Search Results

Search found 12281 results on 492 pages for 'ip blocking'.

Page 67/492 | < Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >

  • Exchange 2007 automatically adding IP to block list

    - by Tim Anderson
    This puzzled me. We have all mail directed to an ISP's spam filter, then delivered to SBS 2008 Exchange. One of the ISP's IP numbers suddenly appeared in the ES2007 block list, set to expire in 24 hours I think, so emails started bouncing. Quick look through the typically ponderous docs, and I can't see anything that says Exchange will auto-block an IP number, but nobody is admitting to adding it manually and I think it must have done. Anyone know about this or where it is configured? Obviously one could disable block lists completely but I'd like to know exactly why this happened.

    Read the article

  • How to make ssh match known_hosts to host/ip:port instead of just host/ip?

    - by Prody
    I have two machines behind a firewall, with the ssh ports forwarded to 2201 and 2202. When I ssh host -p 2201 it asks if I trust the machine, I say yes, it gets added to ~/.ssh/known_hosts Then I ssh host -p 2202 it doesn't let me, because there's already a known_host for this IP in ~/.ssh/known_host:1 (the file was empty when I started, so line 1 is the one added by the previous ssh run) This happens on CentOS 5.4. On other distros (I've tried Arch), it appears that ssh matches the knwown_hosts to the ports too, so I can have multiple fingerprints for multiple ports on the same host/ip without any problems. How can I get this same behavior for CentOS? I couldn't find anything in man ssh_config. (or at least not without disabling fingerprint checking)

    Read the article

  • Set up homeserver with single IP to host multiple sites on Ubuntu [closed]

    - by Ortix92
    I am trying to set up my homeserver so it can function as a regular server one would rent. I am running Ubuntu 12.04 LTS with openpanel. I have a single static IP address. I am used to having two addresses and pointing them to NS1.domain.tld and NS2.domain.tld and setting up the propper DNS records. I would also like to mention I am somewhat new to DNS zones. Either way, how would I go about setting this up correctly (in openpanel) with just a single IP address if possible at all? I have also read about free solutions online, but I would like to keep everything secure and private so other people can't peer into my data somehow. Thanks!

    Read the article

  • iptables change destination IP without DNAT

    - by Mad_Ady
    Hello, I'm trying to workaround a broken application which insists on connecting to the private address (and thus unreachable) of a server, instead of connecting to the public address (even if the relevant port is open). Changing the application is not an option. I'm trying to add iptables rules on the client(s) to change the destination ip for the packets going to 192.168.251.3 to go to 1.2.3.4 instead. DNAT isn't working since 1.2.3.4 is not an IP on any of my client interfaces. Can anyone point me to the relevant documentation that allows me to use MANGLE to change destination IPs?

    Read the article

  • find wireless-repeater ip (router)

    - by Brtrnd
    Really long time ago I set up my dd-wrt router up as a repeater. It works well; in the summer I place it near the garden and I have wifi in the garden. I would like to revisit te settings and see if it would be a good idea to install openvpn. The problem is: I don't remember the ip of the router. I probably followed the setup instructions on the dd wrt wiki. it doesn't show up on the management-console of my main router (a docsis3 modem); it doesn't show up if I do an IP scan of the whole class B; it doesn't show as the gateway when i connect to it (wired or wireless). Any ideas on how I could find the web-interface?

    Read the article

  • Security against IP spoofing [on hold]

    - by user1369975
    I am pursuing a college project, in which I am running three fake services on three ports to protect the main service (say running at port 80). The concept is that if the user is malicious, he'll try to bring the services down and access the fake services. These ports adopt a blocking process of a connection request and record the IP and port of the client. These are logged and aren't granted access on service on port 80. But what to do if the client spoofs his IP? How can I modify my system?

    Read the article

  • direct url to server ip address and port

    - by AM0
    We have a Windows 2012 dedicated server. There’s a custom service running on port xxxxx which accepts connections from our custom built hardware devices over TCP/IP port. As of now we use servername.serverdomain.com:xxxxx to connect to the service and start communication. However, we prefer to use URL instead of server’s name or IP Address. So we got a custom url and set its name servers to point to dedicated server. However, just setting DNS doesn’t seem to be working. Could someone please guide as to how to get it working? UPDATE In short I want www.custom-url.com being forwarded to servername.serverdomain.com:xxxxx. These requests are coming from hardware and not browser.

    Read the article

  • Best way to log internet traffic for office network via remote IP

    - by buzzmonkey
    We have a network of about 40 machines running either Win XP or 7 in our office via LAN switches into 1 x Netgear Router (WNDR3700). We have noticed recently that our local network has been added to the CBL Blacklist due to one of our machines being infected with Torpig. I have attempted to use Kaspersky's TDSSKiller Antirootkit Utility to find the infected machine but all appear to be clear. The CBL register advises to find the local machine which is connection to the remote IP address (CBL has provided the range). However, our router does not have the ability to block remote IP addresses - does anyone know of a software which can log all the internet traffic, which we can then use to find the infected machine.

    Read the article

  • How to allow all traffic from 1 IP address Windows Firewall

    - by Foo_Chow
    I am trying to give another PC completely unrestricted access to my machine. They are both on the same subnet. What I am looking for is effectively disabling the firewall entirely for one IP address. Example Host: 192.168.1.2 Client: 192.168.1.3 Firewall "off" World: xxx.xxx.xxx.xxx Firewall "on" To be specific I am running "Easy"PHP as a testing server for websites and want to access them from other machines on my network. After tinkering I figure the method suggested in my question would be best to make things actually easy. PS. I have already tried opening all ports both inbound and outbound to that IP with no results. My only current success has been actually turning the whole firewall off.

    Read the article

  • Several IPs for my VPS

    - by Serafim
    I bought vps on santrex.net but can't receive any reply from support. My Problem: I have 5 ip but it pings only 1!!! I can't setup DNS because I need 2 ip minimum . Could you help me to activate other my IPs? root@spnova:~# ifconfig eth0 Link encap:Ethernet HWaddr aa:00:b9:4f:19:01 inet addr:188.72.240.100 Bcast:188.72.240.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:163342 errors:0 dropped:0 overruns:0 frame:0 TX packets:13585 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:32862185 (32.8 MB) TX bytes:15189036 (15.1 MB) eth0:0 Link encap:Ethernet HWaddr aa:00:b9:4f:19:01 inet addr:188.72.240.101 Bcast:188.72.240.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:1 Link encap:Ethernet HWaddr aa:00:b9:4f:19:01 inet addr:188.72.240.102 Bcast:188.72.240.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:2 Link encap:Ethernet HWaddr aa:00:b9:4f:19:01 inet addr:188.72.240.103 Bcast:188.72.240.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:3 Link encap:Ethernet HWaddr aa:00:b9:4f:19:01 inet addr:188.72.240.104 Bcast:188.72.240.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:11885 errors:0 dropped:0 overruns:0 frame:0 TX packets:11885 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:8124693 (8.1 MB) TX bytes:8124693 (8.1 MB) root@spnova:~# nano /etc/network/interfaces # Auto generated eth0 interfaces auto eth0 lo iface eth0 inet static address 188.72.240.100 netmask 255.255.255.0 up route add -net 188.72.225.0 netmask 255.255.255.0 dev eth0 up route add default gw 188.72.225.1 iface lo inet loopback auto eth0:0 iface eth0:0 inet static address 188.72.240.101 netmask 255.255.255.0 auto eth0:1 iface eth0:1 inet static address 188.72.240.102 netmask 255.255.255.0 auto eth0:2 iface eth0:2 inet static address 188.72.240.103 netmask 255.255.255.0 auto eth0:3 iface eth0:3 inet static address 188.72.240.104 netmask 255.255.255.0

    Read the article

  • F5 Networks iRule/Tcl - Escaping UNICODE 6-character escape sequences so they are processed as and r

    - by openid.malcolmgin.com
    We are trying to get an F5 BIG-IP LTM iRule working properly with SharePoint 2007 in an SSL termination role. This architecture offloads all of the SSL processing to the F5 and the F5 forwards interactive requests/responses to the SharePoint front end servers via HTTP only (over a secure network). For the purposes of this discussion, iRules are parsed by a Tcl interpretation engine on the F5 Networks BIG-IP device. As such, the F5 does two things to traffic passing through it: Redirects any request to port 80 (HTTP) to port 443 (HTTPS) through HTTP 302 redirects and URL rewriting. Rewrites any response to the browser to selectively rewrite URLs embedded within the HTML so that they go to port 443 (HTTPS). This prevents the 302 redirects from breaking DHTML generated by SharePoint. We've got part 1 working fine. The main problem with part 2 is that in the response rewrite because of XML namespaces and other similar issues, not ALL matches for "http:" can be changed to "https:". Some have to remain "http:". Additionally, some of the "http:" URLs are difficult in that they live in SharePoint-generated JavaScript and their slashes (i.e. "/") are actually represented in the HTML by the UNICODE 6-character string, "\u002f". For example, in the case of these tricky ones, the literal string in the outgoing HTML is: http:\u002f\u002fservername.company.com\u002f And should be changed to: https:\u002f\u002fservername.company.com\u002f Currently we can't even figure out how to get a match in a search/replace expression on these UNICODE sequence string literals. It seems that no matter how we slice it, the Tcl interpreter is interpreting the "\u002f" string into the "/" translation before it does anything else. We've tried various combinations of Tcl escaping methods we know about (mainly double-quotes and using an extra "\" to escape the "\" in the UNICODE string) but are looking for more methods, preferably ones that work. Does anyone have any ideas or any pointers to where we can effectively self-educate about this? Thanks very much in advance.

    Read the article

  • Swap static public IPs without creating DNS conflicts?

    - by Jakobud
    Our ISP is Comcast and we have 5 static public IPs from them that we use for various services, including customers connecting to our network, VPN, web, DNS, etc... We need more IP addresses from Comcast. Unfortunately, Comcast is telling us that they can't just simply give us 5 more addresses. They only give static IP addresses in blocks of 1, 5 or 13. In order for us to get more static IPs, they have to take away our current 5 static IPs and give us 13 new ones. How do we make this transition without causing all sorts of DNS chaos? We run public DNS servers, so we can make the DNS changes ourselves, but it will take some time obviously for those DNS changes to propagate throughout the internet. Are there any easy ways to make this transition? Like create some type of fallback DNS entry or something? Surely there must be some sort of procedure for this kind of thing. The Comcast support guy was useless.

    Read the article

  • weird routes automatically being added to windows routing table

    - by simon
    On our windows 2003 domain, with XP clients, we have started seeing routes appearing in the routing tables on both the servers and the clients. The route is a /32 for another computer on the domain. The route gets added when one windows computer connects to another computer and needs to authenticate. For example, if computer A with ip 10.0.1.5/24 browses the c: drive of computer B with ip 10.0.2.5/24, a static route will get added on computer B like so: dest netmask gateway interface 10.0.1.5 255.255.255.255 10.0.2.1 10.0.2.5 This also happens on windows authenticated SQL server connections. It does not happen when computers A and B are on the same subnet. None of the servers have RIP or any other routing protocols enabled, and there are no batch files etc setting routes automatically. There is another windows domain that we manage with a near identical configuration that is not exhibiting this behaviour. The only difference with this domain is that it is not up to date with its patches. Is this meant to be happening? Has anyone else seen this? Why is it needed when I have perfectly good default gateways set on all the computers on the domain?!

    Read the article

  • Which MAC address is the right one?

    - by Paul Dinh
    Result by 'getmac': C:\>getmac Physical Address Transport Name =================== ========================================================== 72-03-C6-48-59-34 \Device\Tcpip_{8AEB3263-18C4-449E-A80F-BC2541DDC2A9} 00-21-9B-D5-6F-EE \Device\Tcpip_{C2F9CE19-D68F-4105-9766-45CBE6D82331} 00-22-68-D2-9B-F7 \Device\Tcpip_{A2701130-9221-43FE-8F14-7B1114F84DC3} Result by 'ipconfig /all': C:\>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : xps-m1530 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Mixed IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card Physical Address. . . . . . . . . : 00-22-68-D2-9B-F7 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Autoconfiguration IP Address. . . : 169.254.246.4 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Eth ernet Controller Physical Address. . . . . . . . . : 00-21-9B-D5-6F-EE Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.112 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 8.8.8.8 8.8.4.4 Lease Obtained. . . . . . . . . . : 01 November 2012 9:00:36 AM Lease Expires . . . . . . . . . . : 04 November 2012 9:00:36 AM There is a MAC address on the back of my laptop, but the sticker is no longer there. So I use the 'getmac' command to get the MAC addresses. But which address shown by 'getmac' above is the one matching the MAC in the sticker on the back of my laptop? Or am I mistaken something? 00-21-... is the ethernet adapter, 00-22-... is the wireless adapter, and 72-03-... is what?

    Read the article

  • 2 subnets off of 1 PC with 2 NICs

    - by Jeff
    I have a general setup I'd like to do with some IP cameras. This seems like it will work but I think I may be missing something. Our system consists of a video recorder PC connected to a switch which is connected to a number of IP cameras. I'd like to connect this system into an existing network but I want it on a different subnet. The main reason is that the cameras use a lot of bandwidth that I don't want slowing down the existing network. My idea was to install 2 NICs on the video recorder pc. 1 NIC connects to the existing network on 192.169.1.x for example, and the other NIC connect to the switch with the cameras. This NIC would be 192.168.100.x. Then we could remote to the video recorder PC with a GoToMyPC type thing for administration via the existing network. I've included a diagram of how I see this working but I'm a little fuzzy on the setup of the NICs (if this can work at all). My problem may be trying to deal with 2 subnets without a router but It really doesn't seem like it's necessary in this situation. BTW, gliffy is cool.

    Read the article

  • Issues using gmail with google apps and external domain

    - by Jonathan Kelly
    I have recently tried to use gmail through google apps as my main email client, but I'm experiencing a few different problems. I am managing the domain (conjunktiondesign.co.uk) through 123reg.co.uk but it is hosted through fasthosts.co.uk. I transfered the domain to 123reg as fasthosts did not allow me to change the MX records myself. I followed the setup instructions step by step on google apps and changed the MX records as they told me to. My email was now working perfectly but my website was down and I was getting the following error: The dnsserver returned: No DNS records I have a friend that is using the same system as me (ie. Externally hosted domain and google apps mail) and I changed my 123reg details to the same that he had (as his was working perfectly - both email and website). I changed my name servers to point to fasthosts, rather than 123reg and I added an A record called '@' pointing to fasthosts IP address. I also created another A record called 'www' pointing to fasthosts IP address. After I did this, my website worked almost immediately but I have only realised that since changing it my email is now down. I have not received anything since Saturday. I am a web designer and would consider myself fairly tech savvy, but I have no idea about A records, CNAME's and all the things I have been messing about with! What I ultimately need is someone to help me get my email and website working at the same time, rather than one being down when the other is OK. I seem only able to get one or the other working. I have now changed the name servers back to 123reg in an attempt to get my email back as it is more important than my website at this stage. Any help is much appreciated. Thanks.

    Read the article

  • How can the route between two private IPs go via public IPs?

    - by Gilles
    I'm trying to understand what this output from traceroute means. I changed the IP addresses for privacy but retained the public/private IP range distinction. traceroute.db -e -n 10.1.1.9 traceroute to (10.1.1.9), 30 hops max, 60 byte packets 1 10.0.0.1 0.596 ms 0.588 ms 0.577 ms 2 10.0.0.2 1.032 ms 1.029 ms 1.084 ms 3 10.0.0.3 3.360 ms 3.355 ms 3.338 ms 4 23.0.0.4 3.974 ms 4.592 ms 4.584 ms 5 23.0.0.5 13.442 ms 13.445 ms 13.434 ms 6 45.0.0.6 13.195 ms 12.924 ms 12.913 ms 7 67.0.0.7 52.088 ms 51.683 ms 52.040 ms 8 10.1.1.8 46.878 ms 44.575 ms 44.815 ms 9 10.1.1.9 45.932 ms 45.603 ms 45.593 ms The first 10.0.* range is inside my organisation. The last 10.1.* range is another site of my organisation. The intermediate addresses belong to various ISPs. I expect that there is some kind of VPN between the two sites, but I don't know much about our network topology. What I don't understand is how the route can go from a private address through public addresses back into private addresses. Searching led me to Public IPs on MPLS Traceroute, which gives a possible explanation: MPLS. Is MPLS the only possible or most likely explanation? Otherwise what does this tell me about our network infrastructure? Bonus question for my edification: in this scenario, who is generating the ICMP TTL exceeded packets and if relevant mangling their source and destination addresses?

    Read the article

  • Separated virtual networks with same subnet range with 2 interface

    - by Coolpet
    I'm having some problems with routing with the following: I have a server with 2 interfaces. It has 1-1 alias contains the same subnet. the 2 interface is connected to 2 switch, which are separated from each other. Infrastructure: Eth0 192.168.16.2/20 Eth0:eth0 192.168.1.222/20 Eth1 192.168.32.3/20 Eth1:eth1 192.168.1.223/20 I have a PC which has the IP address: 192.168.1.3/24 The problem is the next: If PC is on subnet 1, I can ping it. If PC is on subnet 2, I can't ping it. traceroute shows the route is across 192.168.1.222 ping -I 192.168.1.223 192.168.1.3 is not working on subnet 2. arp entries show the MAC address belonging to the correct interface (eth1 on subnet 2) How can I force the server to look on both interface same ranged subnet for specific IP? It searches only in the first subnet. The routing table has these 2 entries: 192.168.0.0/20 dev eth0 proto kernel scope link src 192.168.1.222 192.168.0.0/20 dev eth1 proto kernel scope link src 192.168.1.223

    Read the article

  • DNS redirecting to Apache

    - by leo
    I have CentOS installed on LVM, that is on Debian. There are BIND and Apache on CentOS. I need to access sites from browser on Debian with names like: 1.domain, 2.domain, etc. So I set up Apache and I can access these sites, but using /etc/hosts/ on Debian. And now I'm trying to configure bind. named.conf: zone "domain" IN { type master; file "/var/named/domain.zone"; allow-update { none; }; }; 192.168.100.1 is DNS' ip; 192.168.100.139 is Apache ip; domain.zone: $TTL 86400 @ IN SOA domain. root.domain. ( 100 1H 1M 1W 1D ) @ IN NS ns1.domain. @ IN A 192.168.100.139 ns1 IN A 192.168.100.1 WWW IN A 192.168.100.139 1 IN A 192.168.100.139 2 IN A 192.168.100.139 www.1 IN A 192.168.100.139 www.2 IN A 192.168.100.139 Also, is it necessary to configure 100.168.192.in-addr.arpa? Please, explain me where I'm wrong.

    Read the article

  • Linux as a gateway (no NAT)

    - by Hugo
    I'm trying to configure a linux server as a gateway/router, but I can't get it to work, and all information I've managed to find is NAT-related. I have a public IP block for the gateway and devices behind it, so I want the gateway to simply route packets to the internet - again: no NATing! I've managed to get the gateway to access the internet successfully (that was just a matter of configuring the IP and GW), and the computers behind it can communicate with it. [EDIT: more info] This is actually an IPv6 block (2800:40:403::0/48) (but I've found that most utilities and instructions can be easily adapted from IPv4 to IPv6 with little hastle). The server has too ports: wan: 2800:40:403::1/48 lan: 2800:40:403::3/48 One of the computers behind it is connected to it via a switch; 2800:40:403::7/48 The wan interface on the server can ping6 www.google.com without issues. The lan interface on the server and the client can mutually ping each other without issues (as well as SSH, etc). I've tried setting the server as a default gateway for the client, with no luck: client # route -A inet6 add default gw 2800:40:403::3 dev eth1 server # cat /proc/sys/net/ipv6/conf/all/forwarding 1 I don't want any filtering/firewalling/etc, just plain routing. Thanks.

    Read the article

  • Understanding CNAME in displaydns

    - by dublintech
    On windows, I do ipconfig /displaydns One record is: na4.salesforce.com ---------------------------------------- Record Name . . . . . : na4.salesforce.com Record Type . . . . . : 5 Time To Live . . . . : 8 Data Length . . . . . : 8 Section . . . . . . . : Answer CNAME Record . . . . : na4-was.salesforce.com I see not IP for it. How does windows resolve the IP for this then? Note: there is no other entry for na-4-was.salesforce.com. Thanks,

    Read the article

  • Help - since adding an elastic load balancer to my EC2 web application I cannot connect with the MySQL database (not in AWS)

    - by undefined
    I have a web application that uses an EC2 instance to receive uploaded images, resize and store on S3 and update my MySQL database with the image record. This database is hosted outside Amazon Web Services and so obviously involves communication between the EC2 instance and the database. Images are posted to the upload server from a Flash client which receives the IP address of the upload server when it is loaded and so sends images to 1.12.23.34/resize_script.php This has worked great .. until i started to try and include a load balancer. Since the ELBs do not use an IP address but a DNS address I am now passing this to Flash. Now when I upload images I get the following response from the server - Could not connect to MySQL: Lost connection to MySQL server at 'reading initial communication packet', system error: 111 What might be causing the lost connection to MySQL server. Is there any additional steps I need to take to allow my upload servers to be load balanced? I have set the host property of my MySQL privileges for this user to % any pointers greatly appreciated thanks.

    Read the article

  • Linux, some packets are not being NAT

    - by user70932
    Hi, I'm trying to NAT HTTP traffic, I'm new to this and facing some issues. What i'm trying to do is NAT client HTTP requests to a webserver. CLIENT - NAT BOX - WEBSERVER When the client open the IP of the NAT BOX, the request should be pass to the web server. But I'm getting "HTTP request sent, awaiting response..." and then wait serveral minutes before the request is done. Looking at the tcpdump output, it looks like the first Syn packet on (10:48:54) is being NAT but not the second, third, fourth... ACK or PSH packets, and wait until (10:52:04) it starts NAT again on the ACK packet. The iptables command I'm using is: iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 \ -j DNAT --to-destination WEBSERVER I'm wondering what could have caused this behavior? Thanks alot. 10:48:54.907861 IP (tos 0x0, ttl 49, id 16395, offset 0, flags [DF], proto: TCP (6), length: 48) CLIENT.61736 > NATBOX.http: S, cksum 0x6019 (correct), 1589600740:1589600740(0) win 5840 <mss 1460,nop,wscale 8> 10:48:54.907874 IP (tos 0x0, ttl 48, id 16395, offset 0, flags [DF], proto: TCP (6), length: 48) CLIENT.61736 > WEBSERVER.http: S, cksum 0xb5d7 (correct), 1589600740:1589600740(0) win 5840 <mss 1460,nop,wscale 8> 10:48:55.102696 IP (tos 0x0, ttl 49, id 16397, offset 0, flags [DF], proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: ., cksum 0x2727 (correct), ack 2950613896 win 23 10:48:55.102963 IP (tos 0x0, ttl 49, id 16399, offset 0, flags [DF], proto: TCP (6), length: 160) CLIENT.61736 > NATBOX.http: P 0:120(120) ack 1 win 23 10:48:58.103078 IP (tos 0x0, ttl 49, id 16401, offset 0, flags [DF], proto: TCP (6), length: 160) CLIENT.61736 > NATBOX.http: P 0:120(120) ack 1 win 23 10:48:58.366344 IP (tos 0x0, ttl 49, id 16403, offset 0, flags [DF], proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: ., cksum 0x26af (correct), ack 1 win 23 10:49:04.103204 IP (tos 0x0, ttl 49, id 16405, offset 0, flags [DF], proto: TCP (6), length: 160) CLIENT.61736 > NATBOX.http: P 0:120(120) ack 1 win 23 10:49:04.363943 IP (tos 0x0, ttl 49, id 16407, offset 0, flags [DF], proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: ., cksum 0x26af (correct), ack 1 win 23 10:49:16.101583 IP (tos 0x0, ttl 49, id 16409, offset 0, flags [DF], proto: TCP (6), length: 160) CLIENT.61736 > NATBOX.http: P 0:120(120) ack 1 win 23 10:49:16.363475 IP (tos 0x0, ttl 49, id 16411, offset 0, flags [DF], proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: ., cksum 0x26af (correct), ack 1 win 23 10:49:40.100796 IP (tos 0x0, ttl 49, id 16413, offset 0, flags [DF], proto: TCP (6), length: 160) CLIENT.61736 > NATBOX.http: P 0:120(120) ack 1 win 23 10:49:40.563898 IP (tos 0x0, ttl 49, id 16415, offset 0, flags [DF], proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: ., cksum 0x26af (correct), ack 1 win 23 10:50:28.099396 IP (tos 0x0, ttl 49, id 16417, offset 0, flags [DF], proto: TCP (6), length: 160) CLIENT.61736 > NATBOX.http: P 0:120(120) ack 1 win 23 10:50:28.761678 IP (tos 0x0, ttl 49, id 16419, offset 0, flags [DF], proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: ., cksum 0x26af (correct), ack 1 win 23 10:52:04.093668 IP (tos 0x0, ttl 49, id 16421, offset 0, flags [DF], proto: TCP (6), length: 160) CLIENT.61736 > NATBOX.http: P 0:120(120) ack 1 win 23 10:52:04.093678 IP (tos 0x0, ttl 48, id 16421, offset 0, flags [DF], proto: TCP (6), length: 160) CLIENT.61736 > WEBSERVER.http: P 1589600741:1589600861(120) ack 2950613896 win 23 10:52:04.291021 IP (tos 0x0, ttl 49, id 16423, offset 0, flags [DF], proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: ., cksum 0x25d3 (correct), ack 217 win 27 10:52:04.291028 IP (tos 0x0, ttl 48, id 16423, offset 0, flags [DF], proto: TCP (6), length: 40) CLIENT.61736 > WEBSERVER.http: ., cksum 0x7b91 (correct), ack 217 win 27 10:52:04.300708 IP (tos 0x0, ttl 49, id 16425, offset 0, flags [DF], proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: ., cksum 0x253c (correct), ack 368 win 27 10:52:04.300714 IP (tos 0x0, ttl 48, id 16425, offset 0, flags [DF], proto: TCP (6), length: 40) CLIENT.61736 > WEBSERVER.http: ., cksum 0x7afa (correct), ack 368 win 27 10:52:04.301417 IP (tos 0x0, ttl 49, id 16427, offset 0, flags [DF], proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: F, cksum 0x253b (correct), 120:120(0) ack 368 win 27 10:52:04.301438 IP (tos 0x0, ttl 48, id 16427, offset 0, flags [DF], proto: TCP (6), length: 40) CLIENT.61736 > WEBSERVER.http: F, cksum 0x7af9 (correct), 120:120(0) ack 368 win 27 10:52:04.498875 IP (tos 0x0, ttl 49, id 16429, offset 0, flags [DF], proto: TCP (6), length: 40) CLIENT.61736 > NATBOX.http: ., cksum 0x253a (correct), ack 369 win 27 10:52:04.498881 IP (tos 0x0, ttl 48, id 16429, offset 0, flags [DF], proto: TCP (6), length: 40) CLIENT.61736 > WEBSERVER.http: ., cksum 0x7af8 (correct), ack 369 win 27

    Read the article

  • Exposing the AnyConnect HTTPS service to outside network

    - by Maciej Swic
    We have a Cisco ASA 5505 with firmware ASA9.0(1) and ASDM 7.0(2). It is configured with a public ip address, and when trying to reach it from the outside by HTTPS for AnyConnect VPN, we get the following log output: 6 Nov 12 2012 07:01:40 <client-ip> 51000 <asa-ip> 443 Built inbound TCP connection 2889 for outside:<client-ip>/51000 (<client-ip>/51000) to identity:<asa-ip>/443 (<asa-ip>/443) 6 Nov 12 2012 07:01:40 <client-ip> 50999 <asa-ip> 443 Built inbound TCP connection 2890 for outside:<client-ip>/50999 (<client-ip>/50999) to identity:<asa-ip>/443 (<asa-ip>/443) 6 Nov 12 2012 07:01:40 <client-ip> 51000 <asa-ip> 443 Teardown TCP connection 2889 for outside:<client-ip>/51000 to identity:<asa-ip>/443 duration 0:00:00 bytes 0 No valid adjacency 6 Nov 12 2012 07:01:40 <client-ip> 50999 <asa-ip> 443 Teardown TCP connection 2890 for outside:<client-ip>/50999 to identity:<asa-ip>/443 duration 0:00:00 bytes 0 No valid adjacency We finished the startup wizard and the anyconnect vpn wizard and here is the resulting configuration: Cryptochecksum: 12262d68 23b0d136 bb55644a 9c08f86b : Saved : Written by enable_15 at 07:08:30.519 UTC Mon Nov 12 2012 ! ASA Version 9.0(1) ! hostname vpn domain-name office.<redacted>.com enable password <redacted> encrypted passwd <redacted> encrypted names ip local pool vpn-pool 192.168.67.2-192.168.67.253 mask 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.68.250 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address <redacted> 255.255.255.248 ! ftp mode passive dns server-group DefaultDNS domain-name office.<redacted>.com object network obj_any subnet 0.0.0.0 0.0.0.0 pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected ! object network obj_any nat (inside,outside) dynamic interface timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL http server enable http 192.168.68.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map inside_map interface inside crypto ca trustpoint _SmartCallHome_ServerCA crl configure crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=vpn proxy-ldc-issuer crl configure crypto ca trustpool policy crypto ca certificate chain _SmartCallHome_ServerCA certificate ca 6ecc7aa5a7032009b8cebcf4e952d491 <redacted> quit crypto ca certificate chain ASDM_TrustPoint0 certificate f678a050 <redacted> quit crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable outside client-services port 443 crypto ikev2 remote-access trustpoint ASDM_TrustPoint0 telnet timeout 5 ssh 192.168.68.0 255.255.255.0 inside ssh timeout 5 console timeout 0 vpn-addr-assign local reuse-delay 60 dhcpd auto_config outside ! dhcpd address 192.168.68.254-192.168.68.254 inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ssl trust-point ASDM_TrustPoint0 inside ssl trust-point ASDM_TrustPoint0 outside webvpn enable outside enable inside anyconnect image disk0:/anyconnect-win-3.1.01065-k9.pkg 1 anyconnect image disk0:/anyconnect-linux-3.1.01065-k9.pkg 2 anyconnect image disk0:/anyconnect-macosx-i386-3.1.01065-k9.pkg 3 anyconnect profiles GM-AnyConnect_client_profile disk0:/GM-AnyConnect_client_profile.xml anyconnect enable tunnel-group-list enable group-policy GroupPolicy_GM-AnyConnect internal group-policy GroupPolicy_GM-AnyConnect attributes wins-server none dns-server value 192.168.68.254 vpn-tunnel-protocol ikev2 ssl-client default-domain value office.<redacted>.com webvpn anyconnect profiles value GM-AnyConnect_client_profile type user username <redacted> password <redacted> encrypted tunnel-group GM-AnyConnect type remote-access tunnel-group GM-AnyConnect general-attributes address-pool vpn-pool default-group-policy GroupPolicy_GM-AnyConnect tunnel-group GM-AnyConnect webvpn-attributes group-alias GM-AnyConnect enable ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context call-home reporting anonymous Cryptochecksum:12262d6823b0d136bb55644a9c08f86b : end Clearly we are missing something, but the question is, what?

    Read the article

  • Using a nat rule to translate 80/443 traffic to web server, but internal users cannot access it using external ip/domain name

    - by Josh
    I am using Cisco ASDM for ASA I have my internal network called soa. My outside interface is called outside. Let's say my outside IP given to me by my ISP isp is y.y.y.y I have a web server inside my network with a static ip of x.x.x.110. I have configured 2 static nat rules (one for http the other for https). Source is x.x.x.110. Interface is outside, service (http or https). Maybe I am doing this wrong, but when I run the packet tracer, I choose outside interface and for the source IP I used 8.8.8.8 and the destination ip is my outside IP address, y.y.y.y When I run that, it shows the packet traversing successfully, using 9 steps. For my other test, I switch to the soa interface, input an ip on that network, and leave the destination the same. This test comes up with 2 steps and then fails on my access list. When I see the rule that fails, it is my catch all which is source: any desitnation: any, service: ip action: deny. What rule do I need to make to allow my soa network access to go out and come back in by my external IP addess (using a domain name attached to that ip in my dns, of course)?

    Read the article

< Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >