BT Business Hub 3 – And Cisco ASA 5500

KB ID 0000762 

Problem

Warning: If your ASA is running version 8.3(4) or above you are going to have problems assigning public IP addresses from your allocated BT Range (jump to the bottom of the article for a resolution).

You have a pool of public IP addresses and you wish to allocate one of these IP addresses to your Cisco ASA Firewall. Note: This is for customers using BOTH ADSL and BT Infinity

Solution

For this procedure I was running an ASA5505 (Unlimited) with version 8.4(5). You will need to know the public IP address range allocated to you by BT (and the IP allocated to the router/hub).

Allocating a Public IP address to an Internal Client with the BT Business Hub

1. Log into the router, (the password initially is on the pull out plastic tab on top of the router). Set the IP to the one allocated to the router by BT (from the IP range they have given you). Note: The router actually gets a different IP address externally, this is normal, don’t panic.

2. Apply > Wait for the changes to apply.

3. Under business Network > Devices> You should see your device listed > Select it.

4. Assign the public IP as shown, you need to select the two radio buttons before the drop-down list of IP addresses will work > Apply.

5. Note: additionally if you are installing a firewall you might want to disable the Business Hubs internal firewall. Settings >Port Forwarding > Firewall > “Allow all traffic…” > Apply.

Problem with Cisco ASA (Now Resolved: See below)

My firewall (after a reload) picked up the correct IP address, but was unable to connect to the internet. My laptop (also connected to the BT Business Hub) connected fine to the internet (both with an allocated public address, and using the public address of the router). The ASA could not get out at all, nor could it ping the IP address of the Business Hub. The ASA showed as disconnected for a while, then disappeared from the ‘Devices’ tab, even though it continued to get the correct IP address leased to it from the Business Hub, this persisted after a reload of the firewall – so the hub COULD see it. I tried giving the ASA the correct IP address statically, I also locked the speed and duplex of the ethernet interface (in case it was simply an auto-negotiation error), this did not resolve the problem. BT told me they had no record of anyone having the same problem, but that they would take a note in case it came up again. Luckily the client had his old 2Wire router as soon as I plugged that in everything worked fine.  

 

Update 210414 (and resolution)

Got an email from Nate Morris this week who had been working on this very problem, while debugging the ARP traffic he saw;

[box]

arp-in: request at external from 192.168.1.254 c0ac.54e4.d8d8 for 123.123.123.123 
0000.0000.0000 arp-in: Arp packet received from 192.168.1.254 which is in different subnet 
than the connected interface 123.123.123.123/255.255.255.248 

[/box]

This pointed to a known problem with Cisco ASA introduced in version 8.3(4). Cisco identified this as bug CSCty95468 (Cisco CCO Login required to view). To resolve this problem you need to allow the ASA to populate its ARP table from a non connected subnet. To do this you need to issue an arp permit-nonconnected command.

[box]

User Access Verification Password: 
Type help or '?' for a list of available commands. 
Petes-ASA> enable 
Password: ******** 
Petes-ASA# configure terminal 
Petes-ASA(config)# arp permit-nonconnected 
Petes-ASA(config)# exit 
Petes-ASA# write mem 
Building configuration... Cryptochecksum: 28790e0e 91da681e 7cf92e8a 85efb7ea 9449 bytes copied in 1.310 secs (9449 bytes/sec) [OK] 
Petes-ASA# 

[/box]

Update 260213

Got an Email from Andrew Joubert, to say that he had the same problem, and he was using the BT business hub via BT Infinity not ADSL.

Related Articles, References, Credits, or External Links

Original Article Written 26/02/13

Credit to: Nate Morris, for finding the resolution to the original problem.

Special thanks to Steve at BT, who rang me back on my mobile so I didn’t have wait in a queue, and then followed up afterwards to see what the outcome was, if I knew his surname I would publish it! He did a grand job, and does not get paid enough!

Also thanks to Chris at BT who pitched in and did as much as he could.

Server 2008 R2 – Inbound traffic Blocked – Outbound Traffic works?

KB ID 0000397 

Problem

My colleague had this problem this week, and it involved a call to Microsoft to resolve. Basically the client had some comms problems, so ran Windows updates, post update the server (which was the main domain controller and DHCP server for the network) could not be seen by any clients on the network. The server itself however could quite happily see everything else.

Solution

The problem is due to the Windows firewall (EVEN IF IT’S DISABLED!)

1. On the affected server > Start > in the search/run box type ncpa.cpl {Enter}.

2. Select the network card > Press ALT to get the menu to appear > Advanced > Advanced Settings > Adapter and Bindings > Make sure Local Area Connection is at the top of the list > OK.

3. Start in the search/run box type services.msc > ensure the Windows Firewall service is running (Note: the service can still be running if the firewall is disabled -if you want it off it can remain off).

4. Start > in the search/run box type regedit {enter} > Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDNSParameters > Create a new DWORD called SocketPoolSize and set it to 500 (Decimal).

5. Whilst in the registry editor, now navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters > You may see a DWORD entry called MaxUserPort (set at 60553 Decimal) If so change it’s value to 65535 (Decimal). If it’s not there create it and set it to 65535 (Decimal).

6. Then reboot the server.

Related Articles, References, Credits, or External Links

NA

Cannot Sync HTC HD2 with Windows Mobile Device Center

KB ID 0000232 

Problem

This is what you are seeing
This is what you want to see

Solution

This one had me stumped for a while,

1. On the phone go to settings, locate “Other”.

2. Select the USB to PC Option.

3. Select ActiveSync, and untick “enable faster data syncronisation” > OK.

4. Now when you reconnect the phone, the drivers will install, and you can sync.

Related Articles, References, Credits, or External Links

NA

Exchange PST Import Error – ‘Couldn’t connect to the target mailbox’

KB ID 0000801

Problem

I was trying to import some PST files into SBS 2011, and got the following error;

Couldn’t connect to the target mailbox

Solution

Before you proceed, make sure the user you are logged in as, and are attempting to perform the New-MainboxImportRequest command has been granted the rights to carry out mailbox imports, read the following article;

Exchange 2010 (Post SP1) Bulk Importing Mail From pst Files

Note: If the machine you are importing into is part of a CAS array you may also see this error, to fix that problem you need to create a temporary mail database and move the target mailbox into it, then change the RpcCLientAccessServer property for that database, like so;

[box] set-MailboxDatabase TEMPDB -RpcClientAccessServer Exchange01.petenetlive.com[/box]

1. Make sure the folder you are importing from (this has to be a UNC path NOT a path to local folder!) has permissions granted to it for the Trusted Exchange Subsystem group.

2. If your machine is also a global catalog server, (Note: As mine is an SBS server, and the only DC I don’t really have a choice.) You may find that the ‘Microsoft Exchange RPC Client Access’ service is not running, start it manually then attempt the import again.

 

Related Articles, References, Credits, or External Links

NA