PIX 501, allows external clients only before the next hop to connect.
Here's the problem:
I have configured the Pix501 to accept PPTP connections and it works. I tried using a laptop with win98 on the same network segment (of the external interface). However, whenever my customers who are on a different ISP try to connect they may not. I tried with my laptop even home and another location, and all fail.
I read recently that a router/firewall may block certain types of packets that do not establish PPTP connections. I think this is my problem, but I am unable to find information to pass on to my ISPS support staff.
This is the router that provides the pix with the external connection is the problem in my view.
Any thoughts?
PPTP uses GRE packets. Ask them if they are blocking GRE, also ask if they block ESP and AH (types of IPSec packets, you can switch to IPSec if you determine that ISPS for your end-users block GRE to try to shake down to rates for dsl/cable "class business".)
Tags: Cisco Security
Similar Questions
-
ASA-6-110003: routing could not locate the next hop
Hello
I have a problem with our ASA firewall. I have a firewall that's inside, outside and DMZ interface. I have VPN clients that connect correctly and can access the internal network. However, for profiles that I have configured to connect via VPN to the DMZ network fails with the following messages.
ASA-6-110003: routing could not locate the next hop
&
ASA-6-302014: disassembly of the TCP connection... No contiguity valid
I have connections in the DMZ, but aren't VPN via internal and external interfaces without problem.
The routing table has a route to this network and I have a nat in place - I'm quite puzzled by the present.
Thank you
Ed
Hello Ed,
Well, Nat seems good but you can do the following for me please:
network of the DMZ_subnet object
10.1.213.0 subnet 255.255.255.0
network of the VPN_Subnet object
subnet 255.255.x.x x.x.x.x
public static DMZ_subnet DMZ_subnet destination NAT source (dmz - 2 outside) public static VPN_Subnet VPN_Subnet
Kind regards
Julio
-
ASA 5505 Split tunneling stopped working when upgraded to 8.3 (1) 8.4 (3).
A user has to connect to the old device of 8.3 (1) that they could access all of our subnets: 10.1.0.0/16, 10.33.0.0/16, 10.89.0.0/16, 10.60.0.0/16
but now, they can't and in the newspapers, I see just
6 October 31, 2012 08:17:59 110003 10.60.30.111 1 10.89.30.41 0 routing cannot locate the next hop for ICMP to outside:10.60.30.111/1 to inside:10.89.30.41/0
any tips? I almost tried everything. the running configuration is:
: Saved
:
ASA Version 8.4 (3)
!
host name asa
names of
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
IP 10.60.70.1 255.255.0.0
!
interface Vlan2
nameif outside
security-level 0
IP 80.90.98.217 255.255.255.248
!
passive FTP mode
clock timezone GMT 0
DNS lookup field inside
DNS domain-lookup outside
permit same-security-traffic intra-interface
network obj_any object
subnet 0.0.0.0 0.0.0.0
network of the NETWORK_OBJ_10.33.0.0_16 object
10.33.0.0 subnet 255.255.0.0
network of the NETWORK_OBJ_10.60.0.0_16 object
10.60.0.0 subnet 255.255.0.0
network of the NETWORK_OBJ_10.89.0.0_16 object
10.89.0.0 subnet 255.255.0.0
network of the NETWORK_OBJ_10.1.0.0_16 object
10.1.0.0 subnet 255.255.0.0
network tetPC object
Home 10.60.10.1
test description
network of the NETWORK_OBJ_10.60.30.0_24 object
10.60.30.0 subnet 255.255.255.0
network of the NETWORK_OBJ_10.60.30.64_26 object
255.255.255.192 subnet 10.60.30.64
the SSH server object network
Home 10.60.20.6
network of the SSH_public object
network ftp_public object
Home 80.90.98.218
rdp network object
Home 10.60.10.4
ftp_server network object
Home 10.60.20.2
network ssh_public object
Home 80.90.98.218
Service FTP object
tcp destination eq 12 service
network of the NETWORK_OBJ_10.60.20.3 object
Home 10.60.20.3
network of the NETWORK_OBJ_10.60.40.192_26 object
255.255.255.192 subnet 10.60.40.192
network of the NETWORK_OBJ_10.60.10.10 object
Home 10.60.10.10
network of the NETWORK_OBJ_10.60.20.2 object
Home 10.60.20.2
network of the NETWORK_OBJ_10.60.20.21 object
Home 10.60.20.21
network of the NETWORK_OBJ_10.60.20.4 object
Home 10.60.20.4
network of the NETWORK_OBJ_10.60.20.5 object
Home 10.60.20.5
network of the NETWORK_OBJ_10.60.20.6 object
Home 10.60.20.6
network of the NETWORK_OBJ_10.60.20.7 object
Home 10.60.20.7
network of the NETWORK_OBJ_10.60.20.29 object
Home 10.60.20.29
service port_tomcat object
Beach service tcp 8080 8082 source
network of the TBSF object
172.16.252.0 subnet 255.255.255.0
the e-mail server object network
Home 10.33.10.2
Mail server description
service object HTTPS
tcp source eq https service
test network object
network access_web_mail object
Home 10.60.50.251
network downtown_Interface_host object
Home 10.60.50.1
Downtown host Interface description
service of the Oracle_port object
tcp source eq sqlnet service
network of the NETWORK_OBJ_10.60.50.248_29 object
subnet 10.60.50.248 255.255.255.248
network of the NETWORK_OBJ_10.60.50.1 object
Home 10.60.50.1
network of the NETWORK_OBJ_10.60.50.0_28 object
subnet 10.60.50.0 255.255.255.240
brisel network object
10.191.191.0 subnet 255.255.255.0
network of the NETWORK_OBJ_10.191.191.0_24 object
10.191.191.0 subnet 255.255.255.0
network of the NETWORK_OBJ_10.60.60.0_24 object
10.60.60.0 subnet 255.255.255.0
object-group service TCS_Service_Group
Description this group of Services offered is for the CLD's Clients
port_tomcat service-object
HTTPS_ACCESS tcp service object-group
EQ object of the https port
the DM_INLINE_NETWORK_1 object-group network
object-network 10.1.0.0 255.255.0.0
network-object 10.33.0.0 255.255.0.0
network-object 10.60.0.0 255.255.0.0
network-object 10.89.0.0 255.255.0.0
allow outside_1_cryptomap to access extended list ip 10.60.0.0 255.255.0.0 10.33.0.0 255.255.0.0
allow outside_2_cryptomap to access extended list ip 10.60.0.0 255.255.0.0 10.89.0.0 255.255.0.0
outside_3_cryptomap to access extended list ip 10.60.0.0 255.255.0.0 allow 10.1.0.0 255.255.0.0
OUTSIDE_IN list extended access permit icmp any one time exceed
OUTSIDE_IN list extended access allow all unreachable icmp
OUTSIDE_IN list extended access permit icmp any any echo response
OUTSIDE_IN list extended access permit icmp any any source-quench
OUTSIDE_IN list extended access permitted tcp 194.2.20.0 255.255.255.0 host 80.90.98.220 eq smtp
OUTSIDE_IN list extended access permit tcp host 194.25.12.0 host 80.90.98.220 eq smtp
OUTSIDE_IN list extended access allow icmp 80.90.98.222 host 80.90.98.217
OUTSIDE_IN list extended access permit tcp host 162.162.4.1 host 80.90.98.220 eq smtp
OUTSIDE_IN list extended access permit tcp host 98.85.125.2 host 80.90.98.221 eq ssh
Standard access list OAKDCAcl allow 10.60.0.0 255.255.0.0
Standard access list OAKDCAcl allow 10.33.0.0 255.255.0.0
access-list OAKDCAcl note backoffice
Standard access list OAKDCAcl allow 10.89.0.0 255.255.0.0
access-list OAKDCAcl note maint
OAKDCAcl list standard access allowed 10.1.0.0 255.255.0.0
access-list allowed standard osgd host 10.60.20.4
access-list allowed standard osgd host 10.60.20.5
access-list allowed standard osgd host 10.60.20.7
standard access list testOAK_splitTunnelAcl allow 10.60.0.0 255.255.0.0
list access allowed extended snmp udp any eq snmptrap everything
list of access allowed extended snmp udp any any eq snmp
downtown_splitTunnelAcl list standard access allowed host 10.60.20.29
webMailACL list standard access allowed host 10.33.10.2
access-list standard HBSC allowed host 10.60.30.107
access-list standard HBSC deny 10.33.0.0 255.255.0.0
access-list standard HBSC deny 10.89.0.0 255.255.0.0
allow outside_4_cryptomap to access extended list ip 10.60.0.0 255.255.0.0 10.191.191.0 255.255.255.0
OAK-remote_splitTunnelAcl-list of allowed access standard 10.1.0.0 255.255.0.0
OAK-remote_splitTunnelAcl-list of allowed access standard 10.33.0.0 255.255.0.0
OAK-remote_splitTunnelAcl-list of allowed access standard 10.60.0.0 255.255.0.0
OAK-remote_splitTunnelAcl-list of allowed access standard 10.89.0.0 255.255.0.0
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
mask 10.60.30.110 - 10.60.30.150 255.255.0.0 IP local pool OAKPRD_pool
IP local pool mail_sddress_pool 10.60.50.251 - 10.60.50.255 mask 255.255.0.0
test 10.60.50.1 mask 255.255.255.255 IP local pool
IP local pool ipad 10.60.30.90 - 10.60.30.99 mask 255.255.0.0
mask 10.60.40.200 - 10.60.40.250 255.255.255.0 IP local pool TCS_pool
local pool OSGD_POOL 10.60.50.2 - 10.60.50.10 255.255.0.0 IP mask
mask 10.60.60.0 - 10.60.60.255 255.255.0.0 IP local pool OAK_pool
IP verify reverse path inside interface
IP verify reverse path to the outside interface
IP audit alarm action name ThreatDetection attack
verification of IP within the ThreatDetection interface
interface IP outside the ThreatDetection check
no failover
ICMP unreachable rate-limit 1 burst-size 1
ICMP allow any inside
ICMP allow any echo inside
ICMP allow any echo outdoors
enable ASDM history
ARP timeout 14400
NAT (inside, outside) static static source NETWORK_OBJ_10.33.0.0_16 destination NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.33.0.0_16
NAT (inside, outside) static static source NETWORK_OBJ_10.89.0.0_16 destination NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.89.0.0_16
NAT (inside, outside) static static source NETWORK_OBJ_10.1.0.0_16 destination NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.1.0.0_16
NAT (inside, outside) static source all all NETWORK_OBJ_10.60.30.0_24 of NETWORK_OBJ_10.60.30.0_24 static destination
NAT (inside, outside) static source all all NETWORK_OBJ_10.60.30.64_26 of NETWORK_OBJ_10.60.30.64_26 static destination
NAT (inside, outside) static static source NETWORK_OBJ_10.60.40.192_26 destination NETWORK_OBJ_10.60.20.29 NETWORK_OBJ_10.60.20.29 NETWORK_OBJ_10.60.40.192_26 any port_tomcat service
NAT (inside, outside) static source any destination of all public static NETWORK_OBJ_10.60.50.1 NETWORK_OBJ_10.60.50.1
NAT (inside, outside) static static source NETWORK_OBJ_10.60.50.248_29 destination MailServer MailServer NETWORK_OBJ_10.60.50.248_29
NAT (inside, outside) static source all all NETWORK_OBJ_10.60.50.0_28 of NETWORK_OBJ_10.60.50.0_28 static destination
NAT (inside, outside) static static source NETWORK_OBJ_10.191.191.0_24 destination NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.191.191.0_24
NAT (inside, outside) static source DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 NETWORK_OBJ_10.60.60.0_24 NETWORK_OBJ_10.60.60.0_24 non-proxy-arp-search of route static destination
!
network obj_any object
NAT dynamic interface (indoor, outdoor)
Route outside 0.0.0.0 0.0.0.0 80.90.98.222 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
Enable http server
http 192.168.1.0 255.255.255.0 inside
http 10.60.10.10 255.255.255.255 inside
http 10.33.30.33 255.255.255.255 inside
http 10.60.30.33 255.255.255.255 inside
SNMP-server host within the 10.33.30.108 community * version 2 c
SNMP-server host within the 10.89.70.30 community *.
No snmp server location
No snmp Server contact
Community SNMP-server
Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set esp-3des esp-sha-hmac TRANS_ESP_3DES_SHA ikev1
transport mode encryption ipsec transform-set TRANS_ESP_3DES_SHA ikev1
Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set lux_trans_set ikev1 aes - esp esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
card crypto outside_map 1 match address outside_1_cryptomap
peer set card crypto outside_map 1 84.51.31.173
card crypto outside_map 1 set transform-set ESP-3DES-SHA ikev1
card crypto outside_map 2 match address outside_2_cryptomap
peer set card crypto outside_map 2 98.85.125.2
card crypto outside_map 2 set transform-set ESP-3DES-SHA ikev1
card crypto outside_map 3 match address outside_3_cryptomap
peer set card crypto outside_map 3 220.79.236.146
card crypto outside_map 3 set transform-set ESP-3DES-SHA ikev1
card crypto 4 correspondence address outside_4_cryptomap outside_map
card crypto outside_map 4 set pfs
peer set card crypto outside_map 4 159.146.232.122
card crypto 4 ikev1 transform-set lux_trans_set set outside_map
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
Crypto ikev1 allow outside
IKEv1 crypto policy 5
preshared authentication
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 20
preshared authentication
aes-256 encryption
sha hash
Group 5
life 86400
IKEv1 crypto policy 30
preshared authentication
3des encryption
sha hash
Group 2
lifetime 28800
IKEv1 crypto policy 50
preshared authentication
aes encryption
sha hash
Group 1
life 86400
IKEv1 crypto policy 70
preshared authentication
aes encryption
sha hash
Group 5
life 86400
Telnet 10.60.10.10 255.255.255.255 inside
Telnet 10.60.10.1 255.255.255.255 inside
Telnet 10.60.10.5 255.255.255.255 inside
Telnet 10.60.30.33 255.255.255.255 inside
Telnet 10.33.30.33 255.255.255.255 inside
Telnet timeout 30
SSH 10.60.10.5 255.255.255.255 inside
SSH 10.60.10.10 255.255.255.255 inside
SSH 10.60.10.3 255.255.255.255 inside
SSH timeout 5
Console timeout 0
dhcpd outside auto_config
!
dhcpd dns 155.2.10.20 155.2.10.50 interface inside
dhcpd auto_config outside interface inside
!
a basic threat threat detection
length 3600 scanning-threat shun threat detection
threat detection statistics
a statistical threat detection tcp-interception rate-interval 30 burst-400-rate average rate 200
TFTP server inside 10.60.10.10 configs/config1
WebVPN
internal testTG group policy
attributes of the strategy of group testTG
value of 155.2.10.20 DNS server 155.2.10.50
Ikev1 VPN-tunnel-Protocol
internal DefaultRAGroup_1 group strategy
attributes of Group Policy DefaultRAGroup_1
value of 155.2.10.20 DNS server 155.2.10.50
Protocol-tunnel-VPN l2tp ipsec
internal TcsTG group strategy
attributes of Group Policy TcsTG
VPN-idle-timeout 20
VPN-session-timeout 120
Ikev1 VPN-tunnel-Protocol
IPSec-udp disable
IPSec-udp-port 10000
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list testOAK_splitTunnelAcl
the address value TCS_pool pools
internal downtown_interfaceTG group policy
attributes of the strategy of group downtown_interfaceTG
value of 155.2.10.20 DNS server 155.2.10.50
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list downtown_splitTunnelAcl
internal HBSCTG group policy
HBSCTG group policy attributes
value of 155.2.10.20 DNS server 155.2.10.50
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value HBSC
internal OSGD group policy
OSGD group policy attributes
value of 155.2.10.20 DNS server 155.2.10.50
VPN-session-timeout no
Ikev1 VPN-tunnel-Protocol
group-lock value OSGD
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list testOAK_splitTunnelAcl
internal OAKDC group policy
OAKDC group policy attributes
Ikev1 VPN-tunnel-Protocol
value of group-lock OAKDC
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list OAKDCAcl
Disable dhcp Intercept 255.255.0.0
the address value OAKPRD_pool pools
internal mailTG group policy
attributes of the strategy of group mailTG
value of 155.2.10.20 DNS server 155.2.10.50
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list webMailACL
internal OAK-distance group strategy
attributes of OAK Group Policy / remote
value of 155.2.10.20 DNS server 155.2.10.50
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value OAK-remote_splitTunnelAcl
VPN-group-policy OAKDC
type of nas-prompt service
attributes global-tunnel-group DefaultRAGroup
address pool OAKPRD_pool
ipad address pool
Group Policy - by default-DefaultRAGroup_1
IPSec-attributes tunnel-group DefaultRAGroup
IKEv1 pre-shared-key *.
tunnel-group 84.51.31.173 type ipsec-l2l
IPSec-attributes tunnel-group 84.51.31.173
IKEv1 pre-shared-key *.
tunnel-group 98.85.125.2 type ipsec-l2l
IPSec-attributes tunnel-group 98.85.125.2
IKEv1 pre-shared-key *.
tunnel-group 220.79.236.146 type ipsec-l2l
IPSec-attributes tunnel-group 220.79.236.146
IKEv1 pre-shared-key *.
type tunnel-group OAKDC remote access
attributes global-tunnel-group OAKDC
address pool OAKPRD_pool
Group Policy - by default-OAKDC
IPSec-attributes tunnel-group OAKDC
IKEv1 pre-shared-key *.
type tunnel-group TcsTG remote access
attributes global-tunnel-group TcsTG
address pool TCS_pool
Group Policy - by default-TcsTG
IPSec-attributes tunnel-group TcsTG
IKEv1 pre-shared-key *.
type tunnel-group downtown_interfaceTG remote access
tunnel-group downtown_interfaceTG General-attributes
test of the address pool
Group Policy - by default-downtown_interfaceTG
downtown_interfaceTG group of tunnel ipsec-attributes
IKEv1 pre-shared-key *.
type tunnel-group TunnelGroup1 remote access
type tunnel-group mailTG remote access
tunnel-group mailTG General-attributes
address mail_sddress_pool pool
Group Policy - by default-mailTG
mailTG group of tunnel ipsec-attributes
IKEv1 pre-shared-key *.
type tunnel-group testTG remote access
tunnel-group testTG General-attributes
address mail_sddress_pool pool
Group Policy - by default-testTG
testTG group of tunnel ipsec-attributes
IKEv1 pre-shared-key *.
type tunnel-group OSGD remote access
tunnel-group OSGD General-attributes
address OSGD_POOL pool
strategy-group-by default OSGD
tunnel-group OSGD ipsec-attributes
IKEv1 pre-shared-key *.
type tunnel-group HBSCTG remote access
attributes global-tunnel-group HBSCTG
address OSGD_POOL pool
Group Policy - by default-HBSCTG
IPSec-attributes tunnel-group HBSCTG
IKEv1 pre-shared-key *.
tunnel-group 159.146.232.122 type ipsec-l2l
IPSec-attributes tunnel-group 159.146.232.122
IKEv1 pre-shared-key *.
tunnel-group OAK type remote access / remote
attributes global-tunnel-group OAK / remote
address pool OAK_pool
Group Policy - by default-OAK-remote control
IPSec-attributes tunnel-group OAK / remote
IKEv1 pre-shared-key *.
!
!
!
Policy-map global_policy
!
context of prompt hostname
no remote anonymous reporting call
HPM topN enable
: end
enable ASDM history
Hi David,
I see that you have:
allow outside_2_cryptomap to access extended list ip 10.60.0.0 255.255.0.0 10.89.0.0 255.255.0.0
So, please make the following changes:
network object obj - 10.60.30.0
10.60.30.0 subnet 255.255.255.0
!
Route outside 10.60.30.0 255.255.255.0 80.90.98.222
Route outside 10.89.0.0 255.255.0.0 80.90.98.222
NAT (outside, outside) 1 source static obj - 10.60.30.0 obj - 10.60.30.0 static destination NETWORK_OBJ_10.89.0.0_16 NETWORK_OBJ_10.89.0.0_16 non-proxy-arp-search to itinerary
HTH
Portu.
Please note all useful posts
Post edited by: Javier Portuguez
-
NDP project - Check for a field before the next the workflow status
Hello
Is it possible to have a similar feature as the conditions of custody (for GSM, SCRM) in a NDP project?.
I need to check the value of a field before moving on to the next step. I know that there may be some validations customized when you save the project, but I would like to know if it is possible to check the value of a field before moving to the State / the next step.
Thanks in advance,
Fernando
Hi Fernando,
We support validation on the events of Workflow in a NDP project. If you have installed the pack of the EP, go to \ReferenceImplementations\Validation\Documentation\Validation Objects.xls, you will see a detailed list of events, type ID and so on.
I don't know what validation you want to put in place, here, I have an example you can make reference to:
1, add the following to Config\Extensions\ValidationSettings.xml:
2, restart the iis services
3, go to one project NDP, erase the data in field of brands, save the project, no error
workflow 4, this project, error "property marks is required."
'
I hope this helps.
Thank you
Jessie
-
My computer no longer recognizes the firewire devices that I connect to it. The Device Manager shows the driver 1394 work very well. I even deleted and reinstalled Windows XP. My external hard drive so my camcorder are more recognized when I plug them cold or hot plug. Two of them have worked very well for more than 4 years and now for some unknown reason, that they stopped just recognized.
How can I get Windows XP to see again them? I've tried everything.
Hello Stevec5375.
See the link below. There is a fix for those running XP with multiple Firewire devices, thus causing a problem.
http://support.Microsoft.com/kb/830987/en-us
Please let us know if it did or did not help to solve your problem.
See you soon
-
Client access in the VLAN with Any Connect
I configured a router 1841 for SSL VPN and it works very well, the client connects and downloads all connect and then I create a VPN. The question I have is that I have two VLAN on the router, the default VLAN 1 and 4 of VLANS on a void interface.
The customer I can ping the IP sup and I can ping all IP addresses on a client in the vlan defautl, ping ends by request timed out so this suggests that the packet to the destination and fell on the way. What I'm working on, it's how to connect any customer notice VLAN so it can connect to the computer in VLAN 4?
I have not yet posted config in case it's a simple question that I need to do!
Thank you
Kyle
Yes, if the Anyconnect pool is in the same subnet that vlan 4, then he would try to run the resolution arp instead of send traffic to the default gateway. I suggest that you change the pool of a single subnet, and you would need to modify the exemption ZBFW and NAT ACL accordingly.
-
Do I have to remove the last batch of data before the next batch of POST import?
Hi all
I am coding an integration with the API bulk import Contacts in Eloqua.
Due to more than 32 MB capacity, I have to divide the data into several lots. So, I POST a Contacts import and PUBLISH data from Batch_1 import.
After the Batch_1 data synchronization was successful, I would point OUT Batch_2 and synchronize it.
Here's my question: what will happen to Batch_1? Is it to sync again? What I have to remove it before display Batch_2?
Thank you
Biao
No, you don't need to REMOVE the resource export or sync associated with the first series before starting the second.
The flow would be:
- Create import #1
- Create import SEO sync #1 #1
- Start to run the synchronization #1
- When you are finished, check the status of synchronization #1
- Create import #2
- Create import SEO sync #2 #2
- Start to run the synchronization #2
- When you are finished, check the status of synchronization #2
And so on.
-
HOW LONG BEFORE THE NEXT OTA UPDATE?
There for a while that we were getting updates and moving forward every two weeks. Now it has been a month or two and no updates. Is this a sign that we will get a great update to correct the problems of function or is it a bad sign. I like the Pre and have been patient, but it's like Palm and Sprint have been silent. I'm still very happy with the Pre, but I look forward to increased funtion. I'll still try and be patient, but I would like to know if anyone has any info.
Engineers work around the clock to keep the camera to come with updates and work how you want it to run. In hindsight that I'm with you, I'd love to see an update come out every two weeks, but I also look at the other side of this one. Before an update gets released to the public its tested carefully, why get an update if you are going to have to develop an update to correct the previous updates work?
With this cycle, you have tons of updates, but how many updates will provide you with the features and true bugs you want to see.
Wait for updates, in the meantime is better than to receive and be disappointed.
-
timer before the next frame help
Hey guys, is there a way to drop an timer in this function so that he'll wait 2 seconds before going to the q2?
function completed1(e:DisplayObject):void
{
If (l3.y == h1.y & & l8.y == h2.y & & l7.y == h3.y & & l16.y == h4.y & & l1.y == h5.y)
{
gotoAndStop ("q2");
}
on the other
{
}
}
function completed1(e:DisplayObject):void
{
If (l3.y == h1.y & l8.y == h2.y & l7.y == h3.y & l16.y == h4.y & l1.y == h5.y)
{
var t:Timer = new Timer (2000,1);
t.addEventListener (TimerEvent.TIMER, f);
t.Start ();
}
on the other
{
}
}
function f(e:Event):void {}
gotoAndStop ("q2");
}
-
video in a frame, the video clip of hole to play before the next frame whant
I know that I can write:
on exitFrame me
go to the section
end
but I want him to go next frame when hole video clip is played. jargon for the maneuver to that frame when he played the video.
I am whant to jargon of wright:
On exitFrame me
hold the framework for X seconds
end
ore something that make the frame to hold for as long I want it.Thanks, nice work
-
VPN - cannot ping the next hop
Then some advice... I have configured a server VPN - pptp on my router, create a vpn for the customer at the site. For the moment, the client computer can connect and a connection to the router. I can ping from client to the router (192.168.5.1) but cannot ping 192.168.5.2 (switch) or 192.168.10.X (workstations)
What I try to achieve is to access the internal network (192.168.10.X), which is the end of the layer 3 switch. Any help/extra eyes would be good.
Here is my design of the network and the config below:
Client computer---> Internet---> (1.1.1.1) Cisco router (192.168.5.1) 881---> switch Dell Powerconnect 6248 (192.168.5.2)--> Workstation (192.168.10.x)
Router Cisco 881
AAA new-model
!
AAA of authentication ppp default local
!
VPDN enable
!
!
VPDN-group VPDN PPTP
!
accept-dialin
Pptp Protocol
virtual-model 1
!
interface FastEthernet0
Description link to switch
switchport access vlan 5
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport access vlan 70
no ip address
!
interface FastEthernet4
Description INTERNET WAN PORT
IP [IP EXTERNAL address]
NAT outside IP
IP virtual-reassembly in
full duplex
Speed 100
card crypto VPN1
!
interface Vlan1
no ip address
!
interface Vlan5
Description $ES_LAN$
IP 192.168.5.1 255.255.255.248
no ip redirection
no ip unreachable
IP nat inside
IP virtual-reassembly in
!
interface Vlan70
IP [IP EXTERNAL address]
IP virtual-reassembly in
IP tcp adjust-mss 1452
!
!
!
interface virtual-Template1
IP unnumbered FastEthernet4
encapsulation ppp
peer default ip address pool defaultpool
Ms-chap PPP chap authentication protocol
!
IP local pool defaultpool 192.168.10.200 192.168.10.210
IP forward-Protocol ND
IP http server
23 class IP http access
local IP http authentication
IP http secure server
IP http timeout policy inactive 600 life 86400 request 10000
!
overload of IP nat inside source list no. - NAT interface FastEthernet4
IP route 0.0.0.0 0.0.0.0 [address IP EXTERNAL]
Route IP 192.168.0.0 255.255.0.0 192.168.5.2
!
No. - NAT extended IP access list
deny ip 192.168.0.0 0.0.255.255 10.1.0.0 0.0.255.255
IP 192.168.0.0 allow 0.0.255.255 everything
VLAN70 extended IP access list
ip [IP EXTERNAL] 0.0.0.15 permit 192.168.10.0 0.0.1.255
permit tcp [IP EXTERNAL] 0.0.0.15 any eq smtp
permit tcp [IP EXTERNAL] 0.0.0.15 any eq www
permit any eq 443 tcp [IP EXTERNAL] 0.0.0.15
permit tcp [IP EXTERNAL] 0.0.0.15 any eq field
permits any udp [IP EXTERNAL] 0.0.0.15 eq field
list of IP - VPN access scope
IP 192.168.10.0 allow 0.0.1.255 10.1.0.0 0.0.1.255
Licensing ip [IP EXTERNAL] 0.0.0.15 10.1.0.0 0.0.1.255
WAN extended IP access list
!
Layer 3 switch - Dell Powerconnect 6224
!
IP routing
IP route 0.0.0.0 0.0.0.0 192.168.5.1
interface vlan 5
name "to connect to the Cisco router.
Routing
IP 192.168.5.2 255.255.255.248
output
!
interface vlan 10
"internal network" name
Routing
IP 192.168.10.1 255.255.255.0
output
!
interface ethernet 1/g12
switchport mode acesss vlan 5
output
!
interface ethernet 1/g29
switchport mode access vlan 10
output
!
Hi Samuel,.
I went through your configuration and picked up a few problematic lines...
First of all, you can't have your vpn-pool to be in the range of 192.168.10.x/24, because you already have this subnet used behind the switch (this would be possible if you had 192.168.10.x range connected directly to the router). In addition, you may not link your virtual model to the WAN ip address, it must be bound to an interface with a subnet that includes your IP vpn-pool range.
The cleaner for this is,
Create a new interface of back of loop with a new subnet
!
loopback interface 0
192.168.99.1 IP address 255.255.255.0
!
New vpn set up, pool
!
IP local pool defaultpool 192.168.99.200 192.168.99.210
!
Change your template to point the new loopback interface,
!
interface virtual-Template1
IP unnumbered loopback0
encapsulation ppp
peer default ip address pool defaultpool
Ms-chap PPP chap authentication protocol
!
All vpn clients will get an IP address of 192.168.99.200 192.168.99.210 range. And they will be able to get the router and up to the desired range 192.168.10.x/24 behind the router. Packages get the switch, then to the host. Host will respond through the gateway (switch)-> router-> Client.
PS: Sooner, even if your packages arrive at the host, the host will never try to send the response back through the gateway (switch) packets because STI (hosts) point of view, the package came from the same local network, so the host will simply try to "arp" for shippers MAC and eventually will expire)
I hope this helps.
Please don't forget to rate/brand of useful messages
Shamal
-
problem signature:
Problem event name: BlueScreen
The system version: 6.0.6002.2.2.0.768.3
Locale ID: 1033More information about the problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 909F1088
BCP3: AD9B1A54
BCP4: 00000000
OS version: 6_0_6002
Service Pack: 2_0
Product: 768_1Files helping to describe the problem:
C:\Windows\Minidump\Mini030310-01.dmp
C:\Users\dlm\AppData\Local\Temp\WER-13961325-0.SysData.XML
C:\Users\dlm\AppData\Local\Temp\WER784E.tmp.version.txtRead our privacy statement:
http://go.Microsoft.com/fwlink/?LinkId=50163&clcid=0x0409Hello
The BCCode indicates a driver error. The dump file may contain information needed to diagnose the problem. Can you send this file to me at rick_at_mvps_dot_org with a subject line of "req" (anything else is unlikely to cross the filters and is summarily deleted):
C:\Windows\Minidump\Mini030310-01.dmp
If you do not see the file or the folder that contains, in Windows Explorer/Tools/Folder Options or control panel/Folder Options go to the view tab and check the line to show hidden and system files and clear the line to hide operating system files. Good luck, Rick Rogers, aka "Crazy" - Microsoft MVP http://mvp.support.microsoft.com Windows help - www.rickrogers.org
-
wireless network security key will not save for the next time I connect
I changed my moden safety key and then changed the security key on my computer, but it will not be saved. I have to manually change the new key eact time I bring to the top of the Explorer. I have windows 7
Hi RGSprings,
I suggest you follow the steps and check mentioned below.
a. right click on the wireless network in the system tray icon.
b.Select network and sharing Center
(c) in the left pane, select change adapter settings.
d.right-click on the wireless network connection icon.
Propertiesof e.Select.
f. disable authentication IEEE.
You can also see the following article for more information:
Set up a security key for a wireless network
http://Windows.Microsoft.com/en-us/Windows7/set-up-a-security-key-for-a-wireless-network
What are the different wireless network security methods?
http://Windows.Microsoft.com/en-us/Windows7/what-are-the-different-wireless-network-security-methods
Let us know if that helps.
-
VPN PPTP and PPPOE CLIENT ON PIX 501
Hello
Can I create a PPTP VPN and a client connection on a PIX 501 with a client to my ISP PPPOE connection. The PPPOE ip is dynamic and the VPN will be a static IP address. They gave me a username and password for VPN and PPPOE. Him also gave me an ip address for the VPN server.
Should that happen, it's that the PPPOE should connect to the VPN to work.
I can only get the PPPOE, but I don't know how to do this with a PPTP VPN set.
Here is my config:
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxxxx encrypted
passwd xxxxxxx encrypted
hostname neveroff
domain-name neveroff.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list incoming permit icmp any any echo-reply
access-list incoming permit icmp any any source-quench
access-list incoming permit icmp any any unreachable
access-list incoming permit icmp any any time-exceeded
pager lines 24
icmp permit any echo outside
icmp permit any unreachable outside
icmp permit any time-exceeded outside
icmp permit any source-quench outside
icmp permit any echo-reply outside
icmp permit any information-reply outside
icmp permit any mask-reply outside
icmp permit any timestamp-reply outside
mtu outside 1500
mtu inside 1500
ip address outside pppoe setroute
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
static (inside,outside) tcp interface smtp 192.168.1.201 smtp netmask 255.255.255.255 0 0
access-group incoming in interface outside
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
console timeout 0
vpdn group pppoex request dialout pppoe
vpdn group pppoex localname xxxxxxxxx
vpdn group pppoex ppp authentication chap
vpdn username xxxxxxxx password xxxxxxxx
dhcpd address 192.168.1.10-192.168.1.41 inside
dhcpd dns 192.168.1.1 168.210.2.2
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
username neveroff password TEnlGTQMwqamBzMn encrypted privilege 2
terminal width 80
Cryptochecksum:c5bfafa70f21ed55cc1b3df377e110bf
: end
Thank you
Etienne
Happy to help and please kindly mark the message as answered if you have not more than other questions. Thank you.
-
default configuration of the pix 501 past recovery/restoration
You need to reset the PIX 501 (lost password). I tried the password recovery instructions and accesses the monitor command by using the connection of the console, but cannot get the file to be transferred using tftp (ping command also expires).
1. in case ordering interface be set to 0 or 1 (I used 1)
2. the order of the address I was using 192.168.1.1
3. order the server, I was using the IP address of the tftp server
4. entry door? (Which is the PIX or the computer)?
5. in addition to the blue console cable that if all other cables should be connected and which ports.
Thank you
I'm guessing you already have this document:
I would like to use the default value inside of the interface of the 1. Connect a standard ethernet cable to one of the Interior ports on the PIX and the other to your PC that has the server tftp on it of the interface software. Make sure that you see a link on both ends light. If not, take this cable or save it if you think it is a crossover cable. If you set the PIX address to: 192.168.1.1, then I would set my tftp server address: 192.168.1.2 or something in the same subnet. In this way we will not care what is the gateway address. No need to let pesky routers get in the way, when we're down!
Since you asked the question 5 above, I'll explain. You should have a console cable connected, it seems do you since you can get to the monitor > prompt. You'll also need an ethernet cable plugged in a PC running a server tftp with the IP address: 192.168.1.2 3Com made a server tftp really good F * R * E * E.
http://support.3Com.com/software/utilities_for_windows_32_bit.htm
Select the last file in the list. Make sure you get that file recovery of password for the Cisco link above for the PIX OS version you are running. Configure the tftp server to point to the directory containing the PIX password recovery file and you are ready. Good luck, Derrick
Maybe you are looking for
-
Hello.I want to download drivers for my satellite P205-S6307, but I can't find anywhere in the toshiba web site.My model is not listed in select it your laptopPlease could someone post the link to where I can download the drivers. I am running vista
-
So one day after installing an update of Windows, my computer started to lock up a few seconds after the start. Move the mouse, but anything else is irrelevant. I tried several basic methods of troubleshooting in safe mode, including a system restore
-
LaserJet 5000: LaserJet 5000 N Mac
This printer has always been on my small business network, but all of a sudden and without change apparent to the establishment, is not printing. Once I sent to print the following message: The printer does not exist or is not available at this time
-
Push not configurable Message after a device reboot java BB
Hi all I joined the BlackBerry push notification successfully in my application of the Sub http://supportforums.blackberry.com/t5/BlackBerry-Push-Development/Simplified-BIS-Push-client-sample...url. Here again successfully able to get push until you
-
Just bought an e9105z elite. Read the "Getting Started" guide, page 16 States "For best results when you use Windows Vista, do not stop the computer except when you turn off the computer for security reasons, repair, install new equipment, etc.". Tha