2800 w/ site-site tunnel using NAT and user tunnels

I am using a 2800 to terminate a site-site IPSec tunnel using a crypto map. It is also used to terminate several user tunnels.
Because of overlapping private address space there is a source NAT rule in place that overloads addresses prior to routing them across the site-site tunnel.
The problem is that the user tunnels are not able to communicate with any host located on the far end of the site-site tunnel. The site-site tunnel (and it's NAT) works just fine for users coming from any other interface on the 2800.
Does anyone have any ideas? I've gone ahead and attached the existing configuration for those that are brave or incredibly smart :) It is a fairly trashed config though, and I'm still trying to clean it up from where it was.
Thank you VERY much ahead of time,
Steve

Duplicate posts.  :P
Go here:  http://supportforums.cisco.com/discussion/12152361/2nd-site-site-ipsec-tunnel-nat-traversal-setting-fail-establish-however-1st

Similar Messages

  • Load balancing weirdness using NAT and same-metric route

    Hi.
    I'm trying to set up a double-WAN load-balancing scenario:
    I decided to attempt the "multiple same-metric routes with NAT" approach so I went for the example used in the IOS NAT Load-Balancing for Two ISP Connections Configuration Guide [1].
    I decided to use an upside-down Cisco 871-SEC/K9: use Vlan1 and Vlan2 for the routers and Fa4 for the LAN. I am hoping this is not an issue.
    There is this weirdness with some connections, particularly FTP. I pinpointed the problem to the following scenario: if I do a couple of pings to 100.1.1.1 using the FastEthernet4 as the source address, this is what I get in the logs:
    === PING 1 ECHO REQUEST ===
    *Mar 3 04:38:43.521: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan1), routed via RIB
    *Mar 3 04:38:43.521: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14152]
    *Mar 3 04:38:43.521: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan1), g=10.129.124.1, len 60, forward
    *Mar 3 04:38:43.521: ICMP type=8, code=0
    === PING 1 ECHO REPLY ===
    *Mar 3 04:38:45.589: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19824]
    *Mar 3 04:38:45.589: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
    *Mar 3 04:38:45.589: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
    *Mar 3 04:38:45.589: ICMP type=0, code=0
    === (something else) ===
    *Mar 3 04:38:52.353: RT: SET_LAST_RDB for 0.0.0.0/0
    OLD rdb: via 10.129.124.33, Vlan2
    NEW rdb: via 10.129.124.1, Vlan1
    === PING 2 ECHO REQUEST ===
    *Mar 3 04:38:52.353: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan2), routed via RIB
    *Mar 3 04:38:52.353: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14159]
    *Mar 3 04:38:52.353: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan2), g=10.129.124.33, len 60, forward
    *Mar 3 04:38:52.353: ICMP type=8, code=0
    === PING 2 ECHO REPLY ===
    *Mar 3 04:38:53.029: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19825]
    *Mar 3 04:38:53.029: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
    *Mar 3 04:38:53.033: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
    *Mar 3 04:38:53.033: ICMP type=0, code=0
    In the section "Ping 2 Echo Request" line 2 shows the NAT translating the packet to the address for the first provider but line 3 shows it routing it through the second one.
    In this case, the ICMP packet goes through but it is problematic if the ISP restricts the service by source-address (like RPF) or there is some acceleration mechanism inside the provider cloud, other than just plain routing.
    What am I missing? Here is the relevant part of the configuration. I deliberately disabled CEF to be able to debug the messages, but I *think* this may be altering the actual router behavior. This router does not have a "debug ip cef packet" command.
    no ip cef
    ip dhcp pool lan-side
    import all
    network 192.168.60.0 255.255.255.0
    default-router 192.168.60.1
    domain-name doublewan.local
    dns-server 8.8.8.8 8.8.4.4
    lease infinite
    ip domain name doublewan
    interface FastEthernet0
    !doesn't appear on running-config: vlan 1 is the default access vlan
    !switchport access vlan 1
    interface FastEthernet1
    switchport access vlan 2
    interface FastEthernet2
    shutdown
    interface FastEthernet3
    shutdown
    interface FastEthernet4
    ip address 192.168.60.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    no ip route-cache
    duplex auto
    speed auto
    interface Vlan1
    ip address 10.129.124.2 255.255.255.224
    ip nat outside
    ip virtual-reassembly
    no ip route-cache
    interface Vlan2
    ip address 10.129.124.35 255.255.255.224
    ip nat outside
    ip virtual-reassembly
    no ip route-cache
    ip route 0.0.0.0 0.0.0.0 Vlan1 10.129.124.1
    ip route 0.0.0.0 0.0.0.0 Vlan2 10.129.124.33
    ip nat inside source route-map nat1 interface Vlan1 overload
    ip nat inside source route-map nat2 interface Vlan2 overload
    ip access-list standard acl4-nexthop-vlan1
    permit 10.129.124.1
    ip access-list standard acl4-nexthop-vlan2
    permit 10.129.124.33
    route-map nat2 permit 10
    match ip address 102
    match ip next-hop acl4-nexthop-vlan2
    match interface Vlan2
    route-map nat1 permit 10
    match ip address 101
    match ip next-hop acl4-nexthop-vlan1
    match interface Vlan1
    control-plane
    Of course, there is some configuration pending for redundancy and stuff.
    Thanks a lot in advance.
    [1] http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/100658-ios-nat-load-balancing-2isp.html

    Hello.
    This might be a bug in debug command or the IOS (without ip cef) you use; as routing is done before NAT (inside to outside).
    To make sure it works fine with ip cef, just enable strict uRPF (or just ACL) on .1 and .33 interfaces and see if you see any packet sent over wrong interface.
    PS: please check "sh ip cef 100.1.1.1"; I guess ip cef would tell you "per-destination sharing".

  • Incorrect Viewing of Site when using mozilla and other browser

    Hi, i got a little problem, i created a site using Macromedia
    Dreamweaver 8, when previewing at Internet Explorer my site is ok
    including margins and other, and then when i tried to view at
    Mozilla Firefox the layout is quite incorrect such as layout and
    margins and the text is quite lower compared at internet explorer.
    Thanks you..

    Thank you for replying to my problem, coz m new to web
    designing here's the URL www.mysystema.com, its still on
    developement so pls help on this. thnx a lot!!! more power!

  • Duplicate IPs while using NAT and HSRP

    When using two routers in the same HSRP group and the same static NAT table on each, I run into Duplicate IP address messages detected on the interface where the routers are communicating to each other for redundancy.
    HSRP is working properly because when I do a show standby one router is active and one is standby.
    Any ideas on how to eliminate this problem?
    BSC

    What you need is a feature called Stateful Fail-over of Network Address Translation or SNAT. This feature enables transparent failover of NAT sessions to the standby HSRP router if the primary HSRP device goes down.
    The link below should provide the info you need about SNAT.
    http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a008060c61d.html#wp1049970
    HTH,
    Sundar
    *Please rate all helpful posts.

  • Using NAT and PAT together?

    ASA is 5540 w/8.3. I have a large inside block of inside address I want to NAT or PAT
    to outside addresses.  Is it possible to use a block of outside addresses with NAT with
    rollover PAT to the whole range, or is it restricted to roll over to only a single address?
    Thanks, Roger

    Are you looking to do this for outbound connections to the internet?  If so, this is possible to do a nat to a group of IP address and then if that gets all used up, have it roll over to a single IP address for PAT.

  • On my recently installed Firefox, I can't access information on one website (using password and user name), but I can on my old IE

    To avoid some of the issues related to Microsoft's stopping support for Windows XP, I recently installed Firefox, which has been working well. I kept Internet Explorer on my computer, though. I am a patient at a facility that has an online chart where one can go to get messages, test results, etc. When I am on Firefox and try to access this chart by entering my user name and password, I am denied access and keep getting a message that my session has timed out. When I try the same thing with Internet Explorer, which I would prefer not to use, I do get access. It seems to me that I have to add Firefox to my computer's system somehow (and maybe delete IE) in order for this to work. Can someone tell me how to do this, please?

    Usually sites recognize that your session is still alive using cookies. Can you think of any changes you might have made to Firefox's cookie settings to increase your privacy or reduce tracking? Or any add-ons along those lines?
    As a test, try logging in to the site (1) in Firefox's Safe Mode (2) in a Private Browsing window. This will help bypass restrictive cookie settings, as well as other filtering behaviors of extensions, to see whether those are a factor.
    You can restart Firefox in Safe Mode using either:
    * "3-bar" menu button > "?" button > Restart with Add-ons Disabled
    * Help menu > Restart with Add-ons Disabled
    ''Not all add-ons are disabled: Flash and other plugins still run''
    After Firefox shuts down, a small dialog should appear. Click "Start in Safe Mode" (''not'' Reset).
    Then open a private browsing window using either:
    * Ctrl+Shift+p
    * "3-bar" menu button > New Private Window
    * File menu > New Private Window
    In that window, try logging in. Any difference?

  • Unable to authorize user using AccessControlService and user.roles and user.privileges are not set properly

    Hi,
    I am trying to enable/disable a feature based on user.roles.
    Added a constraint for that feature as below,
        <adfmf:constraints>
          <adfmf:constraint property="user.roles" operator="contains" value="manager" id="c1"/>
        </adfmf:constraints>
    In this case, Users have manager role should be able to access this feature.
    My AccessControlService response is
    {"userId" : "sales_mgr","roles" : [ "manager","MOO_OPPORTUNITY_SALES_MANAGER_DUTY","ZBS_ENT_SALES_MANAGER_DUTY"],"privileges" : [ "managerPriv","ZSF_DEFINE_SALES_FORECAST_PRIV","MOO_MANAGE_OPPORTUNITY_GROUP_SPACE_PRIV"]}
    Repsonse has "manager" as one such role.
    After adding constraint to the feature, am unable to access it.
    I tried many possibilities like  operator="contains" or "not" or "equal", but no use.
    I don't know what is going wrong. Appreciate you help.
    Thanks.

    If you are on 11.5.10 or greater or standalone 2.6.4 if you pass the responder value to wf_notification.respond API it should be updated in wf_notifications.responder column. The comments is now updated in wf_comments table against the notification id and not wf_notifications.user_comment column.
    Thanks, Vijay

  • Using SSO and user mapping with WebDav Repository

    Hi guys,
      I have a WebDav Repository in portal and i configured SSO with SSO22KerbMap in IIS server. All is ok, but i have some UME users than don't have user in our Active Directory, i need use user mapping with this users. Do it's possible?
      Currently i have a KMWebDav system (with same alias name that http system) and i mapped one of my UME user (with name 'umeuser' for example) with one Active Directory user (with name 'aduser' for example), if i try access to my webdav repository from KM Content with 'umeuser' i can see in SSO22KerbMap log a message like:
    10:48:57 6756/4652 i OnPreprocHeaders: Determined account umeuser from cookie MYSAPSSO2
    10:48:57 6756/4652 E OnPreprocHeaders: Found 0 UserPrincipalNames for ADSI Filter...
    Can somebody help me?
    Thanks in advanced.

    Hi Guys,
    Any takers?
    Suggestions would be appreciated.
    Cheers
    Ian Henderson

  • I updated to Firefox 5 and now have problems with it not responding ALOT and also even though I have certian sites listed to allow popups they dont work on several sites I use daily. What can I do about this?

    I dont know what else to say about it. I updated and now all this is happening and it didnt before my update to Firefox5. I have several site I use daily and I have gone in and marked them to allow popups and they just dont work. The sites are My Yearbook...Kia Financeing...and a few more. And also I am finding that I get a no response a lot!

    I am sorry you are not in a position to replace the iPad. It is stating the obvious, but nothing lasts forever - especially something like an original iPad. IMHO, there is nothing you can do to address the issues you have posted about.
    Barry

  • NAT and Routed Network with Two ISP's on one router

    I'm sure this has been done covered many times, but I am not finding it.
    I have two ISP connections.
    With ISP-A I have a /30 between us and 200.100.100.0/24 is routed to me via the /30 for thsi example we will say the /30 is 1.1.1.1 on isp end and 1.1.1.2 on my end
    With ISP-B I have a 100.0.0.0/29 subnet. and the ISP gateway is on that subnet at 100.0.0.1
    On the inside of my network I have devices using both 200.100.100.x addresses and devices on 192.168.100.x that need to use NAT.
    I would like all of the devices on 200.100.100.x addresses to continue using ISP-A as their gateway.
    Everything on 192.168.100.x should use NAT and go out ISP-B
    I have tried
    ip nat inside source route-map ISP-A interface GigabitEthernet0/1 overload
    route-map ISP-B permit 10
     match ip address 101
     match interface GigabitEthernet0/1
     set ip next-hop 100.0.0.1
    route-map ISP-A permit 10
     match ip address 111
     match interface Multilink1
     set ip next-hop 1.1.1.1
    The problem comes when I have default routes to ISP-A in the router than none of the ISP-B traffic works, and vice versa.

    I think for this to work correctly and be able to split traffic between the 2 ISPs, you would need to use BGP, because default is going to use one ISP or the other.
    If you can use BGP, this link will help you in load shearing between multiple ISPs when you have one router.
    http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13762-40.html#conf4
    HTH

  • SSO and User Mapping at same time

    Hi,
    Can we use SSO and User mapping at same time between Portal and SAP Backend system?
    For some of the users the user id is different in both end.
    After implementing the SSO... Will it affect the existing user mapping? and the system alias created for that?
    If not, Can we use both SSO and user Mapping same time?
    Thanks,
    VB

    Hi VB,
    In this case I suggest you create 2 systems one you might have created for users who are having common user ids in portal & at the backend system.
    For the users whose ids are defeering you can create reference system and in user managemant property of that system
    Authentication Ticket Type - Select -SAP Logon TicketSAP Assertion Ticket
    Logon Method -  UWPW
    User Mapping Fields -  {100,200,300}Client;Language
    where 100,200,300 are the clients of the backend system.
    Assign this system in the ivews.
    Thanks,
    Vishal

  • EAP-TLS machine and user cert or both

    If I use machine and user certificates does that mean the machine get's an IP address, authenticates, the user then logs on which causes another DHCP renew and user authentication?  Is it better to use machine and user or just machine?

    It depends on your needs and applications, the advantage of also using machine authentication is that the machine connects, authenticates and is on the wireless network irrelevant of whether a user has logged in, which means you can remote access or monitor the machine at that point. I know alot of facilities that do it that way because they manage the machines with things like SMS, etc..   Without machine authentication the computer won't attach to the wireless until a user physically logs into the machine at which point it pass authentication.
    personally I like the machine authentication that way you can push updates and other things to the machines without having to either send a person to the machine to login or waiting for a user to login so that you can access the machine, it just needs to be on.
    in short machine authentication replicates being hardwired to the network.
    Hope this helps...  please rate useful posts.
    Thanks,
    Kayle

  • I just downloaded the new version of Firefox and now every site I used to use such as Facebook, Twitter, and Youtube show "This Connection Is Untrusted"

    I just downloaded the new version of Firefox and now every site I used to use such as Facebook, Twitter, and Youtube show "This Connection Is Untrusted". Even when I do accept the risks the site no longer looks the way it's looked for years. Twitter doesn't even give me the option to accept the risks at all and shows this error (Error code: sec_error_unknown_issuer). I've tried resetting Firefox, I've checked the time and date, and I've removed and added Firefox to see if that would work. Nothing seems to be working so I can see the sites the way they normally would be instead of "coded". Can anybody help me please?!!! Thanks

    ok, unfortunately the fiddler2.com issuer in certificates might be a sign of unwanted software present on your pc that is intercepting secure network traffic. please go into the system control panel and uninstall programs like BrowserSafeguard, BrowserSafe, SafeGuard or other software that sounds suspicious and didn't get installed by you intentionally.
    <sub>reference: https://support.mozilla.org/en-US/questions/982532#answer-520145</sub>
    afterwards, run a full scan of your system with different security tools like the [http://www.malwarebytes.org/products/malwarebytes_free free version of malwarebytes] & [http://www.bleepingcomputer.com/download/adwcleaner/ adwcleaner].
    [[Troubleshoot Firefox issues caused by malware]]

  • ISAKMP Phase 1 dying for Site to Site tunnel between ASA and Fortigate

          I am facing strange issue on my asa and client Fortigate fw.
    We have site to site tunnel with 3des and sha and DH-5 on asa
    3des  sha1 and dh-5 on Fortigate.
    Tunnel came up when configured after some time it went down and it is throwing below errors. Please
    some one help me here.
    Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, IKE SA Proposal # 1, Transform # 1 acceptable  Matches global IKE entry # 8
    Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, constructing ISAKMP SA payload
    Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, constructing Fragmentation VID + extended capabilities payload
    Jul 24 17:25:13 [IKEv1]: IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 104
    Jul 24 17:25:13 [IKEv1]: IP = X.X.X.X, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NONE (0) total length : 244
    Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, processing ke payload
    Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, processing ISA_KE payload
    Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, processing nonce payload
    Jul 24 17:25:13 [IKEv1]: IP = X.X.X.X, Unable to compute DH pair while processing SA!<<<<---------Please suggest if DH group 5 does not work with PSK.
    Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, IKE MM Responder FSM error history (struct &0xcf9255d8)  <state>, <event>:  MM_DONE, EV_ERROR-->MM_BLD_MSG4, EV_GEN_DH_KEY-->MM_WAIT_MSG3, EV_PROCESS_MSG-->MM_WAIT_MSG3, EV_RCV_MSG-->MM_WAIT_MSG3, NullEvent-->MM_SND_MSG2, EV_SND_MSG-->MM_SND_MSG2, EV_START_TMR-->MM_BLD_MSG2, EV_BLD_MSG2
    Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, IKE SA MM:5f1fdffc terminating:  flags 0x01000002, refcnt 0, tuncnt 0
    Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, sending delete/delete with reason message
    Mum-PRI-ASA#

    Hey All,
    I experienced same issue with my another tunnel. Lately I came to know it was higher level of DH computation which my ASA was not able to perform and ASA reboot worked here. See the logs for tunnel which came up after reboot.
    Eror Before Reload
    Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, constructing ISAKMP SA payload
    Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, constructing Fragmentation VID + extended capabilities payload
    Aug 06 21:17:33 [IKEv1]: IP = xx.xx.xx.xx, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 416
    Aug 06 21:17:33 [IKEv1]: IP = xx.xx.xx.xx, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 108
    Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, processing SA payload
    Aug 06 21:17:33 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
    Aug 06 21:17:33 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
    Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, Oakley proposal is acceptable
    Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, processing VID payload
    Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, Received Fragmentation VID
    Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, IKE Peer included IKE fragmentation capability flags:  Main Mode:        True  Aggressive Mode:  True
    Aug 06 21:17:33 [IKEv1]: IP = xx.xx.xx.xx, Unable to compute DH pair while processing SA!
    Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, IKE MM Initiator FSM error history (struct &0xd0778588)  , :  MM_DONE, EV_ERROR-->MM_BLD_MSG3, EV_GEN_DH_KEY-->MM_WAIT_MSG2, EV_PROCESS_MSG-->MM_WAIT_MSG2, EV_RCV_MSG-->MM_WAIT_MSG2, NullEvent-->MM_SND_MSG1, EV_SND_MSG-->MM_SND_MSG1, EV_START_TMR-->MM_BLD_MSG1, EV_BLD_MSG1
    Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, IKE SA MM:64cf4b96 terminating:  flags 0x01000022, refcnt 0, tuncnt 0
    Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, sending delete/delete with reason message
    Isakmp phase completion After reload
    Aug 25 10:40:35 [IKEv1]: IP = xx.xx.xx.xx, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 108
    Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, processing SA payload
    Aug 25 10:40:35 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
    Aug 25 10:40:35 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
    Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, Oakley proposal is acceptable
    Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, processing VID payload
    Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, Received Fragmentation VID
    Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, IKE Peer included IKE fragmentation capability flags:  Main Mode:        True  Aggressive Mode:  True
    Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, constructing ke payload
    Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, constructing nonce payload
    Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, constructing Cisco Unity VID payload
    Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, constructing xauth V6 VID payload
    Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, Send IOS VID
    Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
    Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, constructing VID payload
    Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
    Aug 25 10:40:35 [IKEv1]: IP = xx.xx.xx.xx, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 320
    SENDING PACKET to xx.xx.xx.xx

  • After installing the new Yosemite OS on my iMac I can no longer send email. I can receive email, but not send. I use gmail and can send email on the gmail (google) site, but not on "mail" on my iMac. Any others with this problem? What should we do?

    After installing the new Yosemite OS on my iMac I can no longer send email. I can receive email, but not send. I use gmail and can send email on the gmail (google) site, but not on "mail" on my iMac. Any others with this problem? What should we do?

    My gmail, which is correctly configured for Mail with gmail SMTP and Google IMAP, works for awhile on Mail, which I leave open while working on other applications. But several times a day I get msg from Google: "We recently blocked a sign-in attempt to your Google Account" . . . and requiring me to verify my account details, re-enter passwords, confirm security settings (or change them from "disable" to "enable less secure methods" and so on). In Mail I also have tried "taking all accounts online", and re-entering my gmail password inside Mail account settings. These steps successfully re-set comms between gmail and Mail ... for awhile, then it happens again. Enough occurrences over a work day that I just quit Mail and revert to accessing gmail directly. Apple Care advisor and an Apple knowledge base article say that Apple can't deal with this, as gmail is third-party app, and they refer me to gmail, and so far I've found nothing helpful there.
    From today I also have several instances of a window saying "Mail has unexpectedly closed" and asking me to Re-open it.
    I also use Yahoo mail, which stops working with Mac Mail at the same time as gmail, but I do not receive notices to re-verify from Yahoo.
    I recently upgraded from Mavericks to Yosemite. The Mail problem happened occasionally with Mavericks but is far more frequent with Yosemite.

Maybe you are looking for

  • Customer payment terms issue

    Hi I need one urgent solution In customer master data the payment terms is znz8 which is due 20th of the following month. But they want it if we do invoice  11/06/2008(today) the due date shpuld be 11/07/2008. for that in customer masta we need to ch

  • Is an Airport base station necessary for internet?

    I have a cable modem and Airport Express. Can I just connect the cable modem to the Airport Express and get on the internet? Or do I have to have the Airport Extreme Base station to do that? Powerbook G4   Mac OS X (10.4.7)  

  • Why is Windows 7 showing firefox tabs open on a single window as multiple firefox windows on the taskbar?

    if i open an extra tab, an extra firefox icon gets added to the taskbar (stacked icons turned on) If i close a tab, an icon disappears.

  • Firefox help drop down menu disabled

    I'm running Firefox 26, as far as I can tell. When I try to open the Help drop down menu with my mouse or Alt-H, nothing happens. The Help menu doesn't drop down. I scanned for Malware, but found nothing. Happy Holidays!

  • Listing out the plsql objects which update tables

    1) Is there a way i can list out which plsql object is doing DML statement on a table, i know we can use USER_DEPENDENCIES or DBA_DEPENDENCIES tables but it is listing out the packages or procedures even if a column is used to define a ref datatype o