WAP 321 no client access via a WLAN

Similar Questions

• Problem with CapacityIQ plugin client access via vSphere

  I have two instances of capacity IQ installed - one with each of my vCenter 4.0 servers that are configured in bound mode.

  I have problems to access Solutions & Applications-> CapacityIQ GUI via the vSphere for one customer and receive an error indicating a delay of communication as follows;

  Network error (tcp_error)

  A communication error has occurred: "Operation timed out".

  The Web server may be down, too busy or other problems preventing him from answering. You can try again at a later date.

  For assistance, contact your network support team.

  I confirmed the status on the administration for each device portal - services are started and connectivity between the device and vCenter is very good - so it just seems to be a problem in my vSphere client.

  Any ideas?

  Is there a firewall or a proxy between the machine you use the vSphere client on and CIQ VA? It seems to be a kind of network related issue.

• Disable access via RDP client?

  Hi guys,.

  I'm all new to vmware view. Have a good undertanding of vsphere and have now been asked to do a trial of opinion.

  I'll probably ask a lot of questions, probably the most stupid in this forum.

  I have a very operational core facility and was able to access my VD through the client on several different platforms.
  My first question is whether it is actually possible to prevent someone to access the DV via a RDP client and only allow access through VMware View Client?
  Now I can connect through the client view, determine the host name and access via RDP disconnecting as well display the session.

  See you soon

  How about disabling RDP of the OS and that the only available connection connection will be PCOIP - which means he would only come from the customer to view.

• For TMS Win2008 Server and SQL Server client access licenses?

  Where, I read that the TMSXE interface requires a CAL on the Exchange Server.  What I can't seem to locate is all information about client access licenses how are required to Win2008 R2 Server Standard Edition and SQL Server 2008 R2 Standard.  Is there a reference document that I'm missing with this information.  It seems that according to Microsofts definitions, you might need a CAL by user device and/or managed web that connects to the web interface.

  Can someone clarify the situation?

  Hello world

  So should put the closure of this thread, I have now clarified what follows when it comes to TMS and MS licenses:

  Users and administrators to connect to TMS authenticate AD, the server that hosts the TMS must be allowed to support authenticated connections. Don't authenticate TMS Managed/configure with AD devices via the web server. As a result, and as managed devices does not authenticate against IIS with AD login, these types of connections don't require licenses. Only users who connect to the Web site would be.

  The issue of Exchange and SQL are similar, that is, authenticated connections how are made?

  Of MSDS, all connections to SQL server use the same authenticated account, by default uses a SQL login.  Web site users are not authenticated to SQL Server. Therefore, and in the case of an external SQL Server, this would be equal to one.

  When communicating with Exchange, all connections are through a unique service account. Created for managed systems the mailboxes are not connected by users or MSDS for normal operation. As a result, and as with an external SQL Server, this would be also equal to one.

  Hope that clarifies completely now

  Rgds,

  Dale

• Access via L2L AnyConnect VPN IPSec

  I'm trying to connect two ASA 5505s for a IPSec L2L VPN.  They can connect, but not pass traffic from the AnyConnect subnet. I've added the config from ASA-2, with the LAN subnet of 192.168.138.0 and a subnet of 192.168.238.0 for AnyConnect client. I'm trying to get the AnyConnect Clients access to the 192.168.137.0 LAN behind ASA-1 at 1.1.1.1.  Having both 192.168.238.0 and 192.168.138.0 both access 192.168.137.0 is acceptable. There's probably a lot of cruft in this config, as I've been reading all over forums and docs without much success.  Can someone point me in the right direction? : ASA Version 8.2(1) ! hostname asa-wal names name 192.168.238.0 anyconnect-vpn ! interface Vlan1 nameif inside security-level 100 ip address 192.168.138.1 255.255.255.0 ! interface Vlan11 mac-address c03f.0e3b.1923 nameif outside security-level 0 ip address 2.2.2.2 255.255.255.248 ! same-security-traffic permit inter-interface same-security-traffic permit intra-interface object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group service Munin tcp-udp port-object eq 4949 object-group service Webmin tcp port-object eq 10000 access-list inside_nat0_outbound extended permit ip 192.168.138.0 255.255.255.0 any access-list icmp_ping extended permit icmp any any echo-reply access-list icmp_ping extended permit ip 192.168.138.0 255.255.255.0 any access-list split-tunnel standard permit 192.168.138.0 255.255.255.0 access-list 100 extended permit icmp any any echo-reply access-list 100 extended permit icmp any any time-exceeded access-list 100 extended permit icmp any any unreachable access-list NO_NAT extended permit ip anyconnect-vpn 255.255.255.0 any access-list NONAT extended permit ip 192.168.138.0 255.255.255.0 anyconnect-vpn 255.255.255.0 access-list outside_access_in extended permit tcp any interface outside eq ssh access-list outside_access_in extended permit icmp any any echo-reply access-list outside_access_in extended permit icmp any any time-exceeded access-list outside_access_in extended permit icmp any any unreachable  access-list outside_access_in extended permit tcp 192.168.137.0 255.255.255.0 anyconnect-vpn 255.255.255.0 access-list outside_1_cryptomap extended permit ip anyconnect-vpn 255.255.255.0 192.168.137.0 255.255.255.0 access-list inside_nat0_outbound_1 extended permit ip 192.168.138.0 255.255.255.0 anyconnect-vpn 255.255.255.0 access-list inside_nat0_outbound_1 extended permit ip anyconnect-vpn 255.255.255.0 192.168.137.0 255.255.255.0 access-list LAN_Traffic extended permit ip anyconnect-vpn 255.255.255.0 192.168.137.0 255.255.255.0 access-list vpn_nonat extended permit ip anyconnect-vpn 255.255.255.0 192.168.137.0 255.255.255.0 ip local pool AnyConnect 192.168.238.101-192.168.238.125 mask 255.255.255.0 global (outside) 1 interface nat (inside) 0 access-list NONAT nat (inside) 2 access-list vpn_nonat nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) tcp interface ssh 192.168.138.4 ssh netmask 255.255.255.255 access-group icmp_ping in interface inside access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 2.2.2.1 1 dynamic-access-policy-record DfltAccessPolicy network-acl inside_nat0_outbound network-acl NO_NAT aaa authentication ssh console LOCAL http server enable http bobx-vpn 255.255.255.0 inside http 192.168.137.0 255.255.255.0 inside http 192.168.1.104 255.255.255.255 inside http 192.168.138.0 255.255.255.0 inside http anyconnect-vpn 255.255.255.0 inside http redirect outside 80 no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set Wal2Box esp-aes-256 esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set pfs group1 crypto map outside_map 1 set peer 98.110.179.36 crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map Wal2Box 1 match address LAN_Traffic crypto map Wal2Box 1 set peer 98.110.179.36 crypto map Wal2Box 1 set transform-set Wal2Box crypto map Wal2Box interface outside crypto isakmp enable outside crypto isakmp policy 1 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto isakmp policy 5 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp policy 10 authentication pre-share encryption des hash sha group 2 lifetime 86400 crypto isakmp nat-traversal 22 telnet timeout 5 ssh 192.168.138.0 255.255.255.0 inside ssh timeout 30 console timeout 0 management-access inside dhcpd dns 8.8.8.8 8.8.4.4 dhcpd auto_config outside ! dhcpd address 192.168.138.101-192.168.138.132 inside dhcpd dns 8.8.8.8 8.8.4.4 interface inside dhcpd lease 86400 interface inside dhcpd domain inc.internal interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 129.6.15.29 ntp server 129.6.15.28 prefer webvpn enable inside enable outside anyconnect-essentials svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1 svc enable tunnel-group-list enable group-policy DfltGrpPolicy attributes vpn-filter value NO_NAT vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn split-tunnel-network-list value split-tunnel webvpn   svc compression deflate group-policy Wal-AnyConnect internal group-policy Wal-AnyConnect attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value split-tunnel tunnel-group DefaultRAGroup general-attributes address-pool AnyConnect default-group-policy Wal-AnyConnect strip-realm strip-group tunnel-group AnyConnectClientProfile type remote-access tunnel-group AnyConnectClientProfile general-attributes address-pool AnyConnect default-group-policy Wal-AnyConnect tunnel-group AnyConnectClientProfile webvpn-attributes group-alias AnyConnectVPNClient enable tunnel-group 1.1.1.1 type ipsec-l2l tunnel-group 1.1.1.1 ipsec-attributes pre-shared-key * ! class-map global-class match default-inspection-traffic ! ! policy-map global-policy class global-class   inspect pptp ! Cryptochecksum:762f0186ad987cda4b450f6b4929cb60 : end 

  Post edited by: Shawn Barrick - line breaks

  It seems good Shawn but I just noticed an error on the asa-wal, you have a vpn-filter applied on the DfltGrpPolicy and since you have not any value defined the strategy of Wal-AnyConnect group then will inherit the DfltGrpPolicy vpn-filter, don't forget that the vpn filters should be applied to the incoming direction, I mean pool resources you want them to have access to. It's the ACL you have for the filter:

  NO_NAT list extended access allowed anyconnect vpn - ip 255.255.255.0 everything

  This isn't in the inbound direction, increasingly looks like you want to allow access to what it is as long as the traffic is coming from the 192.168.238.0, if that's the case, you can do this:

  attributes of Group Policy DfltGrpPolicy

  VPN-filter no

  Do not forget to disconnect and reconnect after the above change...

  If you really need to be more specific, allowing traffic for clients then apply the inbound rules, for example:

  Your pool is here 192.168.238.0/24 and the local subnet is 192.168.138, to this effect, the 192.168.137 is considered to be local too because of the perspective Anyconnect we'll see in the room even if it is a remote network accessible via a L2L tunnel of the Anyconnect client does not.

  The following AS will allow the Anyconnect Telnet client for local networks:

  permit access-list vpnfilt-ra 192.168.238.0 255.255.255.255 192.168.138.0 255.255.255.0 eq 23

  permit access-list vpnfilt-ra 192.168.238.0 255.255.255.255 192.168.137.0 255.255.255.0 eq 23

  The following ACE will allow local networks of Telnet for the Anyconnect Client:

  permit access-list vpnfilt-ra 192.168.238.0 255.255.255.255 eq 23 192.168.138.0 255.255.255.0

  permit access-list vpnfilt-ra 192.168.238.0 255.255.255.255 eq 23 192.168.137.0 255.255.255.0

  Note that the two first ACE will allow LAN launch connection to the Anyconnect client on any TCP port if he uses a source 23 port while the last two ACEs allow the Anyconnect client connect to networks the on any TCP port if he uses a port source from 23.

  Kind regards

• Bought 2 new client access licenses

  I bought 2 new for our WINDOWS 2008 Server client access licenses. Try to install them, but no WINDOWS support says that we need a key... Is this true?

  Support is located in the Windows Server Forums:
  http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer/

• How can demote us dynamics crm 2011 to use with dynamics crm 4.0 client access licenses

  We bought user Dynamics CRm 2011 under Volume License licenses, and we need to install the Dynamics CRM 4.0 CLIENT access licenses. We were informed that we need to downgrade the CAL.

  Would you know how dowgrade CALS?

  Thank you

  Hello RonRon03,

  If you are still having problems with Dynamics CRM 4.0 client access licenses, you can post in the below listed Ant.
  http://social.Microsoft.com/forums/en-us/category/Dynamics/

  There is a forum for Microsoft Dynamics CRM 4.0. They have experts who will be able to solve your problem.

  Thank you

  Marilyn

• A standard Small Business SERVER 2003 Server upgrade SBS Server 2003 R2 STandard requires the new CLIENT access licenses?

  I got a new server and the server only supports the SBS 2003 R2 and more. I have tried slipstreaming drivers and all that already, without success. I have SBS Server 2003 Standard now with 15 CLIENT access licenses. If I buy a copy of SBS 2003 R2 on ebay to get the installation done, Microsoft requires new or different CLIENT access licenses or licensing of the R2 or 2003 SBS CAL upgrade existing will be sufficient? Any info would be much appreciated!

  Thank you

  You can find the Windows Server on TechNet support at the following address: http://social.technet.microsoft.com/Forums/en/winservergen/threads

• The remote session was disconnected because the local computer client access license could not be upgraded or renewed on Windows xp

  Hello

  I have Windows server 2003 I have the server license terminal server, but one of my XP machine, which I'm calling his error remote desktop by giving as below
  The remote session was disconnected because the local computer client access license could not be upgraded or renewed on Windows xp.

  Thank you
  Deepak Labonté.

  Hello annelabonnote

  Thank you for visiting the Microsoft Answers site. The question you have posted is related to Windows Server 2003 and would be better suited to the Windows Server TechCenter community. Please visit the link below to find a community that will support what ask you:

  http://social.technet.Microsoft.com/forums/en-us/winservergen/threads

• To access the programs at startup, which could be accessed via windows defneder

  I use MSE so Defender is disabled. How to access and modify the programs that run on start up? I can't do this with the disabled Defender.

  • No error message
  • Fact no added software or hardware recently
  • Sought access via the MSE but no luck

  I use MSE so Defender is disabled. How to access and modify the programs that run on start up? I can't do this with the disabled Defender.

  • No error message
  • Fact no added software or hardware recently
  • Sought access via the MSE but no luck

  Do it this way...

  Start button > in the search box, type msconfig > press the Enter key > uac prompt > at the top, click on Startup tab > make changes > click OK when the fact of the advantages of others looking for answers, please mark as answer suggestion if it solves your problem.

• WAP 321 and WAP 371 unique clustered?

  Hello world

  Is it possible to form a cluster of single-point configuration with a WAP 321 and a WAP 371?

  For now, the two APs seem to see themselves do not.

  Thanks in advance for your answer.

  Mathieu.

  Hello

  The main reasoning that we recommend and support only as devices (321 321 or 561 to 561) are grouped has to do with the feature sets. With basicially clusters you copy the configuration of a device and place it on another. When the devices are dissimilar as 321 and 371 differences, to weigh what they have in common and will be a not as stable cluster during the update or push changes.

  Hope that helps to explain.

  Eric Moyers
  .:|:.:|:. CISCO | Pre-sale technical support of Cisco | Expert on wireless

  Please note the useful messages and let know when your question has been answered.

• New Firmware WAP 321

  I see the new firmware is available fo RL WAP 321.

  I tried to read the release notes for the link in the right-hand rupper scren bt made a message "file is prohibited".    I'm logged into Cisco.com.

  Hi, my name is Eric Moyers. I am a network Support Engineer in the Cisco Small Business Support Center. Please use the Forums to Post community of Cisco.

  The release notes for the WAP321 and the WAP121 are the same. Please try this link:

  http://www.Cisco.com/en/us/docs/wireless/access_point/csbap/wap121/release/notes/ReleaseNotes_for_the_WAP121_321.PDF

  I was able to do this. I'll have the other link studied.

  Thank you

  Eric Moyers

  Advanced Support of Cisco network engineer

  SME HWC Wireless and monitoring

  CCNA, CCNA-wireless

  1-866-606-1866

• OS for vCenter. Should I for windows server client access licenses?

  Hello

  I just buy more Essentials and installing vCenter. A Microsoft guy told me except the license server should I buy Windows client access licenses to the server also. To me, this seems odd. Is this true? Is there a document indicating I need / not need client access licenses?

  Thanks in advance!

  Long story short: you need a CAL for each device / user that will access the VirtualCenter machine (Windows server).

  Quote: Each user or device that accesses or uses the Windows Server 2008 or Windows Server 2008 R2 server software requires the purchase of a license for access to Client in Windows Server 2008 (Windows Server CAL)

  Add as follows: (assuming you are installing vCenter on W2008) http://www.microsoft.com/windowsserver2008/en/us/client-licensing.aspx

  If you already Win servers in your environment and your users / devices already have win client access licenses server, you can use the existing licenses to stay in the EULA. Talk to your MS guy if that's the case.

  WBR

  Imants

• vSphere client installation disables fullscreen option Web Access via a browser.

  After running through some scenarios, I have concluded that if the vSphere Client (Version 4.0.0/Build 208111) is installed, I have more to use mode full screen when you access a virtual computer via a browser (see attached image).

  What component (s) in the installation package is turn this option off?

  Someone at - it ideas?

  Thanks in advance,

  Phil Couto

  you, it captures screen appears that you are going to an instance of vSphere4 host or vCenter4.  When you got to the user interface, he said vSpher4 Web Access? There should be two buttons on your Console tab, one for a new window and the other for the full screen.

  .. .or if you actually a VI3 instance, I see the same behavior.

• Suggestion to create folders in VC + VM via VI Client Access

  Hi, I have several groups in my organization. They need access to their virtual machines via the VI Client. I'll grant them permissions - Datastore browser of the user + VM (suggestions for grant permissions plus/minus) will be appreciated. Al they need is access to their virtual machines

  (2) how should I arrage in the VM files - I should nest them OR should I keep all the sub root? How did you guys did these settings?

  Thank you

  There is nothing specific in the coding of the color of folders, permissions are permissions and are based on the built-in roles or custom roles you create in vCenter.

  Maybe it will be useful

  http://www.VMware.com/PDF/vi3_vc_roles.PDF

  http://www.yellow-bricks.com/2009/01/13/permissions-and-roles/