Nils's questions

We are using a 5505 ASA Sec+ (8.2). There are three interfaces: inside (172.17.0.0/24), dmz (172.16.0.0/24) and outside (1.2.3.4 for the example).

There are static NAT rules set up translating 1.2.3.4 to servers on the dmz (including 1.2.3.4:80 to 172.16.0.10:80). These work from the outside.

How do I let users on the inside access the DMZ servers using the outside IP in the same way as users on the outside?

Because we are using port address translation (several different servers depending on the port number), I want to avoid DNS doctoring.

It does not matter whether we use NAT or not for direct inside-dmz traffic (most traffic will be through the public IP anyway).

The current NAT configuration:

ASA Version 8.2(5) 

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

global (outside) 1 interface
global (dmz) 2 interface
nat (inside) 1 172.17.0.0 255.255.255.0
nat (dmz) 1 172.16.0.0 255.255.255.0
static (dmz,outside) tcp interface www 172.16.0.10 www netmask 255.255.255.255 
static (dmz,outside) tcp interface https 172.16.0.10 https netmask 255.255.255.255 
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
access-group dmz_access_in in interface dmz

With this minimal configuration, the inside users cannot access the dmz servers at all. Both inside users and dmz servers can access the internet outside just fine, and the dmz servers are accessible from the internet.

I use the GitLab API to fetch a list of the projects I have access to (URL /api/v3/projects/all?private_token=xxx), but there are 6-7 projects that are not included in the list for some reason.

EDIT: My user is an administrator, and I want to list all projects like the /projects/all URL indicates.

I have access to the projects just fine using git itself and the GitLab web interface. Any suggestions why the projects wouldn't be shown in the list from the API?

All the projects missing are newer than the others. I have tried refreshing my API token; no change.

Versions:

GitLab        6.4.3
GitLab Shell  1.8.0
GitLab API    v3
Ruby          2.0.0p353
Rails         4.0.2

I have replaced an aging firewall (custom setup using Linux) with a Cisco ASA 5505 appliance for our network. It's a very simple setup with around 10 workstations and a single Small Business Server 2008.

Setting up incoming ports for SMTP, HTTPS, remote desktop etc. to the SBS went fine - they are working like they should.

However, I have not succeeded in allowing incoming VPN connections. The clients trying to connect (running Windows 7) are stuck with the "Verifying username and password..." dialog before getting an error message 30 seconds later.

We have a single external, static IP, so I cannot set up the VPN connection on another IP address.

I have forwarded TCP port 1723 the same way as I did for SMTP and the others, by adding a static NAT route translating traffic from the SBS server on port 1723 to the outside interface.

In addition, I set up an access rule allowing all GRE packets (src any, dst any).

I have figured that I must somehow forward incoming GRE packets to the SBS server, but this is where I am stuck.

I am using ADSM to configure the 5505 (not console).

Any help is very much appreciated!

EDIT: See also the related question here: PPTP pass through on Cisco ASA 5505 (8.2)

I'm running a Small Business Server 2008 with Windows Sharepoint Services 3.0 (WSS 3.0). I thought WSS was supposed to hide menu items for which the current logged in user don't have access? Apparently, all users can see all links, regardless of whether they have access.

This applies to both links to newly created sub-sites as well as document libraries/lists.

Is this expected behaviour, or is there a misconfiguration somewhere that causes the links to stay visible even for users without access?

Thanks!

Hey guys, I work as a consultant for a firm with a Checkpoint firewall. I have downloaded and installed the Checkpoint Endpoint Security VPN client. During the installation, I answered no to any questions pertaining firewall etc. - I just wanted the VPN client itself.

However, after the installation, I am no longer able to use any of my pre-existing Windows VPN client connections. It does not matter whether the Checkpoint UI is running or not - shutting down the client does not fix the problem.

Uninstalling Checkpoint VPN on the other hand fixes the problem.

Does anyone know if it is possible to have both VPN clients work while being installed simultaneously? I don't need them to stay connected simultaneously, just avoiding to install/uninstall the Checkpoint client every time I have to use it is perfectly good.

Thanks!

I have set up a Microsoft Windows SBS 2008 server for a small company (8-10 users). They use it as file server, print server, mail server etc. - basically everything small companies need except a public web server.

Browsing the network shares, printing etc. is usually fast and problem-free, but sometimes, certain actions take an extremely long time. For instance, I recently tried to open a Word document on a network share and waited over a minute for it to appear. Meanwhile, while Word was appearing to hang, I had no trouble browsing the network share from Windows Explorer. After the document initially loaded, I could close Word, re-open the very same file, and it appeared immediately. Similar things happen on all network share actions as well as printing on the SBS printer (takes time to open the print properties dialog).

Copying files over the network is fast, around 10 MB/sec (using 100mbit switches) - I doubt the physical network/link layer is responsible.

This is happening on several client computers (if not all), both Windows XP as well as Windows 7 clients. The computers are all members of the domain.

Any ideas why this is happening? All help and suggestions are very welcome - I have been tearing my hair out over this... Thanks!