AnyConnect VPN with Built-in Client Firewall on Windows 7
Hi
I've searched the forums and documentation and can't seem to find a definitive answer to my scenario.
We have an ASA5510 with SecPlus running 8.3.2
We currently use VPN client on XP to invoke the built-in firewall to prevent incoming connections to the PC when the tunnel is established – the Cisco built-in client is not supported on Win7.
We’re looking to provide similar functionality with the AnyConnect client, i.e.
Full network access over the AnyConnect client (connection can be established manually)
AnyConnect client enforcing a local policy on the PC preventing incoming connections when the tunnel is established
No clientless requirements
No mobile requirements (apple, android etc)
No secure desktop requirements
I’d like to ascertain if:-
Does the AnyConnect client include a firewall that is supported on Windows 7 (32 and 64 bit)?
Will the Essential licence give me the functionality I require, or do I need a Premium?
Thanks
Hi Prashanth,
I think you can only use per-app VPN with SSL VPN.
Hope this helps,
Julien
Similar Messages
-
ASA 5505 AnyConnect VPN Can RDP to clients but can't ping/icmp
Hello all,
I've been searching all day for a solution to this problem. I setup and SSL anyconnect VPN on my Cisco ASA 5505. It works well and connects with out a problem. However, I can't ping any internal clients, but I can RDP to them. It may be something simple and I would appreciate any help. Most of the time people end up posting their config so I will as well.
MafSecASA# show run
: Saved
ASA Version 8.2(1)
hostname MafSecASA
domain-name mafsec.com
names
interface Vlan1
nameif inside
security-level 100
ip address 10.4.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 7.3.3.2 255.255.255.248
interface Vlan3
no forward interface Vlan1
nameif dmz
security-level 50
ip address 172.20.1.1 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
speed 100
duplex full
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
switchport access vlan 3
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name mafsec.com
same-security-traffic permit intra-interface
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object tcp
protocol-object udp
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object udp
protocol-object tcp
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_4
protocol-object ip
protocol-object icmp
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
access-list inside_access_in remark allow remote users to internal users
access-list inside_access_in remark allow remote users to internal users
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_4 10.4.0.0 255.255.255.0 10.5.0.0 255.255.255.0
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_3 10.5.0.0 255.255.255.0 10.4.0.0 255.255.255.0
access-list outside_access_in extended permit icmp any any
access-list inside_split_tunnel standard permit 10.4.0.0 255.255.255.0
access-list inside_split_tunnel standard permit 10.5.0.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.4.0.0 255.255.255.0 10.4.0.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.4.0.0 255.255.255.0 10.5.0.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.5.0.0 255.255.255.0 10.4.0.0 255.255.255.0
access-list inside_nat0_outbound_1 extended permit ip 10.4.0.0 255.255.255.0 10.4.0.0 255.255.255.0
access-list inside_nat0_outbound_1 extended permit ip 10.4.0.0 255.255.255.0 10.5.0.0 255.255.255.0
access-list inside_nat0_outbound_1 extended permit ip 10.5.0.0 255.255.255.0 10.4.0.0 255.255.255.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool SSLVPNPool2 10.5.0.1-10.5.0.254 mask 255.255.255.0
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound_1
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 7.3.3.6 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 10.4.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 10.4.0.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd option 6 ip 8.8.8.8 8.8.4.4
dhcpd address 10.4.0.15-10.4.0.245 inside
dhcpd dns 8.8.8.8 8.8.4.4 interface inside
dhcpd lease 86400 interface inside
dhcpd option 3 ip 10.4.0.1 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
svc image disk0:/anyconnect-win-2.5.3055-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.5.3055-k9.pkg 2
svc enable
tunnel-group-list enable
group-policy SSLVPN internal
group-policy SSLVPN attributes
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol svc
group-lock none
split-tunnel-policy tunnelspecified
split-tunnel-network-list value inside_split_tunnel
vlan none
address-pools value SSLVPNPool2
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
username user1 password
username user1 attributes
service-type remote-access
username user2 password
tunnel-group SSLVPNGROUP type remote-access
tunnel-group SSLVPNGROUP general-attributes
address-pool SSLVPNPool2
default-group-policy SSLVPN
tunnel-group SSLVPNGROUP webvpn-attributes
group-alias SSLVPN enable
prompt hostname context
Cryptochecksum:3b16cbc9bbdfa20e6987857c1916a396
: end
Thank in advance for any help!Your config actually looks good (you have the ACL that would allow the echo-reply back since you don't have inspection turned on) - are you sure this isn't a windows firewall issue on the PCs? I'd try pinging a router or switch just to make sure.
--Jason -
AnyConnect VPN with Windows 8.1
Has anyone else had issues with the anyconnect vpn client on windows 8.1? I cannot get it to work for the life of me. It will connect and find the gateway, prompt for password, then ask about certificate, the status on the client itself quickly changes to updating software, then blows up and with the failure to connect message...
Any ideas?What I can tell you is that I have Windows 7 64bits and anyconnect works fine. ver 3.1.03103.
If you feel like share the address for the gateway and I will tell you if it ask for autentication. I don't really think the address is critical information.
It's your call. -
Problem with built mail client E66
Hi, today I noticed a problem that I just disappeared built mail client and with mails. When I will create a new mailbox, it still gives me the opportunity, only Nokia Messaging ...
Can you help me with this??
THXbruxxx wrote:
Why is it that a free mail client like Thunderbird can do better than both Apple and Microsoft at solving this problem ... though it is not completely solved by either?
Because most users have no idea what cached connections are. They just want it to work.
Perhaps you should submit a bug report to Apple -
PPTP VPN with MPPE Encryption not working in Windows 7
My Config:
vpdn enable
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
interface Virtual-Template1
ip unnumbered GigabitEthernet0/1.100
ip nat inside
ip virtual-reassembly
peer default ip address pool ippool
no keepalive
ppp encrypt mppe 128 required
ppp authentication ms-chap ms-chap-v2
ip local pool ippool 192.168.100.201 192.168.100.210
aaa authentication ppp default group radius local
radius-server host 192.168.100.10 auth-port 1645 acct-port 1646 key XXXX
If I choose Optional Encryption on the Windows VPN client and change the ppp encrypt mppe option under the virtual-template to "ppp encrypt mppe 128" without the required I can get in. If I do Required then it fails. When I check the encryption on the Virtual Access interface it shows no encryption.
LST_R1#sho ppp mppe virtual-Access 3
MPPE not negotiated on Vi3
Any help would be much appreciated.This turned out to be an issue with my IOS version. I have a 2800 with 12.4 advanced IP services and it does not support this. I tried it on a C800 router with 15.0 and it worked just fine.
Thanks -
Problem with AnyConnect VPN on ASA 5505
Hello everyone,
We're troubleshooting an issue where a client cannot pass any traffic across an AnyConnect VPN with an ASA5505 as the endpoint. The client receives and IP address in the 172.16.0.1/24 range and the ASA creates a static route to the 10.0.0.0/24 internal network but we cannot ping or connect to any internal IP address. The connection appears to fully build and pass traffic (based on the byte counts which increase) but we can't talk to the main network.
Does anyone have any ideas as to what I can check?
Thanks!
RyanAnyConnect client should not be in the same subnet as the internal hosts. It needs to be unique subnet within your environment, so you were on the right path initially.
If you can share your config, that would be easier for us to check.
In the meantime, a few things to check:
1) Have you configured split tunnel policy?
2) Do you have NAT exemption configured?
3) Any VPN filter configured that might be blocking the traffic?
4) Does the internal network know how to route back to the VPN Pool subnet (ie: via the ASA)
5) Lastly, do you have "inspect icmp" configured? -
A problem with WAAS mobile client
The customer has a problem with WAAS mobile client. When he disabled WAAS mobile client - all is working, but http is not working.:-( On the server the accelerated networks are configured.The browser send the http request, but the response is not received:-( For other clients it is working. Thank you for help.
I have WAAS mobile server version 3.4.0.1460 on the Windows2003 server with SP1. Client OS is Windows XP. All clients who use WAAS mobile client have WinXP on their notebooks. All clients are on the same network. This client sees this problem when the waas client is active, disabled, and for now when the waas mobile client is uninstalled - it seems like waas mobile client changed registers for IE or FireFox - so all http answers are redirected to nonexisting waas mobile client:-(
Thank you
Roman -
Really Need Some Help with CME 8.6 using IOS as Firewall and Anyconnect VPN on Phones
Hello,
I have a 2911 Router with IOS Security and Voice enabled and we are using CME 8.6. I am using a built-in Anyconnect VPN on 3 phones that are for remote users and thus I needed to enable security zones on the router which works because the remote phones will boot up, get their phone configs and I am able to call those remote phones from an outside line.
The issue I am having is that when I try to dial a remote phone connected via the VPN through port g0/0 from and internal office phone, i.e., NOT involving the PSTN then there is no audio. It's as if no audio is going back and forth. When I take off the security zones from the virtual-template interface and the g0/0 interface then the audio works great and I can reach the phone from internal as I am supposed to.
Could someone take a peek at my security config and see why audio would not be traveling through the VPN when I have my security zones turned on?
clock timezone PST -8 0
clock summer-time PST recurring
network-clock-participate wic 0
network-clock-select 1 T1 0/0/0
no ipv6 cef
ip source-route
ip cef
ip dhcp excluded-address 192.168.8.1 192.168.8.19
ip dhcp pool owhvoip
network 192.168.8.0 255.255.248.0
default-router 192.168.8.1
option 150 ip 192.168.8.1
lease 30
multilink bundle-name authenticated
isdn switch-type primary-ni
crypto pki server cme_root
database level complete
grant auto
lifetime certificate 7305
lifetime ca-certificate 7305
crypto pki token default removal timeout 0
crypto pki trustpoint cme_root
enrollment url http://192.168.8.1:80
revocation-check none
rsakeypair cme_root
crypto pki trustpoint cme_cert
enrollment url http://192.168.8.1:80
revocation-check none
crypto pki trustpoint TP-self-signed-2736782807
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2736782807
revocation-check none
rsakeypair TP-self-signed-2736782807
voice-card 0
dspfarm
dsp services dspfarm
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
vpn-group 1
vpn-gateway 1 https://66.111.111.111/SSLVPNphone
vpn-trustpoint 1 trustpoint cme_cert leaf
vpn-profile 1
host-id-check disable
voice class codec 1
codec preference 1 g711ulaw
voice class custom-cptone jointone
dualtone conference
frequency 600 900
cadence 300 150 300 100 300 50
voice class custom-cptone leavetone
dualtone conference
frequency 400 800
cadence 400 50 200 50 200 50
voice translation-rule 1
rule 1 /9400/ /502/
rule 2 /9405/ /215/
rule 3 /9410/ /500/
voice translation-rule 2
rule 1 /.*/ /541999999/
voice translation-rule 100
rule 1 /^9/ // type any unknown plan any isdn
voice translation-profile Inbound_Calls_To_CUE
translate called 1
voice translation-profile InternationalType
translate called 100
voice translation-profile Local-CLID
translate calling 2
license udi pid CISCO2911/K9 sn FTX1641AHX3
hw-module pvdm 0/0
hw-module pvdm 0/1
hw-module sm 1
username routeradmin password 7 091649040910450B41
username cmeadmin privilege 15 password 7 03104803040E375F5E4D5D51
redundancy
controller T1 0/0/0
cablelength long 0db
pri-group timeslots 1-12,24
class-map type inspect match-any sslvpn
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-all router-access
match access-group name router-access
policy-map type inspect firewall-policy
class type inspect sslvpn
inspect
class class-default
drop
policy-map type inspect outside-to-router-policy
class type inspect router-access
inspect
class class-default
drop
zone security trusted
zone security internet
zone-pair security trusted-to-internet source trusted destination internet
service-policy type inspect firewall-policy
zone-pair security untrusted-to-trusted source internet destination trusted
service-policy type inspect outside-to-router-policy
interface Loopback0
ip address 192.168.17.1 255.255.248.0
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description Internet
ip address dhcp
no ip redirects
no ip proxy-arp
zone-member security internet
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 192.168.8.1 255.255.248.0
duplex auto
speed auto
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
interface Serial0/0/0:23
no ip address
encapsulation hdlc
isdn switch-type primary-ni
isdn incoming-voice voice
no cdp enable
interface Integrated-Service-Engine1/0
ip unnumbered Loopback0
service-module ip address 192.168.17.2 255.255.248.0
!Application: CUE Running on NME
service-module ip default-gateway 192.168.17.1
no keepalive
interface Virtual-Template1
ip unnumbered GigabitEthernet0/0
zone-member security trusted
ip local pool SSLVPNPhone_pool 192.168.9.1 192.168.9.5
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip http path flash:/cme-gui-8.6.0
ip route 192.168.17.2 255.255.255.255 Integrated-Service-Engine1/0
ip access-list extended router-access
permit tcp any host 66.111.111.111 eq 443
tftp-server flash:apps31.9-3-1ES26.sbn
control-plane
voice-port 0/0/0:23
voice-port 0/3/0
voice-port 0/3/1
mgcp profile default
sccp local GigabitEthernet0/1
sccp ccm 192.168.8.1 identifier 1 priority 1 version 7.0
sccp
sccp ccm group 1
bind interface GigabitEthernet0/1
associate ccm 1 priority 1
associate profile 1 register CME-CONF
dspfarm profile 1 conference
codec g729br8
codec g729r8
codec g729abr8
codec g729ar8
codec g711alaw
codec g711ulaw
maximum sessions 4
associate application SCCP
dial-peer voice 500 voip
destination-pattern 5..
session protocol sipv2
session target ipv4:192.168.17.2
dtmf-relay sip-notify
codec g711ulaw
no vad
dial-peer voice 10 pots
description Incoming Calls To AA
translation-profile incoming Inbound_Calls_To_CUE
incoming called-number .
port 0/0/0:23
dial-peer voice 20 pots
description local 10 digit dialing
translation-profile outgoing Local-CLID
destination-pattern 9[2-9].........
incoming called-number .
port 0/0/0:23
forward-digits 10
dial-peer voice 30 pots
description long distance dialing
translation-profile outgoing Local-CLID
destination-pattern 91..........
incoming called-number .
port 0/0/0:23
forward-digits 11
dial-peer voice 40 pots
description 911
destination-pattern 911
port 0/0/0:23
forward-digits all
dial-peer voice 45 pots
description 9911
destination-pattern 9911
port 0/0/0:23
forward-digits 3
dial-peer voice 50 pots
description international dialing
translation-profile outgoing InternationalType
destination-pattern 9T
incoming called-number .
port 0/0/0:23
dial-peer voice 650 pots
huntstop
destination-pattern 650
fax rate disable
port 0/3/0
gatekeeper
shutdown
telephony-service
protocol mode ipv4
sdspfarm units 5
sdspfarm tag 1 CME-CONF
conference hardware
moh-file-buffer 90
no auto-reg-ephone
authentication credential cmeadmin tshbavsp$$4
max-ephones 50
max-dn 200
ip source-address 192.168.8.1 port 2000
service dnis dir-lookup
timeouts transfer-recall 30
system message Oregon's Wild Harvest
url services http://192.168.17.2/voiceview/common/login.do
url authentication http://192.168.8.1/CCMCIP/authenticate.asp
cnf-file location flash:
cnf-file perphone
load 7931 SCCP31.9-3-1SR4-1S.loads
load 7936 cmterm_7936.3-3-21-0.bin
load 7942 SCCP42.9-3-1SR4-1S.loads
load 7962 SCCP42.9-4-2-1S.loads
time-zone 5
time-format 24
voicemail 500
max-conferences 8 gain -6
call-park system application
call-forward pattern .T
moh moh.wav
web admin system name cmeadmin secret 5 $1$60ro$u.0r/cno/OD2JmtvPq4w9.
dn-webedit
transfer-digit-collect orig-call
transfer-system full-consult
transfer-pattern .T
fac standard
create cnf-files version-stamp Jan 01 2002 00:00:00
ephone-template 1
softkeys connected Hold Park Confrn Trnsfer Endcall ConfList TrnsfVM
button-layout 7931 2
ephone-template 2
softkeys idle Dnd Gpickup Pickup Mobility
softkeys connected Hold Park Confrn Mobility Trnsfer TrnsfVM
button-layout 7931 2
ephone-dn 1 dual-line
number 200
label Lisa
name Lisa Ziomkowsky
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 2 dual-line
number 201
label Dylan
name Dylan Elmer
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 3 dual-line
number 202
label Kimberly
name Kimberly Krueger
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 4 dual-line
number 203
label Randy
name Randy Buresh
mobility
snr calling-number local
snr 915035042317 delay 5 timeout 15 cfwd-noan 500
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 5 dual-line
number 204
label Mark
name Mark McBride
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 6 dual-line
number 205
label Susan
name Susan Sundin
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 7 dual-line
number 206
label Rebecca
name Rebecca Vaught
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 8 dual-line
number 207
label Ronnda
name Ronnda Daniels
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 9 dual-line
number 208
label Matthew
name Matthew Creswell
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 10 dual-line
number 209
label Nate
name Nate Couture
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 11 dual-line
number 210
label Sarah
name Sarah Smith
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 12 dual-line
number 211
label Janis
name Janis McFerren
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 13 dual-line
number 212
label Val
name Val McBride
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 14 dual-line
number 213
label Shorty
name Arlene Haugen
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 15 dual-line
number 214
label Ruta
name Ruta Wells
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 16 dual-line
number 215
label 5415489405
name OWH Sales
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 17 dual-line
number 216
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 18 dual-line
number 217
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 19 dual-line
number 218
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 20 dual-line
number 219
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 21 dual-line
number 220
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 22 dual-line
number 221
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 23 dual-line
number 222
label Pam
name Pam Buresh
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 24 dual-line
number 223
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 25 dual-line
number 224
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 26 dual-line
number 225
label Elaine
name Elaine Mahan
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 27 octo-line
number 250
label Shipping
name Shipping
ephone-dn 28 dual-line
number 251
label Eli
name Eli Nourse
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 29 dual-line
number 252
ephone-dn 30 dual-line
number 253
ephone-dn 31 octo-line
number 100
label Customer Service
name Customer Service
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 32 octo-line
number 101
label Sales
name Sales
call-forward busy 214
call-forward noan 214 timeout 12
ephone-dn 33 dual-line
number 260
label Conference Room
name Conference Room
call-forward busy 100
call-forward noan 100 timeout 12
ephone-dn 100
number 300
park-slot timeout 20 limit 2 recall
description Park Slot For All Company
ephone-dn 101
number 301
park-slot timeout 20 limit 2 recall
description Park Slot for All Company
ephone-dn 102
number 302
park-slot timeout 20 limit 2 recall
description Park Slot for All Company
ephone-dn 103
number 700
name All Company Paging
paging ip 239.1.1.10 port 2000
ephone-dn 104
number 8000...
mwi on
ephone-dn 105
number 8001...
mwi off
ephone-dn 106 octo-line
number A00
description ad-hoc conferencing
conference ad-hoc
ephone-dn 107 octo-line
number A01
description ad-hoc conferencing
conference ad-hoc
ephone-dn 108 octo-line
number A02
description ad-hoc conferencing
conference ad-hoc
ephone 1
device-security-mode none
mac-address 001F.CA34.88AE
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:2 2:31
ephone 2
device-security-mode none
mac-address 001F.CA34.8A03
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:12
ephone 3
device-security-mode none
mac-address 001F.CA34.898B
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
ephone 4
device-security-mode none
mac-address 001F.CA34.893F
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
ephone 5
device-security-mode none
mac-address 001F.CA34.8A71
ephone-template 1
max-calls-per-button 2
username "susan"
paging-dn 103
type 7931
button 1:6
ephone 6
device-security-mode none
mac-address 001F.CA34.8871
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:7 2:31 3:32
ephone 7
device-security-mode none
mac-address 001F.CA34.8998
ephone-template 1
max-calls-per-button 2
username "matthew"
paging-dn 103
type 7931
button 1:9
ephone 8
device-security-mode none
mac-address 001F.CA36.8787
ephone-template 1
max-calls-per-button 2
username "nate"
paging-dn 103
type 7931
button 1:10
ephone 9
device-security-mode none
mac-address 001F.CA34.8805
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:5
ephone 10
device-security-mode none
mac-address 001F.CA34.880C
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:14
ephone 11
device-security-mode none
mac-address 001F.CA34.8935
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:3
ephone 12
device-security-mode none
mac-address 001F.CA34.8995
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:8 2:31
ephone 13
device-security-mode none
mac-address 0021.5504.1796
ephone-template 2
max-calls-per-button 2
paging-dn 103
type 7931
button 1:4
ephone 14
device-security-mode none
mac-address 001F.CA34.88F7
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:23
ephone 15
device-security-mode none
mac-address 001F.CA34.8894
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:26
ephone 16
device-security-mode none
mac-address 001F.CA34.8869
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:28 2:27
ephone 17
device-security-mode none
mac-address 001F.CA34.885F
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:11
ephone 18
device-security-mode none
mac-address 001F.CA34.893C
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:27
ephone 19
device-security-mode none
mac-address 001F.CA34.8873
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:27
ephone 20
device-security-mode none
mac-address A456.3040.B7DD
paging-dn 103
type 7942
vpn-group 1
vpn-profile 1
button 1:13
ephone 21
device-security-mode none
mac-address A456.30BA.5474
paging-dn 103
type 7942
vpn-group 1
vpn-profile 1
button 1:15 2:16 3:32
ephone 22
device-security-mode none
mac-address A456.3040.B72E
paging-dn 103
type 7942
vpn-group 1
vpn-profile 1
button 1:1
ephone 23
device-security-mode none
mac-address 00E0.75F3.D1D9
paging-dn 103
type 7936
button 1:33
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
transport input all
scheduler allocate 20000 1000
ntp master
ntp update-calendar
ntp server 216.228.192.69
webvpn gateway sslvpn_gw
ip address 66.111.111.111 port 443
ssl encryption 3des-sha1 aes-sha1
ssl trustpoint cme_cert
inservice
webvpn context sslvpn_context
ssl encryption 3des-sha1 aes-sha1
ssl authenticate verify all
policy group SSLVPNphone
functions svc-enabled
hide-url-bar
svc address-pool "SSLVPNPhone_pool" netmask 255.255.248.0
svc default-domain "bendbroadband.com"
virtual-template 1
default-group-policy SSLVPNphone
gateway sslvpn_gw domain SSLVPNphone
authentication certificate
ca trustpoint cme_root
inservice
endI think your ACL could be the culprit.
ip access-list extended router-access
permit tcp any host 66.111.111.111 eq 443
Would you be able to change the entry to permit ip any any (just for testing purpose) and then test to see if the calls function properly. If they work fine then we know that we need to open som ports there.
Please remember to select a correct answer and rate helpful posts -
Issue with Mac OS 10.8.3 and Anyconnect VPN Client 3.1.02026
Hi all,
I am running Anyconnect VPN Client 3.1.02026 on Mac OS X 10.8.3. I am unable to connect to my corporate network as the connection fails with following error :
The VPN client was unable to successfully verify the IP forwarding table modifications. A VPN connection will not be established.
Can anyone suggest remedies. I am completely stuck. I had an older AnyConnect client and it was working until a few days back when it stopped working. I then upgraded to 3.1.02026.
As suggested in some of the pots on the web, i have disabled the following AirPort, Bonjour, Bluetooth, Adium, restarted after these changes and yet i am seeing this.
My company has corporate license for Cisco AnyConnect VPN.
TIA
kumarMartyP wrote:
Or is there a problem with both OS's writing stuff to the
~/Home/Library folder that may be incompatible?
Yes, big time. Mail, for sure, has a different file/folder structure, and would not be happy.
Plus, a number of apps (Apple and 3rd-party) are "Sandboxed." That's a security feature, to prevent malware or bad coding from affecting things it shouldn't. Some of their files, including the preferences files, aren't even stored in the same places!
Or to other places I'm not aware of?
Probably. If you have two versions of the same app, they may or may not expect the same data setup.
To have one User folder for both OS's would save a lot of drive space
Not if you use some or all of woodmeister50's suggestions.
But I'm also not sure how I'd use Time machine with such a set up.
Just as you do now. By default, Time Machine backs-up everything (except things like system work files, most caches and logs, trash) for all users and all internal drives & partitions. By default, it excludes external drives.
You can change those defaults, of course, via TM Preferences > Options.
See Time Machine - Frequently Asked Question #32 for details and considerations of multiple drives.
Presently I backup with . . . clones to other HD's
Good. Yes, clones are different. You need multiple "tasks" to back up multiple drives/partitions. But once set up, that shouldn't be a big deal. -
Trouble with Cisco Anyconnect VPN Client
Hello,
our Cisco AnyConnect VPN Client has stopped working, we are a medical office and we are attempting to connect to "clientvpn.e-mds.com" however it will not connect, the username and password we input are irrelevant it doesnt come up with a "wrong credentials" window it just erases the password and at the bottom of the window it says "Please enter your username and password". our version is 2.5.0217 does anyone know anything to try? any help would be appreciatedyou may want to try the OS X networking forums:
http://discussions.apple.com/forum.jspa?forumID=733 -
Problem using SunRay with Cisco AnyConnect VPN Client
I am using Cisco AnyConnect VPN Client Version 2.5.3046
I have a PC and a SunRay connected to my router. I use VPN to connect my SunRay and my PC to my work computer. My PC works fine, I am able to connect to the internet and also run cisco VPN to connect to my work computer. But when I try to use my SunRay, I get a window on the screen with the message:
VPN IKE Phase 1 agg I msg1This window keeps moving around on the screen. I am not able to connect my SunRay through VPN to my work computer. Any idea what could be wrong and how I can fix this?2.2 is definitely better.
On one PC, I'm fine. On another -- very similar -- it tells me it can't start the VPN even after uninstalling and re-installing and everything else I can think of, with plenty of re-boots inbetween.
Aaaaarrrrrrggggggghhhh. -
SSL VPN with client, anyconnect.
I've set up a simple test on SSL VPN with client on a 3800.
It didnt work. I assume i have to turn on the IP http server so that the client can hit it.
but when I turned it on, the client goes to SDM, nothing with ssl vpn happened. it tells me the pay is not available.
The underlying routing is fine.
Could you tell me where it is configured wrong?
Config is copied below.
thanks,
Han
=======
Current configuration : 3340 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
enable password cisco
aaa new-model
aaa authentication login default local
aaa session-id common
no network-clock-participate slot 1
crypto pki trustpoint TP-self-signed-3551041125
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3551041125
revocation-check none
rsakeypair TP-self-signed-3551041125
crypto pki certificate chain TP-self-signed-3551041125
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33353531 30343131 3235301E 170D3131 31313135 31383238
30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35353130
34313132 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CFCF CFFAD76A 50DA82C9 8D4E3F90 64AD24EB 5409C5E2 43BC64F3 07F6C0E0
29FF2D71 0DA0D897 2F814BD2 7F817503 429D4BC6 6AD6EEA4 DFA74BAD 0EAF84D5
6ED55EC0 6C637178 BEEBCD1D 184BB90C CA84E974 48003885 87B53F2E 36A04661
23DA2CBB DD8EEE1D 2F25AF9A E21DC288 BF76A17C C1F4BA07 95F09377 A12BE01A
53750203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17526F75 7465722E 776E7362 6E6F632E 696E7465 726E616C
301F0603 551D2304 18301680 14BE9E8F ED788928 560D7CA1 EED89B0D DE34D772
5D301D06 03551D0E 04160414 BE9E8FED 78892856 0D7CA1EE D89B0DDE 34D7725D
300D0609 2A864886 F70D0101 04050003 818100BC 4A2A3C47 7BF809AF 78EE0FD9
73692913 F280765E BAFAECAB ED32C38D 3030810B C62C7F45 13C8A6EE AE96A891
CDD4C78B 803299AD EB098B27 383CEF6F 0E2B811F 3ECFADBA 07CD0AC6 BBB8C5FE
B2FC0FD8 562B7100 BB28036E 4575D1F5 B17687C6 8EACBD66 A9E52FEE A030E69A
CAAE9F1B 618FA59D 02C25BC8 77D6CAC2 C7E56F
quit
dot11 syslog
ip cef
multilink bundle-name authenticated
voice-card 0
no dspfarm
username cisco1 privilege 15 secret 5 $1$L2RA$Zqs6FLce5Ns5fny5aRL49/
archive
log config
hidekeys
interface GigabitEthernet0/0
ip address dhcp
duplex auto
speed auto
media-type rj45
end
interface Loopback1
ip address 1.1.1.1 255.255.255.0
interface GigabitEthernet0/0
ip address dhcp
duplex auto
speed auto
media-type rj45
ip local pool svc-poll 1.1.1.50 1.1.1.100
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
line aux 0
line vty 0 4
scheduler allocate 20000 1000
webvpn gateway SSLVPN
ip interface GigabitEthernet0/0 port 443
ssl trustpoint local
inservice
webvpn install svc flash:/webvpn/svc.pkg
webvpn context SSLVPN
ssl authenticate verify all
policy group default
functions svc-required
svc default-domain "test.org"
svc keep-client-installed
svc split dns "primary"
default-group-policy default
gateway SSLVPN
inservice
endUsing the SDM follow the below config example
http://www.cisco.com/en/US/products/ps6496/products_configuration_example09186a008071c58b.shtml
The text "cisco 3800 ssl vpn configuration" in my favorite search engine, identified the above.
HTH> -
Cisco AnyConnect VPN client and 256 AES encryption in IE8
Hey,
We have a site that we are trying to connect to with the AnyConnect VPN client version 2.5.3055 on Windows XP SP3. As soon as we enter the site info and hit select, it says a connection was unable to be established.
I believe this has to do with the encryption, its set up with 256 bit AES. We are only able to install IE8, which on XP only supports up to 128 bit encryption, so in IE8 the page will not load. To fix that issue we installed firefox which supports 256 bit encryption. We can get to the page there, but when we go to connect to the same site VIA the VPN client it still will not connect. It will work fine on a windows 7 box with IE9 installed from the same network.
My question mainly pertains to how the AnyConnect client connects on the back end. Does it use Internet explorer's SSL layer by default? Or does it have its own? If it connects through internet explorer, is there a way to change it to firefox so it will actually be able to open up a connection?
Thank you for your answers in advance,
JohnHey Jeff,
Thanks for answering that question. Hmm, so it doesnt go through the browsers SSL layer. We have systems on the same network (same proxy, firewall, vlan, etc). All the systems with windows XP SP3 and IE8/IE7 can not connect to the VPN (they arent even able to start the connection and ask for proxy/logon info.), all the systems with windows 7 and IE9 can. Same setups on each one as far as the security policies go as well. I thought it may have to do with the 256 bit encryption that they are using.
If thats not the case, what else could be causing the problem? weve tested it on about 5 XP machines and 5 Win 7 machines, same results on each. Connects on Win 7, does not connect on Win XP.
Thanks,
John -
Sever Info:
Yosemite Server 4.0 running on a late 2009 Mac Mini with 8 GB RAM with vpnd service enabled
The server was upgraded to Yosemite - not clean install - this may not matter (see below)
Airport extreme router with standard VPN UDP ports for L2TP forwarded to server (500, 1701, 4500)
Client info:
MB Air 13" early 2014 with 8 GB RAM
Yosemite
Mavericks 10.9.5 running as a Parallels virtual machine (don't ask - I need it to run an app for work that is not yet compatible with Yosemite)
OD service is NOT running - no VPN connections ever occurred from ANY client with this service running - OD is not needed in my case fortunately
With the OD service off, I can connect via the Mavericks virtual machine just fine, but not with Yosemite. With Yosemite, the ppp connection appears to occur, but server config requests appear to fall on deaf ears (client side doesn't appear to respond) until the connection times out. Can't figure out what triggers the client response to a server config request. Client side complains about no route to host and IP addresses don't get assigned to the connection.
The connection happens successfully in an eyeblink with the Mavericks client. Same username/password/shared secret in both instances.
Tried a generated .vpnconfig from the server, this also did not work.
It's possible that it is an auth problem, but can't figure out how the process occurs or what may be going wrong. There does not seem to be an obvious way to increase the granularity of the logging such that it might give other hints - at least that I can find. I found plenty of references to VPN issues when people upgraded from Mountain Lion to Mavericks as well as work arounds for this. I tried the most promising looking of those - no love. I reverted everything back to stock install since I could at least connect with Mavericks.
If log entries would be helpful, they are included below. I've stared at them long enough - perhaps a new set of eyes can provide a hint.
In addition, I can find no documentation regarding the VPN service in Yosemite server so as to get a clue as to whether there have been changes in racoon since Mavericks.
Thanks in advance for any suggestions. I would be glad to supply any other info needed for an accurate diagnosis .
Pat
==
Regarding the Yosemite client connection in the Yosemite server VPN Service log:
2014-10-21 12:18:30 MDT
Incoming call... Address given to client = 192.168.1.228
Tue Oct 21 12:18:30 2014 : Directory Services Authentication plugin initialized
Tue Oct 21 12:18:30 2014 : Directory Services Authorization plugin initialized
Tue Oct 21 12:18:30 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:18:30 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:18:30 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:18:30 2014 : L2TP incoming call in progress from 'my.dotted.quad.address'...
Tue Oct 21 12:18:30 2014 : L2TP received SCCRQ
Tue Oct 21 12:18:30 2014 : L2TP sent SCCRP
Tue Oct 21 12:18:30 2014 : L2TP received SCCCN
Tue Oct 21 12:18:30 2014 : L2TP received ICRQ
Tue Oct 21 12:18:30 2014 : L2TP sent ICRP
Tue Oct 21 12:18:30 2014 : L2TP received ICCN
Tue Oct 21 12:18:30 2014 : L2TP connection established.
Tue Oct 21 12:18:30 2014 : using link 0
Tue Oct 21 12:18:30 2014 : Using interface ppp0
Tue Oct 21 12:18:30 2014 : Connect: ppp0 <--> socket[34:18]
Tue Oct 21 12:18:30 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:33 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:36 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:39 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:42 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:45 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:48 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:51 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:54 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:57 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:19:00 2014 : LCP: timeout sending Config-Requests
Tue Oct 21 12:19:00 2014 : Connection terminated.
Tue Oct 21 12:19:00 2014 : L2TP disconnecting...
Tue Oct 21 12:19:00 2014 : L2TP sent CDN
Tue Oct 21 12:19:00 2014 : L2TP sent StopCCN
Tue Oct 21 12:19:00 2014 : L2TP disconnected
2014-10-21 12:19:00 MDT
--> Client with address = 192.168.1.228 has hungup
==
Client side log for this connection using the Yosemite client:
Tue Oct 21 14:32:08 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 14:32:08 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 14:32:08 2014 : L2TP connecting to server 'myserver.com' (my.dotted.quad.address)...
Tue Oct 21 14:32:08 2014 : IPSec connection started
Tue Oct 21 14:32:09 2014 : IPSec connection established
Tue Oct 21 14:32:10 2014 : L2TP connection established.
Tue Oct 21 14:32:10 2014 : L2TP set port-mapping for en0, interface: 4, protocol: 0, privatePort: 0
Tue Oct 21 14:32:10 2014 : Using interface ppp0
Tue Oct 21 14:32:10 2014 : Connect: ppp0 <--> socket[34:18]
Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0, interfaceIndex: 0, Protocol: None, Private Port: 0, Public Address: 3fe4b3e8, Public Port: 0, TTL: 0.
Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0 inconsistent. is Connected: 1, Previous interface: 4, Current interface 0
Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0 initialized. is Connected: 1, Previous publicAddress: (0), Current publicAddress 3fe4b3e8
Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0 fully initialized. Flagging up
Tue Oct 21 14:32:25 2014 : write: No route to host
Tue Oct 21 14:32:25 2014 : write: Host is down
Tue Oct 21 14:32:28 2014 : write: Host is down
Tue Oct 21 14:32:28 2014 : write: Host is down
Tue Oct 21 14:32:31 2014 : write: Host is down
Tue Oct 21 14:32:31 2014 : write: Host is down
Tue Oct 21 14:32:34 2014 : write: Host is down
Tue Oct 21 14:32:34 2014 : write: Host is down
Tue Oct 21 14:32:37 2014 : write: Host is down
Tue Oct 21 14:32:37 2014 : write: Host is down
Tue Oct 21 14:32:40 2014 : LCP: timeout sending Config-Requests
Tue Oct 21 14:32:40 2014 : Connection terminated.
Tue Oct 21 14:32:40 2014 : L2TP disconnecting...
Tue Oct 21 14:32:40 2014 : L2TP error sending CDN (Host is down)
Tue Oct 21 14:32:40 2014 : L2TP clearing port-mapping for en0
Tue Oct 21 14:32:40 2014 : L2TP disconnected
==
Pertinent client side log for connection of Mavericks client to Yosemite server:
Tue Oct 21 13:29:13 2014 : Connect: ppp0 <--> socket[34:18]
Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0, interfaceIndex: 0, Protocol: None, Private Port: 0, Public Address: 3fe4b3e8, Public Port: 0, TTL: 0.
Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0 inconsistent. is Connected: 1, Previous interface: 4, Current interface 0
Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0 initialized. is Connected: 1, Previous publicAddress: (0), Current publicAddress 3fe4b3e8
Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0 fully initialized. Flagging up
Tue Oct 21 13:29:21 2014 : local IP address 192.168.1.229
Tue Oct 21 13:29:21 2014 : remote IP address 192.168.1.2
Tue Oct 21 13:29:21 2014 : primary DNS address 192.168.1.2
Tue Oct 21 13:29:21 2014 : secondary DNS address 8.8.8.8
Tue Oct 21 13:29:21 2014 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 10.0.1.38), current interface setting (name: ppp0, family: PPP, address: 192.168.1.229, subnet: 255.255.255.0, destination: 192.168.1.2).
Tue Oct 21 13:29:21 2014 : Committed PPP store
Tue Oct 21 13:29:21 2014 : Committed PPP store
Tue Oct 21 13:52:32 2014 : [DISCONNECT]
Tue Oct 21 13:52:32 2014 : Hangup (SIGHUP)
Tue Oct 21 13:52:32 2014 : Connection terminated.
Tue Oct 21 13:52:32 2014 : Connect time 23.4 minutes.
Tue Oct 21 13:52:32 2014 : Sent 2674664 bytes, received 10680854 bytes.
Tue Oct 21 13:52:32 2014 : L2TP disconnecting...
Tue Oct 21 13:52:32 2014 : L2TP clearing port-mapping for en0
Tue Oct 21 13:52:32 2014 : L2TP disconnected
==
Regarding the Mavericks client connection in the Yosemite server VPN Service log:
2014-10-21 12:09:48 MDT Incoming call... Address given to client = 192.168.1.226
Tue Oct 21 12:09:48 2014 : Directory Services Authentication plugin initialized
Tue Oct 21 12:09:48 2014 : Directory Services Authorization plugin initialized
Tue Oct 21 12:09:48 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:09:48 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:09:48 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:09:48 2014 : L2TP incoming call in progress from ‘my.dotted.quad.address’…
Tue Oct 21 12:09:48 2014 : L2TP received SCCRQ
Tue Oct 21 12:09:48 2014 : L2TP sent SCCRP
Tue Oct 21 12:09:48 2014 : L2TP received SCCCN
Tue Oct 21 12:09:48 2014 : L2TP received ICRQ
Tue Oct 21 12:09:48 2014 : L2TP sent ICRP
Tue Oct 21 12:09:49 2014 : L2TP received ICCN
Tue Oct 21 12:09:49 2014 : L2TP connection established.
Tue Oct 21 12:09:49 2014 : using link 0
Tue Oct 21 12:09:49 2014 : Using interface ppp0
Tue Oct 21 12:09:49 2014 : Connect: ppp0 <--> socket[34:18]
Tue Oct 21 12:09:49 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4bc40d9f> <pcomp> <accomp>]
Tue Oct 21 12:09:49 2014 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x71598937> <pcomp> <accomp>]
Tue Oct 21 12:09:49 2014 : lcp_reqci: returning CONFACK.
Tue Oct 21 12:09:49 2014 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x71598937> <pcomp> <accomp>]
Tue Oct 21 12:09:49 2014 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4bc40d9f> <pcomp> <accomp>]
Tue Oct 21 12:09:49 2014 : sent [LCP EchoReq id=0x0 magic=0x4bc40d9f]
Tue Oct 21 12:09:49 2014 : sent [CHAP Challenge id=0x73 <074a110a5e0620296b1937345c34090e>, name = “myserver.private”]
Tue Oct 21 12:09:49 2014 : rcvd [LCP EchoReq id=0x0 magic=0x71598937]
Tue Oct 21 12:09:49 2014 : sent [LCP EchoRep id=0x0 magic=0x4bc40d9f]
Tue Oct 21 12:09:49 2014 : rcvd [LCP EchoRep id=0x0 magic=0x71598937]
Tue Oct 21 12:09:49 2014 : rcvd [CHAP Response id=0x73 <dfed1e41e1fb8c1132387c3d7792b1880000000000000000b2b163259cbe410aae792093680ba7 a89da3b46737c0d8d200>, name = "somelocaluser"]
Tue Oct 21 12:09:54 2014 : sent [CHAP Success id=0x73 "S=00EDB07933CE697641E2263A2A76386389512329 M=Access granted"]
Tue Oct 21 12:09:54 2014 : CHAP peer authentication succeeded for somelocaluser
Tue Oct 21 12:09:54 2014 : DSAccessControl plugin: User 'somelocaluser' authorized for access
Tue Oct 21 12:09:54 2014 : sent [IPCP ConfReq id=0x1 <addr 192.168.1.2>]
Tue Oct 21 12:09:54 2014 : sent [ACSCP ConfReq id=0x1]
Tue Oct 21 12:09:54 2014 : rcvd [CHAP Response id=0x73 <dfed1e41e1fb8c1132387c3d7792b1880000000000000000b2b163259cbe410aae792093680ba7 a89da3b46737c0d8d200>, name = "somelocaluser"]
Tue Oct 21 12:09:54 2014 : sent [CHAP Success id=0x73 "S=00EDB07933CE697641E2263A2A76386389512329 M=Access granted"]
Tue Oct 21 12:09:54 2014 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Tue Oct 21 12:09:54 2014 : ipcp: returning Configure-NAK
Tue Oct 21 12:09:54 2014 : sent [IPCP ConfNak id=0x1 <addr 192.168.1.226> <ms-dns1 192.168.1.2> <ms-dns3 8.8.8.8>]
Tue Oct 21 12:09:54 2014 : rcvd [IPV6CP ConfReq id=0x1 <addr fe80::021c:42ff:febf:bf66>]
Tue Oct 21 12:09:54 2014 : Unsupported protocol 0x8057 received
Tue Oct 21 12:09:54 2014 : sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 02 1c 42 ff fe bf bf 66]
Tue Oct 21 12:09:54 2014 : rcvd [ACSCP ConfReq id=0x1 <route vers 16777216> <domain vers 16777216>]
Tue Oct 21 12:09:54 2014 : sent [ACSCP ConfRej id=0x1 <route vers 16777216>]
Tue Oct 21 12:09:54 2014 : rcvd [IPCP ConfAck id=0x1 <addr 192.168.1.2>]
Tue Oct 21 12:09:54 2014 : rcvd [ACSCP ConfAck id=0x1]
Tue Oct 21 12:09:54 2014 : rcvd [IPCP ConfReq id=0x2 <addr 192.168.1.226> <ms-dns1 192.168.1.2> <ms-dns3 8.8.8.8>]
Tue Oct 21 12:09:54 2014 : ipcp: returning Configure-ACK
Tue Oct 21 12:09:54 2014 : sent [IPCP ConfAck id=0x2 <addr 192.168.1.226> <ms-dns1 192.168.1.2> <ms-dns3 8.8.8.8>]
Tue Oct 21 12:09:54 2014 : ipcp: up
Tue Oct 21 12:09:54 2014 : found interface en0 for proxy arp
Tue Oct 21 12:09:54 2014 : local IP address 192.168.1.2
Tue Oct 21 12:09:54 2014 : remote IP address 192.168.1.226
Tue Oct 21 12:09:54 2014 : Received acsp/dhcp dictionaries
Tue Oct 21 12:09:54 2014 : Received acsp/dhcp dictionaries
Tue Oct 21 12:09:54 2014 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 192.168.1.2), current interface setting (name: ppp0, family: PPP, address: 192.168.1.2, subnet: 255.255.255.0, destination: 192.168.1.226).
Tue Oct 21 12:09:54 2014 : rcvd [ACSCP ConfReq id=0x2 <domain vers 16777216>]
Tue Oct 21 12:09:54 2014 : sent [ACSCP ConfAck id=0x2 <domain vers 16777216>]
Tue Oct 21 12:09:54 2014 : Received protocol dictionaries
Tue Oct 21 12:09:54 2014 : Committed PPP store
Tue Oct 21 12:09:54 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
<domain: name private>
<domain: name local>]
Tue Oct 21 12:09:54 2014 : rcvd [IP data <src addr 192.168.1.226> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Tue Oct 21 12:09:54 2014 : sent [IP data <src addr 192.168.1.2> <dst addr 192.168.1.226> <BOOTP Reply> <type ACK> <server id 0xc0a80102> <domain name "local">]
Tue Oct 21 12:09:57 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
<domain: name private>
<domain: name local>]
Tue Oct 21 12:10:00 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
<domain: name private>
<domain: name local>]
Tue Oct 21 12:10:03 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
<domain: name private>
<domain: name local>]
Tue Oct 21 12:10:06 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
<domain: name private>
<domain: name local>]
Tue Oct 21 12:10:09 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
<domain: name private>
<domain: name local>]
Tue Oct 21 12:10:09 2014 : rcvd [LCP TermReq id=0x2 "User request"]
Tue Oct 21 12:10:09 2014 : LCP terminated by peer (User request)
Tue Oct 21 12:10:09 2014 : ipcp: down
Tue Oct 21 12:10:09 2014 : sent [LCP TermAck id=0x2]
Tue Oct 21 12:10:09 2014 : l2tp_wait_input: Address deleted. previous interface setting (name: en0, address: 192.168.1.2), deleted interface setting (name: ppp0, family: PPP, address: 192.168.1.2, subnet: 255.255.255.0, destination: 192.168.1.226).
Tue Oct 21 12:10:09 2014 : L2TP received CDN
Tue Oct 21 12:10:09 2014 : Connection terminated.
Tue Oct 21 12:10:09 2014 : Connect time 0.4 minutes.
Tue Oct 21 12:10:09 2014 : Sent 1003 bytes, received 646 bytes.
Tue Oct 21 12:10:09 2014 : L2TP disconnecting...
Tue Oct 21 12:10:09 2014 : L2TP disconnected
2014-10-21 12:10:09 MDT --> Client with address = 192.168.1.226 has hungup1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
You may not be able to understand the script yourself. But variations of the script have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message.
Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
4. Here's a summary of what you need to do, if you choose to proceed:
☞ Copy a line of text in this window to the Clipboard.
☞ Paste into the window of another application.
☞ Wait for the test to run. It usually takes a few minutes.
☞ Paste the results, which will have been copied automatically, back into a reply on this page.
The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
5. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
Triple-click anywhere in the line of text below on this page to select it:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' com.clark.\* \*dropbox \*genieo\* \*GoogleDr\* \*k.AutoCAD\* \*k.Maya\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 "` route -n get default|awk '/e:/{print $2}' `" 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB com.apple.AirPortBaseStationAgent 464843899 51 5120 files );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { print "'${p[41]}'";if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$|'${p[41]}'/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/^root$/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1100) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { print "'${p[41]}'.plist\t'${p[42]}'";if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/{next};/%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";p="uniq -c|sed -E '"'s/ +\\([0-9]+\\)\\(.+\\)/\\\2 x\\\1/;s/x1$//'"'";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1|p;b=b$1;} END { close(p);if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|(Bo|PO).+ sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n ...and %s more line(s)\n",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' ' /^find: /d;p;' "`S0 44 45`" ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */ /;' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test osascript\ -e );c2=(com.apple.loginwindow\ LoginHook '" /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'|tr , \\\n" 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|corru|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:|suhel| VALI|xpma' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cght] ! -name .?\* ! -name \*ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '/S*/*/Ca*/*xpc* >&- ||echo No' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,Ex}* {/,}L*/{A*d,Ca*/*/Ex,Co{mpon,reM},Ex,In{p,ter},iTu*/*P,Keyb,Mail/B,Pr*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -path \\*s/Resources -prune -o -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,mach_i*/*,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' '+c0 -i4TCP:0-1023' com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' "+c0 -l|awk '{print(\$1,\$3)}'|sort|uniq -c|sort -n|tail -1|awk '{print(\$2,\$3,\$1)}'" );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents XPC\ cache Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA Descriptors );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v"|sed -E "$s";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "${s[63]}"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 0 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;D20 0 $((N1+1)) 2;D10 0 $N1 1;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 35 49 61 51;D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D23 14 1 62 42;D12 34 43 53 44;D12 22 20 32 25;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D13 37 2 48 43;D13 4 5 32 1;D13 4 3 60 5;D12 26 48 49 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D22 4 4 50 0;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
Copy the selected text to the Clipboard by pressing the key combination command-C.
8. Launch the built-in Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
exec bash
and press return. Then paste the script again.
10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return three times at the password prompt. Again, the script will still run.
If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
[Process completed]
to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report what happened. No harm will be done.
12. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed. -
I had an issue with my Cisco Anyconnect VPN not working, so uninstalled it. I've tried a new install and now I get the message "There is a newer version of the AnyConnect client installed" and it won't tell me install it at all. I've gone through various recommendations on the site included this :-
Go to "Regedit" and search for "Deterministic Networks" and delete it.
HKEY_LOCAL_MACHINE \SOFTWARE\Deterministic Networks
Search with the following keywords in the registry, under "Uninstall" or "Components" folders and delete any related entries.
Vpnapi
Vpngui
Cisco
CVPND
CVPNDRA
Ipsecdialer
Source: https://supportforums.cisco.com/message/3728011#3728011
But I've still got the same problem, and just cant find anything to help !Disable Internet Connection Sharing (ICS) and then try You can disable ICS in two ways:
Per Adapter:
Click the Start button.
Click on Control Panel.
Click on View Network Status and Tasks
Click on Change adapter settings
Right-click the shared connection and choose Properties
Click the Sharing tab
Clear the Allow other network users to connect through this computer's Internet connection checkbox
Click OK
System Wide:
Click the Start button (Windows' orb)
Type: services.msc and press ENTER
Double-Click on Internet Connection Sharing (ICS)
Change Startup Type to Disabled
Reboot the computer
You can now try reinstalling the WiscVPN client again
Maybe you are looking for
-
HT204053 I need 2 separate iCloud accounts for my kids on my device
I need to create iCloud accounts for my kids. 2 of them to be exact so that we can transfer all their games on our iPad to iCloud accounts and free up space. So far all I figured out was that I needed them to have their own apple Ida's, which they no
-
Using MBP as a DVD recorder transfering from an HDD recorder ?
I have a television and want to buy an HDD recorder. but i do not want to buy a dvd recorder also as i have this macbook pro. If i record a programme that i want to keep forever.... Is it possible to move the programme from the HDD recorder to the MB
-
Turning off music in ipod mode
This is probably stupid, but (other than shutting the iphone down) I can't figure out how to turn the music off when my ipod is playing on the phone. Thanks
-
HT201413 Why dose my iPhone cant complete the soft wear update.
i want to update my iphone 3g to 4.2 but it didnt then this poped up .(the iphone could be restord . An error occurred.(1015)). how to solve this problem. thank you
-
Hello Is it possible to have an image map or any other clickable region automatically open a mailto href? It would make a very elegant asethetic on the page and prevent me having to use a crude looking font to attach the mailto to. tia.