No password Group tunnel inside the backup of the ASA
Hi did anyone know why group tunnel passwords have been removed from the config. See below
IPSec-attributes tunnel-group TG_RAS
pre-shared-key *.
This means that if I try to restore the config I have a * as pre-shared key password.
Is it possible to have the pre-shared key shown as encrypted text?
Thank you very much
Hello
Make a ' writing NET tftp_server_ip:filename "and then open the file from the tftp server. It should be in a format that is not encrypted. Encryption is caused by the PIX software.
Kind regards
Arul
* Rate pls if it helps *.
Tags: Cisco Security
Similar Questions
-
Cannot ping inside the ASA from the inside interface
Don't know what I did wrong... appreciate any help
Here is the page layout
laptop--> cisco 3750 switch--> ASA5505 firewall--> future VPN tunnel
Laptop, switch interface VLAN and inside the ASA are all in the same subnet
Switch and ASA have all interfaces local network VIRTUAL 52 (the subnet in question), except for the external interface
-----------------
This is the problem
laptop getting ip addressing and def GW via DHCP from the firewall
switch and FW can ping each other without problem
FW can't ping, still gets the DHCP scope.
Thank you
Dave
Hello
How did you setup?
The laptop is connected to a port of the 3750 (VLAN 52).
The connection between the 3750 and the SAA is a chest or a link L3?
If the 3750 has a SVI belonging to VLAN52, you can ping from the correct PC? As well as the ASA?
Federico.
-
Connected to the ASA via the "VPN Client" software, but cannot ping devices.
I have a network that looks like this:
I successfully connected inside the ASA via a software "Client VPN" tunnel network and got an IP address of 10.45.99.100/16.
I am trying to ping the 10.45.99.100 outside 10.45.7.2, but the ping fails (request timed out).
On the SAA, including the "logging console notifications" value, I notice the following message is displayed:
"% 305013-5-ASA: rules asymmetrical NAT matched for flows forward and backward; "Connection for icmp src, dst outside: 10.45.99.100 inside: 10.45.7.2 (type 8, code 0) rejected due to the failure of reverse path of NAT.
I have a vague feeling that I'm missing a NAT rule of course, but not all. What did I miss?
Here is my configuration of ASA: http://pastebin.com/raw.php?i=ad6p1Zac
Hello
You seem to have a configured ACL NAT0 but is not actually in use with a command "nat"
You would probably need
NAT (inside) 0-list of access inside_nat0_outside
He must manage the NAT0
Personally, I would avoid using large subnets/networks. You probably won't ever have host behind ASA who would fill / 16 subnet mask.
I would also keep the pool VPN as a separate network from LANs behind ASA. The LAN 10.45.0.0/16 and 10.45.99.100 - 200 are on the same network.
-Jouni
-
Hello
I don't know what could be held, vpn users can ping to the outside and inside of the Cisco ASA interface but can not connect to servers or servers within the LAN ping.
is hell config please kindly and I would like to know what might happen.
hostname horse
domain evergreen.com
activate 2KFQnbNIdI.2KYOU encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
ins-guard
!
interface GigabitEthernet0/0
LAN description
nameif inside
security-level 100
192.168.200.1 IP address 255.255.255.0
!
interface GigabitEthernet0/1
Description CONNECTION_TO_FREEMAN
nameif outside
security-level 0
IP 196.1.1.1 255.255.255.248
!
interface GigabitEthernet0/2
Description CONNECTION_TO_TIGHTMAN
nameif backup
security-level 0
IP 197.1.1.1 255.255.255.248
!
interface GigabitEthernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
Shutdown
No nameif
no level of security
no ip address
management only
!
boot system Disk0: / asa844-1 - k8.bin
boot system Disk0: / asa707 - k8.bin
passive FTP mode
clock timezone WAT 1
DNS server-group DefaultDNS
domain green.com
network of the NETWORK_OBJ_192.168.2.0_25 object
Subnet 192.168.2.0 255.255.255.128
network of the NETWORK_OBJ_192.168.202.0_24 object
192.168.202.0 subnet 255.255.255.0
network obj_any object
subnet 0.0.0.0 0.0.0.0
the DM_INLINE_NETWORK_1 object-group network
object-network 192.168.200.0 255.255.255.0
object-network 192.168.202.0 255.255.255.0
the DM_INLINE_NETWORK_2 object-group network
object-network 192.168.200.0 255.255.255.0
object-network 192.168.202.0 255.255.255.0
access-list extended INSIDE_OUT allow ip 192.168.202.0 255.255.255.0 any
access-list extended INSIDE_OUT allow ip 192.168.200.0 255.255.255.0 any
Access extensive list permits all ip a OUTSIDE_IN
gbnlvpntunnel_splitTunnelAcl standard access list allow 192.168.200.0 255.255.255.0
standard access list gbnlvpntunnel_splitTunnelAcl allow 192.168.202.0 255.255.255.0
gbnlvpntunnell_splitTunnelAcl standard access list allow 192.168.200.0 255.255.255.0
standard access list gbnlvpntunnell_splitTunnelAcl allow 192.168.202.0 255.255.255.0
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
backup of MTU 1500
mask of local pool VPNPOOL 192.168.2.0 - 192.168.2.100 IP 255.255.255.0
no failover
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm-645 - 206.bin
don't allow no asdm history
ARP timeout 14400
NAT (inside, outside) static source NETWORK_OBJ_192.168.202.0_24 NETWORK_OBJ_192.168.202.0_24 NETWORK_OBJ_192.168.2.0_25 NETWORK_OBJ_192.168.2.0_25 non-proxy-arp-search of route static destination
NAT (inside, backup) static source NETWORK_OBJ_192.168.202.0_24 NETWORK_OBJ_192.168.202.0_24 NETWORK_OBJ_192.168.2.0_25 NETWORK_OBJ_192.168.2.0_25 non-proxy-arp-search of route static destination
NAT (inside, outside) static source DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 NETWORK_OBJ_192.168.2.0_25 NETWORK_OBJ_192.168.2.0_25 non-proxy-arp-search of route static destination
NAT (inside, backup) static source DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 NETWORK_OBJ_192.168.2.0_25 NETWORK_OBJ_192.168.2.0_25 non-proxy-arp-search of route static destination
!
network obj_any object
dynamic NAT interface (inside, backup)
Access-group interface inside INSIDE_OUT
Access-group OUTSIDE_IN in interface outside
Route outside 0.0.0.0 0.0.0.0 196.1.1.2 1 track 10
Route outside 0.0.0.0 0.0.0.0 197.1.1.2 254
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
Enable http server
http 192.168.200.0 255.255.255.0 inside
http 192.168.202.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
monitor SLA 100
type echo protocol ipIcmpEcho 212.58.244.71 interface outside
Timeout 3000
frequency 5
monitor als 100 calendar life never start-time now
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
backup_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
backup of crypto backup_map interface card
Crypto ikev1 allow outside
Crypto ikev1 enable backup
IKEv1 crypto policy 10
authentication crack
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 20
authentication rsa - sig
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 30
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 40
authentication crack
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 50
authentication rsa - sig
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 60
preshared authentication
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 70
authentication crack
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 80
authentication rsa - sig
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 90
preshared authentication
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 100
authentication crack
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 110
authentication rsa - sig
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 120
preshared authentication
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 130
authentication crack
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 140
authentication rsa - sig
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 150
preshared authentication
the Encryption
sha hash
Group 2
life 86400
!
track 10 rtr 100 accessibility
Telnet 192.168.200.0 255.255.255.0 inside
Telnet 192.168.202.0 255.255.255.0 inside
Telnet timeout 5
SSH 192.168.202.0 255.255.255.0 inside
SSH 192.168.200.0 255.255.255.0 inside
SSH 0.0.0.0 0.0.0.0 outdoors
SSH timeout 15
SSH group dh-Group1-sha1 key exchange
Console timeout 0
management-access inside
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
internal group vpntunnel strategy
Group vpntunnel policy attributes
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list vpntunnel_splitTunnelAcl
field default value green.com
internal vpntunnell group policy
attributes of the strategy of group vpntunnell
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list gbnlvpntunnell_splitTunnelAcl
field default value green.com
Green user name encrypted BoEFKkDtbnX5Uy1Q privilege 15 password
attributes of user name THE
VPN-group-policy gbnlvpn
tunnel-group vpntunnel type remote access
tunnel-group vpntunnel General attributes
address VPNPOOL pool
strategy-group-by default vpntunnel
tunnel-group vpntunnel ipsec-attributes
IKEv1 pre-shared-key *.
type tunnel-group vpntunnell remote access
tunnel-group vpntunnell General-attributes
address VPNPOOL2 pool
Group Policy - by default-vpntunnell
vpntunnell group of tunnel ipsec-attributes
IKEv1 pre-shared-key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns migrated_dns_map_1
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the migrated_dns_map_1 dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:7c1b1373bf2e2c56289b51b8dccaa565
Hello
1 - Please run these commands:
"crypto isakmp nat-traversal 30.
"crypto than dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 Road opposite value.
The main issue here is that you have two roads floating and outside it has a better than backup metric, that's why I added the command 'reverse-road '.
Please let me know.
Thank you.
-
Tunnel of Split VPN Setup ASA to force inside the tunnel for single address
Hi all
We have an ASA with IPSec VPN facility to addresses Internet of Tunnel from Split. We have an Internet address that must come from the external interface of the ASA. I have added this address to the list of split tunnel and confirmed on the client that is the road to the tunnel, but I'm not able to get to this address via the VPN.
How the ASA to allow this unique Internet address to come via the VPN and route back on the same interface to the Internet and the return traffic to back up in the client VPN tunnel.
I need to get to the address is 213.92.42.118. Here's the config relavent (let me know if I left anything):
interface GigabitEthernet0/0
nameif outside
IP 1.1.1.1 255.255.255.0
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
name 10.80.177.0 VPN_Pool
Outbound_Ports tcp service object-group
port-object eq www
access-list extended sheep allowed any ip VPN_Pool 255.255.255.0
access-list extended users allow icmp a whole
access-list extended users enable a tcp
access-list extended users allow udp a whole
users_splitTunnelAcl list standard access allowed 10.0.0.0 255.0.0.0
standard access list users_splitTunnelAcl allow 192.168.43.0 255.255.255.0
users_splitTunnelAcl list standard access allowed 192.168.40.0 255.255.255.0
users_splitTunnelAcl list standard access allowed host 213.92.42.118FWOB list extended access permit tcp any any Outbound_Ports object-group
Global (LUXCVGASA01e) 2 1.1.1.1
NAT (LUXCVGASA01i) 2 10.0.0.0 255.0.0.0
NAT 0 access-list sheep (LUXCVGASA01i)Any help is appreciated.
-Jeff
Hi Jeff,
Just had a chance to look through the Setup and I guess that configured nat is incorrect.
access-list extended sheep allowed any ip VPN_Pool 255.255.255.0
NAT 0 access-list sheep (LUXCVGASA01i)
NAT (LUXCVGASA01i) 2 10.0.0.0 255.0.0.0Global (LUXCVGASA01e) 2 1.1.1.1
The access-list says sheep that ALL traffic goes to the pool of the VPN to go UN-natted. So, when you try to access the public ip address via the tunnel VPN, the traffic the ASA, ASA then performs a search destination NAT and matches the nat command "nat (LUXCVGASA01i) 0 access-list sheep." If the ASA detects a destination NAT translation, it will bypass route search and uses the destination NAT translation to determine the output interface (in this scenario, the output interface is LUXCVGASA01i.
So, to resolve this problem, change the acl sheep from "any to VPN_Pool 255.255.255.0" inside"to the network VPN_Pool 255.255.255.0.
clear xlate and re-initialization of the tunnel, and this should solve the problem.
Let me know if that answers your query.
Kind regards
Manisha masseur
-
When I open the System Properties dialog box, System Restore is checked, saying: she is disabled by group policy, and the system you cannot activate this option. I got a partition dedicated to my justo of hard disk to store backups and create Points of restoration with a capacity of 10 GB. How can I solve this problem?
If you see things like this:
You do not have sufficient security privileges to restore your system.
The System Restore tab is missing from the my computer properties.
System Restore has been disabled by group policy. To turn on system restore, contact your domain administrator.
The System Restore tab is available, but the turn off System Restore (disabled by Group Policy) box is grayed out.
The task manager has been disabled by your system administrator.
The registry editor has been disabled by your system administrator.
The task manager has been disabled by group policy.
The registry editor has been disabled by group policy.
The command prompt has been disabled by your administrator. Press a key to continue...
The operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.
The "Run" option is missing from the start menu.
The option "Log off."... ' is missing from the Start Menu.The usual advice are something in the sense of "something has been disabled in the group policy...". ", and it is probably true that something has been disabled, but you know what something is and what it takes to do about it.
If you are using XP Home Edition, you will get away with advice to use the Group Policy Editor, because there is no Group Policy Editor in XP Home and that really doesn't tell you where to look in group policy, even if you run the Group Policy Editor.
You need a complete solution that works for all versions of XP and requires no hunting around in the Group Policy Editor or registry to find where things are that have been disabled.
Unless you have disabled these things on purpose, chances are good that your system has a malware infection. The malware knows what tools you use to try to find and remove, for the malware disables the things you are more likely to consume and prevents them from running if you can't find the malware and remove it.
If your system has this kind of affliction, all malicious software tools you currently use or have used failed to protect your system so that you can expand your horizons malware detection and prevention to prevent these kinds of afflictions in the first place.
The malware will be happy you trick into thinking that you need to so something drastic to fix your system - as a facility repair, system restore point or a total reinstallation of XP. This is what it would be like you, but these measures are not necessary.
You must solve the immediate problem of the tools does not, then scan your system for malware when you are finished.
No matter what kind of malware you've used analytical tools, they are unlikely to solve this problem, because they cannot tell if the changes made to your system have been on purpose (you or an administrator who makes them) or some malware changed them, so the analysis tools will let these things alone (it's usually a good thing).
If your system is afflicted in this way, there are probably other things that also do not work - like the Task Manager, the registry, System Restore and command prompt Editor, so fix them all at once even if you have not discovered they are broken again.
These commands from registry removes the registry entries that are stop opening programs. Although the registry entries do not exist, these commands are safe to run and will work for all versions of XP.
Before making any changes to your registry, back up the registry with this free and popular tool:
http://www.SnapFiles.com/get/ERUNT.html
Open Notepad to create a new text file:
Click Start, run and enter in the box:
notebook
Click OK to open a new Notepad file.
Copy and paste the following lines of text into the new Notepad file.
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr" = -.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools" = -.
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
"DisableCMD" = -.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem\\\]
"DisableTaskMgr" = -.
[HKEY_USERS\.default\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr" = -.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DisableCAD" = DWORD: 00000000
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = -.
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = -.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoRun" = -.
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoRun" = -.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoClose" = -.
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoClose" = -.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSetTaskbar" = -.Save the new text file with extension .reg on your desktop or somewhere you can remember with a name you can remember, something like:
enableit.reg
After you save the file, close Notepad.
Locate the file enableit.reg on your desktop and double-click it.
Alternatively, you can right-click on the enableit.reg file, choose open with... and select the registry editor.
Answer in the affirmative to the question... Are you sure you want to add the information in the registry?
You should then see a message that information has been registered in the register.
Reboot your system and test.
You can delete the enableit.reg file when you are finished.
If the registry editor has also been disabled, we first fix (not a problem).
Given that your system has or has had an infection, follow up with this:Perform scans for malware, and then fix any problems:Download, install, update and do a full scan with these free malware detection programs:Malwarebytes (MMFA): http://malwarebytes.org/SUPERAntiSpyware: (SAS): http://www.superantispyware.com/They can be uninstalled later if you wish.For the benefit of Microsoft technical support engineers, here are some ideas offered in the past which does NOT help with this issue:
Safe Mode boot
Last good known Configuration startup
A clean boot
Sfc/scannow in running (or trying to run) -
Original title: restore Microsoft Money backup files
System crashed and had to reinstall Vista. Backup my MS Money files and am now trying to restore. It asks for my password I entered and get a message that the password is incorrect. The password entered is correct. How can I work around this problem and restore my files?
Hello
How did you create a backup of these files Microsoft Money?
Please see the article below which might help you.
Errors that you receive when you try to open Money by using your Windows Live ID credentials
http://support.Microsoft.com/kb/891338You can also try posting this question in the Microsoft Money forum for assistance.
http://social.Microsoft.com/forums/en/money/threadsThanks and greetings
Umesh P - Microsoft technical support.Visit our Microsoft answers feedback Forum and let us know what you think.
[If this post can help solve your problem, please click the 'Mark as answer' or 'Useful' at the top of this message.] [Marking a post as answer, or relatively useful, you help others find the answer more quickly.] -
I did a new install of Windows 7 Professional on a workstation, and after all the updates, I installed Cobian Backup 11.
When you set up backup Coabian first, the message "the account name is not valid, or the password is invalid for the specified account name" was shown.
I went into the "services.msc" to manually set the password for the connection (the machine connects in a Windows Server 2003 domain), but when entering the dialog (properties/connection/account/local/search/select where you want to search for.) only the 'local computer' is displayed.
I tried to enter the domain/user and the password manually, I logged in as administrator, I have excluded the uder from the server and have included him again, that I did everything in my mind but I couldn't solve the problem.
Any help is welcome.
TKS in advance.
PS: Someone asked me what support Cobian said about it. To be honest I did not support Cobian because the other four machines were all as one that has the problem and two "local computer" and "directory of the whole area" appears.
This retail driver to believe that the problem occurred is on the installation of windows 7 Professional.
Hello
We have dedicated support team for users on a domain network. I suggest you to report your query in the TechNet forums to improve assistance in this regard.
Here is the link:
Hope this information helps.
-
Default route inside the tunnel VPN Site to site
We want to carry the default traffic within the site to site VPN tunnel, our goal is to route all traffic including default branch road and HO HO help branch for surfing the internet.
I have due to difficulties
1. cannot configure dynamic NAT for the router in the branch on the ASA HO, I know configuration for 8.2, but know not about 8.4
This is the configuration for the 8.2, if someone can translate to 8.4, which would be a great help
NAT (outside) 1 192.168.230.0
2. I do not know how to write the default route on the branch office router to send all traffic within the VPN tunnel
Hello
As I understand it then you want to route ALL traffic from the Remote Site to the Central Site and manage Internet traffic there.
I suppose you could define "interesting traffic" in configuring VPN L2L ACL / access-list in the following way
Branch router
extended IP access list
allow an ip
ASA central
ip access list allow one
The idea behind the type of ACL for the VPN L2L above configurations is that, for example, the branch office router has a rule that sets connection coming from the local LAN for 'any' destination address must be sent to the VPN L2L connection. So, it would be in such a way that all the traffic will be sent to the Central Site via VPN L2L.
I must say however, that the VPN router configurations side are not more familiar to me because I manage especially with ASA Firewall (and to some extent still PIX and FWSMs)
I guess that on the ASA Central you will PAT translation to "outside" so that the host can access the Internet?
You would probably do something like this
object-group network to REMOTE-SITE-PAT-SOURCE
network-object
interface of REMOTE-SITE-PAT-SOURCE dynamic NAT (outside, outside) after auto source
If you don't want to use the 'outside' IP address, then you will have to create a 'network of object' for address IP of PAT and use it in the line of NAT configuration above instead of "interface".
Alternate configuration might be
network of the REMOTE-SITE-PAT object
subnet
dynamic NAT interface (outdoors, outdoor)
You also need to enable
permit same-security-traffic intra-interface
To allow traffic to enter and exit the same interface on the ASA
All these answers are naturally suggestion on what you have to do. I don't know what kind of configurations you have right now.
Hope this helps in some way
-Jouni
Post edited by: Jouni Forss
-
Hello. I disconnected from the home group, but when I try to join the homegroup I can't because I put a password and I forgot the password. What should I do? TQ
Hello. I disconnected from the home group, but when I try to join the homegroup I can't because I put a password and I forgot the password. What should I do? TQ
-
Backup of the GRE Tunnel using the address IP of Seconadary
Is it possible to configure a GRE Tunnel to backup using an IP of Seconadary address on the WAN interface. The router is a
Cisco 871. Any help would be greatly appreciated.
Thank you.
Nicholas
I'm not sure it would work for use a secondary address on the WAN interface for a GRE tunnel. Maybe if you tell us more about what you're trying to do we could be able to help find alternatives that would work.
Two tunnels from the same interface (even though you could use a secondary address) to another router would not provide a backup, if they work at all. Work of two tunnels of the same interface of router (and two using the main address) fairly well if they go to different remote routers, and it is a common way to provide backup for the GRE tunnels.
HTH
Rick
-
Put virtual machines inside the VMkernel port group
Hello
Network for administrators of VMware SIAS layout:
"You can not put VMs within that group of port because it is made especially for a VMkernel port."
However, I use ESXi 5.5 and is able to put normal interface of VM inside the vmk port group. (I only created 1 vmk port group so all virtual machines in the same group with the vmkernel interface)
May I know if this is a new feature, or something is wrong?
Thank you!
This may be possible with distributed switches not with standard switches.
-
Possible to change the contents of text inside the group frame?
Hello world
I'm newbibe to Indesign forums.
I had grouped image placed on the rectangle frame and the text. now I need change content text frame using indesign Javascript
Possible to change the content of text inside the group frame... ?
-yajiv
Hello
Try the following lines.
main(); function main() { if (app.documents.length != 0 && app.selection.length == 2 ) { if( app.selection[0].constructor.name == "Group" && app.selection[1].constructor.name == "Group" ) { var sel1 = app.selection[0]; var graphics1 = sel1.allGraphics[0].itemLink; var text1 = sel1.textFrames[0].contents; var sel2 = app.selection[1]; var graphics2 = sel2.allGraphics[0].itemLink; var text2 = sel2.textFrames[0].contents; sel1.textFrames[0].contents = text2; sel2.textFrames[0].contents = text1; var fP1 = File( graphics1.filePath ); var fP2 = File( graphics2.filePath ); graphics1.relink( fP2 ); graphics2.relink( fP1 ); } // if else { alert ( "Select 2 groups!" ); } // else } // if else { alert ( "Wrong selection!" ); } // else } // main
Although it might work for you, it is probably not advisable, because if you apply other content on the chassis, you modify the content, but not the formatting. Even with the restoration of the links of the images.
So a better solution may be, separate frames, move them and group them back.
-
Paths grouped inside the screw of traces transparent script
I am running into a problem of script with Illustrator CS6 - one that has been plaguing me for some time now: groups within the compound paths.
I have a script set in place to extract all the colors used in an Illustrator file, as well as information halftone, CMYK, etc.. It basically loops on each path in the file and leans on its fill (if any) color, the color (if any) race, gradient points (if any), etc. If the element that is watching is a group, it just plunges in the group, which resembles all its components by calling the function even recursively. Ditto for transparent traces. He also put in place to manage most of raster images, whether it is a colorized bitmap or a CMYK image, etc..
When the script fails, however, is when it runs in a compound path that contains a group. Now, normally, would not even possible in Illustrator. If you try to create a group of two paths, then composed them, Illustrator simply removes the grouping. However, there are some programs that use of some people who, when exporting to a file EPS from them, some of the paths end up being groups inside transparent traces. Not to mention that all my people here to search these paths of training problem, can I do with the script? Here is the script I currently have:
/** * The main part of the script that will run in Illustrator, getting the text of the object we're looking for. * * @param {File} theFile The file object that will be opened in Illustrator and checked. */ function findInfo(theFile) { var document = app.open(theFile); var prodInfo = new Array; // This first section of the Illustrator script will just get the template name of the current product. var templateName = new String; var templateLayer = document.layers[2]; $.writeln(templateLayer.name); for (var i = templateLayer.pageItems.length - 1; i >= 0; i--) { var pName = templateLayer.pageItems[i].name; if (pName != "") { templateName = templateLayer.pageItems[i].name; } } $.writeln("templateName (inside Illustrator Script) is " + templateName); // This second section of the Illustrator script will gather all of the used colors and store them in an array. var colorsArray = []; var bHalftones = false; var bFourCP = false; var bReg = false; colorsInUse(document.layers[0]); function colorsInUse(currPageItem) { for (var i = 0; i < currPageItem.pageItems.length; i++) { // Stepping through each item on the layer. var currentItem = currPageItem.pageItems[i]; // $.writeln("current item is " + currentItem.typename); // $.writeln("Does it have a fill color? " + currentItem.fillColor); if (currentItem.typename === "GroupItem" && !currentItem.guides) { // If it's a group, dig into the group and start the function over. colorsInUse(currentItem); } else if (currentItem.typename == "TextFrame") { var charAttrib = currentItem.textRange.characterAttributes; getColors(charAttrib, colorsArray); } else if (currentItem.typename === "RasterItem") { if (currentItem.imageColorSpace === ImageColorSpace.CMYK) { $.writeln("Four-color process image in artwork."); } else if (currentItem.channels > 1 || currentItem.imageColorSpace === ImageColorSpace.GrayScale) { if (currentItem.colorants[0] === "Gray") { if (colorsArray.toString().indexOf("Black") === -1) { colorsArray.push("Black"); } alert("When this script is finished, please verify that the Ink/PMS table has the correct colors."); } else { if (colorsArray.toString().indexOf(currentItem.colorants[0]) === -1) { colorsArray.push(currentItem.colorants[0]); } } } else { alert("The raster image in the art file must be a 1-channel bitmap and, thus, script cannot determine its color."); } } else if ((currentItem.fillColor || currentItem.strokeColor) && !currentItem.guides) { // If the current object has either a fill or a stroke, continue. if (currentItem.pathPoints.length > 2 || (currentItem.pathPoints == 2 && currentItem.stroked && currentItem..strokeWidth >= 0.1)) { // If the current object has 2 points and a good stroke, or more than two points, continue. getColors(currentItem, colorsArray); } } else if (currentItem.typename === "CompoundPathItem") { for (var c = 0; c < currentItem.pathItems.length; c++) { if (currentItem.pathItems[c].pathPoints.length > 2 || (currentItem.pathItems[c].pathPoints == 2 && currentItem.pathItems[c].stroked && currentItem.pathItems[c].strokeWidth >= 0.1)) { // If the current object has 2 points and a good stroke, or more than two points, continue. getColors(currentItem.pathItems[c], colorsArray); } } } } return; } function getColors(currentItem, colorsArray) { try { var fillColorType = currentItem.fillColor.typename; var strokeColorType = currentItem.strokeColor.typename; $.writeln("fillColorType is " + fillColorType); switch (fillColorType) { case "CMYKColor": if (currentItem.fillColor.cyan === 0 && currentItem.fillColor.magenta === 0 && currentItem.fillColor.yellow === 0) { if (currentItem.fillColor.black > 0) { if (colorsArray.toString().indexOf("Black") === -1) { colorsArray.push("Black"); } if (currentItem.fillColor.black < 100) {bHalftones = true;} } } else { // $.writeln("Four color process!"); bFourCP = true; bHalftones = true; } break; case "GrayColor": if (currentItem.fillColor.gray > 0) { if (colorsArray.toString().indexOf("Black") === -1) { colorsArray.push("Black"); } if (currentItem.fillColor.gray < 100) {bHalftones = true;} } break; case "SpotColor": if (colorsArray.toString().indexOf(currentItem.fillColor.spot.name) === -1 && currentItem.fillColor.spot.name.toLowerCase().indexOf("white") === -1) { colorsArray.push(currentItem.fillColor.spot.name); } if (currentItem.fillColor.tint < 100) {bHalftones = true;} break; case "GradientColor": bHalftones = true; for (var j = 0; j < currentItem.fillColor.gradient.gradientStops.length; j++) { var gStop = currentItem.fillColor.gradient.gradientStops[j].color; switch (gStop.typename) { case "GrayColor": if (colorsArray.toString().indexOf("Black") === -1) { colorsArray.push("Black"); } break; case "SpotColor": if (colorsArray.toString().indexOf(gStop.spot.name) === -1) { colorsArray.push(gStop.spot.name); } break; case "CMYKColor": if (gStop.cyan === 0 && gStop.magenta === 0 && gStop.yellow === 0 && gStop.black > 0) { if (colorsArray.toString().indexOf("Black") === -1) { colorsArray.push("Black"); } if (gStop.black < 100) {bHalftones = true;} } else if (gStop.cyan === 0 && gStop.magenta === 0 && gStop.yellow === 0 && gStop.black === 0) { break; } else { // $.writeln("Four color process."); bFourCP = true; bHalftones = true; } break; default: // $.writeln("Four color process?"); bFourCP = true; bHalftones = true; } } break; case "NoColor": break; default: // $.writeln("The fill color on object number " + i + " is of type " + fillColorType); } switch (strokeColorType) { case "CMYKColor": if (currentItem.strokeColor.cyan === 0 && currentItem.strokeColor.magenta === 0 && currentItem.strokeColor.yellow === 0) { if (currentItem.strokeColor.black > 0) { if (colorsArray.toString().indexOf("Black") === -1) { colorsArray.push("Black"); } if (currentItem.strokeColor.black < 100) {bHalftones = true;} } } else { // $.writeln("Four color process!"); bFourCP = true; bHalftones = true; } break; case "GrayColor": if (currentItem.strokeColor.gray > 0) { if (colorsArray.toString().indexOf("Black") === -1) { colorsArray.push("Black"); } if (currentItem.strokeColor.gray < 100) {bHalftones = true;} } break; case "SpotColor": if (colorsArray.toString().indexOf(currentItem.strokeColor.spot.name) === -1) { colorsArray.push(currentItem.strokeColor.spot.name); } if (currentItem.strokeColor.tint < 100) {bHalftones = true;} break; case "GradientColor": bHalftones = true; for (var j = 0; j < currentItem.strokeColor.gradient.gradientStops.length; j++) { var gStop = currentItem.strokeColor.gradient.gradientStops[j].color; switch (gStop.typename) { case "GrayColor": if (colorsArray.toString().indexOf("Black") === -1) { colorsArray.push("Black"); } break; case "SpotColor": if (colorsArray.toString().indexOf(gStop.spot.name) === -1) { colorsArray.push(gStop.spot.name); } break; case "CMYKColor": if (gStop.cyan === 0 && gStop.magenta === 0 && gStop.yellow === 0 && gStop.black > 0) { if (colorsArray.toString().indexOf("Black") === -1) { colorsArray.push("Black"); } if (gStop.black < 100) {bHalftones = true;} } else if (gStop.cyan === 0 && gStop.magenta === 0 && gStop.yellow === 0 && gStop.black === 0) { break; } else { // $.writeln("Four color process."); bFourCP = true; bHalftones = true; } break; default: // $.writeln("Four color process?"); bFourCP = true; bHalftones = true; } } break; case "NoColor": break; default: // $.writeln("The stroke color on object number " + i + " is of type " + strokeColorType); } } catch (e) {/* If an error was found with the fill color and/or stroke color, then just skip this particular path item. */}; return; } document.close(SaveOptions.DONOTSAVECHANGES); // Now we combine the gathered items into a single array and return it. if ((colorsArray.length > 1 && !/HI/.test(templateName.substring(0, 2))) || bFourCP) {bReg = true;} prodInfo.push(templateName, colorsArray, bHalftones, bFourCP, bReg); return prodInfo.toSource(); };
I know it's a bit messy right now, with lots of ' $.writeln purposes, of which some are even commented out because they caused debugging errors. In any case, I would be very grateful for any help on this matter.
the only thing I can think of, is to go through all the elements to the Document level, instead of at the layer level, this way the script will see all paths
change this
colorsInUse(document.layers[0]);
for this
colorsInUse(document);
-
I created a zip of a directory tree file using "send to...". "'Compressed (zipped) folder '. When I try to "extract all...". ", he asks me a password for some (not all) of the files in the zip file. I does not have a password for the zip file. I didn't even know it was possible to have a password on a specific file in a zip! Needless to say, I can not give the password because I don't know what it is.
I tried the following:
(1) created with "send to...". "Excerpt from" compressed (zipped) folder ', with 'extract all... '. ». Result: request password.
(2) created with "send to...". "" Compressed (zipped) folder ", extract with 7 - zip. Result: No password query. All the files extracted intact.
(3) created with 7 - zip, extract with "extract all...". ». Result: request password.
(4) created with 7-zip, extract with 7 - zip. Result: No password query. All the files extracted intact.What I find most interesting is (3).
Does anyone have an idea of what's going on? Is there some kind of security on the files meta-data that could / should cause this behavior?
System information:
XP Pro 2002 SP3 on MS network (I have no idea what server, etc..)
Hi ruborg,
Your Windows XP question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the forum TechNet for assistance:
http://social.technet.Microsoft.com/forums/en/itproxpsp/threads
Hope the helps of information.
Maybe you are looking for
-
Hello I tried to fix this for hours, I hope someone can help me. I downloaded the ISO "Win10_1607_English_x64.iso" (4.29 GB) file and with him came a "info.plist" (2 KB), so they are both on my 64 GB USB Drive (format: MS-DOS (FAT32)) called 'WINSTAL
-
Can I change the drive letter of the recovery partition?
HP P7-1235, Win7 64 bit running. 1 TB HARD DRIVE I usually partition my hard drive, so that my data is separate from the operating system and applications. the operating system is the C: partition, and my data is generally D:. The problem is: "D:"
-
Re: Satellite L300 - made recovery but disc does not work
I have a Satellite L300 and did a few sets of recovery discs from what I read some brands work and some don't, and none have so far. Insert Diskette 1, press the button and hold F12 key until the startup option appears.Select CD/DVD and then back typ
-
How can RN104 6.5.0 I know if there is a newer version of anti-virus more?
Hello I RN104 [4-Bay] upgraded to OS 6.5.0 Anti-virus PLUS is 2.0.4 - and seems to work very well. How can I tell if there is a newer version of AV-Plus run with OS 6.5.0 I press on "check for updates", but all that updates it's virus definition file
-
Someone at - it problems signing up for Yelp android app?
Tried once or twice this morning join this site that locates and restaurant guests. Get "network problems." Asked if was because of the Xoom and/or lack of 3 G. After looking at the reviews of restaurants around here, I decided that I don't want to u