Extend A SSH Tunnel / HTTP Proxy Over Connectify For Mobile Devices
Sep 4, 2012
I currently reside in a university which has firewall restrictions. I use a SSH tunnel to connect to the internet. I managed to get my wifi up and running on my mobile device using Connectify but the only the sites which are accesible through wifi are the ones that are accesible through the university firewall. Anyway i can extend the SSH proxy to the mobile device via the Laptop?
Goal: To forward requests over port 80 from my LAN to an external server on a specific port, that is I would like to forward all requests over http to an external proxy.
I know that this can be done with IP-Tables, but I would like to do the same thing with my D-Link. I have looked at Advanced --> Routing, but that seems to be specifically for inbound requests. I want to do this for outbound requests. This can be achieved with the D-Link DIR-655?
We have ASA 5520 as SSL VPN concentrator so users can access internal web from outside. Our internal web also has several internet URL. What we want is when user click internet URL in our internal web, ASA forward those request to internal proxy server. I already config proxy using port 8080 and username "companyuser" and password, but always have authentication failed on ssl vpn browser. We uses forefront TMG as proxy. Username and password have right to access Internet.
Foreach computer I need to go and configure the browser proxy settings and some people are getting smart and turn it to automatic configuration again.
So what i want to achieve is to have my DIR-655 to route all the HTTP/port 80 traffic to the proxy server. That way it is transparent and then it is not needed to configure each computers browser settings.
I am pretty new to this and the router configurations.
The proxy server works fine if i configure the browser manually.
I am using ASA5510 and i want to know if it is possible to redirect http traffic to an internal proxy software. I explain : PC from the LAN use a internal proxy in their IE browser but some other PC doesn't use it.They are directy connected to the Internet using the Public IP from the WAN interface ( via NAT). Can we redirected this HTTP Traffic from the WAN interface to the Proxy in the LAN ?
Http Traffic will be routed like that : PC -> WAN interface -> Proxy -> WAN interface -> Internet In fact,can we create a rule saying : All http traffic which doesn"t come from the IP Proxy must be redirected toward proxy.
I have an ASA 5505 that I am using to connect my contractors to via an inside interface, the outside interface is my private LAN. I have setup on our corporate Proxy server to allow traffic from my outside interface of my ASA to go to the internet without credentials BUT log internet activity. The question is I want to know if the ASA can send that http & https traffic to my proxy server and all other traffic to my default route? I want to be able to send all internet traffic to my proxy server. This will avoid me asking the contractors to place proxy credentials in their browsers.
I am working on a task of redirecting any unmatched http traffic to Symantec public transparent proxy through Cisco ASA. For the definition of uncatched http traffic, we have inbound squid servers for deploying IE proxy pac and redirect the http traffic to Symantec public transpraent proxy, however we can't deploy IE proxy pac to mobile device and non-support web browers.Since we have some application using IE proxy setting for direct http communication with external domains, the current symantec policy addes those domains in the exception list so that they are not redirect to Symantec public transparent proxy server.
-For the platform - Cisco ASA 5510 ASA 8.4(4)1
-For the solution, I have the following two nat rules
I have Site(s) Ani....i=1,..10 sites which communicate with site B to access a website/application. That's simple enough. However, the traffic is http well we primarily don't need https on ipsec tunnel right?. But since attacks related to eavesdropping of traffic come a real reality once it gets terminated by the ipsec device on both side.I have two options either to purchase a third-party ssl certificate to encrypt the traffic between two nodes or use a custom made one.I don't want to use a custom made one because this make the browser prompt an ugly untrusted certificate message; its ugly not from security perspective but for clients inconvenience and assuring users confidence in our systems is a critical issue for us. ?
a) How its possible to remove ugly certifcate message from user screen? Does the company need to register its certificate to some kind of CA body? or what ...
b) Due to some tcp acceleration issues, ssl traffic slows down the traffic between the nodes so we only require the encryption to stand just during the initial handshake when the username and password are being validated ; after that we want to revert back to http?
I have a Belkin Wireless N1 router and it works great with my laptops and desktop computers.But! Whenever I connect up my iPad 2, mobile phone (Nexus S) or any other mobile phone, Apple TV or PS3 - the internet works and then after about 10-15 minutes (maybe more, maybe less) the internet cuts out and I can't connect on any device. The PS3 works great when hooked up through ethernet, but wirelessly the connection doesn't last very long at all. Both my parents and brother have an android based smartphone and when at home they'd like to use our WiFi instead of their mobile data - and when it comes to online gaming on the PS3, I don't want to have to trail an ethernet cable all the way to my PS3 set-up. I have full signal strength throughout the house so range isn't an issue - I've also tried connection up whilst next to the router and the connection still cuts out. To resolve this I have to pull the power cable and re-boot the router.
I have cable broadband and the modem still indicates that I have a connection, and when the internet is cut from the modem the router shows a message saying that "No internet connection can be found". The screen still indicates that it still has an internet connection but it just isn't broadcasting it...I've altered the broadcast channels but this hasn't done anything. I can connect up to my friends Belkin ADSL Wireless router with no problems and it doesn't cut out. He has his PS3 connected wirelessly too and it's all good...
I have two WRT54GS routers. I want to extend my WiFi from the router connected to my upstream in the office to a second router in the living room. I want devices configured for the SSID and passphrase of my current WiFi (which is find in the office) to work seamlessly in the living room. I understand I can do this by running a cable and configuring router 2 as a client of router 1 with router 2 exposing the same SSID and passthrase on a different channel.
But I really don't want to run a cable.There is a point where a client can see router 1 where an AP would cover the living room.
Can I put router 2 at that point, have it connect wirelessly as a client to router 1, and have it expose as an AP using the same SSID and passphrase? Can this be done without wiring the router?
I'm having an issue with intermediate certificates from GoDaddy when connecting from some browsers of mobile devices:Browser in Android 2.3.3;Safari in iOS 4.2.1;Chrome 18 in Android 4.0.In a PC there's no problem, only from the above mobile devices. The intermediate certificate isn't downloaded from the ACE 4710 resulting in a "SSL Certificate Not Trusted" error.Since GoDaddy has no instructions to resolve the issue from a Cisco ACE.
I have been testing WiFi devices such as the iPhones and iPads connectivity with the following setup:
1. 3502i AP 2. WLC 5508 SW 7.0.98 3. NGS
The i-devices have iOS v4.2
My goal is to have the guest user i-devices maintain the credentials (username and password) when they login again to the wireless network. Like if the device sleep, I think definitely they would loose those IP address issued by the DHCP. Once the guest user uses them again and connect them to the wireless network the user would not need to type-in those credentials on the Web Authentication page directed by the WLC.
The credentials are issued by the sponsor who created them on the NGS. It seems that there are WiFi problems with these i-devices. But somehow, I'm looking for a solution that would automated the logins like a checkbox if you want to be kept signed in, on Yahoo or Stay signed in for GMail.
I have installed 4 of these units in a commercial premises offering free wifi. Since the day they were installed (5Months ago) we had connectivity issues with mobile devices. This was somewhat resolved in the latest FW 1.0.04 but we are still having random disconnections on the units every 2 - 4 days and have to reboot the units. Lately the units have become unresponsive and reset themselves back to factory settings.
What we have done so far:
Changed router models - No change Changed from Static IPs & DHCP - No change Turned on isolation - No change Performed a wifi analysis to pick the best channel for each unit - Slight signal gain but still disconnects Changed to 20Mhz only (And all other variations) - No change
I think I am left with no option but to return these for some other brand. I'm really regretting buying these units at the minute...
e've been using Connectify to share the internet connection in our house and it was working beautifully, then it stopped after we upgraded to pro but now it's working again. I'm using a windows xp and my sister is using windows 7. We were both connected to the wireless network but none of the computers could get on the internet; so I restarted my mom's laptop (which is the hotspot) and my sis's laptop started browsing but mine didn't and it's still not browsing. And when i check the wireless status it says "Sending 786 packets, receiving 5 packets"
I have actually made my laptop a hotspot for example i have cable network connected on it or usb internet and i am using connectify software to share internet through wirelesss card it is sharing through wireless card to mobile and other wireless devices.. But only the issue is i want to set bandwidth for every user or default bandwidth rule for every device connect.. connectify showing me every user that connect internet through my laptop but it has no bandwidth setting option is there any solution to set bandwidth as per user or default bandwidth then whoever connect he will get my selected speed.
We set up a 1941 Router with the Cisco Configuration Professional Tool. The VPN Tunnel works and i get an IP Adress from the pool. But i cant reach any devices in the VLAN10 Network. Do i forget anything ?
Here is the config from the Router:
version 15.1 parser view CCP_Monitor secret 5 $1$FnN7$Qr.mbJbPOuOH7Te6MD1.I0 commands configure include end
We have a new site-to-site configuration comprised of two ASAs (a 5505 at the remote site and a 5510 locally). The site-to-site tunnel is up and appears to be working fine, with the exception of one thing; two identified IP addresses on the remote end cannot seem to communicate across the tunnel.
For example: address 192.168.3.81 is able to see resources at our facility, but 192.168.3.82 (an HP Laser jet P2055dn) cannot. However, 192.168.3.82 is ping able from the inside interface of the remote ASA and doesn't appear to be having any other connectivity issues. Also, the default gateway of this device appears to be set properly. When checking the real-time log viewer, I'm not seeing any error messages, it just appears as if the .82 device is not routing to the remote ASA, but strangely enough the local ASA's logs do seem to show communication with .82. (See the below logs.)
When we attempt to ping the 192.168.3.82 address from a local PC (10.10.10.10) that participates in the VPN tunnel, we see the following:
Local ASA 6|Jan 31 2012|16:03:53|302021|192.168.3.82|0|10.10.10.10|512|Teardown ICMP connection for faddr 192.168.3.82/0 gaddr 10.10.10.10/512 laddr 10.10.10.10/512 [ code]....
Remote ASA 6|Jan 31 2012|16:03:53|302021|10.10.10.10|512|192.168.3.82|0|Tear down ICMP connection for faddr 10.10.10.10/512 gaddr 192.168.3.82/0 laddr 192.168.3.82/0 [ code].....
We can successfully ping 192.168.3.81 from the same local workstation we see the following on the remote ASA :
6|Jan 31 2012|16:03:38|302021|10.10.10.10|512|192.168.3.81|0|Tear down ICMP connection for faddr 10.10.10.10/512 gaddr 192.168.3.81/0 laddr 192.168.3.81/0 [Code]....
We have no IP address overlapping and neither ASA's logs show any errors. Unfortunately, we don't have access to the remote site's router configurations, but we've been assured that the issue is not on their end.
I am testing out some inspection options on an ASA 5505, and I am running into a situation in which applying a http inspection is dropping all outbound http traffic. I get a "protocol violation" error in the logs.
Here is the setup: I'm not sure why the web traffic is getting dropped.
policy-map type inspect dns preset_dns_map parameters message-length maximum client auto
I would like to connect devices to my network so that their traffic passes through a proxy running on my computer. I figured the best way to do this is by setting the proxy on my router to the one I am running, but then I would need to have another connection to the computer running the proxy or else there would be an infinite loop ?? something like that. so:
Internet -> router (1) -> my proxy on comp A -> router (2) -> computer B
I access the internet from my company�s LAN, which has a restrictive firewall, so I cannot request the admin to open any ports manually for me. Hence I use a software called your-freedom. This proxy software supports both http as well as socks 4 and 5 proxy (by entering the proxy IP 127.0.0.1 (localhost) and Port 8080 for http proxy OR 1080 for Socks Proxy), and I have successfully been using web browsers and some other softwares that support proxy/ allow proxy info to be entered to login/ connect to the internet. Your-Freedom also supports port forwarding.However, the softwares I intend to use do not have any options to enter proxy methods or proxy ports (as far as I have noticed). I have tried to proxify these 2 softwares using softwares such as SocksCap and Free Cap, but either they don�t work, or my settings in proxifying are not correct. I believe I will have to do port forwarding or proxify the softwares, but have been unable to do so in the correct manner.
Following is the info on the 2 softwares:
1.NOW Trading terminal:[FONT=Times New Roman]Normally when I start the NOW or Zerodha software, the software starts and I get a login screen, but under firewall conditions, I get the initial Splash screen but then the software stops with the error: [b][u]NOW Initialisation failed for Interactive Engine << os error>>.
2.PowerIndia Bulls:The software is written in Java and starts with a batch file (PowerIndiabulls.bat) located in C:UsersDEFAULT_USERNAMEAppD..... I converted this batch file to .exe (with battoexe software) and then ran it through a proxifying software. The .exe start properly without proxifying software but not under proxifying environment. Basically the software needs to connect to the internet using Port 443. I am also expected to keep ports 443, 41599 and 59598 open. software's requirement is available at Indiabulls Securities: Indiabulls Securities is a leading capital market company offering securities broking and advisory services, depository services, equity research services to its clients in India. (item no. 5).To confirm, while the software is unable to connect through port 443, you will get an error message: "Connection to Login Server could not be established" when you try to login with any random Username and Password.To know that the software is able to connect properly, you will get an error: "This User ID is not enabled to be used with this product".
I need to change providers from Verizon to AT&T. This modem came with the AT&T Sim card installed in my notebook. The software (Dell Mobile Broadband Utility Help) says " Choose Network Selection from the Settings Menu. Select AT&T and click Load." Unfortunately, Network selection is not an option.
How do I do it? This modem is compatible with Verizon, AT&T and Sprint networks.
I'm in process of purchasing a new Cisco routers for our branches that will be used primary to enable IPSec virtual tunnel interfce with "tunnel mode ipsec ipv4". does the default IOS IP Base supports this feature? or i need to purchase DATA license or SECURITY license?
I have installed my new E4200 and it works beautifully. I have several wirelss adapters and a few wired connections through powerline adapters. I also have a second VPN router attached to the 4200.I can see the wireless connected devices with the associated IP addresses. If I plug a laptop directly into the Cisco, I can of course see it.However, I can see none of the devices attatched to the powerline devices? I have a securty cam connected via the powerline and want to know the IP address. I checked with cisco technical support via chat and they said it is impossible. I have used 2 previous routers with the same configuration and can see all devices.
Currently my home network is being switched via TrendNet TEGs80G unmanaged gig switches. I have been using them for about a year now with no issues. As my home network becomes more advanced, I recently just added a Cisco ASA5505, I am thinking about swapping those unmanaged devices, 4 of them, to managed. I was looking at the Cisco SG300-10 for upstairs, and a 16 port variant for my main core. These devices do not support full Cisco IOS cli, but they are manageable with a rich feature set nonetheless. My question is, should I swap the unmanaged devices with the more expensive Cisco devices, or just keep what works and save the money until I really need to spend it. As previously stated, my home LAN works just fine as it is, however my WiFi, NTV550s, server and workstations are all on the same network. Probably not the most secure but it is what it is without VLAN support.
There are a few situations were I'd like to be able to use the locally configured account on a device but still have ACS in place.I want to complete this WITHOUT adding the locally configured account into ACS.I have tried setting the advanced option under Identity for if an account is not found to "Continue" however this causes the account to be allowed as long as a password is typed (any password, as long as its not blank).