Search Results

Search found 5578 results on 224 pages for 'transport rules'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 115/224 | < Previous Page | 111 112 113 114 115 116 117 118 119 120 121 122  | Next Page >

  • Requiring 802.1x login before allowing access to network resources

    - by Calvin Froedge
    I have a ZyXel GS2200-24 managed switch, and a free-radius server running on Ubuntu 11.10. Radius is configured and when I log into the switch the authentication goes through Radius. Now, I'm trying to ensure that access to web resources (as an example, I set up a web server on the ip 192.168.1.2) requires first authenticating with radius, before the switch will allow the connection. Am I correct that this should be handled at the switch level? What are these rules usually called / how are they usually defined?

    Read the article

  • Bonjour/mDNS Broadcast across subnets

    - by Matthew Savage
    I have just setup a new OSX Server in our office and verified that everything is working fine over our wired network (192.168.126.0/24). The problem that I am having is that our clients (Mac Laptops) are mainly connected via Wireless, which are running on a different subnet (192.168.1.0/24), and the mDNS Broadcast isn't reaching this subnet. The network configuration is somewhat foreign to myself (I don't manage the network in this location, but as of just recently the servers), however I don't believe there is any firewalls or routing rules between the two subnets which might cause the traffic to be rejected. I'm wondering if this is simply the mDNS broadcast not able to broadcast over the two different subnets (I'm still reading up on broadcast to understand it more) or there is something else which I might be able to try.

    Read the article

  • Gmail & yahoo - offline mail viewer for mac osx

    - by sagar
    Hello ! Every one. My question are divided into two parts ----------------------- 1 ---------------------------- I am having a difficulty regarding receiving my mails. I have 3 gmail accounts & 1 yahoo account. In windows, I use Microsoft outlook or microsoft outlook express. But In mac is there any inbuilt software for it ? If not, is that any freely available mail client for mac osx ? ----------------------- 2 ---------------------------- One more thing, My system administrators has banned regular gmail & yahoo sites. Means I can't use gmail or yahoo site for mailing. Ok. I don't want to break my office rules - but what about my mails on gmail & yahoo, they are really very important for me. Means that - I just want to access incoming mails nothing more than that.

    Read the article

  • Mounting Replicated Gluster Multi-AZ Storage

    - by Roman Newaza
    I have Replicated Gluster Storage which is used by Auto scaling Servers. Both, Auto scaling and Storage are allocated in two Availability zones. Gluster: Number of Bricks: 4 x 2 = 8 Transport-type: tcp Bricks: Brick1: gluster01:/storage/1a # Zone A Brick2: gluster02:/storage/1b # Zone B Brick3: gluster03:/storage/2a # Zone A Brick4: gluster04:/storage/2b # Zone B Brick5: gluster01:/storage/3a # Zone A Brick6: gluster02:/storage/3b # Zone B Brick7: gluster03:/storage/4a # Zone A Brick8: gluster04:/storage/4b # Zone B I used Round Robin DNS for Gluster entry point, so DNS name resolves to all of the storage server addresses which are returned in different order all the time: # host storage.domain.com storage.domain.com has address xx.xx.xx.x1 storage.domain.com has address xx.xx.xx.x2 storage.domain.com has address xx.xx.xx.x3 storage.domain.com has address xx.xx.xx.x4 The Storage is mounted with Native Gluster Client: # grep storage /etc/fstab storage.domain.com:/storage /storage glusterfs defaults,log-level=WARNING,log-file=/var/log/gluster.log 0 0 I have heard Gluster might be mounted with the first Server IP and after that it will fetch its configuration with the rest of Servers. Personally, I never tested single Server mount setup and I don't know how Gluster handles this. On EC2, traffic among single Availability zone is free and between different zones is not. When Client in zone A writes to storage and IP of Storage in zone B is returned, it will cost me twice more for data transfer: Client (Zone A) - Storage Server (Zone B) - Replication to Storage Server (Zone A). Question: Would it be better to mount Storage Server of the same zone, so that data transfer charges apply only for replication (A - A - B)?

    Read the article

  • Setting up a wireless access point with Ubuntu server

    - by Solignis
    I am trying to setup a wifi access point with my Ubuntu server, everything "seems" to be good since I got a better wifi radio (long story). But now I am a little confused, when my Android phone tries to associate with the AP it is able to with no problem but then it cannot get an IP address from my DHCP server. I have tried messing with firewall rules, nothing... I tried making a bridge interface as per what I am told I had to do. ( Not sure if i did it right though). What I am trying to do if make the wireless interface an extention of my eth0 network. Am I on the right track or am I going about the wrong way?

    Read the article

  • Gre Tunnel Cisco Linux traffic forwarding

    - by mezgani
    I setup a gre tunnel a cisco router and a Linux machine, the tunnel interface in the Linux box named pic. Well i have to forward traffic coming from cisco through the Linux box. the rules i've set in the Linux box is described as follow: echo "1" /proc/sys/net/ipv4/ip_forward iptables -A INPUT -p 47 -j ACCEPT iptables -A FORWARD -i ppp0 -j ACCEPT iptables -A FORWARD -i pic -o ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i ppp0 -o pic -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE I see the traffic coming from tunnel and forwarded to internet but no reply from sent packet. May i miss something like a routing rule.

    Read the article

  • Exposing the ipPhone attribute to Communicator and the OCS address book service

    - by Doug Luxem
    I am in the process of integrating OCS with our Cisco phone system using CUCIMOC. After some fiddling with the phone normalization rules, it appears that I can get PSTN numbers to be dialed though the CUCIMOC interface (yay!). However, during this process I came to realize that the ipPhone attribute in Active Directory does not appear to be exposed to Communicator (and CUCIMOC). What is strange though, is that I can see from the OCS address book service "Invalid_AD_Phone_Numbers.txt" that the attribute is processed by the address book service. My question is, how do I expose the ipPhone field in Office Communicator? Currently, Communicator maps like this - Work = telephoneNumber Mobile = mobile Home = homePhone Attributes such as otherHomePhone, ipPhone, otherMobile, otherTelephone, otherIpPhone are ignored.

    Read the article

  • E-mail from specific domain not delivered to one of the cc: recipients on Exchange 2010

    - by BobC
    we have a user on Exchange 2010 server who doesn't get email from one specific domain if her address is in cc: field. If she is a main recipient (To:) it goes through. We checked Exchange logs and it looks like our server doesn't even try to deliver it, it simply ignores her email address completely. We did several tests: send email with her email address in cc: field from another domain, succeeded send email with her email address in to: field from another domain, succeeded send email with her email address in to: field from affected domain, succeeded turn off all email rules check via webmail We also turned off firewall, antispam and antivirus for SMTP rule. Does anyone have any idea what could be an issue here? Thanks

    Read the article

  • Where are my Tomcat Logs?

    - by gav
    Hi All, I installed Tomcat6 on a Ubuntu 9.04 server using apt-get install tomcat6. I uploaded a WAR using the manager interface and tried to start the application but get a pretty generic error on the Web interface saying it couldn't be started. I am trying to find the logs to determine why my war won't start (I suspect low memory as i'm on a small VPS) but I don't know where they are. /var/lib/tomcat6/logs is empty. My Tomcat splash page reliably informs me of the following; Tomcat is installed with CATALINA_HOME in /usr/share/tomcat6 CATALINA_BASE in /var/lib/tomcat6, following the rules from /usr/share/doc/tomcat6-common/RUNNING.txt.gz. Thanks, Gav

    Read the article

  • apache rewrite debian vs windows

    - by user1079002
    I have simple rewrite rules as I just learned about them RewriteEngine On RewriteRule ^dl/(.*)/.*$ dl/$1/index.php [L] RewriteRule ^index.php$ upload.js [L] both are working on Windows for url localhost/upload/dl/mkdji/index.php, but on Debian works only second rule for url www.domain.com/index.php, but not for www.domain.com/dl/oksoks/index.php After dl is some random string. Obviously I'm missing something regarding directory depth, but don't know what. file htacces is in localhost/upload and root of domain.com folders. What am I missing here?

    Read the article

  • How to drop packets in a custom Intrusion Detection System

    - by tzoukos
    Hi there, I'm trying to build a custom Intrusion Detection and Prevention System (IDS/IPS). I found a great utility named ROPE which can scan the packet payload and drop the packet that doesn't follow the rules, set by a script. This serves my purpose completely, since what I want to do is check the payload for some specific text and then drop it or allow it ( the string feature in iptables wouldn't do me any good, because I want to check more than one string in tha payload, like usernames, id's, etc ). However, ROPE is really old and despite my many attempts I haven't managed to install it properly. Do you know any similar program that will help me drop packets in iptables depending on the payload? Any suggestion is greatly appreciated :)

    Read the article

  • Windows 2008R2 blocks outbound LDAP for non-admins?

    - by Jon Bailey
    I've got a Windows 2008R2 terminal server with ~30 users on it. It's joined to a Samba-based domain. During the login script, we connect directly to the LDAP server to pull out certain profile information. This used to work just fine. Now, it doesn't, but only for non-local-admin accounts. Local admins work fine. As a non-local-admin: Connection to ports 389 or 636 just terminate (wireshark on the LDAP server reveals no connection attempt) Connection to other ports on the same server work fine Same thing on multiple LDAP servers Windows firewall is disabled Can't find any other rules/policies that may block this I suspect since this used to work, it came down during an update, but for the life of me, I can't find what. EDIT: I just ran Wireshark on the machine and didn't see anything when connecting to the LDAP server in question (or any LDAP server for that matter). I can, however, see traffic when I connect to that server on another port.

    Read the article

  • Nginx Installation on Ubuntu giving 500 error

    - by user750301
    I just installed nginx on ubuntu 12.04 LTS. When i access localhost it gives me : 500 Internal Server Error nginx/1.2.3 error_log has following rewrite or internal redirection cycle while internally redirecting to "/index.html", client: 127.0.0.1, server: localhost, request: "GET / HTTP/1.1", host: "localhost" This is default nginx configuration: nginx.conf has: include /etc/nginx/sites-enabled/*; /etc/nginx/sites-enabled/default has following root /usr/share/nginx/www; index index.html index.htm; # Make site accessible from http://localhost/ server_name localhost; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ /index.html; # Uncomment to enable naxsi on this location # include /etc/nginx/naxsi.rules }

    Read the article

  • Web Server Scripting Hack to Maintain State and Keep a Domain Cookieless

    - by jasonspalace
    Hello, I am looking for a solution on a LAMP server to keep a site cookieless such as "example.com", where static content is served from "static.example.com", and with rules in place to rewrite requests for "www.example.com" to "example.com". I am really hoping to avoid setting up a cookieless domain for the static content due to an unanswered SEO concern with regards to CNAMEing to a CDN. Is there a way, (or safe hack), that can be implemented where a second domain such as "www.example2.com" is CNAMEd, aliased, or otherwise used with "example.com" to somehow trick a php application into maintaining state with a cookie dropped on "www.example2.com" therefore keeping all of "example.com" cookieless? If such a solution is feasible, what implications would exists with regards to SSL and cross-browser compatibility other than requiring users to accept cookies from 3rd party domains and possibly needing an additional SSL to keep the cookie secure? Thanks in advance to all.

    Read the article

  • Apache disable DNS lookups

    - by odeceixe
    I'm using Debian 4.3.2-1 and Apache 2 on my production server. Watching the logs, I noticed Apache is resolving client's hostnames even with HostnameLookups Off in apache2.conf. I want to avoid these lookups so I'm guessing Apache is making this DNS query because I have mod_authz_host enabled. When I try to unlink this module, I get several modules complaining because they use the Order directive. How is the clean way to go? Should I comment all Order directives like Order allow,deny Deny from all Is this the only way to stop Apache from making DNS requests? I would like to deny access to .htaccess files and some rules like that.

    Read the article

  • XenServer: Editing clone configuration before boot

    - by Jeff Ferland
    Upon cloning a base image, I need to reconfigure basic settings. Regenerating the ssh host key, changing static IP assignments, setting the host name, etc. Because of the network setup, DHCP is not an option. That more or less rules out SSHing in with a predefined key or running a startup script since I can't provide the IP externally. I'd most like to mount the filesystem of the new machine on Dom0, but the lvm volumes are exported and it appears to be Bad Form to import them so the Dom0 machine can see them. What's your best suggestion for altering files in a cloned VM before boot? Must be non-interactive, and I'm going to guess out the gate that scripting access via xe console is not going to work well.

    Read the article

  • postfix specify limited relay domain while allowing sasl-auth relay

    - by tylerl
    I'm trying to set up postfix to allow relaying under a limited set of conditions: The destination domain is one of a pre-defined list -or- The client successfully logs in Here's the relevant bits o' config: smtpd_sasl_auth_enable=yes relay_domains=example.com smtpd_recipient_restrictions=permit_auth_destination,reject_unauth_destination smtpd_client_restrictions=permit_sasl_authenticated,reject The problem is that it requires that BOTH restrictions be satisfied, rather than either-or. Which is to say, it only allows relaying if the client is authenticated AND the recipient domain is @example.com. Instead, I need it to allow relaying if either one of the requirements is satisfied. How do I do this without resorting to running SMTP on two separate ports with different rules? Note: The context is an outbound-use-only (bound to 127.0.0.1) MTA on a shared web server which all site owners are allowed to relay mail to one of the "owned" domains (not server-local, though), and for which a limited set of "trusted" site owners are allowed to relay mail without restriction provided they have a valid SMTP login.

    Read the article

  • Block P2P traffic on a Linksys router WRT54G with tomato firmware

    - by Kami
    Hi, I'm running a small wireless network (6 to 10 users) on a Lynksys WRT54G with tomato firmware sharing an internet connection. I don't want the users to download files with bittorrent (mainly used) and other p2p apps. I've also found some solutions about lowering p2p traffic priority using QoS. I really need to BAN p2p traffic. Does anyone know how to setup some rules to deny that kind of traffic ? I've tried to setup an Access Restriction Rule: But it's not working at all ...

    Read the article

  • Gradually migrate from one SMTP server to another

    - by Bart van Wissen
    I maintain an application that sends out a ton of e-mail on a daily basis. Soon, we will have to migrate to another SMTP-server for that, which has an ip address that has no reputation with respect to email delivery. So instead of just flipping the switch, I would like to start by sending a small percentage of all mail through the new server, and then gradually increase that percentage until we reach 100%. It wouldn't be very hard to implement something in the application itself, but I would like to know if there is an easier, more reliable out-of-the-box-type solution for this. My first thought was to use round-robin DNS for this, but the servers require different credentials, use different protocols (one uses SASL, the other doesn't) and even different port numbers, so I think that rules out the DNS based solution. Is there any way, for example, to configure Postfix to send 1 out of x e-mails to relay host A and the rest to relay host B? Or perhaps a different MTA?

    Read the article

  • Port forwarding no longer works

    - by Auryn
    Prior to testing an OpenVPN installation, I setup a basic VPN server using the software already built into Windows 7. Port forwarding on the Linksys router worked as normal and I was able to connect remotely. After doing an install of OpenVPN Access Server on a spare box running Ubuntu, and adding new ports to be forwarded I was unable to access the VPN from an external source as the required ports all indicated that they were closed. (During testing XRDP and VNCSERVER were also installed to facilitate access to the box) Checking back on the Windows 7 VPN resulted in no access to that vpn setup either. All ports are now reporting a being closed despite being previously open even ports that were being used for other services. Adding and removing port forwarding rules seem to have no effect. At this point, in order to troubleshoot, both the firewall and anti-virus software have been disabled on the Windows 7 machine. Could this be just a router issue? Is there any way out of this without having to reset and reconfigure the router?

    Read the article

  • Forward the Wan IP to another Wan IP without change the Source address

    - by user195410
    I have tried this case by using the NAT function in iptables but fail example. PC A IP is 1.1.1.1 (Win7) My Server IP is 2.2.2.2 (CentOS 6.2) target Server B is 3.3.3.3 (Windows server 2003) Flow: PC A WanIP -- My Server A -- Server B (WanIP) ----My iptables rules--------- iptables -t nat -A PREROUTING -d 2.2.2.2 -p tcp --dport 80 -j DNAT --to-destination 3.3.3.3:80 iptables -t nat -A POSTROUTING -d 2.2.2.2 -j MASQUERADE finally, i can access server B website by enter 2.2.2.2:80 but when i checked the access log at Server B i found it's source address had been changed to src:2.2.2.2 dst:3.3.3.3 please help me to do how to get the real address is src:1.1.1.1 dst:3.3.3.3

    Read the article

  • Squid 3 reloading makes it stop serving requests

    - by coredump
    So, we use Squid 3 here (3.0.STABLE8-3+lenny4), pretty standard configuration (no dansguardian or similar) + NTLM authentication with LDAP background, circa 1000 users on a busy day, and our acls reference some external files (allowed/blocked sites/ip addresses). On Squid 2.X we used to be capable of reloading it's configuration (to add or sites or addresses to rules, etc) and squid would not stop serving during the reload. Since we changed to 3.0, that seems to be impossible: everytime we use reload (or -k reconfigure) it stop serving requests for as long as 2 minutes, and clients receive a Configured proxy is not accepting connections message. I checked the documentation and got nothing about it, does anyone else suffer from this problem or is it a isolated case on my setup? Also, if you have Squid 3.0 and doesn't suffer from this problem, how is your squid configured?

    Read the article

  • Cisco ASA: How to route PPPoE-assigned subnet?

    - by Martijn Heemels
    We've just received a fiber uplink, and I'm trying to configure our Cisco ASA 5505 to properly use it. The provider requires us to connect via PPPoE, and I managed to configure the ASA as a PPPoE client and establish a connection. The ASA is assigned an IP address by PPPoE, and I can ping out from the ASA to the internet, but I should have access to an entire /28 subnet. I can't figure out how to get that subnet configured on the ASA, so that I can route or NAT the available public addresses to various internal hosts. My assigned range is: 188.xx.xx.176/28 The address I get via PPPoE is 188.xx.xx.177/32, which according to our provider is our Default Gateway address. They claim the subnet is correctly routed to us on their side. How does the ASA know which range it is responsible for on the Fiber interface? How do I use the addresses from my range? To clarify my config; The ASA is currently configured to default-route to our ADSL uplink on port Ethernet0/0 (interface vlan2, nicknamed Outside). The fiber is connected to port Ethernet0/2 (interface vlan50, nicknamed Fiber) so I can configure and test it before making it the default route. Once I'm clear on how to set it all up, I'll fully replace the Outside interface with Fiber. My config (rather long): : Saved : ASA Version 8.3(2)4 ! hostname gw domain-name example.com enable password ****** encrypted passwd ****** encrypted names name 10.10.1.0 Inside-dhcp-network description Desktops and clients that receive their IP via DHCP name 10.10.0.208 svn.example.com description Subversion server name 10.10.0.205 marvin.example.com description LAMP development server name 10.10.0.206 dns.example.com description DNS, DHCP, NTP ! interface Vlan2 description Old ADSL WAN connection nameif outside security-level 0 ip address 192.168.1.2 255.255.255.252 ! interface Vlan10 description LAN vlan 10 Regular LAN traffic nameif inside security-level 100 ip address 10.10.0.254 255.255.0.0 ! interface Vlan11 description LAN vlan 11 Lab/test traffic nameif lab security-level 90 ip address 10.11.0.254 255.255.0.0 ! interface Vlan20 description LAN vlan 20 ISCSI traffic nameif iscsi security-level 100 ip address 10.20.0.254 255.255.0.0 ! interface Vlan30 description LAN vlan 30 DMZ traffic nameif dmz security-level 50 ip address 10.30.0.254 255.255.0.0 ! interface Vlan40 description LAN vlan 40 Guests access to the internet nameif guests security-level 50 ip address 10.40.0.254 255.255.0.0 ! interface Vlan50 description New WAN Corporate Internet over fiber nameif fiber security-level 0 pppoe client vpdn group KPN ip address pppoe ! interface Ethernet0/0 switchport access vlan 2 speed 100 duplex full ! interface Ethernet0/1 switchport trunk allowed vlan 10,11,30,40 switchport trunk native vlan 10 switchport mode trunk ! interface Ethernet0/2 switchport access vlan 50 speed 100 duplex full ! interface Ethernet0/3 shutdown ! interface Ethernet0/4 shutdown ! interface Ethernet0/5 switchport access vlan 20 ! interface Ethernet0/6 shutdown ! interface Ethernet0/7 shutdown ! boot system disk0:/asa832-4-k8.bin ftp mode passive clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 dns domain-lookup inside dns server-group DefaultDNS name-server dns.example.com domain-name example.com same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network inside-net subnet 10.10.0.0 255.255.0.0 object network svn.example.com host 10.10.0.208 object network marvin.example.com host 10.10.0.205 object network lab-net subnet 10.11.0.0 255.255.0.0 object network dmz-net subnet 10.30.0.0 255.255.0.0 object network guests-net subnet 10.40.0.0 255.255.0.0 object network dhcp-subnet subnet 10.10.1.0 255.255.255.0 description DHCP assigned addresses on Vlan 10 object network Inside-vpnpool description Pool of assignable addresses for VPN clients object network vpn-subnet subnet 10.10.3.0 255.255.255.0 description Address pool assignable to VPN clients object network dns.example.com host 10.10.0.206 description DNS, DHCP, NTP object-group service iscsi tcp description iscsi storage traffic port-object eq 3260 access-list outside_access_in remark Allow access from outside to HTTP on svn. access-list outside_access_in extended permit tcp any object svn.example.com eq www access-list Insiders!_splitTunnelAcl standard permit 10.10.0.0 255.255.0.0 access-list iscsi_access_in remark Prevent disruption of iscsi traffic from outside the iscsi vlan. access-list iscsi_access_in extended deny tcp any interface iscsi object-group iscsi log warnings ! snmp-map DenyV1 deny version 1 ! pager lines 24 logging enable logging timestamp logging asdm-buffer-size 512 logging monitor warnings logging buffered warnings logging history critical logging asdm errors logging flash-bufferwrap logging flash-minimum-free 4000 logging flash-maximum-allocation 2000 mtu outside 1500 mtu inside 1500 mtu lab 1500 mtu iscsi 9000 mtu dmz 1500 mtu guests 1500 mtu fiber 1492 ip local pool DHCP_VPN 10.10.3.1-10.10.3.20 mask 255.255.0.0 ip verify reverse-path interface outside no failover icmp unreachable rate-limit 10 burst-size 5 asdm image disk0:/asdm-635.bin asdm history enable arp timeout 14400 nat (inside,outside) source static any any destination static vpn-subnet vpn-subnet ! object network inside-net nat (inside,outside) dynamic interface object network svn.example.com nat (inside,outside) static interface service tcp www www object network lab-net nat (lab,outside) dynamic interface object network dmz-net nat (dmz,outside) dynamic interface object network guests-net nat (guests,outside) dynamic interface access-group outside_access_in in interface outside access-group iscsi_access_in in interface iscsi route outside 0.0.0.0 0.0.0.0 192.168.1.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa-server SBS2003 protocol radius aaa-server SBS2003 (inside) host 10.10.0.204 timeout 5 key ***** aaa authentication enable console SBS2003 LOCAL aaa authentication ssh console SBS2003 LOCAL aaa authentication telnet console SBS2003 LOCAL http server enable http 10.10.0.0 255.255.0.0 inside snmp-server host inside 10.10.0.207 community ***** version 2c snmp-server location Server room snmp-server contact [email protected] snmp-server community ***** snmp-server enable traps snmp authentication linkup linkdown coldstart snmp-server enable traps syslog crypto ipsec transform-set TRANS_ESP_AES-256_SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set TRANS_ESP_AES-256_SHA mode transport crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map outside_dyn_map 20 set pfs group5 crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_AES-256_SHA crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 1 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet 10.10.0.0 255.255.0.0 inside telnet timeout 5 ssh scopy enable ssh 10.10.0.0 255.255.0.0 inside ssh timeout 5 ssh version 2 console timeout 30 management-access inside vpdn group KPN request dialout pppoe vpdn group KPN localname INSIDERS vpdn group KPN ppp authentication pap vpdn username INSIDERS password ***** store-local dhcpd address 10.40.1.0-10.40.1.100 guests dhcpd dns 8.8.8.8 8.8.4.4 interface guests dhcpd update dns interface guests dhcpd enable guests ! threat-detection basic-threat threat-detection scanning-threat threat-detection statistics host number-of-rate 2 threat-detection statistics port number-of-rate 3 threat-detection statistics protocol number-of-rate 3 threat-detection statistics access-list threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 ntp server dns.example.com source inside prefer webvpn group-policy DfltGrpPolicy attributes vpn-tunnel-protocol IPSec l2tp-ipsec group-policy Insiders! internal group-policy Insiders! attributes wins-server value 10.10.0.205 dns-server value 10.10.0.206 vpn-tunnel-protocol IPSec l2tp-ipsec split-tunnel-policy tunnelspecified split-tunnel-network-list value Insiders!_splitTunnelAcl default-domain value example.com username martijn password ****** encrypted privilege 15 username marcel password ****** encrypted privilege 15 tunnel-group DefaultRAGroup ipsec-attributes pre-shared-key ***** tunnel-group Insiders! type remote-access tunnel-group Insiders! general-attributes address-pool DHCP_VPN authentication-server-group SBS2003 LOCAL default-group-policy Insiders! tunnel-group Insiders! ipsec-attributes pre-shared-key ***** ! class-map global-class match default-inspection-traffic class-map type inspect http match-all asdm_medium_security_methods match not request method head match not request method post match not request method get ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map type inspect http http_inspection_policy parameters protocol-violation action drop-connection policy-map global-policy class global-class inspect dns inspect esmtp inspect ftp inspect h323 h225 inspect h323 ras inspect http inspect icmp inspect icmp error inspect mgcp inspect netbios inspect pptp inspect rtsp inspect snmp DenyV1 ! service-policy global-policy global smtp-server 123.123.123.123 prompt hostname context call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email [email protected] destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily hpm topN enable Cryptochecksum:a76bbcf8b19019771c6d3eeecb95c1ca : end asdm image disk0:/asdm-635.bin asdm location svn.example.com 255.255.255.255 inside asdm location marvin.example.com 255.255.255.255 inside asdm location dns.example.com 255.255.255.255 inside asdm history enable

    Read the article

  • openldap search acl

    - by Patrick
    I'm trying to write an access control for OpenLDAP to allow a user to search with a certain base dn, but only get results back from certain sub dn's. I've played with lots of different rules but cant get it to work. I'm not sure its even possible. For example: I have the user with the dn uid=testuser,ou=people,dc=example,dc=com. I want this user to be able to search with a base of dc=example,dc=com and get back entries in ou=people,dc=example,dc=com. There are lots of other sub OUs under dc=example,dc=com, but only entries in ou=people should be returned (for bonus, I'd only like certain attributes to be returned as well). Can this be done?

    Read the article

  • allow SSH to bypass VPN on OSX mavericks, openvpn, pf

    - by zycho42
    My home computer connects to the internet through an OpenVPN connection. However, I would like to be able to connect to my home computer from outside over ssh. Ssh is set up and working, but when I connect to the vpn ssh is only accessible from inside my home network. I figure what's going wrong is my router forwards incoming ssh connections to my mac, but then my mac replies over the vpn, so the connection from outside times out. I've got pf set up for a couple of other things, but I can't figure out how to let the ssh replies bypass the vpn using pf. I've come across other solutions that use ip tables, routing tables and rules, but I can't figure out how to set that up on mavericks. I've been searching for this for a while now but I haven't found a working solution. Any help would be greatly appreciated!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 111 112 113 114 115 116 117 118 119 120 121 122  | Next Page >