Weird behavior of the router 871 on VPN tunnel

Similar Questions

• IP NAT on the router on SSL - VPN appliance

  Someone at - it allows to transmit 443/SSL on a SSL VPN Cisco 891 - K9 unit?

  (I have never encountered this situation before as the router VPN terminated public face directly or we had several IPs public to assign the VPN device directly a public IP address).

  With ' ip nat inside source static tcp 44.55.66.255 443 10.10.10.150 443 extensible "is supposed to pass the SSL request to the appliance SSL VPN to 10.10.10.150 to have VPN applications ended here.

  But failed miserably body 891 - K9 created a virtual ARP entry for 10.10.10.150. So two MACs with the same IP address.

  So 443 requests were sent to its interface. At the hearing of NAT, I can't ssh inside SSL - VPN, but by the time the statemet disappeared, I can ssh and warning dupliacte ARP goes.

  * 1 Nov 19:22:46.871: % IP-4-DUPADDR: duplicate address 10.10.10.150 on Vlan10, a source of aaaa.bbbb.cccc
  * 1 Nov 19:23:18.083: % IP-4-DUPADDR: duplicate address 10.10.10.150 on Vlan10, a source of aaaa.bbbb.cccc
  * 1 Nov 19:23:48.295: % IP-4-DUPADDR: duplicate address 10.10.10.150 on Vlan10, a source of aaaa.bbbb.cccc
  RTR #sh clock
  * 19:24:26.487 UTC Sunday, November 1, 2015
  RTR #sh ip arp 10.10.10.150
  Protocol of age (min) address Addr Type Interface equipment
  Internet 10.10.10.150 - e02f.6d96.8dd0 ARPA Vlan10
  RTR #sh ip arp 10.10.10.150
  Protocol of age (min) address Addr Type Interface equipment
  Internet 10.10.10.150 - e02f.6d96.8dd0 ARPA Vlan10
  RTR #sh sh ip route 10.10.10.150

  Cisco TAC to reproduce this problem at the moment to report dev.

  Does anyone else have this problem or a workaround?

  Thank you.

  I may be misunderstanding but isn't your NAT statement backwards IE. If you want traffic to pass to 10.10.10.150 it shouldn't be-

  ' ip nat inside source static tcp 10.10.10.150 43 43 44.55.66.25x.

  isn't the device for SSL connection on interface 'ip nat inside '?

  Jon

• Weird behavior of the wifi service

  My project showed very weird behavior. As in the connection of signals and slots he was segfaults. I posted that in here . Also, I couldn't create a QTimer object. This all happened after I have use some features of the wifi_service.h file. My CPP code file is subsequently

  /*
   * WifiController.cpp
   *
   *  Created on: Jul 4, 2013
   *      Author: Roland
   */
  
  #include "WifiController.hpp"
  #include 
  #include "GeoNotification.hpp"
  WifiController::WifiController() {}
  WifiController::~WifiController() {}
  
  int WifiController::toggleWifiState(bool state)
  {
      getWifiState();
      int status = wifi_set_sta_power(state);
      return status;
  
  }
  int WifiController::getWifiState()
  {
      wifi_status_t *status;
      wifi_get_status(status);
      if(*status == WIFI_STATUS_BUSY)
      {
          return 2;
      }
      if(*status == WIFI_STATUS_RADIO_ON)
      {
          return 1;
      }
      if(*status == WIFI_STATUS_RADIO_OFF)
      {
          return 0;
      }
  
      return 0;
  }
  

  The strangeness begins after I call the getWifiState() function. It fills the fi last statement and returns 0. But after these problems occur. But if I don't call this function then, everything works fine.

  This will produce undefined behavior:

  wifi_status_t *status; // unitialized address
  wifi_get_status(status); // wifi_get_status will write into random memory
  

  wifi_get_status waiting for an address of the variable to write to:

  wifi_status_t status;
  wifi_get_status(&status); // & takes the address of status
  

  You will also need to check the return value of wifi_get_status. An example of code:

  http://supportforums.BlackBerry.com/T5/native-development/check-the-WiFi-signal-with-quot-WiFi-get-s...

• Configuration of the router to allow VPN traffic through

  I would like to ask for assistance with a specific configuration to allow VPN traffic through a router from 1721.

  The network configuration is the following:

  Internet - Cisco 1721 - Cisco PIX 506th - LAN

  Remote clients connect from the internet by using the Cisco VPN client. The 1721 should just pass the packets through to the PIX, which is 192.168.0.2. Inside of the interface of the router is 192.168.0.1.

  The pix was originally configured with a public ip address and has been tested to work well to authenticate VPN connections and passing traffic in the local network. Then, the external ip address was changed to 192.168.0.2 and the router behind.

  The 1721 is configured with an ADSL connection, with fall-over automatic for an asynchronous connection. This configuration does not work well, and in the local network, users have normal internet access. I added lists of access for udp, esp and the traffic of the ahp.

  Cisco VPN clients receive an error indicating that the remote control is not responding.

  I have attached the router for reference, and any help would be greatly apreciated.

  Manual.

  Brian

  For VPN clients reach the PIX to complete their VPN the PIX needs to an address that is accessible from the outside where the customers are. When the PIX was a public address was obviously easy for guests to reach the PIX. When you give the PIX one address private, then he must make a translation. And this becomes a problem if the translation is dynamic.

  You have provided a static translation that is what is needed. But you have restricted the TCP 3389. I don't know why you restricted it in this way. What is supposed to happen for ISAKMP and ESP, AHP traffic? How is it to be translated?

  If there is not a static translation for ISAKMP traffic, ESP and AHP so clients don't know how to reach the server. Which brings me to the question of what the address is configured in the client to the server?

  HTH

  Rick

• Why the weird behavior is the default value?

  Really just have pleaded that the "Default" behavior is changed.

  See
  http://www.TechSpot.com/blog/73/prevent-websites-from-resizing-Firefoxs-browser-window/

  should be the norm.

  If I drag-and - drop a window of Firefox - I don't want to not maximized

  Hello, I do not think that this (firefox window is expanded during drag & drop) does not depend on the parameter that you mentioned, but it is caused by the snap feature of windows 7.

  www.howtogeek.com/HOWTO/Windows-7/Disable-the-Mouse-Drag-Window-arranging-Feature-in-Windows-7/

• Weird behavior of the computer

  Windows XP SP 3
  I wake my computer from sleep mode.
  Wallpaper is slowly deteriorating with a solid color.
  I opened all the windows display little data that it was supposed to-text, input, buttons.  The caused cursor sometimes given to this place to display the cursor was hovering.
  Whenever I open a drop-down menu, the computer sounded like an old phone.
  Make an entry to a window sometimes caused the program to lock up.
  The foregoing was also true for the Windows Task Manager.
  I was unable to restart, then I shut it off and turn it back on.  Same behavior.  Finally I was able to reboot and everything was back to normal.  But then it happened again.  Restart - back to normal.
  This seems to be the odd behavior of Nastyware, but I did some scans (MalwareBytes and Avast) which are things, but I don't know what to do with them other than quarantine.

  I can go back to a System Restore Point, but I would like to know what is happening.
  If the technicians have thoughts please let me know.

  Hello

  ·        Since when are you facing this problem?

  ·        Remember to make changes to the system?

  ·        What are infections you found on the system?

  I suggest that you can run an online virus and malware scan and check the infected files if they are part of a program or toolbars installed on the system etc if it is related to a program, so I suggest you to uninstall the program from the system and check if the problem persists.

  http://OneCare.live.com/site/en-us/default.htm

  As you mentioned in the question, you can also do a system restore to the previous point, when the system worked very well and see if the problem is resolved. I suggest you follow the steps mentioned in the article given below to do a system restore.

  How to restore Windows XP to a previous state

  http://support.Microsoft.com/kb/306084

  Apart from that, I suggest you to download and install Microsoft Security Essentials on the system in order to maintain your system against viruses and other threats. It is easy to install and is free of cost. Click on the link mentioned below for more details.

  http://www.Microsoft.com/securityessentials

  Thanks and regards.

  Thahaseena M
  Microsoft Answers Support Engineer.
  Visit our Microsoft answers feedback Forum and let us know what you think.

• Weird behavior of the Illustrator drawing tools...

  Hello world

  I am faced with a weird problem (or feature) maybe, I can't shoot anything in Illustrator. Whenever I have search and drawing tool say rectangle, ellipse or the line... I click on work plan once and drag it at some distance, instead of creating the object, Illustrator creates an uncountable number of objects that overlap the other... from the first click (pressed) at the exit of the mouse. How to fix it.

  Help, please

  Ashfaq

  Check if your Tilde key is stuck.

• Weird behavior involving the shape, the list and button

  The following code does not work, but if you remove the HBox opening tags and closing, it works.

  I mean, 'work', click on the button and the default string must be added to the data provider, and appear in the list.

  Very strange.

  <?xml version="1.0" encoding="utf-8"?>
  <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml">
    <mx:Script>
      <![CDATA[
        import mx.collections.ArrayCollection;
        [Bindable] private var detailsAC:ArrayCollection = new ArrayCollection();
        private var addNewDetailPrompt:String = "click to add new details entry";
        
        private function addDetail():void{
          if(detailsAC.length == 0 || detailsAC.getItemAt(0) != addNewDetailPrompt){
            detailsAC.addItemAt(addNewDetailPrompt, 0);
          }
        }
      ]]>
    </mx:Script>
    <mx:Form>
      <mx:FormItem label="Event details:">
        <!--<mx:HBox>-->
          <mx:List id="detailsList" editable="true"
            dataProvider="{detailsAC}">
            <mx:itemRenderer>
              <mx:Component>
                <mx:TextArea text="{data}"/>
              </mx:Component>
            </mx:itemRenderer>          
          </mx:List>
          <mx:Button label="Add..." click="addDetail();"/>                
        <!--</mx:HBox>-->
      </mx:FormItem>
    </mx:Form>  
  </mx:Application>
  

  The bug is confirmed in Flex SDK 3.4.

  You can upgrade to Flex 3.5 SDK? Check your sample application with this SDK, the problem disappeared.

  Related bug:

  If , the controls are placed inside of containers, then the component data-driven does not display changes made to data collection ArrayCollection binded

  https://bugs.Adobe.com/jira/browse/SDK-17879

  PS

  It is attached patch probably related to the ListBase.as class

  https://bugs.adobe.com/jira/browse/SDK-16101 , if you can not move immediately to Flex 3.5 SDK

• Pass Cisco 871 and VPN to the SBS 2008 Server

  to precede the questions below, I'm responsible for COMPUTING internal with several years of site / offsite support. I also have very limited knowledge of the inner workings of a Cisco device. That said, I've beaten my head against a wall, trying to configure my router Cisco 871 to allow access to our internal server of SBS 2008 VPN hosting services. I think I, and properly configured the SBS 2008 Server.

  I use advanced IP services, version 12.4 (4) T7

  Here is the \windows\system32\conifg\system running

  Building configuration...

  Current configuration: 9414 bytes
  !
  version 12.4
  no service button
  tcp KeepAlive-component snap-in service
  a tcp-KeepAlive-quick service
  horodateurs service debug datetime localtime show-timezone msec
  Log service timestamps datetime localtime show-timezone msec
  encryption password service
  sequence numbers service
  !
  hostname yourname
  !
  boot-start-marker
  boot-end-marker
  !
  Security of authentication failure rate 3 log
  Passwords security min-length 6
  logging buffered debugging 51200
  recording console critical
  enable secret 5 *.

  !
  No aaa new-model
  !
  resources policy
  !
  PCTime-5 timezone clock
  PCTime of summer time clock day April 6, 2003 02:00 October 26, 2003 02:00
  IP subnet zero
  no ip source route
  IP cef
  !
  !
  !
  !
  synwait-time of tcp IP 10
  no ip bootp Server
  "yourdomain.com" of the IP domain name
  name of the IP-server 65.24.0.168
  name of the IP-server 65.24.0.196
  property intellectual ssh time 60
  property intellectual ssh authentication-2 retries
  inspect the IP name DEFAULT100 appfw DEFAULT100
  inspect the IP name DEFAULT100 cuseeme
  inspect the IP name DEFAULT100 ftp
  inspect the IP h323 DEFAULT100 name
  inspect the IP icmp DEFAULT100 name
  inspect the IP name DEFAULT100 netshow
  inspect the IP rcmd DEFAULT100 name
  inspect the IP name DEFAULT100 realaudio
  inspect the name DEFAULT100 rtsp IP
  inspect the IP name DEFAULT100 sqlnet
  inspect the name DEFAULT100 streamworks IP
  inspect the name DEFAULT100 tftp IP
  inspect the IP udp DEFAULT100 name
  inspect the name DEFAULT100 vdolive IP
  inspect the name DEFAULT100 http urlfilter IP
  inspect the IP router-traffic tcp name DEFAULT100
  inspect the IP name DEFAULT100 https
  inspect the IP dns DEFAULT100 name
  urlfilter IP interface-source FastEthernet4
  property intellectual urlfilter allow mode on
  urlfilter exclusive-area IP Deny. Facebook.com
  refuse the urlfilter exclusive-domain IP. spicetv.com
  refuse the urlfilter exclusive-domain IP. AddictingGames.com
  urlfilter exclusive-area IP Deny. Disney.com
  urlfilter exclusive-area IP Deny. Fest
  refuse the urlfilter exclusive-domain IP. freeonlinegames.com
  refuse the urlfilter exclusive-domain IP. hallpass.com
  urlfilter exclusive-area IP Deny. CollegeHumor.com
  refuse the urlfilter exclusive-domain IP. benmaller.com
  refuse the urlfilter exclusive-domain IP. gamegecko.com
  refuse the urlfilter exclusive-domain IP. ArmorGames.com
  urlfilter exclusive-area IP Deny. MySpace.com
  refuse the urlfilter exclusive-domain IP. Webkinz.com
  refuse the urlfilter exclusive-domain IP. playnow3dgames.com
  refuse the urlfilter exclusive-domain IP. ringtonemecca.com
  refuse the urlfilter exclusive-domain IP. smashingames.com
  urlfilter exclusive-area IP Deny. Playboy.com
  refuse the urlfilter exclusive-domain IP. pokemoncrater.com
  refuse the urlfilter exclusive-domain IP. freshnewgames.com
  refuse the urlfilter exclusive-domain IP. Toontown.com
  urlfilter exclusive-area IP Deny .online-Funny - Games.com
  urlfilter exclusive-area IP Deny. ClubPenguin.com
  refuse the urlfilter exclusive-domain IP. hollywoodtuna.com
  refuse the urlfilter exclusive-domain IP. andkon.com
  urlfilter exclusive-area IP Deny. rivals.com
  refuse the urlfilter exclusive-domain IP. moregamers.com
  !
  policy-name appfw DEFAULT100
  http request
  port-bad use p2p action reset alarm
  port-abuse im action reset alarm
  Yahoo im application
  default action reset service
  service-chat action reset
  Server deny name scs.msg.yahoo.com
  Server deny name scsa.msg.yahoo.com
  Server deny name scsb.msg.yahoo.com
  Server deny name scsc.msg.yahoo.com
  Server deny name scsd.msg.yahoo.com
  Server deny name messenger.yahoo.com
  Server deny name cs16.msg.dcn.yahoo.com
  Server deny name cs19.msg.dcn.yahoo.com
  Server deny name cs42.msg.dcn.yahoo.com
  Server deny name cs53.msg.dcn.yahoo.com
  Server deny name cs54.msg.dcn.yahoo.com
  Server deny name ads1.vip.scd.yahoo.com
  Server deny name radio1.launch.vip.dal.yahoo.com
  Server deny name in1.msg.vip.re2.yahoo.com
  Server deny name data1.my.vip.sc5.yahoo.com
  Server deny name address1.pim.vip.mud.yahoo.com
  Server deny name edit.messenger.yahoo.com
  Server deny name http.pager.yahoo.com
  Server deny name privacy.yahoo.com
  Server deny name csa.yahoo.com
  Server deny name csb.yahoo.com
  Server deny name csc.yahoo.com
  audit stop trail
  aol im application
  default action reset service
  service-chat action reset
  Server deny name login.oscar.aol.com
  Server deny name toc.oscar.aol.com
  Server deny name oam - d09a.blue.aol.com
  audit stop trail
  !
  !
  Crypto pki trustpoint TP-self-signed-1955428496
  enrollment selfsigned
  name of the object cn = IOS - Self - signed - certificate - 1955428496
  revocation checking no
  rsakeypair TP-self-signed-1955428496
  !
  !
  TP-self-signed-1955428496 crypto pki certificate chain
  certificate self-signed 01
  308201B 8 A0030201 02020101 3082024F 300 D 0609 2A 864886 F70D0101 04050030
  2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
  69666963 31393535 34323834 6174652D 3936301E 170 3032 30333031 30303035
  33315A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D
  4F532D53 5369676E 656C662D 43 65727469 66696361 74652 31 39353534 65642D
  32383439 3630819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101
  8100CB6B E980F044 5FFD1DAE CBD35DE8 E3BE2592 DF0B2882 2F522195 4583FA03
  40F4DAC6 CEAD479F A92607D4 1 B 033714 51C3A84D EA837959 F5FC6508 4D71F8E6
  5B124BB3 31F0499F B0E871DB AF354991 7D45F180 5D8EE435 77C8455D 2E46DE46
  67791F49 44407497 DD911CB7 593E121A 0892DF33 3234CF19 B2AE0FFD 36A640DC
  2 010001 HAS 3 990203 AND 77307530 1 130101 FF040530 030101FF 30220603 0F060355 D
  1104 1B 301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D 551D
  301F0603 C 551 2304 18301680 145566 4581F9CD 7 5F1A49FB 49AC9EC4 678908FF
  2A301D06 04160414 5566 745 81F9CD5F 1A49FB49 AC9EC467 8908FF2A 03551D0E
  300 D 0609 2A 864886 818100B 3 04050003 903F5FF8 A2199E9E EA8CDA5D F70D0101
  60B2E125 AA3E511A C312CC4F 0130563F 28D3C813 99022966 664D52FA AB1AA0EE
  9A5C4823 6B19EAB1 7ACDA55F 6CEC4F83 5292 HAS 867 BFC65DAD A2391400 DA12860B
  5A 523033 E6128892 B9BE68E9 73BF159A 28D47EA7 76E19CC9 59576CF0 AF3DDFD1
  3CCF96FF EB5EB4C9 08366F8F FEC944CA 248AC7
  quit smoking
  secret of username admin privilege 15 5 *.

  !
  !
  Policy-map sdmappfwp2p_DEFAULT100
  !
  !
  !
  !
  !
  !
  interface FastEthernet0
  !
  interface FastEthernet1
  !
  interface FastEthernet2
  !
  interface FastEthernet3
  !
  interface FastEthernet4
  Description $$$ FW_OUTSIDE$ $ES_WAN$ ETH - WAN
  address IP dhcp client id FastEthernet4
  IP access-group 101 in
  no ip redirection
  no ip unreachable
  no ip proxy-arp
  NAT outside IP
  inspect the DEFAULT100 over IP
  IP virtual-reassembly
  route IP cache flow
  automatic duplex
  automatic speed
  sdmappfwp2p_DEFAULT100 of service-policy input
  out of service-policy sdmappfwp2p_DEFAULT100
  !
  interface Vlan1
  Description $ETH - SW - LAUNCH$ $INTF - INFO - HWIC-$4ESW $ES_LAN$ $FW_INSIDE$
  the IP 192.168.0.1 255.255.255.0
  IP access-group 100 to
  no ip redirection
  no ip unreachable
  no ip proxy-arp
  IP nat inside
  IP virtual-reassembly
  route IP cache flow
  IP tcp adjust-mss 1452
  !
  IP classless
  !
  !
  IP http server
  local IP http authentication
  IP http secure server
  IP http timeout policy slowed down 60 life 86400 request 10000
  the IP nat inside source 1 list the interface FastEthernet4 overload
  IP nat inside source static tcp 192.168.0.100 1723 1723 interface FastEthernet4
  IP nat inside source static tcp 192.168.0.100 25 25 FastEthernet4 interface
  IP nat inside source static tcp interface 192.168.0.100 80 80 FastEthernet4
  IP nat inside source static tcp 192.168.0.100 interface FastEthernet4 443 443
  IP nat inside source static tcp 192.168.0.100 interface FastEthernet4 987 987
  !
  recording of debug trap
  Note access-list 1 INSIDE_IF = Vlan1
  Remark SDM_ACL category of access list 1 = 2
  access-list 1 permit 192.168.0.0 0.0.0.255
  access-list 100 remark self-generated by the configuration of the firewall Cisco SDM Express
  Access-list 100 = 1 SDM_ACL category note
  access-list 100 deny ip 255.255.255.255 host everything
  access-list 100 deny ip 127.0.0.0 0.255.255.255 everything
  access ip-list 100 permit a whole
  access list 101 remark self-generated by the configuration of the firewall Cisco SDM Express
  Note access-list 101 = 1 SDM_ACL category
  access-list 101 permit tcp any any eq 1723
  access-list 101 permit tcp any any eq 987
  access-list 101 permit tcp any any eq 443
  access-list 101 permit tcp any any eq www
  access-list 101 permit tcp any any eq smtp
  access-list 101 permit udp host 65.24.0.169 eq field all
  access-list 101 permit udp host 65.24.0.168 eq field all
  access-list 101 permit udp host 24.29.1.219 eq field all
  access-list 101 permit udp host 24.29.1.218 eq field all
  access-list 101 permit udp any eq bootps any eq bootpc
  access-list 101 deny ip 192.168.0.0 0.0.0.255 any
  access-list 101 permit icmp any any echo response
  access-list 101 permit icmp any one time exceed
  access-list 101 permit everything all unreachable icmp
  access-list 101 deny ip 10.0.0.0 0.255.255.255 everything
  access-list 101 deny ip 172.16.0.0 0.15.255.255 all
  access-list 101 deny ip 192.168.0.0 0.0.255.255 everything
  access-list 101 deny ip 127.0.0.0 0.255.255.255 everything
  access-list 101 deny ip 255.255.255.255 host everything
  access-list 101 deny ip any one
  not run cdp
  !
  !
  control plan
  !
  connection of the banner ^ CCCCCAuthorized access only!
  Unplug IMMEDIATELY if you are not an authorized user. ^ C
  !
  Line con 0
  local connection
  no activation of the modem
  telnet output transport
  line to 0
  local connection
  telnet output transport
  line vty 0 4
  privilege level 15
  local connection
  transport input telnet ssh
  !
  max-task-time 5000 Planner
  Scheduler allocate 4000 1000
  Scheduler interval 500
  end

  All that top has been configured with the SDM interface. I hope someone here can take a look at this and see what my question is, and why I can't connect through the router.

  All thanks in advance to help me with this.

  Jason

  Based on your description, I am assuming that you are trying the traffic PPTP passthrough via the router 871, and the PPTP Protocol ends on your SBS 2008 Server.

  If this is the correct assumption, PPTP uses 2 protocols: TCP/1723 and GRE. Your configuration only allow TCP/1723, but not the GRE protocol.

  On 101 ACL, you must add "allow accord any any" before the declarations of refusal:

  101 extended IP access list

  1 allow any one

  I guess that the PPTP control connection works fine? Are you able to telnet to the router outside the ip address of the interface on port 1723?

• VPN site to Site using the router and ASA

  Hello

  I have a Cisco 1812 router that is configured for remote access VPN using IPSec (Cisco VPN Client), my question is if I can configure a Cisco ASA 5505 to connect to the router as a VPN from site to site.

  Thank you

  Karl

  Dear Karl,

  Yor are right, in this case you can create a tunnel vpn site-to-site between devices or you can configure your ASA as hardware VPN client. That is to say; Easy VPN.

  For the same thing, you can consult the document below.

  http://www.Cisco.com/en/us/products/HW/vpndevc/ps2030/products_configuration_example09186a00808a61f4.shtml

  Kind regards

  Shijo.

• L2l VPN with public ip of the router and firewall with private IP

  Dear all,

  I have a requiremnt for site to site VPN configuration but the firewall on the remote end is not obtained public ip, public ip address is termintaed on the router. Please find the attached diagram

  LAN--> Firewall - privateip--> router-publicip - ISP

  How can I set up the site to site VPN tunnel, enjoy emergency assistance

  Thanks in advance...

  Mikael

  You can configure static NAT for 1:1 for the SAA outside interface with a spare public ip address of the router address.

  If you don't have spare public ip address, then you must configure static UDP/500 and UDP/4500 PAT on the router and enable NAT - T on the SAA.

• Weird behavior of Safari Dock icon

  For several months now, I noticed a weird behavior of the Safari icon on the dock.

  Note: I have the Safari Dock permanently icon in the dock if the application is running or not for quick access.

  With open Safari, after periods of inactivity or after the awakening of the mode standby, the icon will lose the small black dot on the bottom that indicates an active application.

  By clicking on the icon or a .webloc file reveals that Safari is still active, but because the icon does not animate as it does when it is launched.

  How can I fix and when Safari * is * open its Dock icon indicates that it * all the time *?

  Probably also related...

  All too often, after similar as scenarios above, Safari actually leave - all on its own.

  How can I fix this too?

  Safari has also been freezing quite often lately have to be re-launched or sometimes requiring a restart of the computer system.

  Something is not.

  Go step by step and test.

  1. Disable Extensions and test them.

  Safari > Preferences > Extensions

  Uncheck 'Enable the Extension' and test.

  Enable the Extensions one by one and test.

  To uninstall any extension, select it and click the "Uninstall" button

  2. Quit Safari if it is open.

  Hold down the option key and click on the "Go" menu in the Finder menu bar.

  Select 'Library', then 'Caches.

  Find the folder "com.apple.Safari".

  Right-click on "com.apple.Safari" and select "move to trash".

  Restart Safari.

  3 remove the test and com.apple.Safari.plist file.

  Empty the trash.

  Quit all applications.

  Hold down the option key and click on the "Go" menu in the Finder menu bar.

  Select 'Library' in the menu dropdown.

  Library > Preferences > com.apple.Safari.plist

  Right-click on it and select "place it in the trash.

  Close the Finder window.

  Turn it back on.    Restart Safari.

  If this does not help, "put back" the com.apple.Safari.plist

  Right click on the trash icon in the Dock, then select 'open '.

  Right-click on the com.apple.Safari.plist and select 'Put Back'.

• NO OSPF routes in the database, but in the Routing Table (read you correct)

  Hi all

  I have a lab of two roads R1 & R2 (connected with Ethernet link) like:<------------------>R1, R2

  I can see, OSPF learned routes are Routing Table, but not in the database (read you right).

  How can it be possible? I saw the other direction several times i.e. the routes in the database but not in the routing table (like, VPN L3 remote end when we use the ability VRF-lite, or we try to remove from the interarea road of the LSA, but that is not the concern here)

  I captured a few newspapers & running Setup two routers. Please check and let me know what I am doing wrong.

  I erased the OSPF neighborship several times but still the same. Tried to bounce e1/1 on R2, but no luck.

  R2 #ping 3.3.3.3 lo3 Yes

  Type to abort escape sequence.

  Send 5, echoes ICMP 100 bytes to 3.3.3.3, time-out is 2 seconds:

  Packet sent with the source 2.2.2.2 address

  !!!!!

  Success rate is 100 per cent (5/5), round-trip min/avg/max = 64/76/108 ms

  R2 #.

  R1

  R1 #.

  R1 #show int ip short bones

  Interface area PID IP address/mask cost of State Nbrs F/C

  Lo0 9.9.0.1/32 LOOP 1 1 0 0/0

  Lo3 3.3.3.3/32 LOOP 1 1 0 0/0

  Et1/0 1 0 9.9.12.1/24 10 DR 1/1

  R1 #.

  R1 #.

  R1 #show ip ospf da

  Router OSPF with ID (9.9.12.1) (process ID 1)

  Router link States (zone 0)

  Number of links ID ADV router age Seq # Link Checksum

  9.9.12.1 9.9.12.1 255 0 x 80000028 0x00BE86 3

  9.9.12.2 9.9.12.2 256 0 80000032 0x0067F8 x 2

  NET link States (zone 0)

  Link ID ADV router age Seq # Checksum

  9.9.12.1 9.9.12.1 255 0 x 80000003 0x00BDFC

  R1 #.

  R1 #.

  #show ip route R1 | b door

  Gateway of last resort is not set

  2.0.0.0/32 is divided into subnets, subnets 1

  O 2.2.2.2 [110/11] via 9.9.12.2, 00:04:17, Ethernet1/0

  3.0.0.0/32 is divided into subnets, subnets 1

  C 3.3.3.3 is directly connected, Loopback3

  9.0.0.0/8 is variably divided into subnets, 3 subnets, 2 masks

  C 9.9.0.1/32 is directly connected, Loopback0

  C 9.9.12.0/24 is directly connected, Ethernet1/0

  The 9.9.12.1/32 is directly connected, Ethernet1/0

  R1 #.

  R1 #.

  R1 #show ip os not

  Neighbor ID Pri State Dead Time Interface address

  9.9.12.2 1 FULL/BDR 9.9.12.2 Ethernet1/0 00:00:36

  R1 #.

  R1 #.

  R1 #show run | s r o

  router ospf 1

  Log-adjacency-changes

  R1 #.

  R1 #.

  *************  R2  ********************

  R2 #.

  R2 #show int ip short bones

  Interface area PID IP address/mask cost of State Nbrs F/C

  Lo3 2.2.2.2/32 LOOP 1 1 0 0/0

  Et1/1 1 0 10 BDR 1/1 9.9.12.2/24

  R2 #.

  R2 #.

  R2 #show run | router s o

  router ospf 1

  Log-adjacency-changes

  passive-interface Loopback3

  2.2.2.2 network 0.0.0.0 area 0

  Network 9.9.12.0 0.0.0.255 area 0

  R2 #.

  R2 #show da os ip

  Router OSPF with ID (9.9.12.2) (process ID 1)

  Router link States (zone 0)

  Number of links ID ADV router age Seq # Link Checksum

  9.9.12.1 9.9.12.1 326 0 x 80000028 0x00BE86 3

  9.9.12.2 9.9.12.2 325 80000032 0x0067F8 0 x 2

  NET link States (zone 0)

  Link ID ADV router age Seq # Checksum

  9.9.12.1 9.9.12.1 326 0 x 80000003 0x00BDFC

  R2 #.

  R2 #.

  R2 #show ip road | b door

  Gateway of last resort is not set

  2.0.0.0/32 is divided into subnets, subnets 1

  C 2.2.2.2 is directly connected, Loopback3

  3.0.0.0/32 is divided into subnets, subnets 1

  O 3.3.3.3 [110/11] via 9.9.12.1, 00:05:22, Ethernet1/1

  9.0.0.0/8 is variably divided into subnets, 3 subnets, 2 masks

  9.9.0.1/32 [110/11] via 9.9.12.1, 00:05:22, Ethernet1/1

  C 9.9.12.0/24 is directly connected, Ethernet1/1

  The 9.9.12.2/32 is directly connected, Ethernet1/1

  R2 #.

  R2 #.

  R2 #show ip os not

  Neighbor ID Pri State Dead Time Interface address

  9.9.12.1 1 FULL/DR 00:00:30 9.9.12.1 Ethernet1/1

  R2 #.

  R2 #.

  Hello

  an OSPF router generates only a router-LSA (Type-1) by Area.This router-LSA contains a list with all the links in this area.

  You can see your telesignalisations with 'show ip ospf router of database' - 'show ip ospf database' rather an overview:

  Router Link States (Area 0)Link ID         ADV Router      Age         Seq#       Checksum Link count9.9.12.1        9.9.12.1        326         0x80000028 0x00BE86 3

  Router 9.9.12.1 announces a router-LSA for area 0 and the LSA contains 3 links. Apparently, you created the Loopback IPs when adjacency was already formed, if not the router ID would be defined the highest loopback IP (maybe that's the reason for your confusion). HTHRolf

• Should I wear to the front through a VPN

  I currently have a Cisco 1905 as my hub router, running v15.1 (4) M4. (192.168.1.0/24)

  This router has a static public IP address on interface GI0/0 and the internal address is enabled GI0/1 and we use NAT for Internet access.

  I have an ASA5505 (v8 (4)) Branch (192.168.12.0/24) connection to the router with EZVPN and the VPN is setup and works as it should.

  I can access the branch out of the hub and vice versa.

  I have a security camera in the branch that I can access through the VPN without problem.

  The problem occurs when I try to access the camera from the internet using port forwarding.

  We have several camera in the Office of hub that we access using via the following command port forwarding

  IP nat inside source static tcp 192.168.1.40 80 40001-stretch SDM_RMAP_1 route map

  It works 100%

  I tried to access the camera in the Office using the command

  IP nat inside source static tcp 192.168.12.40 80 41001-stretch SDM_RMAP_1 route map

  but I can't get through.

  I can see the NAT translation in the branch for the port 41001, but I'm not through.

  Is this possible? should I wear to the front in a VPN tunnel?

  The problems is that the branch office is an Office suite and we rent space. We are not provided a public ip address and I have no control over the router providing an address in the ASA5505.

  Any help would be appreciated thanks

  If you have crypto-cards running and you prefer split tunneling, then I suggest a completely different way to resolve that:

  You can install a small linux box (or Win2012R2 will also do the job) in the main exercise (better would an own DMZ for that) and set up as an agent reverse. This system takes requests and passes them to the cameras.

• Authentication of ACS in the VPN tunnel

  We want to enable the ACS authentication to connect to different routers (Cisco 881 s) we have obtained who are communicating with our WAN via VPN tunnels. We want to avoid using public IP of the router to communicate and pass information to user/password with the ACS server and rely on the IP of the server private instead. The problem is that external interfaces of the router connect to the Internet using public IP addresses and when the router wishes to communicate with the ACS server it will use its IP of the interface to the public and which will fail. We can ping on the server of course when we set the source to the internal LAN IP.

  The question is are there any way to have the router contact ACS through the VPN tunnel using a private IP address?

  config is used and tested with success on local equipment:

  AAA new-model

  RADIUS-server host 10.x.x.x single-connection key xxxxxx

  AAA authentication login Ganymede-local group local Ganymede

  AAA authorization commands x Ganymede-local group Ganymede + if authenticated

  AAA authorization exec Ganymede-local group Ganymede + authenticated if

  See the establishment of privileges exec level x

  line vty 0 4

  Ganymede-local authentication login

  authorization controls Ganymede-local x

  -ACS ping to the router (WAN via VPN connection) when using public IP address of the router as the source address:

  RT881 #ping 10.x.x.x

  Type to abort escape sequence.

  Send 5, echoes ICMP 100 bytes to 10.x.x.x, time-out is 2 seconds:

  .....

  Success rate is 0% (0/5)

  -ACS ping to the router (WAN via VPN connection) when using IP private of the LAN as source address:

  RT881 #ping source 10.x.x.1 10.x.x.x

  Type to abort escape sequence.

  Send 5, echoes ICMP 100 bytes to 10.x.x.x, time-out is 2 seconds:

  Packet sent with a source address of 10.x.x.1

  !!!!!

  Success rate is 100 per cent (5/5), round-trip min/avg/max = 72/72/76 ms

  Looking forward to your responses and suggestions.

  Thanks, M.

  Hey Maher,

  You can use the command 'Ganymede-source interface ip' or 'RADIUS source-interface ip' for your scenario.

  I hope this helps!

  Kind regards

  Assia