ASA5510: Changed destination object but traffic just will not go through
Hello
I have a fully functioning ASA5510. One of the things that go through it is OWA, presently it is routed to a particular address. I have just built a new Exchange server and I want to get OWA working. I created a new destination object, making sure that all the major details were the same as the original object, just changing the IP address only. I also did the same for the NAT. I have also done the same with the two smarthost rules.
Now when I apply the new config, OWA and external mail is affected. I can access OWA internally, and all I change is literally the destination point.
I have sat and gone through, line by line, the working and the non-working config.
Any ideas?
Thanks Walter, below then is the working config. I have removed some information from it and put the whole section of the rules that were changed in red.
: Saved
ASA Version 8.4(3)
hostname TAAS-FW-HH-01
domain-name domain.local
enable password N5MzNpZasdasdadadM.GwZSfSB encrypted
passwd 2KFQnbNIdasdasdadaI.2KYOU encrypted
names
interface Ethernet0/0
nameif WAN-HH-0
security-level 0
ip address x.x.x.243 255.255.255.240
interface Ethernet0/1
nameif WAN-HH-1
security-level 0
pppoe client vpdn group PPPoE-GROUP
ip address pppoe
interface Ethernet0/2
nameif DMZ-HH
security-level 50
ip address 10.0.1.1 255.255.255.0
interface Ethernet0/3
nameif LAN-HH
security-level 100
ip address 10.1.0.1 255.255.255.0
interface Management0/0
nameif management
security-level 100
ip address 10.1.1.1 255.255.255.0
management-only
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup WAN-HH-0
dns domain-lookup WAN-HH-1
dns domain-lookup DMZ-HH
dns domain-lookup LAN-HH
dns domain-lookup management
dns server-group DefaultDNS
name-server 10.1.0.41
domain-name domain.local
object network EXT-IP-HH4-244
host x.x.x..244
description EXT-IP-HH4-244 FOR NAT
object network RTR-HH
host x.x.x..241
description RTR-HH
object network EXT-IP-HH2-242
host x.x.x..242
description EXT-IP-HH2-242 FOR EXCHANGE SBS
object network WNAASBS
host 10.1.0.30
description WNAASBS
object network LAN-FUNDRAISING
subnet 10.3.0.0 255.255.255.0
description LAN-FUNDRAISING
object network LAN-HH
subnet 10.1.0.0 255.255.255.0
description LAN-HH
object network EXT-IP-RET
host 80.229.161.185
description EXT-IP-RET
object network LAN-RET
subnet 10.2.0.0 255.255.255.0
description LAN-RET
object network EXT-IP-COV1-130
host 213.120.84.130
description EXT-IP-COV1-130
object network LAN-COV
subnet 10.4.0.0 255.255.255.0
description LAN-COV
object network EXT-IP-DLR
host 81.130.196.105
description EXT-IP-DLR
object network LAN-DLR
subnet 10.5.0.0 255.255.255.0
description LAN-DLR
object network EXT-IP-HH5-245
host x.x.x..245
description EXT-IP-HH5-245 FOR FS
object network TAAS-FSP-HH-01
host 10.0.1.10
description TAAS-FSP-HH-01
object network EXT-IP-HH6-246
host x.x.x..246
description EXT-IP-HH6-246 FOR SSLVPN
object network EXT-IP-HH3-243
host x.x.x..243
description EXP-IP-HH3-243
object network LAN-LON
subnet 10.6.0.0 255.255.255.0
description LAN-LON
object network Supplier2-1-66.197.193.197
host 66.197.193.197
description Supplier2-1-66.197.193.197
object network Supplier2-2-92.48.99.0-mask-255.255.255.192
subnet 92.48.99.0 255.255.255.192
description Supplier2-2-92.48.99.0-mask-255.255.255.192
object network Supplier2-3-195.72.35.96-mask-255.255.255.240
subnet 195.72.35.96 255.255.255.240
description Supplier2-3-195.72.35.96-mask-255.255.255.240
object network Supplier2-4-95.154.198.192
subnet 95.154.198.192 255.255.255.192
description Supplier2-4-95.154.198.192
object network EXT-IP-HH14-254
host x.x.x..254
description EXT-IP-HH14-254
object network PANASONIC-PBX-IP
host 10.1.0.80
description PANASONIC-PBX-IP
object network SUPPLIER1-FIXED-IP
host 81.137.210.17
description SUPPLIER1-FIXED-IP
object network TAAS-DC-HH-01
host 10.1.0.16
description TAAS-DC-HH-01
object network TAAS-EX-HH-01
host 10.1.0.20
description TAAS-EX-HH-01
object network TAAS-FP-HH-01A
host 10.1.0.18
description TAAS-FP-HH-01A
object network Supplier3
subnet 10.0.0.0 255.255.0.0
description Supplier3
object network Supplier3IP
host 87.84.167.147
description Supplier3IP
object network LAN-RITM
subnet 10.71.139.0 255.255.255.0
description Translated LAN address for Supplier3
object network Supplier2_New1
subnet 5.172.153.128 255.255.255.128
description New Supplier2 5.172.153.128
object network Supplier2_New2
host 5.172.153.233
description Supplier2_New2 5.172.153.233
object network Supplier2_New3
range 5.172.153.150 5.172.153.160
description Supplier2_New3 5.172.153.150-160
object network Supplier2_New5
range 5.172.153.230 5.172.153.235
description Supplier2_New5 5.172.153.230-235
object network LAN-LF
subnet 10.177.163.0 255.255.255.0
object network TAAS-SP-APP-01
host 10.1.0.45
description Sharepoint
object network SSL-VPN
host 10.1.0.7
object network NETWORK_OBJ_10.1.0.192_26
subnet 10.1.0.192 255.255.255.192
object network LF
host 92.234.12.53
object service http
service tcp source eq www destination eq www
description http
object network 10.1.0.45
host 10.1.0.45
object network TAAS-EX-HH
host 10.1.0.31
description TAAS-EX-HH
object network 187.72.55.177
host 187.72.55.177
object network 92.51.156.106
host 92.51.156.106
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
object-group network DM_INLINE_NETWORK_2
network-object 10.0.1.0 255.255.255.0
network-object object LAN-HH
object-group network Supplier2-SMTP
description Supplier2-SMTP
network-object object Supplier2-1-66.197.193.197
network-object object Supplier2-2-92.48.99.0-mask-255.255.255.192
network-object object Supplier2-3-195.72.35.96-mask-255.255.255.240
network-object object Supplier2-4-95.154.198.192
object-group service PANASONIC-PBX tcp-udp
description PANASONIC-PBX
port-object eq 35300
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_SERVICE_1
service-object tcp-udp destination eq domain
service-object tcp destination eq www
service-object tcp destination eq https
service-object udp destination eq ntp
object-group network New_Supplier2_SMTP
description New Supplier2 Group
network-object object Supplier2_New1
network-object object Supplier2_New2
network-object object Supplier2_New3
network-object object Supplier2_New5
network-object object LF
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object udp
protocol-object tcp
group-object TCPUDP
object-group network Malicious_IP_Addresses
network-object object 187.72.55.177
network-object object 92.51.156.106
access-list WAN-HH-0_access extended permit tcp any object WNAASBS eq https log debugging
access-list WAN-HH-0_access extended permit object-group TCPUDP object SUPPLIER1-FIXED-IP object PANASONIC-PBX-IP object-group PANASONIC-PBX
access-list WAN-HH-0_access extended permit tcp any object TAAS-FSP-HH-01 eq https
access-list WAN-HH-0_access extended permit tcp object-group Supplier2-SMTP object WNAASBS eq smtp log debugging
access-list WAN-HH-0_access extended permit icmp any object-group DM_INLINE_NETWORK_2 echo-reply inactive
access-list WAN-HH-0_access extended permit tcp object-group New_Supplier2_SMTP object WNAASBS eq smtp log debugging
access-list WAN-HH-0_access extended permit tcp any object TAAS-SP-APP-01 object-group DM_INLINE_TCP_1 log
access-list WAN-HH-0_access extended permit tcp any object SSL-VPN eq https
access-list WAN-HH-0_access extended permit tcp object-group Supplier2-SMTP object TAAS-EX-HH eq smtp log debugging inactive
access-list WAN-HH-0_access extended permit tcp object-group New_Supplier2_SMTP object TAAS-EX-HH eq smtp inactive
access-list WAN-HH-0_access extended permit tcp any eq https object TAAS-EX-HH eq https log debugging inactive
(The below part is the full section of that above with the new rules. This is the only thing that is different between the two running config files)
access-list WAN-HH-0_access extended permit tcp any object WNAASBS eq https log debugging inactive
access-list WAN-HH-0_access extended permit object-group TCPUDP object SUPPLIER1-FIXED-IP object PANASONIC-PBX-IP object-group PANASONIC-PBX
access-list WAN-HH-0_access extended permit tcp any object TAAS-FSP-HH-01 eq https
access-list WAN-HH-0_access extended permit tcp object-group Supplier2-SMTP object WNAASBS eq smtp log debugging inactive
access-list WAN-HH-0_access extended permit icmp any object-group DM_INLINE_NETWORK_2 echo-reply inactive
access-list WAN-HH-0_access extended permit tcp object-group New_Supplier2_SMTP object WNAASBS eq smtp log debugging inactive
access-list WAN-HH-0_access extended permit tcp any object TAAS-SP-APP-01 object-group DM_INLINE_TCP_1 log
access-list WAN-HH-0_access extended permit tcp any object SSL-VPN eq https
access-list WAN-HH-0_access extended permit tcp object-group Supplier2-SMTP object TAAS-EX-HH eq smtp log debugging
access-list WAN-HH-0_access extended permit tcp object-group New_Supplier2_SMTP object TAAS-EX-HH eq smtp
access-list WAN-HH-0_access extended permit tcp any object TAAS-EX-HH eq https log debugging
access-list WAN-HH-0_cryptomap extended permit ip object LAN-HH object LAN-RET
access-list WAN-HH-0_cryptomap_2 extended permit ip object LAN-HH object LAN-COV
access-list WAN-HH-0_cryptomap_3 extended permit ip object LAN-HH object LAN-DLR
access-list DMZ-HH_access_in extended permit tcp object TAAS-FSP-HH-01 object TAAS-FP-HH-01A eq https
access-list DMZ-HH_access_in extended permit object-group DM_INLINE_SERVICE_1 object TAAS-FSP-HH-01 any
access-list DMZ-HH_access_in extended deny object-group DM_INLINE_PROTOCOL_1 any any inactive
access-list WAN-HH-0_cryptomap_5 extended permit ip object LAN-HH object LAN-RET
access-list WAN-HH-1_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any any log
pager lines 24
logging enable
logging asdm informational
mtu WAN-HH-0 1500
mtu WAN-HH-1 1500
mtu DMZ-HH 1500
mtu LAN-HH 1500
mtu management 1500
ip local pool VPNAddresses 10.1.0.200-10.1.0.254 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (LAN-HH,WAN-HH-0) source static LAN-HH LAN-HH destination static LAN-FUNDRAISING LAN-FUNDRAISING no-proxy-arp route-lookup
nat (LAN-HH,WAN-HH-0) source static LAN-HH LAN-HH destination static LAN-RET LAN-RET no-proxy-arp route-lookup
nat (LAN-HH,WAN-HH-0) source static LAN-HH LAN-HH destination static LAN-COV LAN-COV no-proxy-arp route-lookup
nat (LAN-HH,WAN-HH-0) source static LAN-HH LAN-HH destination static LAN-DLR LAN-DLR no-proxy-arp route-lookup
nat (LAN-HH,WAN-HH-0) source static LAN-HH LAN-HH destination static LAN-LON LAN-LON no-proxy-arp route-lookup
nat (LAN-HH,WAN-HH-0) source static LAN-HH LAN-RITM destination static Supplier3 Supplier3
nat (LAN-HH,WAN-HH-0) source static LAN-HH LAN-HH destination static LAN-LF LAN-LF
nat (LAN-HH,WAN-HH-0) source static any any destination static NETWORK_OBJ_10.1.0.192_26 NETWORK_OBJ_10.1.0.192_26 no-proxy-arp route-lookup
object network WNAASBS
nat (LAN-HH,WAN-HH-0) static EXT-IP-HH2-242
object network TAAS-FSP-HH-01
nat (DMZ-HH,WAN-HH-0) static EXT-IP-HH5-245
object network PANASONIC-PBX-IP
nat (LAN-HH,WAN-HH-0) static EXT-IP-HH14-254
object network SSL-VPN
nat (LAN-HH,WAN-HH-0) static EXT-IP-HH6-246
object network 10.1.0.45
nat (LAN-HH,WAN-HH-0) static interface service tcp www www
object network TAAS-EX-HH
nat (LAN-HH,WAN-HH-0) static EXT-IP-HH2-242
nat (DMZ-HH,WAN-HH-0) after-auto source dynamic any EXT-IP-HH5-245 dns
nat (LAN-HH,WAN-HH-0) after-auto source dynamic any interface
access-group WAN-HH-0_access in interface WAN-HH-0
access-group WAN-HH-1_access_in in interface WAN-HH-1
access-group DMZ-HH_access_in in interface DMZ-HH
route WAN-HH-0 0.0.0.0 0.0.0.0 x.x.x..241 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 10.1.1.0 255.255.255.0 management
http 10.1.0.0 255.255.255.0 LAN-HH
http 195.171.184.58 255.255.255.255 WAN-HH-0
http 10.177.163.0 255.255.255.0 LAN-HH
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map WAN-HH-0_map 1 match address WAN-HH-0_cryptomap
crypto map WAN-HH-0_map 1 set peer.110
crypto map WAN-HH-0_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map WAN-HH-0_map 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map WAN-HH-0_map 2 match address WAN-HH-0_cryptomap_2
crypto map WAN-HH-0_map 2 set pfs
crypto map WAN-HH-0_map 2 set peer.130
crypto map WAN-HH-0_map 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map WAN-HH-0_map 2 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map WAN-HH-0_map 2 set nat-t-disable
crypto map WAN-HH-0_map 4 match address WAN-HH-0_cryptomap_3
crypto map WAN-HH-0_map 4 set peer 105
crypto map WAN-HH-0_map 4 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map WAN-HH-0_map 4 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map WAN-HH-0_map 6 match address WAN-HH-0_cryptomap_5
crypto map WAN-HH-0_map 6 set peer 78.154.108.110
crypto map WAN-HH-0_map 6 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map WAN-HH-0_map 6 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map WAN-HH-0_map 6 set ikev2 pre-shared-key xxxxxxx
crypto map WAN-HH-0_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map WAN-HH-0_map interface WAN-HH-0
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate TOOK THIS OUT AS WAY TOO MUCH TEXT
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable WAN-HH-0
crypto ikev2 enable WAN-HH-1
crypto ikev1 enable WAN-HH-0
crypto ikev1 enable WAN-HH-1
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh x.x.x.58 x.255.255.255 WAN-HH-0
ssh x.x.x.x 255.255.255.255 WAN-HH-0
ssh x.x.0.0 255.255.255.0 LAN-HH
ssh timeout 5
console timeout 0
management-access LAN-HH
vpdn group PPPoE_GROUP request dialout pppoe
vpdn group PPPoE_GROUP localname login
vpdn group PPPoE_GROUP ppp authentication chap
vpdn group PPPoE-GROUP request dialout pppoe
vpdn group PPPoE-GROUP localname login
vpdn group PPPoE-GROUP ppp authentication chap
vpdn username login password password
dhcpd address xx.x.x.-x.x.x.x. management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port number-of-rate 3
threat-detection statistics protocol number-of-rate 3
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server x.x.x.x source LAN-HH prefer
ntp server 80.87.128.243 source WAN-HH-0
webvpn
enable WAN-HH-1
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 1x.x.x.x
vpn-tunnel-protocol l2tp-ipsec
default-domain value domain.local
group-policy TestIPSECTunnel internal
group-policy TestIPSECTunnel attributes
dns-server value x.x.x.x
vpn-tunnel-protocol ikev1
default-domain value x.x.uk
group-policy DfltGrpPolicy attributes
dns-server value x.x.x.x
webvpn
url-list value Links
group-policy GroupPolicy_147 internal
group-policy GroupPolicy_.147 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_105 internal
group-policy GroupPolicy_105 attributes
vpn-tunnel-protocol ikev1 ikev2
group-policy GroupPolicy_130 internal
group-policy GroupPolicy_130 attributes
vpn-tunnel-protocol ikev1 ikev2
username user password password privilege 0
username user attributes
vpn-group-policy DfltGrpPolicy
username user2 password passwordy encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool VPNAddresses
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key xxxxxxxx
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
no authentication ms-chap-v1
authentication ms-chap-v2
tunnel-group 10 type ipsec-l2l
tunnel-group110 ipsec-attributes
ikev1 pre-shared-key
ikev2 remote-authentication pre-shared-key
ikev2 local-authentication pre-shared-key
tunnel-group 147 type ipsec-l2l
tunnel-group 147 general-attributes
default-group-policy GroupPolicy_87.84.164.147
tunnel-group 147 ipsec-attributes
ikev1 pre-shared-key
ikev2 remote-authentication pre-shared-key
ikev2 local-authentication pre-shared-key
tunnel-group.130 type ipsec-l2l
tunnel-group.130 general-attributes
default-group-policy GroupPolicy_213.120.84.130
tunnel-group 130 ipsec-attributes
ikev1 pre-shared-key
ikev2 remote-authentication pre-shared-key
ikev2 local-authentication pre-shared-key
tunnel-group 105 type ipsec-l2l
tunnel-group 105 general-attributes
default-group-policy GroupPolicy_81.130.196.105
tunnel-group.105 ipsec-attributes
ikev1 pre-shared-key xxxxxxx
ikev2 remote-authentication pre-shared-key xxxxxxx
ikev2 local-authentication pre-shared-key xxxxxxx
tunnel-group TestIPSECTunnel type remote-access
tunnel-group TestIPSECTunnel general-attributes
address-pool VPNAddresses
default-group-policy TestIPSECTunnel
tunnel-group TestIPSECTunnel ipsec-attributes
ikev1 pre-shared-key xxxxxxx
tunnel-group SSLVPN type remote-access
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class class-default
user-statistics accounting
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
hpm topN enable
Cryptochecksum:994038sdgfaefg cesrtsegse55fd0239
: end
no asdm history enable
Similar Messages
-
When I import a CD to itunes, it splits the album in to multiple entries. I have changed the info on some but others just will not merge. Is there an easy way to do this and can I stop them from splitting in future? Thanks
Okay this is what fixed my problem. Some kind of error/glitch occured half-way through importing that third cd that prevented further imports from any other cd. Once I completely removed the half-imported cd album from my library I could further import cd's without any problems.
-
Trying to downlord itune my new laptop but it just will not download?
trying to downlord itune my new laptop but it just will not download?
A possible cause is security software (firewall) that blocks or restricts Firefox or the plugin-container process without informing you, possibly after detecting changes (update) to the Firefox program.
Remove all rules for Firefox from the permissions list in the firewall and let your firewall ask again for permission to get full unrestricted access to internet for Firefox and the plugin-container process and the updater process.
See:
*https://support.mozilla.org/kb/Server+not+found
*https://support.mozilla.org/kb/Firewalls
See also:
*http://kb.mozillazine.org/Browser_will_not_start_up -
Hi, I am having trouble updating my apps, I have tried one at time and all together but they just keep on whirring away and nothing happens! any ideas woud be appreciated.
Suggest you update all these apps on iTune (computer) and sync them to your iPad.
-
I'm trying to print out my list for inventory .And I got half way thru the different departments and now all it will print is everything but what I have selected.I'm using Microsoft Office Excel 2007.....UUGGH so frustrated NEED THESE FOR TOMORROW ...............HELP ..PLEASE
Hi,
Try the following to clear out the print queue.
From the Control Panel, open Administrative Tools and select Sevices. Browse down to the print spooler service, right click it and select Properties then click on the Stop button. Now browse to C:\Windows\System32\Spool\PRINTERS and delete the job inside this folder - You may need to click a prompt to gain the appropriate authority to open the PRINTERS folder.
Restart the computer and you should find the document(s) have been removed.
Regards,
DP-K
****Click the White thumb to say thanks****
****Please mark Accept As Solution if it solves your problem****
****I don't work for HP****
Microsoft MVP - Windows Experience -
I install a Itune card on my Phone But I can not use because I do not know the security answer
I phone was my Mom's and she does not know the answers either can you help reset my security questions
PleaseHi sheba15,
Welcome to the Support Communities!
If you require assistance resetting your security questions, click:
Apple ID: Contacting Apple for help with Apple ID account security
http://support.apple.com/kb/HT5699
I hope this information helps ....
Have a great day!
- Judy -
I have a Canon printer (USB), in my office. I plugged it in to the back of the Airport Router. The downstairs new MacBook Pro can print with either of my two printers upstairs with no problem. The IMac upstairs can not see the Canon printer at all. When I go to Print & Fax settings, it does not see the printer! How can I solve this?
THANKS!You will need to get on the Canon website and download the latest drivers for your printer on the iMac.
That's really about all that you can do. -
How do you re-download a purchased album on the same computer?
Downloading past purchases from the App Store, iBookstore, and iTunes Store
-
I can listen to ITunes on my ipad on a headset but they will not play through the speaker
I can play I tunes on my iPad and listen on a headset but the iPad will not play through the built in speaker
Try this - Reset the iPad by holding down on the Sleep and Home buttons at the same time for about 10-15 seconds until the Apple Logo appears - ignore the red slider - let go of the buttons. (This is equivalent to rebooting your computer.)
Check your settings. The iPads have a small switch on the right edge. It can be used as a rotation lock to keep the screen from automatically reorienting itself as you move around, but you need to have the tablet’s settings configured properly. That same switch, right above the volume buttons, can also be set to function instead as a mute button to silence certain types of audio.
If the switch is set to work as a mute button, you can change its purpose to “screen-rotation lock” by tapping the Settings icon on the home screen. On the Settings screen, tap General on the left side, and on the right side of the screen flick down to “Use Side Switch to.” Tap to select Lock Rotation or Mute to set the button’s function. Even if you set the side switch for your preferred use, you can still mute the Mini or lock the screen. Just double-click the Home button, and when the panel of apps appears along the bottom edge of the screen, flick the row from left to right with your finger. Tap the icon on the far left side of the row to either lock the iPad’s screen or mute the iPad’s alerts, notifications and sound effects. Music, podcasts and video are not muted unless you turn the volume all the way down.
iPhone: Can't hear through the receiver or speakers
http://support.apple.com/kb/ts1630
http://www.atreks.com/app-no-sound-on-ipad-4-%E2%80%93-what-to-do/
To solve some sound problems, just follow these simple steps
1. Go to Settings
2. Tap on General
3. Tap on Reset
4. Tap on Reset All Settings
Cheers, Tom -
While playing my albums in iTunes it has just started playing the first song but will not progress through the other songs on the album. Did I accidentally change setting or are other people having the same trouble? thanks
Hi there Sing Me A Song,
You may have changed the Up Next list in iTunes. Take a look at the article below for more information on the Up Next lists and how to edit it.
iTunes 12 for Mac: Play songs
-Griff W. -
How to Create a Bootable Flash Drive to do a clean install of Lion. I have tried to use the InstallESD.dmg but it still will not do a clean install so that I do not have to do a reinstall from the Recovery (That just re downloads and takes over 6 hours)?
The system I'm have is a Mac-mini that had SL on it and no SuperDrive. I have also call Apple Support and they have really have not been to much help over 1st did my up grade to Lion and Installed the Lion Server.... it lost my SSL that I paid for and kill almost on of my server setting, plus kill all my web servers (using apache vhosts), and not to say the LDAP will even let remote users login to your laptops.
PS: There is no way that I'm going to buy a Install USB from Apple... They have over billed me over $300.00 because the Apps Store still has bugs (Glad I did not write that App/Service)
If there is anyone that can give in the information to create a USB install stick, I would be very thinkful.Here you are bro, courtesy of "softpedia.com"....brilliant site!!!
If you ever had problems with your Mac OS X installation you know that the first thing you should do is to check the startup volume using Disk Utility.
After the check has ended and, if the errors exceed a certain level of seriousness, the Disk Utility application will require you to restart your Mac and use its Mac OS X Install disc counterpart.
Other users may have to reinstall OS X altogether, but will find, or already know, that their SuperDrive (a CD/DVD reader and write combo drive) is not functioning properly and it will not be able to read the Install disc.
Although this might happen to Mac OS X Leopard users due to faultyhardware, the vast majority of problematic SuperDrives will be encountered inside Snow Leopard running Macs.
This is due to the updated SuperDrive firmware included in either the Install disc or the software updates one has to install to reach the latest version of OS X, namely 10.6.6.
This can be fixed by flashing the SuperDrive’s stock firmware using free command line tools that one can find for free online (I will write about this process also, but at a later time because this article only focuses on allowing you to create your own alternative USB boot disc).
If you are reading this last bit of information with skepticism, than you should know that it happened to me too. Despite all my tries to make it work properly, the SuperDrive kept on munching any inserted DVDs and just popped them out in about twenty seconds.
The workaround to this issue was to create my own Leopard bootable USB memory stick. I am not suggesting a Snow Leopard bootable stick mainly because there are lots of users that have decided to buy the cheaper, Upgrade version, which I have not tested and, therefore, I’m not sure if it will work properly once written to a USB disk.
And now, here are the exact steps you should follow in order to obtain a fully bootable Leopard (or Lion) Install disc.
Step 1 (If you already have the Leopard install disc DMG file you can skip to Step 2)
Launch Disk Utility (you can find it inside /Applications/Utilities). Here select the Leopard Install disc in the list of drives on the left and click on the New Image menu entry at the top of the window. A save message will appear where you will have to select the Desktop as a destination.
Step 2
After Disk Utility has finished creating the Leopard DMG, insert your USB stick and erase all data and reformat the disk. To do this select the USB in the list of drives on the left and, after clicking on the Erase tab on the right side of the window, choose the Mac OS Extended (Journaled) format and click the Erase button beneath.
Step 3
After the USB has been reformatted, download the SuperDuper app from HERE and launch it. Once SuperDuper starts, you will only have to select the DMG in the Copy drop-down menu, your USB memory stick on the right and hit the “Copy Now” button.
One can also use Disk Utility for this task but creating a bootable USB stick failed 2 out 4 times when copying the DMG to the stick (with the exact same settings each time). Creating the bootable stick using SuperDuper proved to be the perfect way to do it because it worked each of the 4 times I tested it.
The steps above can also be used to create a bootable Mac OS X Lion USB by using the InstallESD.dmg image you can find inside the Lion installer (named “Install Mac OS X Lion.app”) downloaded from the Mac App Store in the /Applications folder.
To locate the InstallESD.dmg right click the Lion installer, select the “Show Package Contents” entry, go inside the “Contents” folder, and from there into the “SharedSupport” folder. Inside this folder you can find the InstallESD.dmg you can use to create your own bootable Mac OS X Lion USB stick. To do so, go to the third step described above and use the InstallESD.dmg as the DMG to be copied to your USB disc.
That’s it! Once the process ends you will have a fully bootable Leopard (or Lion) USB disk that you can use as an alternative to the Apple’s DVD Install disc that comes bundled with all Macs.
To use your newly created bootable disk you will have to restart the Mac, press and hold the OPTION key until the StartupManager appears. Here, select the Mac OS X Install disk using your keyboard arrows and press return to start from the selected drive. -
Please help.
iCloud on my iPhone still has my old email in it with no option to update it. I have no access to the old email. I updated my email and password online via my macbook, but my phone will not recognize either! It keeps popping up a screen for me to enter my password, but it says it's incorrect.
How do I fix this on my phone?????
I can't fix it online because my iCloud online (although working) does not recognize either of my devices because they need updated….which I'm not able to do due to storage issues.
I just want my phone to recognize the new email and password!!
I have no idea what I'm doing but I'm about to throw this phone across the room.
thanks!Welcome to the Apple community.
If you mean that Find My Phone is asking for a password to a different Apple ID to your current Apple ID and that ID is a previous version of your current ID, not an entirely different one.
This feature has been introduced to make stolen phones useless to those that have stolen them.
However it can also arise when the user has changed their Apple ID details with Apple and not made the same changes to their iCloud account/Find My Phone on their device before upgrading to iOS 7, or if you restore from a previous back up made before you changed your details and some other circumstances.
The only solution is to change your Apple ID back to its previous state with Apple at My Apple ID using your current password, you don’t need access to this address if it’s previously been used with your Apple ID, once you have saved these details enter the password as requested on your device and then turn off "find my phone" and delete the account from your device. It may take a short while to remove the account.
You should then change your Apple ID back to its current state, save it once again and then log back in using your current Apple ID. Finally, turn "find my phone" back on once again.
This article provides more information about Activation Lock.
This is answer is provided from my own database of boilerplate responses and the content was last reviewed and tested on: 2014/05/23
You should still be able to log into an old email account, even if you haven't used it for some time, very few providers delete email accounts. -
OK, I need to be able to have a linked TOC, and also have destinations created in FM10 that will not be lost when I 1. Save the book as a PDF; then 2. I need the PDF to be as small as possible, but without losing my destinations. Anyone know how to do that??
I had been saving as a PDF and then reducing the size of the PDF by printing it as a PDF with a degree of image compression. I write manuals with a LOT of screen captures and line art that needs to be clear. So it is a balancing act between image clarity and PDF size. The PDFs on the web need to be smaller - sure you can undertsand.
Anyway, when I print the PDF again, I lose both my destinations and bookmarks.
Anyone know of any way to avoid that?Control the images by creating a custom PDF Job Options and then selecting it in the PDF Job Options drop-down of the PDF setup dialog box (File > Save as PDF...)
Create the custom PDF Job Options file with Distiller. If you do not have Distiller, open the Printing Preferences of the Adobe PDF printer. Start with the Smallest File Size Job Options settings and Edit. -
Hi, I've just installed mavericks but my HPc4180 will not print and is showing a 'blank' page in previews can anyone help me?
A few suggestions for you:
Try:
uninstall all HP utilities or other HP apps on your Mac
see if there is updated software on the HP website
go to System Preferences > Printers & Scanners > Print
control-click on your printer in the column on the left
select "Reset Printing System..." and "reset" in the dialog that follows
Do a factory reset on your printer
go back to printers & scanners and it should see your printer and download a driver for it from Apple -
I just bought and downloaded an embroidery file but Adobe Reader will not open it. What can I do?
Is it actually a PDF file or something else.
You haven't given us enough information to do anything other than throw random guesses your way.
Version of Reader? File type? Downloaded and saved to your desktop or are you clicking a link?
Opening in browser or using File>Open in Reader?
More info is better.
Maybe you are looking for
-
Setting up airport extreme base station with Mac and PC
I have an '02 iBook with an airport card installed and an airport extreme base station. my roommate has a PC and has the DSL connection in her room. i want to wirelessly network my iBook via the airport base. how do i do this? (my base was given to m
-
Inspection lot of type 04 in "assignment" tab in Process order
Hai, How do I make the Inspection Lot that was generated based on 04 Inspection Type in the Process Order - "Assignment" tab? Thanks in advance, Sonali
-
SCOM 2012 : 1.4.1-278 Hi All, after installing on Solaris 10 - LDOMS. I noticed I was getting erroneous "Memory Information" on most servers. AvailableMemory 17592186058094 UsedMemory 18446726481523518098 After some jiggery pokery, I r
-
Standard report throws the error - 'LOAD FAILED, INTERNAL ERROR'
Hi there, When i run lead origin report or any other standard report, the error says 'LOAD FAILED, INTERNAL ERROR' as mentioned in screen shot. The same i checked in QA server too and error analysis says ''define the correct currenc
-
How to search a pattern in a file and loop
I have a csv config file: HLR, /data/hlr1.csv HLR, /data/hlr2.csv PCMR, /data/pcmr.csv XYZ, /pkg/xyz4.csv I have a shell script which will be passed a parameter. This parameter I need to lookup in the first field of the cofig file and display th