use float instead position he give me the result form:
Pen
Book
Pencil
Car
Food
Laptop
Here's a demo: menuDisplay.zip - Box
What is your case?
-
For the second time in the last two weeks going through my event logs, I noticed several hundred newspaper failed attempts at the course over a period of twenty minutes. they are random user accounts that don't exist not user 1, user 2, www., or just names at random, the papers say newspaper caused by a wrong password or account. "the first of these events several connected has this message:" user * address email is removed from the privacy * could not connect, could not access the directory. ». What does that mean? Do you need access and control my computer? Any info would be a great help.
Looks like someone trying to log on your computer. Check your firewall settings to make sure that they can't.
Visit https://www.grc.com/x/ne.dll?bh0bkyd2 the site "shields up" to perform a check. Some people to dismiss the guy who runs it, but the test doesn't show you which allows your computer to the world to see. -
HP personal media drive hp0000: remove the hard drive from the external area.
My external hard drive does not work and I would like to remove the drive from the external hard drive case. How to open the short cut through the plastic box? I have other cases of emjpty for the hard drive.
Access to the internal hard drive: methods and variants
(1) open the support HP Pocket Drive is as simple as peel back label hardened plastic on the end of usb connection and to extract both little phillip screws hidden. Once the removed screws the drive carrier will slide on the front of the case and the hard drive can be easily replaced.
(2) the same video
(3) it is very easy to detach. With a small flat screwdriver take the label on the back cover. This will reveal the 2 small Phillips head screw. Remove them and gently pull the back cover. Then gently push all inside the well hard drive that forward into the aluminum housing. Careful not to push the reader through the case and on the floor.
-
Network for access to the external interface inside
Hey,.
I have an ASA5520 7.2 (1) I have a few probs with - which is something I struggle with that.
I'm trying to hit a website of a host on the inside network that is actually hosted internally, but decides the static NAT would focus on the external interface of the firewall.
Now I can see the TCP built, translation occurring at a port on the external interface, this port high dialogue to one of the static electricity would be addresses on the external interface, then that's all. There are no more entries in my journal in regards to the connection and I get not syn on the internal web server is so the connection is not back in.
IP address outside 222.x.x.9 255.255.255.248
IP address inside 192.168.87.1 255.255.255.0
Static NAT to Web servers: -.
public static 222.x.x.10 (Interior, exterior) 192.168.87.5
access lists access... :-
list of allowed inbound tcp extended access any host 192.168.87.5 eq http
Access-group interface incoming outside in
Everything works fine when creating a global internet address - just not when address from inside and dynamic PAT is performed to the original address.
Here's a capture session by using the following access to capture list inside and outside interfaces simultaneously
permit for line of web access-list 1 scope ip host 222.222.222.10 all
web access-list extended 2 line ip allow any host 222.222.222.10
on the INSIDE interface (nothing is connected to the outside) (ip addresses have been replaced by nonsense) - but address 222 is would take into account the interface static and the other is on the internal network.
316: 19:14:02.900206 192.168.87.10.2275 > 222.222.222.10.80: S 2029971541:2029971541 (0) win 64512
317: 19:14:05.973185 192.168.87.10.2275 > 222.222.222.10.80: S 2029971541:2029971541 (0) win 64512
192.168.87.10 is my client is trying to connect
Someone of any witch hunt, which is stop this function work?
All networks are directly attached and there is no route summary ancestral anywhere.
I hope you guys can help!
Concerning
Paul.
To my knowledge the ASA supports only hairpining on a VPN tunnel. The security apparatus does not allow traffic that is sent to an interface to go back in the direction of what she received.
-
VPN SSL from the inside on the external interface
Hi all
First of all I know that I can activate the SSL interface inside, but that's not what I need or want.
Scenario:
Several interfaces and VLAN on the SAA (running 8.0.5).
SSL VPN configured and enabled on the external interface.
Need to know if it is possible to access the SSL VPN from other interfaces directly to the IP address external interface, something like her hairpin.
Possible a solution (if it exists) with or without NAT (I have public IPs on some interfaces).
This will be useful for users who can connect any interface (inside, outside, or other) and with only a DNS record, I'll be able to manage everything.
Concerning
PS: Is DNS doctoring an option? The tests that I have done this does not work.
Post edited by: rcordeiro
Hello
Unfortunately, it is not possible. You cannot communicate with an ASA interface which is not directly connected through the firewall.
Kind regards
NT
-
I've updated my new VISA info so Hotmail can renew my presentation once - for a year, BUT I can't get into my Hotmail now!
There is a yellow banner saying that there is something that may impact my use
and Microsoft MAY be putting a hand on me re: more info (?)
BUT IT will be HARD to DO SINCE I can NOT ACCESS MY * E-mail address is removed from the privacy * (the only email address I!) e-mail
to see if Microsoft HAS tried to contact me. Help me! my phone number is in Calgary, Alberta, Canada
Someone PLS CALL me an ANSWER how to get this FIXED!
Call me: * deleted phone number * because I can't read an email response - obviouslyl\
Hello SherryO.,.
The best place to ask your question of Windows Live is inside Windows Live help forums. Experts specialize in all things, Windows Live, and would be delighted to help you with your questions. Please choose a product below to be redirected to the appropriate community:
Looking for a different product to Windows Live? Visit the home page Windows Live Help for the complete list of Windows Live forums to www.windowslivehelp.com.
-
I can not access my old email account (* address email is removed from the privacy * to export contacts and messages to my new account (* address email is removed from the privacy *))
Hi SharonPhillips,
Which email client you are using?
If you use Windows Live Mail, I recommend you to ask your question to the Windows Live Mail support for assistance.
Hope the helps of information.
-
Access ASDM ASA on the external Interface
We have three ASA5510s, each configured for ssh and http access to the Cel outside. One of them has aaa users/passwords defined for both ssh and http. I can access the ASA configured for aaa of the designated host allowed in the external interface normally using credentials of the aaa. When I try to access one of the other two, they will refuse the enable login password. The configured aaa ASA is version 8.2 with ASDM 6.21. The other two are the two ASA version 7.0 with ASDM 5.07. The ASA requires aaa is configured for https access? How can I make these other two accept the ASDM login? Thank you!
If you do not have aaa then configured for ASSISTANT Deputy Ministers, you must use empty username and password enable.
Also, you can use the "aaa authenticate http LOCAL console" and use a user/pwd to a private 15 user name to connect to the ASDM.
To resolve what is a failure you can activate "debug http" and "debug aaa" on the SAA to see the reasons for which the user is rejected.
I hope it helps.
PK
-
VPN; list of access on the external interface allowing encrypted traffic
Hi, I have a question about the access list on the external interface of a router 836. We have several routers on our clients site, some are lan2lan, some are client2router vpn.
My question is; Why should I explicitly put the ip addresses of the client vpn or tunnel lan to the access list. Because the encrypted traffic to already allowing ESPs & isakmp.
The access list is set to the outgoing interface with: ip access-group 102 to
Note access-list 102 incoming Internet via ATM0.1
Note access-list 102 permit IP VPN range
access-list 102 permit ip 192.123.32.0 0.0.0.255 192.123.33.0 0.0.0.255
access-list 102 permit ip 14.1.1.0 0.0.0.255 any
access-list 102 permit esp a whole
Note access-list 102 Open VPN Ports and other
access-list 102 permit udp any host x.x.x.x eq isakmp newspaper
I have to explicitly allow 192.123.32.0 (range of lan on the other side) & 14.1.1.0 (range of vpn client) because if I'm not I won't be able to reach the network.
The vpn connection is not the problem, all traffic going through it.
As far as I know, allowing ESPs & isakmp should be sufficient.
Can anyone clarify this for me please?
TNX
Sebastian
This has been previously answered on this forum. See http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.ee9f970/0#selected_message for more details.
-
I have several e-mail accounts, which is my original yahoo account that I used to almostt 2 years. (* E-mail address is removed from the privacy *) I did experiments to access this account with all my problems of very important Business inside. The problem is that this account always wonder an old security question, for which I don't have the right answer for access. If I ask too many times, I will be locked for 24 hours. I tried to link my account 'Facebook' for this particular Yahoo account, but my 'LENOVO' Lap Top computer with the Windows 7 operating system continues to send me an "Error Message". The Yahoo application question is - where I spend my honeymoon? It's not like I don't know where my wife and I where for our honeymoon wedding 8 years-although that every answer I entered appears to be incorrect. I don't remember what my specific Yahoo answer - that is looking for.
Please can someone help me with this issue tonight here in France?
Sincerely,
Robert T.
Best regards
Wow, this is the longest hyperlink that I've ever seen :)
Maybe you are looking for
-
Hi I just bought iPhone 5s a week ago. I checked the battery cycle count was 170, the full capacity of the battery is 1600. Now the number of cycle is 189, but the total capacity fell to 1500. Is this normal? Thanks, has soon
-
Hello I bought a lenovo y500 (1 to 6 GB of RAM, GT 650SLI, i5 dual core 2.6 Ghz( ) a year ago. I now have this audio problem where I must pass the lid of my laptop at an angle for the speakers to work. I have updated drivers already, all done updates
-
Is there anyway to change the Xp pro from Spanish language to English 100%?
Basically I have a Spanish version of Xp installed on my computer. I want to update so that everything is in English of the screen starting and all that comes after. Instead of say Bienvenido when it starts, I want to say welcome I want to say change
-
Problem with connection yahoo on vista
I need help with yahoo on vista. Since I installed SP2 I can't sign in yahoo. I've already deleted yahoo and deleted the registry, after rebooting, I downloaded a new yahoo yahoo.com and same problem. Below that you can results I got from yahoo. Chec
-
How to convert a system Windows movie maker file to a Windows Live Movie Maker.
Then I take a system windows movie maker file and put it in a windows live movie maker?