ASDM cannot access ASA5505
i have test to access the firewall of ASA5510 with ASA845-K8/asa902-k8bin + asdm-712.bin +JAVA6 / 7, is completely no problem
When i try to install a new ASA5505 existing IOS is asdm825-k8 and also asdm-712 with JAVA7 is not allow to access the firewall with ASDM
After i type in username password, it stuck on the page loading , sometimes it will come up with cannnot to the device something like that.
telnet and SSH is no problem, i still can download the IOS with TFTP.
Anyone have the idea of it? if that is the java problem, is difficult to find the older java to downgrade.
I think may be the java problem, because i just to connect with wrong ip and password, it also stuck in this page.
I can't show the last two command, i choose to show all of them
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.03.23 08:51:15 =~=~=~=~=~=~=~=~=~=~=~=
ter
ASA5505# terminal len 0
^
ERROR: % Invalid input detected at '^' marker.
ASA5505# terminal len 0 ?
monitor Syslog monitor
no Turn off syslogging to this terminal
pager Control page length for pagination. The page length set here is not
saved to configuration.
ASA5505# terminal sh run asdm
asdm image disk0:/asdm-645.bin
no asdm history enable
ASA5505# sh run http
http server enable 444
http 192.168.18.0 255.255.255.0 LAN
http 0.0.0.0 0.0.0.0 internet
ASA5505# sh flash | i.bin
^
ERROR: % Invalid input detected at '^' marker.
ASA5505# sh flash | i.bin i.bin
^
ERROR: % Invalid input detected at '^' marker.
ASA5505# sh a run all |i ssl_encryption
^
ERROR: % Invalid input detected at '^' marker.
ASA5505# sh run
: Saved
ASA Version 8.2(5)
hostname ASA5505
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
switchport access vlan 2
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
<--- More --->
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
nameif internet
security-level 0
ip address 10X.247.161.XXX 255.255.255.252
interface Vlan2
nameif LAN
security-level 100
ip address 192.168.18.254 255.255.255.0
ftp mode passive
object-group network Web_server
object-group network Nat
object-group network pop3
object-group network smtp
object-group service 5900
object-group service 8443
<--- More --->
object-group network 8443_168
object-group network SSH
object-group network 5900_168
object-group service DM_INLINE_TCP_1 tcp
port-object eq pop3
port-object eq smtp
object-group service DM_INLINE_SERVICE_1
access-list Internet_access_in extended deny ip any any
access-list Lan_access_in extended permit ip 192.168.18.0 255.255.255.0 any
access-list Lan_access_in extended deny ip any any
pager lines 24
mtu internet 1500
mtu LAN 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
access-group Lan_access_in in interface LAN
route internet 0.0.0.0 0.0.0.0 124.244.208.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
<--- More --->
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable 444
http 192.168.18.0 255.255.255.0 LAN
http 0.0.0.0 0.0.0.0 internet
no snmp-server location
no snmp-server contact
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 internet
ssh 192.168.18.0 255.255.255.0 LAN
ssh timeout 5
console timeout 0
management-access LAN
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username cisco password 3USUcOPFUiMCO4Jk encrypted
<--- More --->
username itadmin password M5SKGxQcWvugHZqs encrypted
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
<--- More --->
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:5f4fd23c149351a064901cafe5b059d7
: end
ASA5505#
Similar Messages
-
Cannot access ASA5510 for first time config ASDM or PING
Hi
I have a fresh out the box asa5510 with 8.4 on it.
I have built these before but for some reason cannot get this one to work. I am consoled on, have applied the following config but can still not ping to or from, can not asdm, cannot http/s. Arp table shows device it tries to ping, but device trying to pping it has incomplete arp entry.
I am really stumped, does anyone have any idea?
Please also see attached diagram for topology.
Thanks in advance
ciscoasa(config)# show run
: Saved
ASA Version 8.4(4)1
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/1
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 0
ip address 10.90.255.99 255.255.255.128
ftp mode passive
access-list MANAGEMENT extended permit ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0
access-list MANAGEMENT extended permit icmp 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0
access-list MANAGEMENT extended deny ip any any
pager lines 24
logging enable
logging console debugging
logging buffered warnings
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any management
no asdm history enable
arp timeout 14400
route management 0.0.0.0 0.0.0.0 10.90.255.126 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 0.0.0.0 0.0.0.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:79dc4cfc6161dcbd01a016ad9a2a2ca5
: end
%ASA-7-111009: User 'enable_15' executed cmd: show running-config
ciscoasa(config)#Hi,
In this configuration:
interface Management0/0
nameif management
security-level 0
ip address 10.90.255.99 255.255.255.128
access-list MANAGEMENT extended permit ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0 // ACE1
access-list MANAGEMENT extended permit icmp 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0 // ACE2
access-list MANAGEMENT extended deny ip any any // ACE3
In ACE1 the network 10.0.0.0/8 in the destination is not in the same network with 10.90.255.0/25 (MGMT interface)
Can you try these ACEs:
access-list MANAGEMENT extended permit ip 10.0.0.0 255.0.0.0 10.90.255.0 255.255.255.128
access-list MANAGEMENT extended permit icmp 10.0.0.0 255.0.0.0 10.90.255.0 255.255.255.128
access-list MANAGEMENT extended deny ip any any
I agree with Jouni, in first time use a PC directly to the MGMT interface.
and use the clear arp command to clear the ARP cache
Best regards -
Why cannot access to ASDM?
Hi, I am having a serious problem, because I have configured all steps to connect ASDM via web browser, but I cannot access ASDM for some unknow reason.
I have this configuration but cannot access:
http server enabled,
http 0.0.0.0 0.0.0.0 inside
asdm image disk0:/asdm-524.bin
asdm history enabled
aaa authentication http console LOCAL
I will appreciate your help!!!Hello
Can you please share the Sh ver output.
If not possible then please check by you own.
In Sh Ver output check the status of
VPN-3DES-AES --- if dissabled then
To enable this you need a lic. file , that can be downloaded from below link
https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet
Afer lic. installation enter the following command.
-ssl encryption aes256-sha1 aes128-sha1 3des-sha1
Thanks -
ASA 5505 Static hosts cannot access outside
I'm replacing an old PIX with a second hand ASA firewall.
I have configured the ASA in a very similar manner to how the PIX was set up but I'm having trouble with some hosts on the inside accessing the Internet. Any inside hosts which use DHCP work fine. Any inside hosts with a static IP (and configured on the ASA with a "static" rule) cannot access the Internet. For example, in the config below the server daviker-dialler cannot access the Internet.
I've spent a few days working on this now and have started from scratch several times but I'm not getting anywhere.
Apologies for all the X's everywhere, didn't like to post anything sensitive on the Internet. If I've obscured something pertinent let me know.
Any advice would be greatly appreciated! Thanks.
: Saved
ASA Version 7.2(3)
hostname fw-1
domain-name XXXX
enable password XXXX encrypted
names
name 92.X.X.61 bb-office
name 92.X.X.128 gl-office
name 10.0.0.117 daviker-dialler_in
name 77.X.X.117 daviker-dialler_out
name 10.0.0.112 data-2_in
name 77.X.X.112 data-2_out
name 10.0.0.81 corp-1_in
name 77.X.X.81 corp-1_out
name 10.0.0.111 data-1_in
name 77.X.X.210 user_75
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 77.X.X.66 255.255.255.192
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
passwd XXXX encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name XXXX
access-list inbound extended permit tcp host bb-office host daviker-dialler_out eq 5900
access-list inbound extended permit tcp host bb-office host daviker-dialler_out eq 4040
access-list inbound extended permit tcp host bb-office host daviker-dialler_out eq 9876
access-list inbound extended permit tcp host bb-office host daviker-dialler_out eq sip
access-list inbound extended permit tcp host bb-office host daviker-dialler_out eq www
access-list inbound extended permit tcp host bb-office host daviker-dialler_out eq https
access-list inbound extended permit udp host bb-office host daviker-dialler_out eq sip
access-list inbound extended permit tcp host bb-office host daviker-dialler_out eq 1433
access-list inbound extended permit udp host bb-office host daviker-dialler_out eq netbios-ns
access-list inbound extended permit udp host bb-office host daviker-dialler_out eq netbios-dgm
access-list inbound extended permit tcp host bb-office host daviker-dialler_out eq netbios-ssn
access-list inbound extended permit tcp host bb-office host daviker-dialler_out eq 445
access-list inbound extended permit tcp host gl-office host daviker-dialler_out eq 4040
access-list inbound extended permit tcp host gl-office host daviker-dialler_out eq 9876
access-list inbound extended permit tcp host gl-office host daviker-dialler_out eq sip
access-list inbound extended permit tcp host gl-office host daviker-dialler_out eq www
access-list inbound extended permit tcp host gl-office host daviker-dialler_out eq https
access-list inbound extended permit udp host gl-office host daviker-dialler_out eq sip
access-list inbound extended permit tcp host gl-office host daviker-dialler_out eq 1433
access-list inbound extended permit udp host gl-office host daviker-dialler_out eq netbios-ns
access-list inbound extended permit udp host gl-office host daviker-dialler_out eq netbios-dgm
access-list inbound extended permit tcp host gl-office host daviker-dialler_out eq netbios-ssn
access-list inbound extended permit tcp host gl-office host daviker-dialler_out eq 445
access-list inbound extended permit tcp host gl-office host daviker-dialler_out eq 5900
access-list inbound extended permit tcp any host data-2_out eq ssh
access-list inbound extended permit tcp any host corp-1_out eq ssh
access-list inbound extended permit tcp any host corp-1_out eq www
access-list inbound extended permit tcp any host corp-1_out eq pop3
access-list inbound extended permit tcp any host corp-1_out eq imap4
access-list inbound extended permit tcp any host corp-1_out eq smtp
access-list inbound extended permit tcp any host corp-1_out eq 995
access-list inbound extended permit tcp any host corp-1_out eq 465
access-list inbound extended permit tcp any host corp-1_out eq 993
access-list inbound extended permit tcp any host corp-1_out eq 8008
access-list inbound extended permit udp 77.X.X.64 255.255.255.192 host 77.X.X.113 eq netbios-ns
access-list inbound extended permit udp 77.X.X.64 255.255.255.192 host 77.X.X.113 eq netbios-dgm
access-list inbound extended permit tcp 77.X.X.64 255.255.255.192 host 77.X.X.113 eq netbios-ssn
access-list inbound extended permit tcp 77.X.X.64 255.255.255.192 host 77.X.X.113 eq 445
access-list inbound extended permit udp any host 77.X.X.113 eq netbios-ns
access-list inbound extended permit udp any host 77.X.X.113 eq netbios-dgm
access-list inbound extended permit tcp any host 77.X.X.113 eq netbios-ssn
access-list inbound extended permit tcp any host 77.X.X.113 eq 445
access-list inbound extended permit tcp host bb-office host data-2_out eq 5901
access-list inbound extended permit tcp host bb-office host data-2_out eq 3690
access-list inbound extended permit tcp host bb-office host data-2_out eq www
access-list inbound extended permit tcp host bb-office host daviker-dialler_out eq 3389
access-list inbound extended permit tcp host 2.X.X.18 host data-2_out eq 3306
access-list inbound extended permit tcp any host data-2_out eq 3306
access-list inbound extended permit tcp host 212.X.X.7 host daviker-dialler_out eq 5900
access-list inbound extended permit tcp host bb-office host data-2_out eq 3306
access-list inbound extended permit tcp host user_75 host daviker-dialler_out eq 1433
access-list inbound extended permit tcp host user_75 host daviker-dialler_out eq 5900
access-list inbound extended permit tcp host user_75 host data-2_out eq 3690
access-list inbound extended permit tcp host user_75 host data-2_out eq www
access-list inbound extended permit tcp host user_75 host data-2_out eq 3306
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) daviker-dialler_out daviker-dialler_in netmask 255.255.255.255
static (inside,outside) corp-1_out corp-1_in netmask 255.255.255.255
static (inside,outside) data-2_out data-2_in netmask 255.255.255.255
static (inside,outside) 77.X.X.113 data-1_in netmask 255.255.255.255
access-group inbound in interface outside
route outside 0.0.0.0 0.0.0.0 77.X.X.65 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
http server enable
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
console timeout 0
dhcpd dns 77.X.X.91 8.8.8.8
dhcpd domain cagltd.net
dhcpd auto_config outside
dhcpd address 10.0.0.20-10.0.0.40 inside
dhcpd enable inside
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
username matt password XXXX encrypted
prompt hostname context
Cryptochecksum:00af76f23831b8c828fc6677c9069072
: endHi Jouni,
Thanks for the info.
I didn't have icmp traffic allowed, so I knew ping wouldn't be working. I was testing using http.
I have enabled icmp and dhcp clients can ping outside. Static nat clients can't ping outside. Static clients also cannot use outbound http.
As suggested, I have run some packet traces.
From a static nat client on the ASA:
fw-1# packet-tracer input inside tcp 10.0.0.81 80 173.203.209.67 80
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: NAT
Subtype:
Result: ALLOW
Config:
static (inside,outside) corp-1_out corp-1_in netmask 255.255.255.255
match ip inside host corp-1_in outside any
static translation to corp-1_out
translate_hits = 668, untranslate_hits = 2
Additional Information:
Static translate corp-1_in/0 to corp-1_out/0 using netmask 255.255.255.255
Phase: 6
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (inside,outside) corp-1_out corp-1_in netmask 255.255.255.255
match ip inside host corp-1_in outside any
static translation to corp-1_out
translate_hits = 668, untranslate_hits = 2
Additional Information:
Phase: 7
Type: HOST-LIMIT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 1759, packet dispatched to next module
Phase: 10
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 77.X.X.65 using egress ifc outside
adjacency Active
next-hop mac address 0017.0f13.5000 hits 1
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow
This looks fine to me, but as I say, an outbound tcp port 80 connection from the actual machine on 10.0.0.81 fails.
Here is a similar trace from a dhcp client to the same destination:
fw-1# packet-tracer input inside tcp 10.0.0.20 80 173.203.209.67 80
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 3
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 4
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any outside any
dynamic translation to pool 1 (77.74.111.66 [Interface PAT])
translate_hits = 990, untranslate_hits = 226
Additional Information:
Dynamic translate 10.0.0.20/80 to 77.74.111.66/1 using netmask 255.255.255.255
Phase: 5
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any inside any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
Additional Information:
Phase: 6
Type: HOST-LIMIT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 1771, packet dispatched to next module
Phase: 9
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 77.X.X.65 using egress ifc outside
adjacency Active
next-hop mac address 0017.0f13.5000 hits 5
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow
I can see the difference in the NAT translation section. A real outbound tcp port 80 connection from the actual machine on 10.0.0.20 works fine.
Finally, for the sake of comparison, I ran a similar packet trace using a static nat IP on the old PIX firewall:
old-fw-1# packet-tracer input inside tcp 10.0.0.117 80 173.203.209.67 80
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect http
service-policy global_policy global
Additional Information:
Phase: 6
Type: NAT
Subtype:
Result: ALLOW
Config:
static (inside,outside) daviker-dialler_out daviker-dialler_in netmask 255.255.255.255
nat-control
match ip inside host daviker-dialler_in outside any
static translation to daviker-dialler_out
translate_hits = 17132, untranslate_hits = 1277850
Additional Information:
Static translate daviker-dialler_in/0 to daviker-dialler_out/0 using netmask 255.255.255.255
Phase: 7
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (inside,outside) daviker-dialler_out daviker-dialler_in netmask 255.255.255.255
nat-control
match ip inside host daviker-dialler_in outside any
static translation to daviker-dialler_out
translate_hits = 17132, untranslate_hits = 1277850
Additional Information:
Phase: 8
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 1006075, packet dispatched to next module
Phase: 10
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 78.X.X.69 using egress ifc outside
adjacency Active
next-hop mac address 0017.0f13.5000 hits 572133
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow
Outbound traffic from static nat hosts on the old PIX firewall works fine. One glaring difference is that the PIX is inspecting http traffic, but surely this is a red herring. Another difference is that the old and new firewalls have different gateways / default routes & different outside IP addresses. As the new ASA firewall (and its dhcp hosts) can talk to the outside world quite happily I don't think this is relevant.
I wondered whether it might be down to the difference in the inside (255.255.255.0) and outside (255.255.255.192) subnets. The set up is the same on the PIX, but I wondered whether some other line of config might be required on the ASA to handle it. I adjusted the subnet of the inside interface on the ASA to match the outside one (both 255.255.255.192) but it didn't make any difference.
So I'm puzzled! -
Cisco ASA 5505 L2TP VPN cannot access internal network
Hi,
I'm trying to configure Cisco L2TP VPN to my office. After successful connection I cannot access to internal network.
Can you jhelp me to find out the issue?
I have Cisco ASA:
inside network - 192.168.1.0
VPN network - 192.168.168.0
I have router 192.168.1.2 and I cannot ping or get access to this router.
Here is my config:
ASA Version 8.4(3)
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 198.X.X.A 255.255.255.248
ftp mode passive
same-security-traffic permit intra-interface
object network net-all
subnet 0.0.0.0 0.0.0.0
object network vpn_local
subnet 192.168.168.0 255.255.255.0
object network inside_nw
subnet 192.168.1.0 255.255.255.0
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended deny ip any any log
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool sales_addresses 192.168.168.1-192.168.168.254
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic net-all interface
nat (inside,outside) source static inside_nw inside_nw destination static vpn_local vpn_local
nat (outside,inside) source static vpn_local vpn_local destination static inside_nw inside_nw route-lookup
object network vpn_local
nat (outside,outside) dynamic interface
object network inside_nw
nat (inside,outside) dynamic interface
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 198.X.X.B 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set my-transform-set-ikev1 esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set my-transform-set-ikev1 mode transport
crypto dynamic-map dyno 10 set ikev1 transform-set my-transform-set-ikev1
crypto map vpn 20 ipsec-isakmp dynamic dyno
crypto map vpn interface outside
crypto isakmp nat-traversal 3600
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 30
console timeout 0
management-access inside
dhcpd address 192.168.1.5-192.168.1.132 inside
dhcpd dns 75.75.75.75 76.76.76.76 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy sales_policy internal
group-policy sales_policy attributes
dns-server value 75.75.75.75 76.76.76.76
vpn-tunnel-protocol l2tp-ipsec
username ----------
username ----------
tunnel-group DefaultRAGroup general-attributes
address-pool sales_addresses
default-group-policy sales_policy
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:5d1fc9409c87ecdc1e06f06980de6c13
: end
Thanks for your help.You have to test it with "real" traffic to 192.168.1.2 and if you use ping, you have to add icmp-inspection:
policy-map global_policy
class inspection_default
inspect icmp
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
Cannot access internal LAN after VPN connect
I know this is either an ACL or NAT issue that I cannot figure out. The nat-t config in defaulted in the IOS config for the ASA. I actually forgot the command to show the hidden default config lines. Either way, can someone take a look at my config, and let me know what I am doing wrong, again.
Thanks ahead of time.
ASA Version 8.2(2)
hostname ciscousa
enable password
names
interface Vlan1
nameif inside
security-level 100
ip address 1.1.1.2 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 14.14.11.5 255.255.255.0
interface Vlan3
shutdown
no forward interface Vlan2
nameif dmz
security-level 50
ip address dhcp
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
speed 100
duplex full
ftp mode passive
same-security-traffic permit intra-interface
access-list outside_in extended permit icmp any any
access-list inside_nat0 extended permit ip any 1.1.1.0 255.255.255.0
access-list inside_nat0 extended permit ip any 10.12.27.0 255.255.255.0
access-list split_tunnel standard permit 1.1.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool vpnpool 10.12.27.100-10.12.27.120 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0
nat (inside) 1 0.0.0.0 0.0.0.0
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 14.14.11.6 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 1.1.1.0 255.255.255.0 inside
http 1.1.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map inet-1_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map inet-1_map 65535 ipsec-isakmp dynamic inet-1_dyn_map
crypto map inet-1_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy vpnipsec internal
group-policy vpnipsec attributes
wins-server value 1.1.1.16
dns-server value 1.1.1.16
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunnel
default-domain value company.com
tunnel-group vpnipsec type remote-access
tunnel-group vpnipsec general-attributes
address-pool vpnpool
default-group-policy vpnipsec
tunnel-group vpnipsec ipsec-attributes
pre-shared-key *****
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512Hello,
I have been trying to get this to work within the last week but to no avail. I changed my config altogether and started from scratch. I have Split Tunnel working well, and I can access the VPN client from the internal LAN. But I still cannot access the internal LAN from the VPN client host. Can anyone take a look at my config and tell me what ACL\Access Group I am missing. I know I am close but I cannot get over the hump.
Thanks!
ASA Version 8.2(2)
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.2 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address xxx.xxx.xxx.xxx 255.255.255.0
interface Vlan3
shutdown
no forward interface Vlan2
nameif dmz
security-level 50
ip address dhcp
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
speed 100
duplex full
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 3
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_in extended permit icmp any any
access-list outside_in_vpn extended permit ip 192.168.3.0 255.255.255.0 any
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 192.168.0.0 255.255.0.0
access-list split_tunnel standard permit 192.168.0.0 255.255.0.0
access-list split_tunnel standard permit 192.168.1.0 255.255.255.0
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit ip any any
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool ipvpn 192.168.3.100-192.168.3.200 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
access-group outside_in in interface outside control-plane
access-group outside_in_vpn in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map internet-1_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHAESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map internet-1_map 65535 ipsec-isakmp dynamic internet-1_dyn_map
crypto map internet-1_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto isakmp identity address
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DfltGrpPolicy attributes
group-policy vpnipsec internal
group-policy vpnipsec attributes
wins-server value 192.168.1.5
dns-server value 192.168.1.5
split-tunnel-policy tunnelall
split-tunnel-network-list value split_tunnel
default-domain value company.com
tunnel-group vpnipsec type remote-access
tunnel-group vpnipsec general-attributes
address-pool ipvpn
default-group-policy vpnipsec
tunnel-group vpnipsec ipsec-attributes
pre-shared-key *
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
prompt hostname context
Cryptochecksum:7e41045c9d7c66ac2c03c3b12ae63908 -
Good morning.
ASDM cannot be loaded. Click OK to exit ASDM. Server returned HTTP response code: 503 for URL:
https://x.x.x.x/admin/exec/show+version/show+curpriv/perfmon+interval
Has anyone received this error before? I'm attempting to access the ASDM externally (where x.x.x.x is the external IP). I was able to access 3 days ago just fine. So far the only articles I've found suggest a reboot, but I would rather not do this if it can be helped.
ASA Version 8.2(1) - I think the ASDM version is 6.2Hello,
I've found a couple of similar issue where a reload solved the problems as well. One of these was about the ASDM as well as SSH where a reload resolved the problem.
However, upgrading ASDM may also be a solution. Do you have access to a new ASDM version download from Cisco.com?
http://www.cisco.com/cisco/software/type.html?mdfid=279916854&flowid=4818
Hope this helps!
Joey -
When i login with microsoft account cannot access with administrative share c$
i have a problem when i login to windows with microsoft account cannot access any network computer with administrative sharing c$,d$ with windows 8.1
but when i login with local account can access
and some people tell me create key in regedit t fix it
after enter user name and password show this error
and i apply your instruction and not fix until now
note:
my Machine windows 8.1 if another machine in network windows 7 can access a hidden share if machine in network windows 8.1 show this message in image 2
but if i login with local user can i access all machine hidden share network windows 7 and 8.1yes this computer i want to access name poland2-work and have two users
first :administrator
second : poland 2 -
Cannot access my Iphone 3gs after upgrading to 5.01
Hi,
I bought an unlocked Iphone 16BG 3Gs from eBay. I used it for a week
TillI connected my Iphone to ITunes and they notify me I needed to upgrade my
Software and I accept.
That was the mistake I made as it upgraded to 5.01 and I cannot access
myphone. When I put on my phone I am getting the activation screen. I try completing the activation but with no success. When I connect my phone to USB and start Itunes I am getting error message
"There is no Sim card installed in the Iphone your are attempting to
activate"
I tired the following with no success.
Itried downgrading from 5.01 to 4.33 by downloading firmware from google. Holding shift button and clicking restore onITunes, selecting the firmware but I am getting error message" Iphone“Iphone” could not be restored. An unknown error occurred (3194)
I also tried using RedSn0w program and Tiny Umbrella and no luck at all.
Please help.
Thanksyou,
Charles.Is the SIM that is installed from the carrier the device is locked to?
Was the device hacked or jailbroken? Possibly to unlock the device? -
Hi. I am using a time capsule for few PC s. I have made 5 different account to access time capsule. but in windows when I enter account name and password for one account, i cannot access other accounts, because windows saves username. how can i prevent this from happenning. I really need to access all my accounts and dont want it to save automaticlly.
Why have 5 accounts if you need to access all of them.. just have one account?
Sorry I cannot follow why you would even use the PC to control the Time Capsule. Apple have not kept the Windows version of the utility up to date.. so they keep making it harder and harder to run windows with apple routers. -
I copied a lot of photos from an iphone to a DVD using a Windows 7 laptop, now I cannot access those photos on the DVD. HELP! In Windows Exlporer I can see the data on the disk in the details but when I click on it nothing appears as if there is nothing on it.
It should. So they aren't shown in the Last Import smart album, right? Try the following:
1 - launch iPhoto with the Command+Option keys held down and rebuild the library.
2 - Run Option #4, Rebuild Database, followed by Option #1 if needed.
OT -
Access to SSO login when client cannot access port 7777
We have a situation in which some of our users are behind internet firewalls that only allow access to port 80.
I already have the middle tier/portal using port 80 but SSO is using 7777. Is there an easy way to make sign on available via port 80?
IMPORTANT: Both infrastructue and middle tier on are the same windows server.
Thanks.
Message was edited by:
swassocHi Doung,
I tried you method and after failed some times i found out;
inside the dads.conf
database string : localhost: 1521:ORCL ....
but when you want to loggin on your web browse, you cannot use 1521.
you need to use 7777
http://localhost:7777/pls/apex
it worked!
But I cannot access the admin page as what the manual said use the same method:
http://localhost:7777/pls/apex_admin
It said the page was not found???????????????
And I don't know how to login to the apex.
I typed in I think the right infromation:
workspace: orcl
user name: ADMIN
password: oracle( and I know it is right)
but I cannot login.
Andy idea? -
Hi,
starting a couple of weeks ago, we get the following error(s) when running applications from a network share. We don't know what causes this, we are not aware of any major changes in our network infrastructure or client/Server configuration. We did upgrade
a lot of machines to Windows 8, but the issue also occurs on older Win7 computers.
We figured out a workaround though: The applications run fine when launching from a FQDN share (like
\\share.domain.Company.com) and only cause problems when running from
\\share directly. They have worked fine for years without FQDN though.
Any ideas?
Error Details (the Kind of error differs greatly):
# 1 #
Log Name: Application
Source: Application Error
Date: ...
Event ID: 1005
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: vmDEV
Description:
Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program XYZ
because of this error.
Program: XYZ
File:
The error value is listed in the Additional Data section.
User Action
1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again.
2. If the file still cannot be accessed and
- It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance.
Additional data
Error value: C000020C [ also seen with code C00000C4]
#2 (German error Messages from now on, we only use German OSes, the above english one is translated based on similar error Messages I found on the web) #
Name der fehlerhaften Anwendung: XYZ.exe, Version: 2015.0.496.5054, Zeitstempel: 0x54ea67c3
Name des fehlerhaften Moduls: clr.dll, Version: 4.0.30319.34014, Zeitstempel: 0x52e0b784
Ausnahmecode: 0xc0000006
Fehleroffset: 0x00026549
ID des fehlerhaften Prozesses: 0x13ac
Startzeit der fehlerhaften Anwendung: 0x01d055a854d36445
Pfad der fehlerhaften Anwendung: \\share\application.exe
Pfad des fehlerhaften Moduls: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
Berichtskennung: 949ea933-c19b-11e4-bf04-78542e186754
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Anwendung: XYZ.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000006, Ausnahmeadresse 720B6549
Stapel:
# 3 #
Anwendung: WpfApp.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.SEHException
Stapel:
bei SP.Forms.AutoCompleteSelectionBase.OnEnter(System.EventArgs)
bei System.Windows.Forms.Control.NotifyEnter()
bei System.Windows.Forms.ContainerControl.UpdateFocusedControl()
# 4 #
Anwendung: WpfApp.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.SEHException
Stapel:
bei System.IO.UnmanagedMemoryStream.ReadByte()
bei System.IO.BinaryReader.ReadByte()
bei System.IO.BinaryReader.Read7BitEncodedInt()
bei System.Resources.ResourceReader._LoadObjectV2(Int32, System.Resources.ResourceTypeCode ByRef)
bei System.Resources.ResourceReader.LoadObjectV2(Int32, System.Resources.ResourceTypeCode ByRef)
bei System.Resources.ResourceReader.LoadObject(Int32, System.Resources.ResourceTypeCode ByRef)
bei System.Resources.RuntimeResourceSet.GetObject(System.String, Boolean, Boolean)
bei System.Resources.RuntimeResourceSet.GetObject(System.String, Boolean)
bei System.Resources.ResourceManager.GetObject(System.String, System.Globalization.CultureInfo, Boolean)
bei System.Resources.ResourceManager.GetStream(System.String, System.Globalization.CultureInfo)
# 5 #
Anwendung: WpfApp.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.SEHException
Stapel:
bei System.Reflection.RuntimeParameterInfo.get_Name()
bei System.Diagnostics.StackTrace.ToString(TraceFormat)
bei System.Environment.GetStackTrace(System.Exception, Boolean)
bei System.Exception.GetStackTrace(Boolean)
bei System.Exception.ToString(Boolean, Boolean)
bei System.Exception.ToString(Boolean, Boolean)
bei System.Exception.ToString(Boolean, Boolean)
bei System.Exception.ToString()
# 6 #
Name der fehlerhaften Anwendung: XYZ.exe, Version: 2015.0.496.5054, Zeitstempel: 0x54ea834f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb460
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00012f71
ID des fehlerhaften Prozesses: 0xa68
Startzeit der fehlerhaften Anwendung: 0x01d0559cb7ec4ed6
Pfad der fehlerhaften Anwendung: \\share\XYZ.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
Berichtskennung: 010514d0-c190-11e4-bf04-78542e186754
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
# 7 #
Name der fehlerhaften Anwendung: XYZ.exe, Version: 2015.0.496.5054, Zeitstempel: 0x54ea7a6e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000006
Fehleroffset: 0x0006db27
ID des fehlerhaften Prozesses: 0x18dc
Startzeit der fehlerhaften Anwendung: 0x01d0559cb08529c3
Pfad der fehlerhaften Anwendung: \\share\xyz.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: ef389186-c18f-11e4-bf04-78542e186754
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:Hi,
>>The applications run fine when launching from a FQDN share
It sounds like a DNS suffix issue. When this issue occurs, please try to ping share on the client, then check if the corresponding IP address is correct. If the IP address is wrong, please adjust your settings of DNS to make sure that the client can resolve
the share correctly.
If it's very hard to change the settings of the DNS for some reason, as a work around, we can add the entry into the clients' hosts file.
Best Regards.
Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Error on load: System.IO.IOException: The process cannot access the file
'\\server1\SCANSHARED\.pdf' because it is being used by another process.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.IO.File.WriteAllBytes(String path, Byte[] bytes)
at abc.Scan.Layouts.ICC.Scan.View.Page_Load(Object sender, EventArgs e)
I faced this error in event viewer when users want to view documents from this third party deployed scan solution
here I have two WFS servers and they configured with load balancing in F5 .
when I enable both servers in F5 I receive this error messages in 2nd server,
when users want to view documents
adilDo you have antiVirus installed on the sharepoint servers?
These folders may have to be excluded from antivirus scanning when you use file-level antivirus software in SharePoint. If these folders are not excluded, you may see unexpected behavior. For example, you may receive "access denied" error messages when files
are uploaded.
Please follow this KB and exclude the folders from Scanning.
http://support.microsoft.com/kb/952167
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog -
Windows 7 pro client cannot access folders on server 2003 domain server
I added a windows 7 64 bit client to a server 2003 32 bit domain 3 weeks ago and file sharing was working fine until today, 5/4/12. Now, when trying to access shared folders that reside on the server,
I get the following "access denied" message:
[…folder…] is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
The user name could not be found.
Strangely enough...
The windows 7 client
can open shared folders that reside on the XP clients in the domain
All the XP clients in the domain can access the server 2003 folders
All the XP clients and the server 2003 machine can access shared folders and printers on the windows 7 client.
The windows 7 client can ping the server 2003 machine and vice versa
I can “see” the server in my network list, but when I click on it, I get the same “access denied” message listed above.
So... the only problem is that the windows 7 client cannot access folders that reside on the windows server 2003 machine. There must be some sharing setting that got changed
by a recent windows update.
Here is what I have done/verified so far on the windows 7 client:
In advanced sharing settings for Home/Work, Public and Domain profiles:
network discovery is enabled
file and print sharing is enabled
use user accounts and passwords to connect to other computers is selected (I also tried allowing windows to manage homegroup connections instead, but the problem remained.)
40 -56 bit encryption is enabled
In “gpedit.msc” Local Policies/Security Settings:
enabled the following policies:
Network access: Allow anonymous SID/name translation
Network access: Let Everyone permissions apply to anonymous users
disabled the following policies:
Network access: Restrict anonymous access to Named Pipes and Shares
Network access: Do not allow anonymous enumeration of SAM accounts
Network access: Do not allow anonymous enumeration of SAM accounts and shares
What am I missing? Are there policies on the server that need to be adjusted?
Please help! My business is crippled if I cannot access server files from this workstation. Thank you in advance.As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous
steps should be helpful for many similar scenarios. <o:p></o:p>
If the issue still persists and you want to return to this question, please reply this post directly so we will be notified to follow it up. You
can also choose to unmark the answer as you wish. <o:p></o:p>
In addition, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar
problems. <o:p></o:p>
Thanks!<o:p></o:p>
Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
the thread.
Maybe you are looking for
-
Family with multiple iPods and multiple iTunes - can we share songs?
I am sure I am not the only one in this situation. There are 4 computers in our house, and 3 individuals with there own iPods. Can one iPod owner who has her own library on her PC go to my son's PC and connect to his iTunes Library to get just one so
-
F9IG not showing Payment Item option to reverse it
Hello Gurus, I have an user who was facing an issue to reverse the payment item, some how I found F9IG tcode to reverse the payment item.But when the user is trying the tcode F9IG to put the payment item and reverse , he is not finding the payment it
-
Mac Mail 'Sent' Folder Column Settings get lost after exiting application
In Mac Mail, I have set the columns I'd like to view in my 'Sent' folder to "To", "Subject" and "Date." Those are the only fields I need to see in that folder. It is NOT a smart folder. If I exit Mail with the 'Sent' folder open, when I come BACK to
-
Not sure if this belongs here or in iPad or possibly Lion. I am getting flooded with spam - ever since I did the following: Upgraded my MacBook Pro to Lion (thereby accessing iCloud more fully); buying a new iPad Mini (increasing my iCloud use). I us
-
Sir, As you know we were using TRUNC function in DATE datatype. But I want to use it with TIMESTAMP datatypes. For example: select trunc(systimestamp,'hh24:mi:ss') from dual; The main idea to get some part of given timestamp without using type conver