SBS 2008 - Server 2008 site to site vpn problem.
Hi all
I have a box of SBS 2008 I want to add another server to the remote site (standard 2008). Currently, VPN works great on SBS and I can compose anywhere via the pptp network and join.
I added the RRAS branch again 2008 server role. Connection to the configured application, since VPN was already running on SBS, I just added to the request and the road. Both servers have user names Eric their numbering interfaces to, when I connect branch to SBS, he just connects in seconds, get IP address and routes are added, when I check the SBS it appears as inaccessible, when try to connect manually I either get error RRAS 0 or a pop up says the modem is already in use or not properly configured.
Grateful if someone can the advice that I've spent 2 days on this.
Thanx
If you can repost this thread under http://blogs.technet.com/b/windowsserver/, you can get a lot of fruitful discussions, solutions...
Tags: Windows
Similar Questions
-
Site to Site VPN problem ASA 5505
Hello
I have a strange problem with a site to site VPN. I configured it completely and I added 3 of my internal networks to be encrypted and access the remote network across the tunnel.
For some reason, I can access the remote network of only two of the three internal networkls that I've specified.
Here is a copy of my config - if anyone has any info I would be happy of course.
Thank you
Kevin
FK - U host name. S. - Raleigh - ASA
domain appdrugs.com
activate 08PI8zPL2UE41XdH encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
name Maridian-primary-Net 192.168.237.0
Meridian-backup-Net 192.168.237.128 name
name 10.239.192.141 AccessSwitch1IDFB
name 10.239.192.143 AccessSwitch1IDFC
name 10.239.192.140 AccessSwitch1MDFA
name 10.239.192.142 AccessSwitch2IDFB
name CiscoCallManager 10.195.64.206
name 10.239.192.2 CoreSwitch1
name 10.239.192.3 CoreSwitch2
name 10.195.64.17 UnityVM
name 140.239.116.162 Outside_Interface
name 65.118.69.251 Meridian-primary-VPN
name 65.123.23.194 Meridian_Backup_VPN
DNS-guard
!
interface Ethernet0/0
Shutdown
No nameif
security-level 100
no ip address
!
interface Ethernet0/1
nameif outside
security-level 60
address IP Outside_Interface 255.255.255.224
!
interface Ethernet0/2
nameif Inside1
security-level 100
IP 10.239.192.7 255.255.255.128
!
interface Ethernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
nameif management
security-level 50
IP 192.168.1.1 255.255.255.0
management only
!
boot system Disk0: / asa804 - k8.bin
Disk0: / asa804.bin starting system
passive FTP mode
DNS domain-lookup outside
DNS domain-lookup Inside1
management of the DNS domain-lookup service
DNS server-group DefaultDNS
Server name 10.239.192.10
domain appdrugs.com
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
the DM_INLINE_NETWORK_1 object-group network
object-network 10.195.64.0 255.255.255.0
object-network 10.239.192.0 255.255.255.0
object-network 10.239.192.128 255.255.255.128
object-group service DM_INLINE_SERVICE_1
the purpose of the ip service
ICMP service object
the purpose of the echo icmp message service
response to echo icmp service object
the DM_INLINE_NETWORK_2 object-group network
object-network 10.195.64.0 255.255.255.0
object-network 10.239.192.0 255.255.255.128
object-network 10.239.192.128 255.255.255.128
the DM_INLINE_NETWORK_3 object-group network
network-object 10.195.64.0 255.255.255.192
object-network 10.239.192.0 255.255.255.128
object-network 10.239.192.128 255.255.255.128
the DM_INLINE_NETWORK_5 object-group network
Maridian-primary-Net network object 255.255.255.128
Meridian-backup-Net network object 255.255.255.128
the DM_INLINE_NETWORK_6 object-group network
Maridian-primary-Net network object 255.255.255.128
Meridian-backup-Net network object 255.255.255.128
object-group network Vital-network-hardware-access
host of the object-Network UnityVM
host of the CiscoCallManager object-Network
host of the object-Network AccessSwitch1MDFA
host of the object-Network AccessSwitch1IDFB
host of the object-Network AccessSwitch2IDFB
host of the object-Network AccessSwitch1IDFC
host of the object-Network CoreSwitch1
host of the object-Network CoreSwitch2
object-group service RDP - tcp
EQ port 3389 object
the DM_INLINE_NETWORK_7 object-group network
Maridian-primary-Net network object 255.255.255.128
Meridian-backup-Net network object 255.255.255.128
host of network-object Meridian-primary-VPN
host of the object-Network Meridian_Backup_VPN
the DM_INLINE_NETWORK_9 object-group network
host of the object-Network Outside_Interface
Group-object Vital-equipment-access to the network
object-group service DM_INLINE_SERVICE_2
will the service object
ESP service object
the purpose of the service ah
the eq isakmp udp service object
object-group service DM_INLINE_SERVICE_3
ICMP service object
the purpose of the echo icmp message service
response to echo icmp service object
the DM_INLINE_NETWORK_4 object-group network
object-network 10.195.64.0 255.255.255.0
object-network 10.239.192.0 255.255.255.128
object-network 10.239.192.128 255.255.255.128
the DM_INLINE_NETWORK_8 object-group network
object-network 10.195.64.0 255.255.255.0
object-network 10.239.192.0 255.255.255.128
object-network 10.239.192.128 255.255.255.128
Outside_access_in list extended access permit icmp any any echo response
Access extensive list Maridian-primary-Net ip Outside_access_in 255.255.255.128 DM_INLINE_NETWORK_8 object-group enable
Access extensive list Meridian-backup-Net ip Outside_access_in 255.255.255.128 DM_INLINE_NETWORK_3 object-group enable
Inside_nat0_outbound to access ip 10.0.0.0 scope list allow 255.0.0.0 10.0.0.0 255.0.0.0
Access extensive list ip 10.239.192.0 Inside_nat0_outbound allow Maridian-primary-Net 255.255.255.0 255.255.255.128
Inside_access_in to access ip 10.0.0.0 scope list allow 255.0.0.0 all
Inside1_nat0_outbound to access ip 10.0.0.0 scope list allow 255.0.0.0 10.0.0.0 255.0.0.0
Inside1_nat0_outbound list extended access allowed object-group DM_INLINE_NETWORK_1 Maridian-primary-Net 255.255.255.128 ip
Inside1_nat0_outbound list extended access permitted ip object-group Meridian-backup-Net DM_INLINE_NETWORK_2 255.255.255.128
Access extensive list ip 10.239.192.0 Inside1_nat0_outbound allow 255.255.255.0 10.239.199.0 255.255.255.192
Access extensive list ip 10.195.64.0 Inside1_nat0_outbound allow 255.255.255.192 10.239.199.0 255.255.255.192
Inside1_access_in to access ip 10.0.0.0 scope list allow 255.0.0.0 all
Outside_1_cryptomap list extended access allowed object-group DM_INLINE_SERVICE_1-DM_INLINE_NETWORK_1 Maridian-primary-Net 255.255.255.128 objects
Outside_2_cryptomap list extended access permitted ip object-group Meridian-backup-Net DM_INLINE_NETWORK_2 255.255.255.128
permitted access Vital-network-Access_splitTunnelAcl-list standard 10.239.192.0 255.255.255.128
permitted access Vital-network-Access_splitTunnelAcl-list standard 10.195.64.0 255.255.255.0
permitted access Vital-network-Access_splitTunnelAcl-list standard 10.239.192.128 255.255.255.128
Access extensive list ip 10.239.199.0 Vital_VPN allow 255.255.255.192 object-group Vital-equipment-access to the network
Vital_VPN list extended access allow icmp 10.239.199.0 255.255.255.192 object-group Vital-equipment-access to the network
Vital_VPN of access allowed any ip an extended list
Outside_cryptomap_1 list extended access allowed object-group DM_INLINE_NETWORK_4 Maridian-primary-Net 255.255.255.128 ip
access list Vital-Site-to-site access extended allow ip object-DM_INLINE_NETWORK_5 group Vital-network-hardware-access object
Vital-Site-to-Site-access extended access list permits object-group DM_INLINE_SERVICE_3-group of objects DM_INLINE_NETWORK_6 object-group Vital-equipment-access to the network
Vital-Site-to-Site-access extended access list permits object-group objects object-group DM_INLINE_NETWORK_9 DM_INLINE_NETWORK_7 DM_INLINE_SERVICE_2-group
pager lines 24
Enable logging
exploitation forest asdm warnings
Outside 1500 MTU
MTU 1500 Inside1
management of MTU 1500
mask IP local pool access remote 10.239.199.11 - 10.239.199.62 255.255.255.192
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 621.bin
don't allow no asdm history
ARP timeout 14400
Global (1 interface external)
NAT (Inside1) 0-list of access Inside1_nat0_outbound
NAT (Inside1) 1 10.0.0.0 255.0.0.0
Access-group Outside_access_in in interface outside
Access-group Inside1_access_in in interface Inside1
Route outside 0.0.0.0 0.0.0.0 140.239.116.161 1
Route Inside1 10.192.52.0 255.255.255.0 10.239.192.1 1
Route Inside1 10.195.64.0 255.255.240.0 10.239.192.1 1
Route Inside1 10.239.0.0 255.255.0.0 10.239.192.1 1
Route Inside1 10.239.192.0 255.255.248.0 10.239.192.1 1
Route out of the Maridian-primary-Net 255.255.255.0 Outside_Interface 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-registration DfltAccessPolicy
Enable http server
http 66.104.209.192 255.255.255.224 outside
http 192.168.1.0 255.255.255.0 management
http 10.239.172.0 255.255.252.0 Inside1
SNMP-server host Inside1 10.239.132.225 community appfirestarter * #*.
location of Server SNMP Raleigh
contact Server SNMP Kevin mcdonald
Server SNMP community appfirestarter * #*.
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Server SNMP traps enable entity config change
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
Dynamic crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
Dynamic crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define security association lifetime 28800 seconds
cryptographic kilobytes 4608000 life of the set - the association of security of the 65535 SYSTEM_DEFAULT_CRYPTO_MAP of the dynamic-map
card crypto Outside_map 1 corresponds to the address Outside_cryptomap_1
card crypto Outside_map 1 peer set VPN-primary-Meridian
Outside_map 1 transform-set ESP-3DES-MD5 crypto card game
card crypto Outside_map 1 defined security-association life seconds 28800
card crypto Outside_map 1 set security-association kilobytes of life 4608000
card crypto Outside_map 2 corresponds to the address Outside_2_cryptomap
card crypto Outside_map 2 set peer Meridian_Backup_VPN
map Outside_map 2 game of transformation-ESP-3DES-MD5 crypto
card crypto Outside_map 2 defined security-association life seconds 28800
card crypto Outside_map 2 set security-association kilobytes of life 4608000
card crypto Outside_map 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
Outside_map interface card crypto outside
crypto ISAKMP allow outside
crypto ISAKMP policy 5
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
crypto ISAKMP policy 30
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH timeout 5
Console timeout 0
outside access management
management of 192.168.1.2 - dhcpd address 192.168.1.254
enable dhcpd management
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
allow outside
tunnel-group-list activate
internal strategy of State civil-access to the network group
Group Policy attributes Vital access to the network
value of server DNS 10.239.192.10
value of VPN-filter Vital_VPN
Protocol-tunnel-VPN IPSec webvpn
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value vital-network-Access_splitTunnelAcl
value of remote access address pools
internal state civil-Site-to-Site-GroupPolicy group strategy
Civil-site-a-site-grouppolicy-strategie status of group attributes
value of VPN-filter Vital-Site-to-Site-access
Protocol-tunnel-VPN IPSec l2tp ipsec webvpn
username APPRaleigh encrypted password m40Ls2r9N918trxp
username APPRaleigh attributes
VPN-group-policy Vital-network access
type of remote access service
username, password kmadmin u8urNz44/I.ugcF. encrypted privilege 15
tunnel-group 65.118.69.251 type ipsec-l2l
tunnel-group 65.118.69.251 General-attributes
Group Policy - by Defaut-vital-site-a-site-grouppolicy
IPSec-attributes tunnel-group 65.118.69.251
pre-shared-key *.
tunnel-group 65.123.23.194 type ipsec-l2l
tunnel-group 65.123.23.194 General-attributes
Group Policy - by Defaut-vital-site-a-site-grouppolicy
IPSec-attributes tunnel-group 65.123.23.194
pre-shared-key *.
remote access of type tunnel-group Vital access to the network
tunnel-group Vital access to the network general-attributes
Access to distance-address pool
Group Policy - by default-state civilian access to the network
tunnel-group Vital access to the network ipsec-attributes
pre-shared-key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns migrated_dns_map_1
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the migrated_dns_map_1 dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
!
global service-policy global_policy
context of prompt hostname
Cryptochecksum:a080b1759b57190ba65d932785ad4967
: endcan you confirm if we have the exact reflection of crypto acl at the other end
I feel may be you have a 24 10.239.192.0 255.255.255.0 on the other end in the remote network
can you please confirm that
also a reason, why you use 10.239.192.0 255.255.255.128 and 10.239.192.128 255.255.255.128 instead of 10.239.192.0 255.255.255.0
-
Greetings,
I practice implementation of VPN and it seems to have fallen on a small issue that solution eludes me. Everything works in my current topology with the exception of a multi-site vpn. I have 3 ASA, which is outside the interface is connected via a switch. The inside interface is connected to a local area network that contains a workstation on each subnet. I'm trying to set up a solution where I can have all 3 ASA related between them via a VPN. The question I have is when I raise a single tunnel, scathing from a workstation behind the ASA, I can't set up a second tunnel scathing from a different network. To explain that better, here is an explanation:
ASA #1
outdoors: 10.0.1.1/24
inside: 192.168.0.1/24
workstation: 192.168.0.100
ASA #2
outside: 10.0.1.2/24
inside: 192.168.1.1/24
workstation: 192.168.1.100
ASA #3
outside: 10.0.1.3/24
inside: 192.168.2.1/24
workstation: 192.168.2.100
If I ping 192.168.0.100 192.168.1.100, the tunnel opens very well and I get answers. If I can try and ping 192.168.0.100 192.168.2.100, does not open the tunnel to 192.168.2.0. If I clear all its on ASA #1 and then ping 192.168.0.100 192.168.2.100, the tunnel opens very well and I get a response. Then I try and ping 192.168.0.100 192.168.1.100 and the same thing happens, no tunnel and no response. When I enabled logging on ASA #1 seems that it sends the ping for the different network on the tunnel open instead of opening a new tunnel to the correct network. Can someone tell me what is happening here and if I just missed something simple with routing? Or is it maybe a problem with VPN?
Craig,
You have default route badly configured on all the ASA. Here's what you have configured
ASA1
Route outside 0.0.0.0 0.0.0.0 192.168.0.1 1
It's sendning the package for outside inside IP address. Here's what you need to do on the ASA
ASA1
No route outside 0.0.0.0 0.0.0.0 192.168.0.1 1
Route outside 0.0.0.0 0.0.0.0 10.0.1.2
ASA2
No route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
Route outside 0.0.0.0 0.0.0.0 10.0.1.1
ASA3
No route outside 0.0.0.0 0.0.0.0 192.168.2.1 1
Route outside 0.0.0.0 0.0.0.0 10.0.1.1
Also delete icmp access list crypto that you allowed to what IP is the same access list. IP covers both the ICMP.
Kindly let me know change default allows traffic.
Kind regards
Bad Boy
P.S. Please mark this message as 'Responded' If you find this information useful so that it brings goodness to other users of the community
-
Hello, I'm having a problem with my VPN configuration. I have two locations each with she is has a subnett. I have a VPN site-to site between the two locations. The site to site VPN is up and fully functional without any problem. Now if I'm away from work and to connect with the site A VPN client, I cannot ping or connect what either on site B. Or if I am connected to site B by a VPN I can't ping or connect what to site A.
I hope that makes sense, but I'll be happy to give more details on Setup if necessary.
I think that the command you need is:
same-security-traffic permit Intra-interface (not inter-interface)
The remote VPN and VPN site - to use the same outside interface, so this command allows VPN traffic out this interface pin
Sent by Cisco Support technique iPad App
-
Hello world
I have a problem with the vpn site to site between two cisco routers. The configurations are:
Site has
crypto ISAKMP policy 10
BA 3des
preshared authentication
Group 2
life 86000
ISAKMP crypto secrettestkey key address x.x.x.x
!
!
Crypto ipsec transform-set esp-3des esp-sha-hmac S2S
!
S2S 10 ipsec-isakmp crypto map
defined peer x.x.x.x
game of transformation-S2S
match address S2Sinterface FastEthernet4
IP address y.y.y.y 255.255.255.252
NAT outside IP
IP virtual-reassembly
automatic duplex
automatic speed
card crypto S2S
!
!
interface Vlan1
no ip address
!
!
interface Vlan12
IP 192.168.100.1 address 255.255.255.0
IP nat inside
IP virtual-reassembly
!
!
IP forward-Protocol ND
no ip address of the http server
no ip http secure server
!
!
overload of IP nat inside source list 100 interface FastEthernet4
IP route 0.0.0.0 0.0.0.0 y.y.y.x
IP route 192.168.14.0 255.255.255.0 y.y.y.x
!
S2S extended IP access list
IP 192.168.100.0 allow 0.0.0.255 192.168.14.0 0.0.0.255
!
access-list 100 deny ip 192.168.100.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 100 permit ip 192.168.100.0 0.0.0.255 anySite B
crypto ISAKMP policy 20
BA 3des
preshared authentication
Group 2
life 86000ISAKMP crypto secrettestkey key address x.x.x.x
Crypto ipsec transform-set esp-3des esp-sha-hmac testS2S
DCMAP 20 ipsec-isakmp crypto map
tunnel test Description
defined peer x.x.x.x
Set transform-set testS2S
match the address testS2Sinterface GigabitEthernet0/0
Description. : Outside:.
IP address y.y.y.y 255.255.255.224
IP access-group OUTSIDE2INSIDE in
NAT outside IP
IP virtual-reassembly
automatic duplex
automatic speed
media type rj45
card crypto DCMAPIP route 192.168.100.0 255.255.255.0 y.y.y.x
testS2S extended IP access list
IP 192.168.14.0 allow 0.0.0.255 192.168.100.0 0.0.0.255There is also a NAT - T configuration on this site
Tunnel is not coming. The status is MM_NO_STATE
What are the causes of the problem? Please notify.
Hello
Check out the link. Its for remote access IPSec. Try to remove the config and reapply the card encryption.
Second in debugging, see router goes for x-auth.
04:35:44.707 26 Jan: ISAKMP: Config payload REQUEST
26 jan 04:35:44.707: ISAKMP: (2083): no provision of demand
04:35:44.707 26 Jan: ISAKMP: Invalid configuration REQUEST
04:35:44.707 26 Jan: ISAKMP (2083): action of WSF returned the error: 2
04:35:44.707 26 Jan: ISAKMP: (2083): entry = IKE_MESG_FROM_PEER, IKE_CFG_REQUESTYou can disable using xauth No. in the end of statement isakmp key.
# isakmp crypto key 0 abc address x.x.x.x No.-xauth
HTH
-
Guys,
I'm new in the world of IP VPN. I am setting up a site 2 site between 2 routers Cisco 1841 vpn. I have SDSL connection on both ends and I am able to ping outside intellectual property both ok but with vpn configuration problems. The VPN tunnel is not come and show crypto isakmp its shows me nothing. I enabled debugging on isakmp and ipsec but no display of the trace. Attached is my router config, I have a similar config on the other end.
Help, please!
See you soon,.
K
This ping will never work, ping now you will from the dialer interface, go ahead and do
source of ping 192.168.1.1 192.168.0.254
-
SBS 2008 office1 Serv2008 Office 2 need to share assets between them via a site to site VPN tunnel
Hi all.
I really need help on this one.
The office 1 installer running SBS2008 Office 2 running Server 2008.
Each firm has its own FQDN Office 1 CompanyABC 2 A_B_C of the company office.
Each firm has its own internal IP address pool Office 1 192.168.69.xxx and office 192.168.20.xxx 2.
Site to site VPN tunnel between 2 office routers Netgear SRX5308 1 and 2 Netgear FVS318G Office established and working.
Each firm has its own DNS server and acts as a domain controller
How to configure the 2 networks to see each other and be able to use assets on every network (files, printers)?
Is it so simple that the addition of another pool internal IP for each DNS server?
Thanks in advance for your help.
Hello
Your Question is beyond the scope of this community.
I suggest that repost you your question in the Forums of SBS.
https://social.technet.Microsoft.com/forums/en-us/home?Forum=smallbusinessserver
"Windows Small Business Server 2011 Essentials online help"
https://msdn.Microsoft.com/en-us/library/home-client.aspx
TechNet Server forums.
http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer
See you soon.
-
Pass Cisco 871 and VPN to the SBS 2008 Server
to precede the questions below, I'm responsible for COMPUTING internal with several years of site / offsite support. I also have very limited knowledge of the inner workings of a Cisco device. That said, I've beaten my head against a wall, trying to configure my router Cisco 871 to allow access to our internal server of SBS 2008 VPN hosting services. I think I, and properly configured the SBS 2008 Server.
I use advanced IP services, version 12.4 (4) T7
Here is the \windows\system32\conifg\system running
Building configuration...
Current configuration: 9414 bytes
!
version 12.4
no service button
tcp KeepAlive-component snap-in service
a tcp-KeepAlive-quick service
horodateurs service debug datetime localtime show-timezone msec
Log service timestamps datetime localtime show-timezone msec
encryption password service
sequence numbers service
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
Security of authentication failure rate 3 log
Passwords security min-length 6
logging buffered debugging 51200
recording console critical
enable secret 5 *.!
No aaa new-model
!
resources policy
!
PCTime-5 timezone clock
PCTime of summer time clock day April 6, 2003 02:00 October 26, 2003 02:00
IP subnet zero
no ip source route
IP cef
!
!
!
!
synwait-time of tcp IP 10
no ip bootp Server
"yourdomain.com" of the IP domain name
name of the IP-server 65.24.0.168
name of the IP-server 65.24.0.196
property intellectual ssh time 60
property intellectual ssh authentication-2 retries
inspect the IP name DEFAULT100 appfw DEFAULT100
inspect the IP name DEFAULT100 cuseeme
inspect the IP name DEFAULT100 ftp
inspect the IP h323 DEFAULT100 name
inspect the IP icmp DEFAULT100 name
inspect the IP name DEFAULT100 netshow
inspect the IP rcmd DEFAULT100 name
inspect the IP name DEFAULT100 realaudio
inspect the name DEFAULT100 rtsp IP
inspect the IP name DEFAULT100 sqlnet
inspect the name DEFAULT100 streamworks IP
inspect the name DEFAULT100 tftp IP
inspect the IP udp DEFAULT100 name
inspect the name DEFAULT100 vdolive IP
inspect the name DEFAULT100 http urlfilter IP
inspect the IP router-traffic tcp name DEFAULT100
inspect the IP name DEFAULT100 https
inspect the IP dns DEFAULT100 name
urlfilter IP interface-source FastEthernet4
property intellectual urlfilter allow mode on
urlfilter exclusive-area IP Deny. Facebook.com
refuse the urlfilter exclusive-domain IP. spicetv.com
refuse the urlfilter exclusive-domain IP. AddictingGames.com
urlfilter exclusive-area IP Deny. Disney.com
urlfilter exclusive-area IP Deny. Fest
refuse the urlfilter exclusive-domain IP. freeonlinegames.com
refuse the urlfilter exclusive-domain IP. hallpass.com
urlfilter exclusive-area IP Deny. CollegeHumor.com
refuse the urlfilter exclusive-domain IP. benmaller.com
refuse the urlfilter exclusive-domain IP. gamegecko.com
refuse the urlfilter exclusive-domain IP. ArmorGames.com
urlfilter exclusive-area IP Deny. MySpace.com
refuse the urlfilter exclusive-domain IP. Webkinz.com
refuse the urlfilter exclusive-domain IP. playnow3dgames.com
refuse the urlfilter exclusive-domain IP. ringtonemecca.com
refuse the urlfilter exclusive-domain IP. smashingames.com
urlfilter exclusive-area IP Deny. Playboy.com
refuse the urlfilter exclusive-domain IP. pokemoncrater.com
refuse the urlfilter exclusive-domain IP. freshnewgames.com
refuse the urlfilter exclusive-domain IP. Toontown.com
urlfilter exclusive-area IP Deny .online-Funny - Games.com
urlfilter exclusive-area IP Deny. ClubPenguin.com
refuse the urlfilter exclusive-domain IP. hollywoodtuna.com
refuse the urlfilter exclusive-domain IP. andkon.com
urlfilter exclusive-area IP Deny. rivals.com
refuse the urlfilter exclusive-domain IP. moregamers.com
!
policy-name appfw DEFAULT100
http request
port-bad use p2p action reset alarm
port-abuse im action reset alarm
Yahoo im application
default action reset service
service-chat action reset
Server deny name scs.msg.yahoo.com
Server deny name scsa.msg.yahoo.com
Server deny name scsb.msg.yahoo.com
Server deny name scsc.msg.yahoo.com
Server deny name scsd.msg.yahoo.com
Server deny name messenger.yahoo.com
Server deny name cs16.msg.dcn.yahoo.com
Server deny name cs19.msg.dcn.yahoo.com
Server deny name cs42.msg.dcn.yahoo.com
Server deny name cs53.msg.dcn.yahoo.com
Server deny name cs54.msg.dcn.yahoo.com
Server deny name ads1.vip.scd.yahoo.com
Server deny name radio1.launch.vip.dal.yahoo.com
Server deny name in1.msg.vip.re2.yahoo.com
Server deny name data1.my.vip.sc5.yahoo.com
Server deny name address1.pim.vip.mud.yahoo.com
Server deny name edit.messenger.yahoo.com
Server deny name http.pager.yahoo.com
Server deny name privacy.yahoo.com
Server deny name csa.yahoo.com
Server deny name csb.yahoo.com
Server deny name csc.yahoo.com
audit stop trail
aol im application
default action reset service
service-chat action reset
Server deny name login.oscar.aol.com
Server deny name toc.oscar.aol.com
Server deny name oam - d09a.blue.aol.com
audit stop trail
!
!
Crypto pki trustpoint TP-self-signed-1955428496
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 1955428496
revocation checking no
rsakeypair TP-self-signed-1955428496
!
!
TP-self-signed-1955428496 crypto pki certificate chain
certificate self-signed 01
308201B 8 A0030201 02020101 3082024F 300 D 0609 2A 864886 F70D0101 04050030
2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
69666963 31393535 34323834 6174652D 3936301E 170 3032 30333031 30303035
33315A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D
4F532D53 5369676E 656C662D 43 65727469 66696361 74652 31 39353534 65642D
32383439 3630819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101
8100CB6B E980F044 5FFD1DAE CBD35DE8 E3BE2592 DF0B2882 2F522195 4583FA03
40F4DAC6 CEAD479F A92607D4 1 B 033714 51C3A84D EA837959 F5FC6508 4D71F8E6
5B124BB3 31F0499F B0E871DB AF354991 7D45F180 5D8EE435 77C8455D 2E46DE46
67791F49 44407497 DD911CB7 593E121A 0892DF33 3234CF19 B2AE0FFD 36A640DC
2 010001 HAS 3 990203 AND 77307530 1 130101 FF040530 030101FF 30220603 0F060355 D
1104 1B 301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D 551D
301F0603 C 551 2304 18301680 145566 4581F9CD 7 5F1A49FB 49AC9EC4 678908FF
2A301D06 04160414 5566 745 81F9CD5F 1A49FB49 AC9EC467 8908FF2A 03551D0E
300 D 0609 2A 864886 818100B 3 04050003 903F5FF8 A2199E9E EA8CDA5D F70D0101
60B2E125 AA3E511A C312CC4F 0130563F 28D3C813 99022966 664D52FA AB1AA0EE
9A5C4823 6B19EAB1 7ACDA55F 6CEC4F83 5292 HAS 867 BFC65DAD A2391400 DA12860B
5A 523033 E6128892 B9BE68E9 73BF159A 28D47EA7 76E19CC9 59576CF0 AF3DDFD1
3CCF96FF EB5EB4C9 08366F8F FEC944CA 248AC7
quit smoking
secret of username admin privilege 15 5 *.!
!
Policy-map sdmappfwp2p_DEFAULT100
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
Description $$$ FW_OUTSIDE$ $ES_WAN$ ETH - WAN
address IP dhcp client id FastEthernet4
IP access-group 101 in
no ip redirection
no ip unreachable
no ip proxy-arp
NAT outside IP
inspect the DEFAULT100 over IP
IP virtual-reassembly
route IP cache flow
automatic duplex
automatic speed
sdmappfwp2p_DEFAULT100 of service-policy input
out of service-policy sdmappfwp2p_DEFAULT100
!
interface Vlan1
Description $ETH - SW - LAUNCH$ $INTF - INFO - HWIC-$4ESW $ES_LAN$ $FW_INSIDE$
the IP 192.168.0.1 255.255.255.0
IP access-group 100 to
no ip redirection
no ip unreachable
no ip proxy-arp
IP nat inside
IP virtual-reassembly
route IP cache flow
IP tcp adjust-mss 1452
!
IP classless
!
!
IP http server
local IP http authentication
IP http secure server
IP http timeout policy slowed down 60 life 86400 request 10000
the IP nat inside source 1 list the interface FastEthernet4 overload
IP nat inside source static tcp 192.168.0.100 1723 1723 interface FastEthernet4
IP nat inside source static tcp 192.168.0.100 25 25 FastEthernet4 interface
IP nat inside source static tcp interface 192.168.0.100 80 80 FastEthernet4
IP nat inside source static tcp 192.168.0.100 interface FastEthernet4 443 443
IP nat inside source static tcp 192.168.0.100 interface FastEthernet4 987 987
!
recording of debug trap
Note access-list 1 INSIDE_IF = Vlan1
Remark SDM_ACL category of access list 1 = 2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark self-generated by the configuration of the firewall Cisco SDM Express
Access-list 100 = 1 SDM_ACL category note
access-list 100 deny ip 255.255.255.255 host everything
access-list 100 deny ip 127.0.0.0 0.255.255.255 everything
access ip-list 100 permit a whole
access list 101 remark self-generated by the configuration of the firewall Cisco SDM Express
Note access-list 101 = 1 SDM_ACL category
access-list 101 permit tcp any any eq 1723
access-list 101 permit tcp any any eq 987
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq smtp
access-list 101 permit udp host 65.24.0.169 eq field all
access-list 101 permit udp host 65.24.0.168 eq field all
access-list 101 permit udp host 24.29.1.219 eq field all
access-list 101 permit udp host 24.29.1.218 eq field all
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny ip 192.168.0.0 0.0.0.255 any
access-list 101 permit icmp any any echo response
access-list 101 permit icmp any one time exceed
access-list 101 permit everything all unreachable icmp
access-list 101 deny ip 10.0.0.0 0.255.255.255 everything
access-list 101 deny ip 172.16.0.0 0.15.255.255 all
access-list 101 deny ip 192.168.0.0 0.0.255.255 everything
access-list 101 deny ip 127.0.0.0 0.255.255.255 everything
access-list 101 deny ip 255.255.255.255 host everything
access-list 101 deny ip any one
not run cdp
!
!
control plan
!
connection of the banner ^ CCCCCAuthorized access only!
Unplug IMMEDIATELY if you are not an authorized user. ^ C
!
Line con 0
local connection
no activation of the modem
telnet output transport
line to 0
local connection
telnet output transport
line vty 0 4
privilege level 15
local connection
transport input telnet ssh
!
max-task-time 5000 Planner
Scheduler allocate 4000 1000
Scheduler interval 500
endAll that top has been configured with the SDM interface. I hope someone here can take a look at this and see what my question is, and why I can't connect through the router.
All thanks in advance to help me with this.
Jason
Based on your description, I am assuming that you are trying the traffic PPTP passthrough via the router 871, and the PPTP Protocol ends on your SBS 2008 Server.
If this is the correct assumption, PPTP uses 2 protocols: TCP/1723 and GRE. Your configuration only allow TCP/1723, but not the GRE protocol.
On 101 ACL, you must add "allow accord any any" before the declarations of refusal:
101 extended IP access list
1 allow any one
I guess that the PPTP control connection works fine? Are you able to telnet to the router outside the ip address of the interface on port 1723?
-
Exchange Server 2007 SBS 2008 Service Pack problems
I am server running Exchange 2007 on Small Business server 2008 (SBS 2008). I tried to install SP2, but it omits the two windows update and manually. Can someone tell me first what version I am running?
Help / form displays the Exchange Management Console:
Version 08.01.0436.000
And repairs on Exchange Server from programs and features shows 2007 SP1 setup. So I think that SP2 to be then I also ran SP3 but it does not work.
Here are the lines to the end of a journal:
[05/03/2014 08:54:13] [0] Setup will run the task 'uninstall msipackage.
[05/03/2014 08:54:13] [1] Setup launched task 'uninstall-msipackage - logfile 'C:\ExchangeSetupLogs\ExchangeSetup.msilog' - '24b2c164-de66-44fe-b468-a46d9d5e6b31'-PropertyValues ProductCode' BYPASS_CONFIGURED_CHECK = 1 DEFAULTLANGUAGENAME = FRA "
[05/03/2014 08:54:13] [1] start of treatment.
[05/03/2014 08:54:13] [1] 'PackageName' property is 'EXCHANGESERVER.msi.
[05/03/2014 08:54:13] [1] remove the MSI package with the code "24b2c164-de66-44fe-b468-a46d9d5e6b31".
[05/03/2014 09:09:01] [1] [ERROR] an unexpected error
[05/03/2014 09:09:01] [1] [ERROR] failed to remove product with code 24b2c164-de66-44fe-b468-a46d9d5e6b31. Fatal error during installation. Error code is 1603. Last error reported by the .msi package is ' could not open key: UNKNOWN\Components\7ABFE44842C12B390AF18C3B9B1A1EE8\461C2B4266EDEF444B864AD6D9E5B613. Check that you have sufficient access to that key or contact your support team. '.
[05/03/2014 09:09:01] [1] [ERROR] fatal error during installation
[05/03/2014 09:09:01] [1] end of the treatment.
[05/07/2014 19:45:17] [0] end of the installationThere is a registry key to match and used for the configuration administrator account has access to it, I think? What does this newspaper?
This issue is beyond the scope of this site and must be placed on Technet or MSDN
http://social.technet.Microsoft.com/forums/en-us/home
http://social.msdn.Microsoft.com/forums/en-us/home
-
VPN tunnel via Cisco to SBS 2008 RRAS router
I need to provide access to remote users outside of ro on the VPN connection. I have a SBS 2008 Server with 1 NIC (10.1.1.1) and active VPN via the option "set up Virtual Private Network" on the SBS console, I enabled the GRE and port 1723 on my Cisco firewall so (10.1.1.254).
I can VPN to SBS internally very well and can telnet to port 1723, but cannot spend outdoors.
I get error 800 how connection on windown 7 PC.I can't telnet to port 1723 on the outside (on the internet), please see my Cisco confug and advice if I missed anythings:
wrsydgw #sh run
Building configuration...Current configuration: 8337 bytes
!
version 12.4
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
encryption password service
!
hostname wrsydgw
!
boot-start-marker
start the flash c870-advsecurityk9 - mz.124 - 15.T4.bin system
boot-end-marker
!
forest-meter operation of syslog messages
enable secret 5 $1$ rroD$ / R.6Ce8EdSw7S7B3AJjX81
!
AAA new-model
!
!
!
!
AAA - the id of the joint session
clock timezone 10 30 sydney
!
Crypto pki trustpoint TP-self-signed-432125903
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 432125903
revocation checking no
rsakeypair TP-self-signed-432125903
!
!
TP-self-signed-432125903 crypto pki certificate chain
certificate self-signed 01
30820255 308201BE A0030201 02020101 300 D 0609 2A 864886 F70D0101 04050030
2 060355 04031325 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 30312E30
69666963 34333231 32353930 33301E17 303230 33303130 30313331 0D 6174652D
315A170D 2E302C06 1325494F 03550403 32303031 30313030 30303030 5A 303031
532D 5365 6C662D53 69676E65 4365 72746966 69636174 652 3433 32313235 642D
06092A 86 4886F70D 01010105 39303330 819F300D 00308189 02818100 0003818D
D54A7EE8 D5B13EED 87D8B177 BC34EDD3 3F2BE37D CEF6E57A 1EDBCF29 344B54C4
EC4DDA6C 8CD07E5C C7E1E6AF 667A5A14 1 HAS 390265 634152D 344D430F 0 ACB0A9F0
A78CA88C C14B4839 6B367DD1 8D8D726A 36624CC2 3CEC616D D72EC30E D27DE845
6F443BE2 51EB9660 981EF07B 097C335D 12D06DD3 2FA8EB3C C20F148B EF367A1F
02030100 01A37F30 7D300F06 03551 D 13 0101FF04 05300301 01FF302A 0603551D
21821F77 11042330 7274732E 726F6265 6D2E696E 63383737 7465726E 6F64652E
6F6E2E6E 6574301F 0603551D 23041830 16801450 41DDCEFD CF041B7B B 48371, 91
5E7EC2D5 D7F6C330 1 D 060355 1D0E0416 DDCEFDCF 04145041 041B7B48 371B915E
7EC2D5D7 F6C3300D 06092 HAS 86 01010405 00038181 004B1DB1 6EA45622 4886F70D
2697E497 BE5D2F71 C15F70B5 9DE07318 A1AD6451 E2502A89 22EC2B7D 26D1C4B7
BC7D09EA F376A2E1 0DF851F2 52C5CFE2 3660BF22 D58E2B15 8A3610BF EDA2FCDC
B5F7429B A89D84D2 EC126229 489CA0D4 E178FC1E E1FBA853 C78AD740 C5A98B4D
4CB58F93 1019D06B 78 C 45799 A5BB1A6F 17FE4C6D 7CE5135B DF
quit smoking
dot11 syslog
no ip source route
!
!
!
!
IP cef
no ip domain search
IP domain name internode.on.net
name of the IP-server 192.231.203.132
name of the IP-server 192.231.203.3
No ipv6 cef
!
Authenticated MultiLink bundle-name Panel
!
!
!
!
No vlan spanning tree 1
No vlan spanning tree 100
username xxxprivilege 15 password 7 xxxxxx
username privilege 15 secret 5 xxxx xxxxxx.
username, password 7 xxxxprivilege 15 xxxxxx!
!
crypto ISAKMP policy 1
BA 3des
md5 hash
preshared authentication
ISAKMP crypto key QnrpzdFI address 139.130.36.42
ISAKMP crypto 5 30 keepalive
!
!
Crypto ipsec transform-set esp-3des esp-md5-hmac vpn - ts
!
RTP 1 ipsec-isakmp crypto map
defined by peer 139.130.36.42
the value of the transform-set vpn - ts
match address Maria
!
Archives
The config log
hidekeys
!
!
property intellectual ssh version 2
!
!
!
ATM0 interface
Description - The internode ADSL-
no ip address
no ip-cache cef route
no ip route cache
no ip mroute-cache
No atm ilmi-keepalive
!
point-to-point interface ATM0.1
no ip route cache
PVC 8/35
PPPoE-client dial-pool-number 1
!
!
interface FastEthernet0
spanning tree portfast
!
interface FastEthernet1
switchport access vlan 100
!
interface FastEthernet2
spanning tree portfast
!
interface FastEthernet3
spanning tree portfast
!
interface Vlan1
10.1.1.254 IP address 255.255.255.0
IP access-group INOUT in
penetration of the IP stream
stream IP output
IP nat inside
IP virtual-reassembly
IP tcp adjust-mss 1450
!
interface Vlan100
IP 10.1.2.254 255.255.255.0
IP nat inside
IP virtual-reassembly
IP tcp adjust-mss 1450
!
interface Dialer0
Description OF the internode
the negotiated IP address
IP access-group DRY in
IP mtu 1452
NAT outside IP
IP virtual-reassembly
encapsulation ppp
Dialer pool 1
Dialer-Group 1
Authentication callin PPP chap Protocol
PPP chap hostname [email protected] / * /PPP chap password 7 xxxxxxx
crypto rtp map
!
IP forward-Protocol ND
IP route 0.0.0.0 0.0.0.0 Dialer0
IP route 10.2.0.0 255.255.0.0 10.1.1.247
no ip address of the http server
no ip http secure server
!
IP high speed-flyers
Top 50
Sorting bytes
cache-timeout 5000
!
IP nat inside source map route VPN-sheep interface Dialer0 overload
IP nat inside source static tcp 10.1.1.1 25 59.167.239.185 25-card route-bypass extensible portfwd
IP nat inside source static tcp 10.1.1.1 443 59.167.239.185 443-route-bypass portfwd expandable card
IP nat inside source static tcp 10.1.1.1 1723 59.167.239.185 1723-route bypass-portfwd expandable map
IP nat inside source static tcp 10.1.1.1 3389 59.167.239.185 route-bypass extensible portfwd 3390-card
IP nat inside source static tcp 10.1.1.7 3389 59.167.239.185 3391-route-bypass portfwd expandable card
IP nat inside source static tcp 10.1.1.125 4333 59.167.239.185 route-bypass extensible portfwd 4333-card
IP nat inside source static tcp 10.1.1.133 4334 59.167.239.185 route-bypass extensible portfwd 4334-card
IP nat inside source static tcp 10.1.1.112 59.167.239.185 4335 4335-route-bypass portfwd expandable card
IP nat inside source static tcp 10.1.2.200 8000 59.167.239.185 8000-route-bypass portfwd expandable card
IP nat inside source static tcp 10.1.2.201 443 59.167.239.185 8001-route-bypass portfwd expandable card
IP nat inside source static tcp 10.1.2.10 80 59.167.239.185 8002-route-bypass portfwd expandable card
IP nat inside source static tcp 10.1.2.11 80 59.167.239.185 8003-route-bypass portfwd expandable card
IP nat inside source static tcp 10.1.1.10 80 59.167.239.185 route-bypass extensible portfwd 8004-card
IP nat inside source static tcp 10.1.1.11 80 59.167.239.185 8005-route-bypass portfwd expandable card
IP nat inside source static tcp 10.1.2.200 80 59.167.239.185 - extensible 8008 portfwd bypass road map
!
DRY extended IP access list
allow tcp any a Workbench
permit tcp any any eq 22
allow any host 59.167.239.185 eq tcp smtp
allow any host 59.167.239.185 eq 443 tcp
allow any host 59.167.239.185 eq 8000 tcp
allow any host 59.167.239.185 eq 8008 tcp
permit tcp any host 59.167.239.185 eq 8001
permit tcp any host 59.167.239.185 eq 8002
permit tcp any host 59.167.239.185 eq 8003
allow any host 59.167.239.185 eq 4333 tcp
allow any host 59.167.239.185 eq 4334 tcp
allow any host 59.167.239.185 eq 4335 tcp
allow any host 59.167.239.185 eq 8004 tcp
allow any host 59.167.239.185 eq 8005 tcp
permit any any icmp echo response
allow an esp
allow a gre
allow a whole ahp
allow icmp all once exceed
ICMP all all ttl-exceeded allow it
allow all all unreachable icmp
permit any any icmp echo
allowed UDP any eq field all
permit udp host 192.231.203.132 eq ntp all
permit any any eq non500-isakmp udp
allow udp any any eq isakmp
deny ip 127.0.0.0 0.255.255.255 everything
refuse the ip 255.255.255.255 host everything
refuse the host ip 0.0.0.0 everything
IP 10.2.0.0 allow 0.0.255.255 everything
allow any host 59.167.239.185 eq 3389 tcp
permit tcp host 67.15.24.9 host 59.167.239.185 eq smtp
permit tcp host 67.15.42.51 host 59.167.239.185 eq smtp
permit tcp host 67.15.52.7 host 59.167.239.185 eq smtp
permit tcp host 69.16.202.203 host 59.167.239.185 eq smtp
permit tcp host 69.16.202.216 host 59.167.239.185 eq smtp
permit tcp host 70.84.109.196 host 59.167.239.185 eq smtp
permit tcp host 207.44.218.60 host 59.167.239.185 eq smtp
permit tcp any host 59.167.239.185 eq 3390
permit tcp any host 59.167.239.185 eq 3391
deny ip any any newspaper
permit tcp any any eq 1723
allow any host 59.167.239.185 eq tcp 1723
INOUT extended IP access list
refuse tcp 10.1.1.3 host no matter what newspaper eq 3389
allow an ip
SHEEP extended IP access list
deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
ip licensing 10.1.1.0 0.0.0.255 any
IP 10.1.2.0 allow 0.0.0.255 any
NOPFW extended IP access list
deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
IP enable any 10.1.1.0 0.0.0.255
IP enable any 10.1.2.0 0.0.0.255
Maria extended IP access list
IP 10.1.0.0 allow 0.0.255.255 10.2.0.0 0.0.255.255
!
!
!
!
!
route map VPN-sheep permit 1
corresponds to the IP SHEEP
!
bypass-portfwd allowed 10 route map
corresponds to the IP NOPFW
!
!
control plan
!
!
Line con 0
no activation of the modem
line to 0
line vty 0 4
privilege level 15
Synchronous recording
entry ssh transport
!
max-task-time 5000 Planner
NTP 192.231.203.132 Server prefer
endFor this line of NAT:
IP nat inside source static tcp 10.1.1.1 1723 59.167.239.185 1723-route bypass-portfwd expandable map
Can you please try to remove it and change it to all the following:
IP nat inside source static tcp 10.1.1.1 1723 59.167.239.185 1723 extensible
-
SBS 2008 Migration to Server 2008 R2
Need to a company full of Windows SBS 2008 R2
Promo DC Server 2008 R2 to join 2008 the SBS domain.
SYSVOL and netlogon have not been replicated
Cant DCpromo SBS 2008 DC out
Hello
Thanks for posting in the Microsoft Community Forum, please be assured that we would do our best to help you.
The question you have posted is related to Server 2008, it would be better suited in the Technet forums. Please visit the link below to find a community that will support according to your request.
http://social.technet.microsoft.com/forums/en-US/category/windowsserver/.
If you have any questions do not hesitate to answer, we would be happy to help.
-
Hi all
Application is a medical Client / Server using SQL in the database model. and resides on the SBS 2008 with XP Server and client computers.
Rather that to load the client on windows XP, it would not sense to simply run the application console using the Terminal Server services and configure the application to start an hour of connection on. Given that the application requires administrator rights to run, how can I assign admin right only on demand, so when they connect, they can use the application with the given admin rights but do not have access to the rest of the server or control?
Been awhile and a very little bit of rust, but I know it should be easy... losing sleep reading my series of the voume of support docs... :)
Hello
The question you have posted is related to servers and will be well suited in the TechNet community. Click on the link below.
http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer
Thanks and regards.
Thahaseena M
Microsoft Answers Support Engineer.
Visit our Microsoft answers feedback Forum and let us know what you think. -
How to Setup Cisco 1841 as a site to site VPN VPN server, with watch guard
I would like to implement a cisco 1841 as a VPN server to establish s IP VPN (site to another) of a watch guard firewall,.
I have looked through some examples of cisco config, but can't seem to get a lot.
Can you please send me sample config steps I need o perform on the cisco router? and what credentials must be awarded to watch keeps establishing a permanent VPN?
emergency assistance will be greatly appreciated.
The cisco router is configured as a lan to lan normal IPSEC tunnel, there is no difference when configuration to create a tunnel to a watchguard/sonicwall or all that peer will use, you can use this link as a guide:
If you have problems make me know.
-
asa himself through site to site vpn access server
Hello
I have problem with access to the servers through site to site vpn to ASA that makes this vpn site-to-site and Clientless VPN enablerd.
Reason why I need it / what I do:
ASA 5510 enabled Clientless VPN and on this Portal allows users to access internal servers through bookmars URL. We use it when someone wouldn't access IPSec VPN or in an internet café. If this user connects to clientless vpn and click on the bookmark to access for example mail server. But there is problem, asa cannot access this server through VPN site-to-site.
Network:
Here's a quick design of my network.
I don't have server access to the problem in the VLAN 159 of VLAN 10, or 100. But I need to be able to access the server in Vlan 159 of ASA 5510, who owns the IP 192.168.1.4.
I have this subnet ASA owned by FRONT-NAT object in the same place that VLAN 10 to 100 are and vpn Site-to-Site profile.
What I makeover or how can I solve it?
Thank you
Clientless VPN when accessing internal servers, it will use the closest to the source of the connection interface and if you connect to via clientless SSL VPN ASA5510 and need access ASA5505 LAN via the site to site VPN, the interface closest to the ASA5510 to ASA5505 LAN is ASA5510 outside interface, therefore, the vpn of site-to-site crypto ACL must match on ASA5510 outside the ip address of the interface.
Here's what you need on each ASA:
ASA5510:
permit same-security-traffic intra-interface
ip 192.168.159.0 external interface allowed access list 255.255.255.0
ASA5505:
ip 192.168.159.0 access list allow 255.255.255.0 host
In addition, also need to add the same ACL for access-list of exemptions on ASA5505 NAT:
ip 192.168.159.0 access list allow 255.255.255.0 host
Hope that helps.
-
Problema con Server SBS 2008 virtualizzato e HD WD Usb
Hello to all,
Come titolo da ho a problema e non riesco a risolverlo... cerchero di bene the ibm_db turns:
Ho virtualizzato a stupid SBS 2008 e ora azienda works tranquillamente server my VM... in precedenza era con UN misconfigured backup Windows Server Backup knew a disco external WD 500 GB Usb 2 ed ha sempre funzionato. DOP aver switchato Server physical server virtuale ed aver creato the USB periferica in vsphere con, it disco ha esauriente a problemi dar: viene visto e Republic my poi "sparisce" dalla configurazione di Windows (known despite change settings di Vsphere venga causa Republic).
Idea era quella di associare un secondo disco per fare lo swap weekly; dopo aver labor-intensive secondo UN (sempre WD) ed averlo fatto riconoscere disco da windows TR e lo stesso problema presented: he viene visto No. disco, it backs up non parte e it disco 'sparisce.
Not the "sparizione" con the formattazione Confondete da parte di WSB perch in precedenza e stata disabilitata the configurazione, I brain formattati e ex-novo it backup Marin viene da lot di una copia shadow che funziona in molti altri Server esistenti e are da noi.
By rates United Nations test ho UN HD generico put in no cassettino external USB magicamente e con questo non riscontro some problem, it backs up viene eseguito costumi.
Perch I have brain MyBook invece riscontro questi problemi con? CI sono problemi di incompatibility con vmWare? A purpose... the e the ESXi 5.1 HP version.
Grazie by eventual answers
Marco
Ciao,.
HO just better a topic virtually equal in a UN altro wire, ti invito a leggere li, e in General a verificare altri di questo thread forum. CI sono relativi al supporto USB di ESXi post more.
Risposta e rapidissima: TR, Può capitare UN disco che if veda e uno No, it not 100% e supporto. He disco che non vede e formattato NTFS? This sono problemi noti a passare NTFS UN disco a una VM via USB.
Ciao,.
Luca.
Maybe you are looking for
-
Apple airport extreme - this unit may be overheating message and blinking orange light
I see constant flashing light of Ember and the message "this device may be overheating" in airport utility.
-
External monitor for the 13 mid-2014' rMBP
Hello I'm looking for an external monitor for my rMBP mid-2014 13 "resembling a Retina display (I'm only looking for quality of retina monitors). Not extremely concerned about 4K because my Mac cannot run most 4K poster but of course wouldn't mind it
-
Problem downloading HP Support Assistant
I have a HP Pavilion 500-164 with 8.1 Windows, AVG 2014 and my HP Support Assistant show this message: Error: HPSF.exe has stopped working
-
Microsoft automated troubleshooting error attached start-up services has stopped working
I would like someone from Microsoft to please solve this problem once and for all: "microsoft automated troubleshooting error attached start-up services has stopped working. I tried the fix and nothing works... Please help
-
HP Pav Dv6 6c11nr Maintenance and updates!
until lately that I noticed my fan making weird noises and my laptop heats up more than usual, today when I booted up it told me that a fan is malfunctioning and he can train stops at random and others, I opened the laptop every now and then to get r