Search Results

Search found 3413 results on 137 pages for 'addresses'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 2/137 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Issue with setting up multiple IP addresses on ubuntu server installation

    - by varunyellina
    I want to setup two ip addresses on my system for access through lan. This is my config on my other system. Desktop Installation My desktop installation runs with multiple IP's added through networkmanager both through lan and wifi. Server Installation On my server install I've edited /etc/network/interfaces to the following. auto eth0 auto eth0:1 # IP-1 iface eth0 inet static address 172.16.35.35 network 172.16.34.1 netmask 255.255.254.0 broadcast 172.166.35.255 dns-nameservers 172.16.100.221 8.8.8.8 # IP-2 iface eth0:1 inet static address 172.16.34.34 network 172.16.34.1 netmask 255.255.254.0 gateway 172.16.34.1 broadcast 172.16.35.255 After restarting through "/etc/init.d/networking restart" I recieve "Failed to bring up eth0:1" What am I doing wrong? Thankyou.

    Read the article

  • Identical spam coming from many different (but similar) IP addresses

    - by DisgruntledGoat
    A forum I run has been the victim of spam user accounts recently - several accounts that have been registered and the profile fill with advertising/links. All of this is for the same company, or group of companies. I deleted several accounts weeks ago and blocked some IP addresses, but today they have come back with the same spam. Every account has a different IP address, but they are all of the form 122.179.*.* or 122.169.*.*. I am considering blocking those two IP ranges, but there are potentially thousands of IPs in that range. They appear to be assigned to India (although the spam is for an American company) so given the site is for a western, English-speaking audience maybe it doesn't matter. My questions: How are they posting on so many IPs? Is there likely to be a limit to the number of IPs they have access to? Is there anything else I can do at the IP-level to block them? (I am looking into other measures like blocking usernames/links.)

    Read the article

  • Multiple IP addresses on one NIC register twice in DNS server

    - by Brad B.
    Hi, We've got a build server (Windows Server 2008 SP2, 64-bit) which has one NIC and two IP addresses registered to that NIC (192.168.1.30 and 192.168.1.31). The build server is registering two identical Host (A) records for itself in our DNS server: buildserver.example.com = 192.168.1.30 buildserver.example.com = 192.168.1.31 I know in the "Advanced TCP/IP Settings" window for the build server's NIC, under the "DNS" tab, there is a check box labeled "Register this connection's addresses in DNS". I only want ONE of the IP addresses (ending in .30) to be registered in DNS not both of them. Can that be done? My best guess is to disable the "Register this connection's addresses in DNS" and manually add the Host (A) record to our DNS server. Thanks for any help!

    Read the article

  • Exchange ActiveSync with multiple email addresses

    - by Martin Robins
    I have Exchange 2007 SP2, and I have successfully connected my Windows Mobile phone via Exchange ActiveSync and can send and receive emails. I have two addresses within my Exchange mailbox, [email protected] and [email protected], with the second being set as the reply address. When I view my email addresses on my device, I see both of these email addresses, however when I send new messages it always selects the first email address as the reply address and not the second. It is probably worth pointing out that, like in the example provided above, the email addresses are shown alphabetically and the address being selected is the first alphabetically (just in case that matters). I would like to set the device to always select the reply address specified in the mailbox, or at least be able to ensure that the address I want is selected if I have to select it manually on the device, but cannot find any way to make this happen. Can anybody help?

    Read the article

  • Exchange ActiveSync with muliple email addresses

    - by Martin Robins
    I have Exchange 2007 SP2, and I have successfully connected my Windows Mobile phone via Exchange ActiveSync and can send and receive emails. I have two addresses within my Exchange mailbox, [email protected] and [email protected], with the second being set as the reply address. When I view my email addresses on my device, I see both of these email addresses, however when I send new messages it always selects the first email address as the reply address and not the second. It is probably worth pointing out that, like in the example provided above, the email addresses are shown alphabetically and the address being selected is the first alphabetically (just in case that matters). I would like to set the device to always select the reply address specified in the mailbox, or at least be able to ensure that the address I want is selected if I have to select it manually on the device, but cannot find any way to make this happen. Can anybody help?

    Read the article

  • client flips between internal and external IP addresses??

    - by jmiller-miramontes
    I have what seems like a not-particularly-complicated home network, all things considered: a DSL line comes in to a modem/router, which goes off to a switch, which supports a bunch of machines. My machines live in a 192.168.0.x address space; however, I'm running some public servers on the network, so I have a block of 8 (5, really) static IP addresses that are mapped to the servers by the router. The non-servers get 192.168.0.x addresses via NAT; some machines have static addresses and some get addresses from DHCP. Locally, I'm running a DNS server (named) to map between the domain names and the 192.168 address space. Somewhat messy, but everything basically works. Except: One of my local non-server clients occasionally switches from its internal address to its external address. That is, if I check the logs of a website I'm running internally, the hits coming from this client sometimes show up with the internal 192.168 address, and sometimes with the external (216.103...) address. It will flip back and forth for no apparent reason, without my doing anything. This can be a problem in terms of how the clients interact with the way I have some of the clients' SSH systems configured (e.g., allowing access from the internal network but not the external network), but it also Just Seems Wrong. I will confess that I'm kinda skating on the very edge of my networking competence here, but I can't for the life of me figure out what's going on. If it helps, the client in question is running Mac OS X / 10.6; its address is statically assigned, is not one of the five externally-accessible addresses, and gets its DNS from (first) the internal DNS server and (second) my ISP's DNS servers. I can't swear that none of the other NAT clients are also showing this problem; the one I'm dealing with is my everyday machine, so this is where I run into it. Does anybody out there have any advice? This is driving me crazy...

    Read the article

  • Adding many IP addresses to Windows Firewall using CLI fails partially

    - by Thomas
    I have a PowerShell script which adds IP addresses to Windows Firewall using the "netsh advfirewall" command. (As described in this question: How to append netsh firewall rules, not just replace). The problem is that when adding a lot of IP addresses (currently over 700) the string of IP addresses seems to be 'cut off' at some point. Only an X amount of the total amount of IP addresses are actually added to the firewall, the rest... not. The script is very simple, and looks something like this: $ip = "123.123.123.123,124.124.124.124,125.125.125.125 and so on" netsh advfirewall firewall set rule name="*" new remoteip="$ip" I tried to echo the string to see if it's cut off; echo $ip But the complete string is correctly echo'ed. Is there some kind of string length limit for the netsh command? Or anything else that could be causing this issue?

    Read the article

  • Multiple "from" addresses for single Exchange account in Outlook 2007

    - by Jørn Schou-Rode
    I have a single Exhange account with multiple aliases (e-mail addresses), for which it recieves incoming mail messages. Using "rules" it is possible to have the incoming messages sorted into folders depending on the address they are sent to. When composing and sending messages from Outlook, the primary address of the exchange account is used in the "From" header. Without adding additional mail accounts (I really only have one), is it possible to learn Outlook about the alias addresses, making them available as "From" addresses when composing new messages?

    Read the article

  • Automatic DNS population for routable IPV6 addresses

    - by Clint
    In ipv4 I can set my DHCP server to populate DNS with hostnames and IP addresses as clients are found. This works well and clients can resolve these DNS addresses to contact eachother over routed subnets. How can this be done in ipv6 without DHCP? Link Local Multicast Name Resolution can allow clients on the same subnet to discover eachothers hostnames and match them to link-local addresses, but so far I can't find a way for clients to advertise their global or unique local addresses and hostnames to a DNS server to be resolved across subnets.

    Read the article

  • Two network interfaces and two IP addresses on the same subnet in Linux

    - by Scott Duckworth
    I recently ran into a situation where I needed two IP addresses on the same subnet assigned to one Linux host so that we could run two SSL/TLS sites. My first approach was to use IP aliasing, e.g. using eth0:0, eth0:1, etc, but our network admins have some fairly strict settings in place for security that squashed this idea: They use DHCP snooping and normally don't allow static IP addresses. Static addressing is accomplished by using static DHCP entries, so the same MAC address always gets the same IP assignment. This feature can be disabled per switchport if you ask and you have a reason for it (thankfully I have a good relationship with the network guys and this isn't hard to do). With the DHCP snooping disabled on the switchport, they had to put in a rule on the switch that said MAC address X is allowed to have IP address Y. Unfortunately this had the side effect of also saying that MAC address X is ONLY allowed to have IP address Y. IP aliasing required that MAC address X was assigned two IP addresses, so this didn't work. There may have been a way around these issues on the switch configuration, but in an attempt to preserve good relations with the network admins I tried to find another way. Having two network interfaces seemed like the next logical step. Thankfully this Linux system is a virtual machine, so I was able to easily add a second network interface (without rebooting, I might add - pretty cool). A few keystrokes later I had two network interfaces up and running and both pulled IP addresses from DHCP. But then the problem came in: the network admins could see (on the switch) the ARP entry for both interfaces, but only the first network interface that I brought up would respond to pings or any sort of TCP or UDP traffic. After lots of digging and poking, here's what I came up with. It seems to work, but it also seems to be a lot of work for something that seems like it should be simple. Any alternate ideas out there? Step 1: Enable ARP filtering on all interfaces: # sysctl -w net.ipv4.conf.all.arp_filter=1 # echo "net.ipv4.conf.all.arp_filter = 1" >> /etc/sysctl.conf From the file networking/ip-sysctl.txt in the Linux kernel docs: arp_filter - BOOLEAN 1 - Allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work). In other words it allows control of which cards (usually 1) will respond to an arp request. 0 - (default) The kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load- balancing, does this behaviour cause problems. arp_filter for the interface will be enabled if at least one of conf/{all,interface}/arp_filter is set to TRUE, it will be disabled otherwise Step 2: Implement source-based routing I basically just followed directions from http://lartc.org/howto/lartc.rpdb.multiple-links.html, although that page was written with a different goal in mind (dealing with two ISPs). Assume that the subnet is 10.0.0.0/24, the gateway is 10.0.0.1, the IP address for eth0 is 10.0.0.100, and the IP address for eth1 is 10.0.0.101. Define two new routing tables named eth0 and eth1 in /etc/iproute2/rt_tables: ... top of file omitted ... 1 eth0 2 eth1 Define the routes for these two tables: # ip route add default via 10.0.0.1 table eth0 # ip route add default via 10.0.0.1 table eth1 # ip route add 10.0.0.0/24 dev eth0 src 10.0.0.100 table eth0 # ip route add 10.0.0.0/24 dev eth1 src 10.0.0.101 table eth1 Define the rules for when to use the new routing tables: # ip rule add from 10.0.0.100 table eth0 # ip rule add from 10.0.0.101 table eth1 The main routing table was already taken care of by DHCP (and it's not even clear that its strictly necessary in this case), but it basically equates to this: # ip route add default via 10.0.0.1 dev eth0 # ip route add 130.127.48.0/23 dev eth0 src 10.0.0.100 # ip route add 130.127.48.0/23 dev eth1 src 10.0.0.101 And voila! Everything seems to work just fine. Sending pings to both IP addresses works fine. Sending pings from this system to other systems and forcing the ping to use a specific interface works fine (ping -I eth0 10.0.0.1, ping -I eth1 10.0.0.1). And most importantly, all TCP and UDP traffic to/from either IP address works as expected. So again, my question is: is there a better way to do this? This seems like a lot of work for a seemingly simple problem.

    Read the article

  • Possible to IPSec VPN Tunnel Public IP Addresses?

    - by caleban
    A customer uses an IBM SAS product over the internet. Traffic flows from the IBM hosting data center to the customer network through Juniper VPN appliances. IBM says they're not tunneling private IP addresses. IBM says they're tunneling public IP addresses. Is this possible? What does this look like in the VPN configuration and in the packets? I'd like to know what the source/destination ip/ports would look like in the encrypted tunneled IPSec Payload and in the IP packet carrying the IPSec Payload. IPSec Payload: source:1.1.1.101:1001 destination:2.2.2.101:2001 IP Packet: source:1.1.1.1:101 destination:2.2.2.1:201 Is it possible to send public IP addresses through an IPSec VPN tunnel? Is it possible for IBM to send a print job from a server on their network using the static-nat public address over a VPN to a printer at a customer network using the printer's static-nat public address? Or can a VPN not do this? Can a VPN only work with interesting traffic from and to private IP addresses?

    Read the article

  • iptables, blocking large numbers of IP Addresses

    - by Twirrim
    I'm looking to block IP addresses in a relatively automated fashion if they look to be 'screen scraping' content from websites that we host. In the past this was achieved by some ingenious perl scripts and OpenBSD's pf. pf is great in that you can provide it nice tables of IP addresses and it will efficiently handle blocking based on them. However for various reasons (before my time) they made the decision to switch to CentOS. iptables doesn't natively provide the ability to block large numbers of addresses (I'm told it wasn't unusual to be blocking 5000+), and I'm a bit cautious over adding that many rules into an iptable. ipt_recent would be awesome for doing this, plus it provides a lot of flexibility for just severely slowing down access, but there is a bug in the CentOS kernel that is stopping me from using it (reported, but awaiting fix). Using ipset would entail compiling a more up-to-date version of iptables than comes with CentOS which whilst I'm perfectly capable of doing it, I'd rather not do from a patching, security and consistency perspective. Other than those two it looks like nfblock is a reasonable alternative. Is anyone aware of other ways of achieving this? Are my concerns about several thousand IP addresses in iptables as individual rules unfounded?

    Read the article

  • Possible to IPSec VPN Tunnel Public IP Addresses?

    - by caleban
    A customer uses an IBM SAS product over the internet. Traffic flows from the IBM hosting data center to the customer network through Juniper VPN appliances. IBM says they're not tunneling private IP addresses. IBM says they're tunneling public IP addresses. Is this possible? What does this look like in the VPN configuration and in the packets? I'd like to know what the source/destination ip/ports would look like in the encrypted tunneled IPSec Payload and in the IP packet carrying the IPSec Payload. IPSec Payload: source:1.1.1.101:1001 destination:2.2.2.101:2001 IP Packet: source:1.1.1.1:101 destination:2.2.2.1:201 Is it possible to send public IP addresses through an IPSec VPN tunnel? Is it possible for IBM to send a print job from a server on their network using the static-nat public address over a VPN to a printer at a customer network using the printer's static-nat public address? Or can a VPN not do this? Can a VPN only work with interesting traffic from and to private IP addresses?

    Read the article

  • iptables, blocking large numbers of IP Addresses

    - by Twirrim
    I'm looking to block IP addresses in a relatively automated fashion if they look to be 'screen scraping' content from websites that we host. In the past this was achieved by some ingenious perl scripts and OpenBSD's pf. pf is great in that you can provide it nice tables of IP addresses and it will efficiently handle blocking based on them. However for various reasons (before my time) they made the decision to switch to CentOS. iptables doesn't natively provide the ability to block large numbers of addresses (I'm told it wasn't unusual to be blocking 5000+), and I'm a bit cautious over adding that many rules into an iptable. ipt_recent would be awesome for doing this, plus it provides a lot of flexibility for just severely slowing down access, but there is a bug in the CentOS kernel that is stopping me from using it (reported, but awaiting fix). Using ipset would entail compiling a more up-to-date version of iptables than comes with CentOS which whilst I'm perfectly capable of doing it, I'd rather not do from a patching, security and consistency perspective. Other than those two it looks like nfblock is a reasonable alternative. Is anyone aware of other ways of achieving this? Are my concerns about several thousand IP addresses in iptables as individual rules unfounded?

    Read the article

  • Mixing both local and nonlocal addresses on three switches

    - by klew
    I have four computers that have nonlocal addresses like 150.X.X.X. Now I also get another few computers that should be only accessible through a gateway (it will be computing cluster) and they addresses are 10.0.0.X. I also wanted to include those four older computers to this new cluster, but I want them to be accessible from internet on nonlocal addresses (so I would like to set up them on both 150.X.X.X and 10.0.0.X addresses - I've set up it as interface eth0:0 since I have only one NIC). Those new computers have their switch and old computers also have their own switch. Both of them are connected to another (third) switch. The problem is that those old computers see each other (I can ping them), and also new computers see each other, but I can't ping old computer from new computer and vice versa. However pinging on nonlocal adresses works as expected. I looked into switch configuration and didn't find anything useful. I have no idea what I missed here. Can somebody help? All computers have Ubuntu Server 10.04

    Read the article

  • David Cameron addresses - The Oracle Retail Week Awards 2012

    - by user801960
    The Oracle Retail Week Awards 2012 were last night. In case you missed the action the introduction video for the Oracle Retail Week Awards 2012 is below, featuring interviews with UK Prime Minister David Cameron, Acting Editor of Retail Week George MacDonald, the judges for the awards and key figureheads in British retail. Check back on the blog in the next couple of days for more videos, interviews and insights from the awards. Oracle Retail and "Your Experience Platform" Technology is the key to providing that differentiated retail experience. More specifically, it is what we at Oracle call ‘the experience platform’ - a set of integrated, cross-channel business technology solutions, selected and operated by a retail business and IT team, and deployed in accordance with that organisation’s individual strategy and processes. This business systems architecture simultaneously: Connects customer interactions across all channels and touchpoints, and every customer lifecycle phase to provide a differentiated customer experience that meets consumers’ needs and expectations. Delivers actionable insight that enables smarter decisions in planning, forecasting, merchandising, supply chain management, marketing, etc; Optimises operations to align every aspect of the retail business to gain efficiencies and economies, to align KPIs to eliminate strategic conflicts, and at the same time be working in support of customer priorities.   Working in unison, these three goals not only help retailers to successfully navigate the challenges of today (identified in the previous session on this stage) but also to focus on delivering that personalised customer experience based on differentiated products, pricing, services and interactions that will help you to gain market share and grow sales.

    Read the article

  • Windows Azure SDK 1.3 addresses early adopter feedback

    - by Eric Nelson
    At the end of November 2010 we released a new version of the Windows Azure SDK which contains many new features driven by the great feedback of early adopters plus a shiny new portal. New Portal implemented in Silverlight: The new portal is implemented using Silverlight and replaces the (IMHO rather clunky) original HTML + JavaScript portal. It is 100% better although does still have a few bugs. Enjoy! P.S. You can if you wish still use the old portal:   New runtime functionality: The following functionality is now generally available through the Windows Azure SDK and Windows Azure Tools for Visual Studio and the new Windows Azure Management Portal: Elevated Privileges and Full IIS. You can now run a portion or all of your code in Web and Worker roles with elevated administrator privileges. The Web role now provides Full IIS functionality, which enables multiple IIS sites per Web role and the ability to install IIS modules. Remote Desktop functionality enables you to connect to a running instance of your application or service in order to monitor activity and troubleshoot common problems. Windows Server 2008 R2 Roles: Windows Azure now supports Windows Server 2008 R2 in its Web, worker and VM roles. This new support enables you to take advantage of the full range of Windows Server 2008 R2 features such as IIS 7.5, AppLocker, and enhanced command-line and automated management using PowerShell Version 2.0. New runtime functionality – in beta: Windows Azure Virtual Machine Role: Support for more types of new and existing Windows applications will soon be available with the introduction of the Virtual Machine (VM) role. You can move more existing applications to Windows Azure, reducing the need to make costly code or deployment changes. Extra Small Windows Azure Instance, which is priced at $0.05 per compute hour, provides developers with a cost-effective training and development environment. Developers can also use the Extra Small instance to prototype cloud solutions at a lower cost. Windows Azure Connect: (formerly Project Sydney), which enables a simple and easy-to-manage mechanism to set up IP-based network connectivity between on-premises and Windows Azure resources, is the first Windows Azure Virtual Network feature that we’re making available as a CTP. You can sign up for any of the betas via the Windows Azure Management Portal. Improved processes and simplified operations New portal! (see above) Access to new diagnostic information including the ability to click on a role to see role type, deployment time and last reboot time A new sign-up process that dramatically reduces the number of steps needed to sign up for Windows Azure. New scenario based Windows Azure Platform forums to help answer questions and share knowledge more efficiently. Multiple Service Administrators: Windows Azure now supports multiple Windows Live IDs to have administrator privileges on the same Windows Azure account. The objective is to make it easy for a team to work on the same Windows Azure account while using their individual Windows Live IDs.   Related Links Please also let us know through Microsoft Platform Ready if and when you intend to build an application using the Windows Azure Platform. Or indeed if you already have (Well done). You will get access to some great benefits if you do (more on that in a future post). It also really helps us better understand the demand out there which directly impacts how we will plan the next six months of activities around the Windows Azure Platform. Visit Microsoft Platform Ready to tell us about your plans for your applications UK based? Interested in the Windows Azure Platform? Join http://ukazure.ning.com Get started with the Windows Azure Platform http://bit.ly/startazure

    Read the article

  • How often does Dreamhost change IP Addresses

    - by pjreddie
    So I just migrated our site to dreamhost because they are free for non-profits. However, right after I switched the nameservers over to them they changed the IP address of the site. So first they propagated out IP address x.x.x.180, then they switched it to x.x.x.178 and had to propagate that out. Point being it meant a lot of downtime since a lot of big DNS servers (like google) thought the address was still x.x.x.180 for up to 5 hours after they switched it. This is compounded by the fact that most our visitors to the site live here in Unalaska and we have local DNS servers that take a LONG time to update (like a day or more) since we get all our internet over satellite. So every time Dreamhost changes our IP address it can mean a day of downtime for us in our community. So my question is, how often do these changes take place? I asked Dreamhost support and they gave me a vague response: I wish I could say, however those changes happen at random times. They're not that frequent, maybe even months between updates, but there's no way to know for sure. First, I hardly believe that they don't know their own system well enough to give me at least some estimate or average. Second, is it worth looking at other providers so that I can get a static IP address? We were hosting the site here originally and hadn't run into this problem since we have a static IP here. We don't get a ton of traffic but usually around 500 hits a day or so, sometimes more if our stories are featured on statewide or national news broadcasts. So hours of downtime every time Dreamhost "randomly" decides to move our server location can be bad for our readership.

    Read the article

  • Iterate over IP addresses

    - by user80003
    Let's say I have two IP addresses (in .NET, the System.Net.IPAddress class). How can I iterate over all the IP addresses between two given addresses? For example, let one address be 192.168.1.1 and the other 192.168.2.3. I want to somehow iterate over all the addresses in between and print them to the console. Thank you.

    Read the article

  • Puppet nodes cant' find master, ec2 public versus internal ip addresses and hosts files

    - by Blankman
    If I setup my hosts files such that they reference all other ec2 nodes using the internal ip addresses, will this work or do I have to use the external ip addresses? Do I need to specify anything in my security group to get internal ip addresses to work? e.g. /etc/hosts ip-10-11-12-13.internal some_node_name If I do this, can I reference some_node_name anywhere in my scripts where I would have used the ip address previously? On my puppet agent servers, I have a reference to my puppet master like: public-ip-here puppet When I reboot my puppet agent's, syslog shows they couldn't find the master with the message: getaddinfo : name or service not known I did get it to work by updating /etc/default/puppet and I added to the options: --server=public-ip-here From what I read, puppet will by default try using 'puppet', and I set this in my hosts file so why wouldn't it be picking this up?

    Read the article

  • Retrieve malicious IP addresses from Apache logs and block them with iptables

    - by Gabriel Talavera
    Im trying to keep away some attackers that try to exploit XSS vulnerabilities from my website, I have found that most of the malicious attempts start with a classic "alert(document.cookie);\" test. The site is not vulnerable to XSS but I want to block the offending IP addresses before they found a real vulnerability, also, to keep the logs clean. My first thought is to have a script constantly checking in the Apache logs all IP addresses that start with that probe and send those addresses to an iptables drop rule. With something like this: cat /var/log/httpd/-access_log | grep "alert(document.cookie);" | awk '{print $1}' | uniq Why would be an effective way to send the output of that command to iptables? Thanks in advance for any input!

    Read the article

  • NAT for static private addresses

    - by biggdman
    Could someone please help me out with the following scenario: I have a machine that hosts 3 lxc containers, and acts like a router for them. The LXC containers have private ip addresses set on the interfaces that are connected to the host. I want to provide Internet access to the containers and I want to configure the host system so it translates only the addresses that are configured static on the lxc containers interfaces. Should I try to configure the host so it translates each of the 3 private addresses to the public address of the host's interface that is connected to the Internet?

    Read the article

  • IPSec VPN IP addresses

    - by Randomblue
    I have an IPSec VPN on my Windows 7 machine (all using the native Windows 7 gateway). The host I am connecting to has different ISAKMP "Phase 1" and "Phase 2" IP addresses. As I understand, the Phase 1 address is that of the IPsec endpoint, to which I can connect just fine. The Phase 2 address is found in their "crypto map", and the addresses need to match. At the moment, both my Phase 1 and Phase 2 addresses are configured the same. On my side, I get the error "Error 791: The L2TP connection attempt failed because security policy for the connection was not found" How can I configure the Phase 2 IP address for my Windows 7 IPSec VPN to be different to the IPSec endpoint address?

    Read the article

  • IPv6: Should I have private addresses?

    - by AlReece45
    Right now, we have a rack of servers. Every server right now has at least 2 IP addresses, one for the public interface, another for the private. The servers that have SSL websites on them have more IP addresses. We also have virtual servers, that are configured similarly. Private Network The private range is currently just used for backups and monitoring. Its a gigabit port, the interface usage does not usually get very high. There are other technologies we're considering using that would use this port: iSCSI (implementations usually recommends dedicating an interface to it, which would be yet another IP network), VPN to get access to the private range (something I'd rather avoid) dedicated database servers LDAP centralized configuration (like puppet) centralized logging We don't have any private addresses in our DNS records (only public addresses). For our servers to utilize the correct IP address for the right interface (and not hard code the IP address) probably requires setting up a private DNS server (So now we add 2 different dns entries to 2 different systems). Public Network Our public range has a variety of services include web, email, and ftp. There is a hardware firewall between our network and the "public" network. We have (relatively secure) method to instruct the firewall to open and close administrative access (web interfaces, ssh, etc) for our current IP address. With either solution discussed, the host-based firewalls will be configured as well. The public network currently runs at a dedicated 20Mbps link. There are a couple of legacy servers with fast-ethernet ports, but they are scheduled for decommissioning. All of the other production boxes have at least 2 Gigabit Ethernet ports. The more traffic-heavy servers have 4-6 available (none is using more than the 2 Gigabit ports right now). IPv6 I want to get an IPv6 prefix from our ISP. So at least every "server" has at least one IPv6 interface. We'll still need to keep the IPv4 addressees up and available for legacy clients (web servers and email at the very least). We have two IP networks right now. Adding the public IPv6 address would make it three. Just use IPv6? I'm thinking about just dumping the private IPv4 range and using the IPv6 range as the primary means of all communications. If an interface starts reaching its capacity, utilize the newly free interfaces to create a trunk. It has the advantage that if either the public or private traffic needs to exceed 1Gbps. The traffic for each interface is already analyzed on a regular basis to predict future bandwidth use. In the rare instances where bandwidth unexpected peaks: utilize QoS to ensure traffic (like our limited SSH access) is prioritized correctly so the problem can be corrected (if possible, our WAN is the bottleneck right now). It also has the advantage of not needing to make an entry for every private address. We may have private DNS (or just LDAP), but it'll be much more limited in scope with less entries to duplicate. Summary I'm trying to make this network as "simple" as possible. At the same time, I want to make sure its reliable, upgradeable, scalable, and (eventually) redundant. Having one IPv6 network, and a legacy IPv4 network seems to be the best solution to me. Regarding using assigned IPv6 addresses for both networks, sharing the available bandwidth on one (more trunked if needed): Are there any technical disadvantages (limitations, buffers, scalability)? Are there any other security considerations (asides from firewalls mentioned above) to consider? Are there regulations or other security requirements (like PCI-DSS) that this doesn't meet? Is there typical software for setting up a Linux network that doesn't have IPv6 support yet? (logging, ldap, puppet) Some other thing I didn't consider?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >