RV082 - cannot VPN over subnet 2
I enabled Multiple on a RV082 subnet option. VPN works on the subnet but not on subnet 2. I use the Shrew Soft VPN client.
Any help would be really appreciated.
Thank you
Hi Shaamcisco,
Please follow these steps:
Step 1: I guess you have already add subnet extra if not just add it in the Setup--> network and then add additional subnet and for better application for the subnet better having like this example if you have the default network 192.168.1.1/24 Add second subnet 192.168.2.1/24 in this case in the VPN setup we can make the summary of subnet and is 192.168.0.0/16 class B and all the PC connected to the router should have Gateway 192.168.1.1 or 192.168.2.1 in my example of course
Step 2: Under VPN--> Summary--> Edit the old configuration for VPN client and change of the LAN 192.168.0.0 mask 255.255.0.0
Step 3: on the Shrew VPN also under policy--> remote network resource change to 192.168.0.0 255.255.0.0
with this client configuration can have access to these two subnet and if you want to restrict certain client to access a subnet just change the policy on the ShrewVPN of one of the subnet
Please rate this post or marked as replied to help other customers of Cisco
Greetings
Mehdi
Tags: Cisco Support
Similar Questions
-
Site to Site VPN - cannot ping remote subnet
Hi all.
I have a site to site VPN IPSEC between a 5510 (HQ) and 5505 (Remote). Everything works on the tunnel. Crypto cards and ACL is symmetrical. I see that the tunnel is in place for the required subnets. However, I can not ping of internal subnets inside 5510 to Remote LAN inside 5505 and vice versa. I have other rays VPN 5510 where I can ping within remote LAN successfully x.x.x.x. Can figure out what I'm missing. I can ping internet points, but cannot ping HQ.
Any suggestions?
I'm also an instant learn the ASAs, so I'm not an expert. I know that I encouraged outside ICMP. My statement SHEEP and crypto are running off of the same group of objects that lists subnets of HQ.
Thanks in advance.
5505 lack the command:
management-access inside
Federico.
-
AnyConnect VPN users cannot access remote subnets?
I googled this until blue in the face without result. I don't understand why Cisco this so difficult? When clients connect to the anyconnect vpn, they can access the local subnet, but cannot access the resources in remote offices. What should I do to allow my anyconnect vpn clients access to my remote sites?
Cisco 5510 8.4
Hello
What are remote sites using as Internet gateway? Their default route here leads to the ASA or have their own Internet gateway? If they use this ASA for their Internet connection while they should already have a default route that leads traffic to the VPN to the pool, even if they had no specific route for the VPN itself pool. If they use their own local Internet gateway and the default route is not directed to this ASA then you would naturally have a route on the remote site (and anything in between) indicating the remote site where to join the pool of 10.10.224.0/24 VPN network.
In addition to routing, you must have configured for each remote site and the VPN pool NAT0
Just a simple example of NAT0 configuration for 4 networks behind the ASA and simple VPN field might look like this
object-group network to REMOTE SITES
object-network 10.10.10.0 255.255.255.0
object-network 10.10.20.0 255.255.255.0
object-network 10.10.30.0 255.255.255.0
object-network 10.10.40.0 255.255.255.0
network of the VPN-POOL object
10.10.224.0 subnet 255.255.255.0
NAT static destination DISTANCE-SITES SITES source (indoor, outdoor) REMOTE static VPN-VPN-POOL
The above of course assumes that the remote site are located behind the interface 'inside' (although some networks, MPLS) and naturally also the remote site networks are made for the sake of examples.
Since you are using Full Tunnel VPN should be no problem to the user VPN transfer traffic to this ASA in question.
My first things to check would be configuring NAT0 on the ASA and routing between remote sites and this ASA (regarding to reach the VPN pool, not the ASA network IP address)
Are you sure that the configuration above is related to this? Its my understanding that AnyConnect uses only IKEv2 and the foregoing is strictly defined for IKEv1?
-Jouni
-
ASA VPN connection cannot see all subnets
I'm new to the ASA and I have a problem with our remote users. When people access vpn, they don't see a couple subnets on the network. I looked at the ASA and he can see and communicate with subnets, but when you vpn in them is not reachable. All these connections are connections from admin to admin privlages. Anyone know why the ASA can see subnets, but the admin vpn users cannot?
You compare your ACL split tunnel and your table routing, but only for networks that are relevant to you and you must have access to and are not outside the old configuration. You should also ensure that these networks can route traffic from the pool of vpn.
-
Can't access secondary VPN client subnet
Please can someone help with the following: I have an ASA 5510 performer v8.4 9 (3) and setup a remote user VPN using the v5.0.07.0410 of customer Cisco VPN which is working apart from the fact that I can not access resources on secondary subnet.
The configuration is the following:
ASA inside the interface on 192.168.10.240
VPN clients on 192.168.254.x
I can access reources on the 192.168.10 subnet but not no matter what other subnets internally, I need to specifically allow access to the 192.168.20 subnet, but I cannot figure out how to do advise please, the config is lower to: -.
Output from the command: 'show startup-config '.
!
ASA 3,0000 Version 9
!
blank host name
domain nameactivate the encrypted password
encrypted passwd
names of
DNS-guard
!
interface Ethernet0/0
nameif outside
security-level 0
IP 255.255.255.224
!
interface Ethernet0/1
nameif inside
security-level 100
IP 192.168.10.240 255.255.255.0
!
interface Ethernet0/2
nameif DMZ
security-level 50
IP 10.10.10.253 255.255.255.0
!
interface Ethernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
nameif management
security-level 100
IP 192.168.1.1 255.255.255.0
management only
!
boot system Disk0: / asa843-9 - k8.bin
boot system Disk0: / asa823 - k8.bin
passive FTP mode
clock timezone GMT/UTC 0
summer time clock GMT/BDT recurring last Sun Mar 01:00 last Sun Oct 02:00
DNS domain-lookup outside
DNS lookup field inside
DNS server-group DefaultDNS
Server name 194.168.4.123
Server name 194.168.8.123
domain nifcoeu.com
network object obj - 192.168.0.0
192.168.0.0 subnet 255.255.255.0
network object obj - 192.168.5.0
192.168.5.0 subnet 255.255.255.0
network object obj - 192.168.10.0
192.168.10.0 subnet 255.255.255.0
network object obj - 192.168.100.0
255.255.255.0 subnet 192.168.100.0
network object obj - 192.168.254.0
192.168.254.0 subnet 255.255.255.0
network object obj - 192.168.20.1
Host 192.168.20.1
network obj_any object
subnet 0.0.0.0 0.0.0.0
network obj_any-01 object
subnet 0.0.0.0 0.0.0.0
network object obj - 0.0.0.0
host 0.0.0.0
object network obj_any-02
subnet 0.0.0.0 0.0.0.0
network object obj - 10.10.10.1
host 10.10.10.1
obj_any-03 network object
subnet 0.0.0.0 0.0.0.0
object network obj_any-04
subnet 0.0.0.0 0.0.0.0
object network obj_any-05
subnet 0.0.0.0 0.0.0.0
network of the NS1000_EXT object
Home 80.4.146.133
network of the NS1000_INT object
Host 192.168.20.1
network of the SIP_REGISTRAR object
Home 83.245.6.81
service of the SIP_INIT_TCP object
SIP, service tcp destination eq
service of the SIP_INIT_UDP object
SIP, service udp destination eq
network of the NS1000_DSP object
192.168.20.2 home
network of the SIP_VOICE_CHANNEL object
Home 83.245.6.82
service of the DSP_UDP object
destination udp 6000 40000 service range
service of the DSP_TCP object
destination tcp 6000 40000 service range
network 20_range_subnet object
subnet 192.168.20.0 255.255.255.0
subnet of voice Description
network 25_range_Subnet object
255.255.255.0 subnet 192.168.25.0
PC devices customer Description VLAN 25
the ISP_NAT object-group network
object-group Protocol TCPUDP
object-protocol udp
object-tcp protocol
object-group service SIP_INIT tcp - udp
port-object eq sip
object-group service DSP_TCP_UDP tcp - udp
6000-40000 object-port Beach
permit inside_nat0_outbound to access extended list ip 192.168.10.0 255.255.255.0 192.168.254.0 255.255.255.0
inside_nat0_outbound list extended access allowed object 20_range_subnet 192.168.254.0 ip 255.255.255.0
standard VPN_splitTunnelAcl-Remote Access-list allowed 192.168.10.0 255.255.255.0
standard VPN_splitTunnelAcl-Remote Access-list allowed 192.168.20.0 255.255.255.0
access-list 100 extended allow object object-group TCPUDP object SIP_REGISTRAR NS1000_INT SIP_INIT object-group
access-list 100 extended allow object object-group TCPUDP object SIP_VOICE_CHANNEL NS1000_DSP DSP_TCP_UDP object-group
access-list extended 100 permit ip 62.255.171.0 255.255.255.224 all
access-list 100 extended allow icmp from any echo-answer idle
access-list extended 100 permit icmp any one has exceeded the idle time
access-list extended 100 allow all unreachable icmp inactive
access-list extended 100 permit tcp any host 10.10.10.1 eq ftp
access-list extended 100 permit tcp any host 10.10.10.1 eq ftp - data
pager lines 24
Enable logging
asdm of logging of information
Outside 1500 MTU
Within 1500 MTU
MTU 1500 DMZ
management of MTU 1500
192.168.254.1 mask - local 192.168.254.254 pool Pool VPN IP 255.255.255.0
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 647.bin
enable ASDM history
ARP timeout 14400
NAT (inside, all) source static obj - 192.168.0.0 obj - 192.168.0.0 destination static obj - 192.168.5.0 obj - 192.168.5.0 non-proxy-arp-search to itinerary
NAT (inside, all) source static obj - 192.168.10.0 obj - 192.168.10.0 destination static obj - 192.168.100.0 obj - 192.168.100.0 non-proxy-arp-search to itinerary
NAT (inside, all) source static obj - 192.168.10.0 obj - 192.168.10.0 destination static obj - 192.168.254.0 obj - 192.168.254.0 no-proxy-arp-search to itinerary
NAT (exterior, Interior) static source SIP_REGISTRAR destination interface static NS1000_INT service SIP_INIT_TCP SIP_INIT_TCP SIP_REGISTRAR
NAT (exterior, Interior) static source SIP_REGISTRAR destination interface static NS1000_INT service SIP_INIT_UDP SIP_INIT_UDP SIP_REGISTRAR
!
network obj_any object
NAT dynamic interface (indoor, outdoor)
network obj_any-01 object
NAT (inside, outside) dynamic obj - 0.0.0.0
object network obj_any-02
NAT (inside DMZ) dynamic obj - 0.0.0.0
network object obj - 10.10.10.1
NAT (DMZ, outside) static 80.4.146.134
obj_any-03 network object
NAT (DMZ, outside) dynamic obj - 0.0.0.0
object network obj_any-04
NAT (management, outside) dynamic obj - 0.0.0.0
object network obj_any-05
NAT (management, DMZ) dynamic obj - 0.0.0.0
Access-group 100 in external interface
Route outside 0.0.0.0 0.0.0.0 80.4.146.129 1
Route inside 192.168.20.0 255.255.255.0 192.168.10.254 1
Route inside 192.168.25.0 255.255.255.0 192.168.10.254 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
the ssh LOCAL console AAA authentication
Enable http server
http 192.168.1.0 255.255.255.0 management
http 192.168.10.0 255.255.255.0 inside
http 192.168.25.0 255.255.255.0 inside
http 62.255.171.0 255.255.255.224 outside
http 192.168.254.0 255.255.255.0 outside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
Dynamic crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
Crypto ca trustpoint ASDM_TrustPoint0
registration auto
name of the object CN =Configure CRL
Crypto ca trustpoint _SmartCallHome_ServerCA
Configure CRL
string encryption ca ASDM_TrustPoint0 certificates
certificate 2f0e024dquit smoking
Crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491quit smoking
crypto isakmp identity address
Crypto ikev1 allow outside
IKEv1 crypto policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet 192.168.1.0 255.255.255.0 management
Telnet timeout 5
SSH 62.255.171.0 255.255.255.224 outside
SSH 192.168.254.0 255.255.255.0 outside
SSH 192.168.10.0 255.255.255.0 inside
SSH 192.168.25.0 255.255.255.0 inside
SSH timeout 5
SSH version 2
Console timeout 0
VPN-sessiondb max-other-vpn-limit 250
VPN-sessiondb 2 max-anyconnect-premium-or-essentials-limit
management of 192.168.1.2 - dhcpd address 192.168.1.254
enable dhcpd management
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
prefer NTP server 192.168.10.6 source inside
WebVPN
internal group to distance-VPN strategy
attributes of group to VPN remote policy
value of server WINS 192.168.10.21 192.168.10.22
value of server DNS 192.168.10.21 192.168.10.22
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value Remote-VPN_splitTunnelAcl
value by default-field
username empty empty encrypted password privilege 0
user name empty attributes
VPN-VPN-remote group policy
username empty encrypted password privilege 0
user name empty attributes
VPN-VPN-remote group policy
type tunnel-group to distance-VPN remote access
global-tunnel-group attributes to remote VPN
address pool VPN-pool
strategy of group - by default - remote-VPN
remote VPN-ipsec-attributes tunnel-group
IKEv1 pre-shared-key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the netbios
inspect the tftp
Review the ip options
inspect the sip
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
call-home
contact-email-addrProfile of CiscoTAC-1
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:b8263c5aa7a6a4d9cb08368c042ea236Hi Simon,.
Please try this and let me know.
NAT (inside, all) source 20_range_subnet destination 20_range_subnet static static obj - 192.168.254.0 obj - 192.168.254.0
Let me know, if this can help.
Thank you
Rizwan James
-
LaserJet professional M1217 nf: cannot scan over network with a printer laserjet 1217 on a Mac
Hello
My set up:
Mac with Yosemite
LaserJet M1217 more wireless
Description of the problem:
I can't scan. Preview, the control panel or image capture, I get the same error saying "cannot open a session.
I have installed and reinstalled the drivers/printer about 100 times.
I tried to add the printer/scanner like airprint, or with the name of the printer as a proposed post.
Just what causes the same error.
I have the 2.0 version of the driver installed right now. Tried with 1.7, same result.
I can print without problem since my Mac and my iPad.
Tried it with an ethernet cable and have the same problem in case someone ask.
I looked all over google and doesn't seem like someone else has the same problem? Many people have problems printing over wireless, but it's ok for me. Is the scan, I can't go to work.
Pages of HP does not offer any other driver which has of the Yosemite. HP offers no additional program for Mac and scan.
Don't know what else to try.
Little help? Anyone?
Thanks Geminy02,
Unfortunately, your suggestions did not help, and I have a few comments about them.
First of all, your suggestion about the router was the problem is quite impossible, as you will need to check if the ports are open only in the case we're talking about two different network segments. If you have your printer and your computer in the same segment you will have problems of ports.
Second: if I would have chosen IP protocol to add my printer, I wouldn't take the option scan, as you said, which means I could not done any tests that I mentioned in my original post, and I would never have had to the point of getting the error message.
Thirdly: the drivers that you MENTION for download are exactly the same as you get with yosemite, so, this could help to reinstall the driver, it's kind of a long shot (and yes I tried).In fact, I managed to solve my problem by doing a factory reset of the printer, any sign of a printer in my computer, cleaning and reinstall the printer using the airprint driver suggested by yosemite where to find my bounjur printer.
I tried ro think what could be the reason, or to see all what I had changed, and the only thing I've seen different in the configuration before and after he started to work was the name of the printer. When it did not work my printer was called simply "printer", when he was working he was the full name that comes by default. It would be very strange, that this is the reason, but I just mention it here just in case someone read. I believe that the factory reset was the difficulty, not the configuration itself.
Just for the other readers, I can confirm that this unit can print and scan over my wiresless and cable network on yosemite, with the help of preview, capture image or scan property in the control panel. It took me several hours to make it work, but it does, and my best friend was all the time the printers web page, where you can change the configuration of the printer.
-
Cannot VPN in the network through PIX501
I have a pix 501 at home. When I try to VPN in our network via the VPN client I get authenticated but can't seem to our internal network. When I use my router netgear instead of the PIX I can VPN in and outside the internal network. Do I have to open some ports (if if ports) on the PIX or I have to change some configuration on the VPN client.
The problem is the PIX does not support IPSec, and PAT up 6.3 code coming out next year. Your VPN tunnel is based on UDP port 500 packets, which the PIX can PAT correctly. After that, all your packages are packages ESP, which is the IP 50 protocol which the PIX cannot PAT. If you have a second IP address from your ISP, you can create a static NAT translation in the PIX for your home PC and it works correctly.
Alternatively, if your VPN client supports IPSec encapsulation somehow in the TCP or UDP packets, then use it and it will work very well also.
-
Hello, new to ASA
On a v7.2 (4) ASA5505, trying to allow traffic between two LANs.
I have the local network 192.168.1.0 and 192.168.2.0 subnet behind another router. I also VPN IPsec on the safety device.
When I connect a computer to the internet in the first network (192.168.1.0) using the ASA, this computer lost connection to the subnet (192.168.2.0). The ASA blocks all traffic through the network.
I applied the same-security-traffic permit intra-interface command. I also applied the command
inside_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.2.0 255.255.255.0 and added the static route: route inside 192.168.2.0 255.255.255.0 192.168.1.254 1, but nothing works.
When I ICMP echo, the Nat is declining the package requested.
The output of packet tracer is as follows:
Flow-Lookup enabled
Authorized route search
Authorized access list
IP-Options allowed
Inspect the permit
NAT-free license
NAT enabled
NAT enabled
Home-limit
NAT denied
The package was abandoned by NAT, and the same goes for the port 3389 (remote desktop).
Thank you in advance.
If you try to ping hair traffic inside the interface?
In general, it is not advisable. If the traffic must be routed before the ASA please make sure the router RTR traffic on one subnet to another. The ASA has no need to see the traffic that goes from inside to inside.
Now if you still insist on the fact that you can try to put in the translations for the CBC and the destination. In other words you need identity convert the 192.168.1.0/24 and 192.168.2.0/24. Are you nat exempting a sense but not the back.
You can try
inside_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.2.0 255.255.255.0
inside_nat0_outbound to access extended list ip 192.168.2.0 allow 255.255.255.0 192.168.1.0 255.255.255.0
And then you can run a trace of package again to see if it fails or not.
I hope it helps.
PK
-
I need allow users of our subnet VPN access to a Web server on our DMZ.
Both the inbound ACL is correct, but I'm not sure of what would be the translation.
Our VPN subnet is 172.16.140.0/24 and our DMZ is 172.16.110.0/24
Any help would be appreciated. BTW, it's an ASA5510
access-list no.-NAT-DMZ scope ip 172.16.110.0 allow 255.255.255.0 172.16.140.0 255.255.255.0
NAT (DMZ) access-list no.-Nat-DMZ
You had the acl above in your acl No. - Nat, but is exonerated for the inside interface nat. The LCD will never match. If you simply need to create an exemption for the DMZ with the acl nat appropriate.
-
CISCO easy VPN &; local subnets
Easyvpn Installer based on http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_configuration_example09186a00806ad10e.shtml
core1 #sh passage int fa0/0
Building configuration...
Current configuration: 303 bytes
!
interface FastEthernet0/0
Description _WAN_INTERFACE_
004f.620a.8771 Mac address
IP 10.74.17.254 255.255.240.0
no ip redirection
no ip unreachable
no ip proxy-arp
NAT outside IP
IP virtual-reassembly
route IP cache flow
automatic duplex
automatic speed
No cdp enable
card crypto VPNMAP1
end
#sh core1 run int fa0/1.1
Building configuration...
Current configuration: 294 bytes
!
interface FastEthernet0/1.1
Description Native_VLAN_1
encapsulation dot1Q 1 native
IP 192.168.40.101 255.255.255.0
IP helper 192.168.40.210
NBAR IP protocol discovery
IP nat inside
IP virtual-reassembly
no ip mroute-cache
entry of service-policy DROP_ONLINE_MOVIES
end
#sh core1 run int fa0/1.50
Building configuration...
Current configuration: 137 bytes
!
interface FastEthernet0/1.50
encapsulation dot1Q 50
192.168.50.1 IP address 255.255.255.0
IP nat inside
IP virtual-reassembly
end
core1 #sh ip int br | UNAs Exc
Interface IP-Address OK? Method State Protocol
FastEthernet0/0 10.74.17.254 YES NVRAM up up
FastEthernet0/1.1 192.168.40.101 YES NVRAM up up
FastEthernet0/1.20 192.168.20.1 YES NVRAM up up
FastEthernet0/1.50 192.168.50.1 YES NVRAM up up
FastEthernet0/1.82 192.168.82.1 YES NVRAM up up
Gateway of last resort is 10.74.16.254 to network 0.0.0.0
C 192.168.40.0/24 is directly connected, FastEthernet0/1.1
192.168.80.0/32 is divided into subnets, subnets 1
S 192.168.80.5 [1/0] via 195.212.29.188
C 192.168.20.0 is directly connected, FastEthernet0/1.20
10.0.0.0/8 is variably divided into subnets, 3 subnets, 3 masks
S 10.10.1.0/31 is directly connected, FastEthernet0/1.1
C 10.10.10.0/24 is directly connected, FastEthernet0/1.10
C 10.74.16.0/20 is directly connected, FastEthernet0/0
S 192.168.0.0/24 is directly connected, FastEthernet0/1.1
C 192.168.50.0/24 is directly connected, FastEthernet0/1.50
S * 0.0.0.0/0 [1/0] via 10.74.16.254
VPNPOOL1 192.168.80.1 192.168.80.5
CUSTOMER
Linux machine using vpnc
cat /etc/vpnc/e_vpn.conf
Xxxxxx gateway IPSec
VPN IPSec ID
IPSec secret xxxxx
IKE psk Authmode
Xauth username yyyyy
Xauth password xxxxx
Target 192.168.50.0/24 192.168.40.0/24 networks
Route - n
Kernel IP routing table
Destination Gateway Genmask Flags metric Ref use Iface
192.168.40.101 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
_VPN_ 9.158.166.129 UGH 255.255.255.255 0 0 0 eth0
9.158.166.129 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
9.0.136.50 9.158.166.129 UGH 255.255.255.255 0 0 0 eth0
192.168.220.0 0.0.0.0 255.255.255.240 U 0 0 0 virbr4
192.100.100.0 0.0.0.0 255.255.255.128 U 0 0 0 virbr5
9.158.166.128 0.0.0.0 255.255.255.128 U 0 0 0 eth0
192.168.80.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.40.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
0.0.0.0 9.158.166.129 0.0.0.0 UG 0 0 0 eth0
Ping - c1 192.168.50.1
PING 192.168.50.1 (192.168.50.1) 56 (84) bytes of data.
-ping 192.168.50.1 - statistics
1 packets transmitted, 0 received, 100% packet loss, time 0ms s
Did I miss something in the config... or something is wrong?
Follow these steps:
101 extended IP access list
1 deny ip any 192.168.80.0 0.0.0.255
!
Renumber list of access IP 101 10 10
Thank you.
Please note all useful posts
-
Cannot print over a network with Vista home
Hello I try to connecto my new laptop to my network wireless of office to share files and printers. The new laptop is Vista Home 64 bit. The printer is connectet to a PC with Windows xp and according to a person who does our netwirking the printer cannot talk to the 32-bit and 64-bit and tells me that I have to change for windows XP. It does not sound right. Apparently there is no driver for canon iR 1510-1670, which runs on a 64-bit processor. Any help...
Thank you
Guillermo
If there is no Vista 64-bit drivers available for this Canon printer, you will need to spend the XP Canon printer to a compatible printer Vista 64 bit if you want to print from it.
Canon has written drivers for their products, not Microsoft.
Check yourself on the Canon Website driver as to what drivers are available for this printer:
http://www.USA.Canon.com/OPD/controller?Act=OPDDownloadIndexAct
See you soon.
Mick Murphy - Microsoft partner
-
LinuxMint17 comments with NAT cannot reach a subnet, why?
I improved my VMWare to WS12PRO and built a new virtual machine containing a Linux Mint 17 machine. It uses the NAT networking.
WS is running on my Win7 X 64 computer laptop, which is connected by wire to the 192.168.0.0 network and via VPN to the 10.0.0.0 network.
In earlier versions of workstation when I had this setup I could connect to resources on the 10.0.0.0 network so that the host had the VPN channel open.
But now for some reason is more, why?
I enter ping 10.0.0.7 on my host and he responds very well, but when I do the same thing within the host is not responding.
If I come home instead of ping 192.168.0.152 I get an immediate response from this unit.
Even if I ping an Internet address.
For some reason any resolution to the VPN does not work on the system of WS12PRO when it has worked very well in WS7.
Is there a setting I can change to the client to do this work?
.
Problem solved!
It was located in Windows7 "Internet sharing" network configuration when enabled on the VPN connection to a network of WiFi access points.
The Access Point was not started, but in any case the presence of the layout sharing blocked the normal use of the other networks VPN channel.
Once sharing withdrew the connectoid that everything started working like before.
-
Cannot change the subnet mask of eCard in 7.1.3 (opensuse 11.4)
Had this problem before with 7.0 on suse 11.2, but I forget how I "fixed it". This is quite irritating considering I found nothing on google about this topic. I hope it's just my ignorance with the software and not a real problem, but when I try to change a vmnet as Host-only adapter, I have no option to change the subnet mask. I've seen tutorials where you just have this option, but I did not.
I use a very simple script to make changes to the Infrastructure virtual VMware which are not available on Linux hosts via the virtual network editor in Linux in VMware Workstation version. Note that there may be other ways, but this is what worked for me. Also note that changes to the value of a parameter that is not a correct value will cause failures, and that's why I have the scrip, run the commands with the talkative and check the ifconfig and VMware Network Status before and after you made the changes and you will see that in the attached script.
If you do not have what it takes to use the attached script then in a Terminal root or with sudo:
sudo /usr/bin/vmware-networks --stop -v sudo cp -p /etc/vmware/networking /etc/vmware/networking.backup sudo cp -p /etc/vmware/vmnet1/dhcpd/dhcpd.conf /etc/vmware/vmnet1/dhcpd/dhcpd.conf.backup sudo cp -p /etc/vmware/vmnet8/dhcpd/dhcpd.conf /etc/vmware/vmnet8/dhcpd/dhcpd.conf.backup sudo nano /etc/vmware/networking sudo nano /etc/vmware/vmnet1/dhcpd/dhcpd.conf sudo nano /etc/vmware/vmnet8/dhcpd/dhcpd.conf sudo /usr/bin/vmware-networks --start -v sudo /usr/bin/vmware-netcfg sudo /usr/bin/vmware-networks --start -v
In the attached script, you will see the following note about the use of writing, or why this is done manually:
# NOTE: Load the VMware Virtual Network Editor and then click the OK button. # This is being done for two reasons, one is to validate the settings # and the other is to create a new DHCP_CFG_HASH in the networking file. # # Be sure to review the 'Current Status after editing...' for any errors. echo echo Starting VMware Virtual Network Editor... echo sudo /usr/bin/vmware-netcfg
As I said there may be other ways and VMware is unfortunately very tight secretive about what they do the document to be disclosed to the public, which is unfortunately very little. It is so absurd that the version of Windows is not this limitation but I guess I would really be surprised since removed altogether VMware VMware Player for Linux virtual network editor and does not install it for the VMware Player for Windows even if it's in the Windows Installer Package. Go figure!
-
Skype cannot connect over 3g but connects over wifi
I recently had problems on my galaxy tab 2 every time I want to log in to Skype on 3 g network. It never connects, but it works well when am on wifi network. AV checked all the limitations of parameters and the data, but nothing seems to work. Someone has an idea?
I have found 2 alternative. I downloaded hotspot protect the phone and every time I want 2 connect on Skype on mobile data network 3 g, I launch the hotspot to protect first and make sure that it is connected, so my ip address will change before my Skype is able 2 connect.
Yes it works that way at the moment and I don't see any harm using d hotspot shield. -
I have some strange lines when I start my rMBP mid 2014
I tried the resets of Landau and SCM, tried to make a new user and once again reset.
Nothing works, somethings wrong with the /gpu of the motherboard?
Is there something I can do?
It will still cause problems in the future?
Is this a problem maybe?
For another case maybe it's related - I tried to make a diagnosis using the new "AHT" of new Mac (by pressing D on startup)
It won't let me in because suddenly the serial number is missing from here and 'a way'
What, then, is everything, it is linked, may be problem?
Photos:
Video:
https://www.YouTube.com/watch?v=-AkTCpbX1dw
Post edited by: SuperBik3
videos addedThe logic board need to be replaced.
Do a 'genius' one appointment at an Apple Store, or select another authorized service provider. You may need to leave the machine there for several days.
Back up the data on the internal disks before you turn on your computer to anyone. There are ways to back up a computer that is not fully functional - ask if you need advice.
If privacy is a concern, delete the partitions of data with the ability to write zeros * (do it only if you have at least two backups complete, independent, and you know how to restore on a blank disc from any one of them.) Do not delete the recovery partition, if it is present.
Keep your confidential data safe during the repair of the equipment
Apple recommends that you remove permission to a device in the iTunes store before serving.
* One SSD has no need to be set to zero.
Maybe you are looking for
-
upgrade: iMac RAM can add ram to 8 gb that comes with it?
Hey all,. So I just ordered my iMac 27 "end in 2015. I know you can increase the ram yourself and thought - if I order lets say 16 GB - can I add to the current 8 GB and make 24 GB of ram? (Or add 32 GB to 8 GB and therefor is 40 GB, incidentally?) T
-
What is the difference between t5 &; sl1?
Trying to decide which camera to buy - t5 or sl1 ~ ~
-
Cambie operating system of windows xp professional, al windows 7 y mi scanner genius colorpage - vivid 1200XE are not compatible, as debo hacer?
-
Drag and Drop problem - the photo under the cursor of the mouse is too large
I guess it's supposed to be an improvement, but the new version of Win 7 HPE produced an overview under the mouse cursor of the moved files from one place to another. It often causes the files end up in the wrong place [the wrist action is not like f
-
X 220: How can I disable screen orientation shortcuts keyboard?
Problem: Windows virtual PC captures the mouse pointer, and the combo hotkey to release the pointer to the host OS (Win7) is Ctrl-Alt-left. When I type this key combination, it is interpreted as a display of screen in portrait orientation, the top