ASR1002-F VPN problem
Hi ,
I need help because the ASR not functioning correctly how vpn " concentrator".
Someone, does ASR use for closing the VPN on the central site ?
I've this error in logging
*Dec 15 10:29:53.732: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 217.222.228.233
and when I used in crypto isakmp policy 1 the authentication rsa-encr, in console I see this error *Dec 15 10:15:41.566: %CRYPTO-4-IKMP_INVALID_POLICY: ISAKMP policy rsa-encr not supported by crypto HW accelerator
In cisco 3845 I don't have anything error and vpn is working very fine. I think that the same configurations of 3845 I can use to ASR, but this is not possible, why?.
I'd like changed 3845 with ASR because the processor is utilized at 70% .
please, have you an idea?
Roberto
Hello.
I think it should be "authentication rsa-sig"?!
Similar Messages
-
Android 4.4.2 KitKat - Bugs - VPN problem/lockscreen options not working/Walkman Shake not working
With the new KitKat update (20.1.A.0.47) trying to open VPN from Settings, the Settings app crashes and restarts. Due to that, in Security, the None and Swipe lockscreen options are disabled, leaving PIN, Password, and Pattern the only options. Why is that / is it ever gonna be fixed?
Oh and it didn't happen on 4.3... Now, when a music is playing in Walkman, when pressing the Walkman button and shaking the phone as I did on JB will pause the song, as if I didn't shake the phone. On Jelly Bean, this feature worked. This should get fixed too.Hi guys, sony seems to have solved the problem in an update in...india. I only found that and not tested yet : http://www.xperiablog.net/2015/05/22/small-update-rolling-for-xperia-e1-20-1-a-2-19-and-e1-dual-20-1-b-2-29/ It solves the lockscreen and VPN problem. Test and say if it works or not. I hope they will relase an european version soon.
-
Cisco jabber for mac over fortigate vpn problem
Hi all,
We have installed the cisco jabber for mac successfully.Jabber client able to register locally successfully.
Calling and other features working properly. Jabber IM also working fine.
But when we try over vpn its shows error."services are missing".All the ports are open on fortigate firewall.If you have detailed diagnostics from the Jabber Mac client, this would provide some more context to why it's displaying those errors. (Help > Detailed Logging enabled) (Help > Report a problem)
Another thing to check for would be DNS resolution of the configured servers when the Mac is VPN'd in. If Jabber cannot resolve the DNS name, it will not know where to connect to.
If the diagnostics are pointing towards a connectivity problem, but the firewall says it's wide open, then taking a packet capture on the Mac where Jabber is trying to register may illustrate what's going on at the network layer. -
Remote Access VPN Problem with ASA 5505
After about ~1 year of having the Cisco VPN Client connecting to a ASA 5505 without any problems, suddenly one day it stops working. The client is able to get a connection to the ASA and browse the local network for only about 30 seconds after connection. After that, no access is available to the network behind the ASA. I tried everything that I can think of to try and troubleshoot the problem, but at this point I am just banging my head against a wall. Does anyone know what could cause this?
Here is the running cfg of the ASA
: Saved
ASA Version 8.4(1)
hostname NCHCO
enable password xxxxxxxxxxxxxxx encrypted
passwd xxxxxxxxxxx encrypted
names
name 192.168.2.0 NCHCO description City Offices
name 192.168.2.80 VPN_End
name 192.168.2.70 VPN_Start
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address **.**.***.*** 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
boot system disk0:/asa841-k8.bin
ftp mode passive
object network NCHCO
subnet 192.168.2.0 255.255.255.0
object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
object network obj-192.168.2.64
subnet 192.168.2.64 255.255.255.224
object network obj-0.0.0.0
subnet 0.0.0.0 255.255.255.0
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Webserver
object network FINX
host 192.168.2.11
object service rdp
service tcp source range 1 65535 destination eq 3389
description rdp
access-list outside_nat0_outbound extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list outside_nat0_outbound extended permit ip object NCHCO 192.168.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.2.64 255.255.255.224
access-list inside_nat0_outbound extended permit ip 0.0.0.0 255.255.255.0 192.168.2.64 255.255.255.224
access-list outside_1_cryptomap extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list outside_1_cryptomap_1 extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list LAN_Access standard permit 192.168.2.0 255.255.255.0
access-list LAN_Access standard permit 0.0.0.0 255.255.255.0
access-list NCHCO_splitTunnelAcl_1 standard permit 192.168.2.0 255.255.255.0
access-list AnyConnect_Client_Local_Print extended deny ip any any
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
access-list outside_access_in extended permit tcp any object FINX eq 3389
access-list outside_access_in_1 extended permit object rdp any object FINX
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPN_Pool VPN_Start-VPN_End mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-649.bin
no asdm history enable
arp timeout 14400
nat (inside,any) source static NCHCO NCHCO destination static obj-192.168.1.0 obj-192.168.1.0
nat (inside,any) source static any any destination static obj-192.168.2.64 obj-192.168.2.64
nat (inside,any) source static obj-0.0.0.0 obj-0.0.0.0 destination static obj-192.168.2.64 obj-192.168.2.64
object network obj_any
nat (inside,outside) dynamic interface
object network FINX
nat (inside,outside) static interface service tcp 3389 3389
access-group outside_access_in_1 in interface outside
route outside 0.0.0.0 0.0.0.0 69.61.228.177 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
network-acl outside_nat0_outbound
webvpn
svc ask enable default svc
http server enable
http 192.168.1.0 255.255.255.0 inside
http **.**.***.*** 255.255.255.255 outside
http **.**.***.*** 255.255.255.255 outside
http NCHCO 255.255.255.0 inside
http 96.11.251.186 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set l2tp-transform esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set l2tp-transform mode transport
crypto ipsec ikev1 transform-set vpn-transform esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_MD5 mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map dyn-map 10 set pfs group1
crypto dynamic-map dyn-map 10 set ikev1 transform-set l2tp-transform vpn-transform
crypto dynamic-map dyn-map 10 set reverse-route
crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer 74.219.208.50
crypto map outside_map 1 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto map vpn-map 1 match address outside_1_cryptomap_1
crypto map vpn-map 1 set pfs group1
crypto map vpn-map 1 set peer 74.219.208.50
crypto map vpn-map 1 set ikev1 transform-set ESP-3DES-SHA
crypto map vpn-map 10 ipsec-isakmp dynamic dyn-map
crypto isakmp identity address
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 ipsec-over-tcp port 10000
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto ikev1 policy 15
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 35
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
client-update enable
telnet 192.168.1.0 255.255.255.0 inside
telnet NCHCO 255.255.255.0 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh NCHCO 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd address 192.168.2.150-192.168.2.225 inside
dhcpd dns 216.68.4.10 216.68.5.10 interface inside
dhcpd lease 64000 interface inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.2.1
vpn-tunnel-protocol ikev1 l2tp-ipsec
default-domain value nchco.local
group-policy DfltGrpPolicy attributes
dns-server value 192.168.2.1
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
password-storage enable
ipsec-udp enable
intercept-dhcp 255.255.255.0 enable
address-pools value VPN_Pool
group-policy NCHCO internal
group-policy NCHCO attributes
dns-server value 192.168.2.1 8.8.8.8
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value NCHCO_splitTunnelAcl_1
default-domain value NCHCO.local
username admin password LbMiJuAJjDaFb2uw encrypted privilege 15
username 8njferg password yB1lHEVmHZGj5C2Z encrypted privilege 15
username NCHvpn99 password dhn.JzttvRmMbHsP encrypted
tunnel-group DefaultRAGroup general-attributes
address-pool (inside) VPN_Pool
address-pool VPN_Pool
authentication-server-group (inside) LOCAL
authentication-server-group (outside) LOCAL
authorization-server-group LOCAL
authorization-server-group (inside) LOCAL
authorization-server-group (outside) LOCAL
default-group-policy DefaultRAGroup
strip-realm
strip-group
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate nocheck
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
no authentication ms-chap-v1
authentication ms-chap-v2
tunnel-group DefaultWEBVPNGroup ppp-attributes
authentication pap
authentication ms-chap-v2
tunnel-group 74.219.208.50 type ipsec-l2l
tunnel-group 74.219.208.50 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group NCHCO type remote-access
tunnel-group NCHCO general-attributes
address-pool VPN_Pool
default-group-policy NCHCO
tunnel-group NCHCO ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:a2110206e1af06974c858fb40c6de2fc
: end
asdm image disk0:/asdm-649.bin
asdm location VPN_Start 255.255.255.255 inside
asdm location VPN_End 255.255.255.255 inside
no asdm history enable
And here is the logs from the Cisco VPN Client when it browses, then fails to browse the network behind the ASA:
Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
1 09:44:55.677 10/01/13 Sev=Info/6 CERT/0x63600026
Attempting to find a Certificate using Serial Hash.
2 09:44:55.677 10/01/13 Sev=Info/6 CERT/0x63600027
Found a Certificate using Serial Hash.
3 09:44:55.693 10/01/13 Sev=Info/6 GUI/0x63B00011
Reloaded the Certificates in all Certificate Stores successfully.
4 09:45:02.802 10/01/13 Sev=Info/4 CM/0x63100002
Begin connection process
5 09:45:02.802 10/01/13 Sev=Info/4 CM/0x63100004
Establish secure connection
6 09:45:02.802 10/01/13 Sev=Info/4 CM/0x63100024
Attempt connection with server "**.**.***.***"
7 09:45:02.802 10/01/13 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with **.**.***.***.
8 09:45:02.818 10/01/13 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
9 09:45:02.865 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to **.**.***.***
10 09:45:02.896 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
11 09:45:02.896 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?)) from **.**.***.***
12 09:45:02.896 10/01/13 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
13 09:45:02.896 10/01/13 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
14 09:45:02.896 10/01/13 Sev=Info/5 IKE/0x63000001
Peer supports DPD
15 09:45:02.896 10/01/13 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
16 09:45:02.896 10/01/13 Sev=Info/5 IKE/0x63000001
Peer supports IKE fragmentation payloads
17 09:45:02.927 10/01/13 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
18 09:45:02.927 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to **.**.***.***
19 09:45:02.927 10/01/13 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0xDD3B, Remote Port = 0x01F4
20 09:45:02.927 10/01/13 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end is NOT behind a NAT device
21 09:45:02.927 10/01/13 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
22 09:45:02.943 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
23 09:45:02.943 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from **.**.***.***
24 09:45:02.943 10/01/13 Sev=Info/4 CM/0x63100015
Launch xAuth application
25 09:45:03.037 10/01/13 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
26 09:45:03.037 10/01/13 Sev=Info/4 CM/0x63100017
xAuth application returned
27 09:45:03.037 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to **.**.***.***
28 09:45:03.037 10/01/13 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
29 09:45:03.037 10/01/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
30 09:45:03.083 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
31 09:45:03.083 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from **.**.***.***
32 09:45:03.083 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to **.**.***.***
33 09:45:03.083 10/01/13 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
34 09:45:03.083 10/01/13 Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator
35 09:45:03.083 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to **.**.***.***
36 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
37 09:45:03.146 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from **.**.***.***
38 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.2.70
39 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK: , value = 255.255.255.0
40 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.2.1
41 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(2): , value = 8.8.8.8
42 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000001
43 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000001
44 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #1
subnet = 192.168.2.0
mask = 255.255.255.0
protocol = 0
src port = 0
dest port=0
45 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = NCHCO.local
46 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_UDP_NAT_PORT, value = 0x00002710
47 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
48 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc ASA5505 Version 8.4(1) built by builders on Mon 31-Jan-11 02:11
49 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SMARTCARD_REMOVAL_DISCONNECT: , value = 0x00000001
50 09:45:03.146 10/01/13 Sev=Info/4 CM/0x63100019
Mode Config data received
51 09:45:03.146 10/01/13 Sev=Info/4 IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.2.70, GW IP = **.**.***.***, Remote IP = 0.0.0.0
52 09:45:03.146 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to **.**.***.***
53 09:45:03.177 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
54 09:45:03.177 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from **.**.***.***
55 09:45:03.177 10/01/13 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
56 09:45:03.177 10/01/13 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
57 09:45:03.193 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
58 09:45:03.193 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIME) from **.**.***.***
59 09:45:03.193 10/01/13 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 28800 seconds
60 09:45:03.193 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH) to **.**.***.***
61 09:45:03.193 10/01/13 Sev=Info/5 IKE/0x63000059
Loading IPsec SA (MsgID=967A3C93 OUTBOUND SPI = 0xAAAF4C1C INBOUND SPI = 0x3EBEBFC5)
62 09:45:03.193 10/01/13 Sev=Info/5 IKE/0x63000025
Loaded OUTBOUND ESP SPI: 0xAAAF4C1C
63 09:45:03.193 10/01/13 Sev=Info/5 IKE/0x63000026
Loaded INBOUND ESP SPI: 0x3EBEBFC5
64 09:45:03.193 10/01/13 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 96.11.251.1 96.11.251.149 261
96.11.251.0 255.255.255.0 96.11.251.149 96.11.251.149 261
96.11.251.149 255.255.255.255 96.11.251.149 96.11.251.149 261
96.11.251.255 255.255.255.255 96.11.251.149 96.11.251.149 261
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 261
192.168.1.3 255.255.255.255 192.168.1.3 192.168.1.3 261
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 261
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 96.11.251.149 96.11.251.149 261
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 261
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 96.11.251.149 96.11.251.149 261
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 261
65 09:45:03.521 10/01/13 Sev=Info/6 CVPND/0x63400001
Launch VAInst64 to control IPSec Virtual Adapter
66 09:45:03.896 10/01/13 Sev=Info/4 CM/0x63100034
The Virtual Adapter was enabled:
IP=192.168.2.70/255.255.255.0
DNS=192.168.2.1,8.8.8.8
WINS=0.0.0.0,0.0.0.0
Domain=NCHCO.local
Split DNS Names=
67 09:45:03.912 10/01/13 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 96.11.251.1 96.11.251.149 261
96.11.251.0 255.255.255.0 96.11.251.149 96.11.251.149 261
96.11.251.149 255.255.255.255 96.11.251.149 96.11.251.149 261
96.11.251.255 255.255.255.255 96.11.251.149 96.11.251.149 261
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 261
192.168.1.3 255.255.255.255 192.168.1.3 192.168.1.3 261
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 261
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 96.11.251.149 96.11.251.149 261
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 261
224.0.0.0 240.0.0.0 0.0.0.0 0.0.0.0 261
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 96.11.251.149 96.11.251.149 261
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 261
255.255.255.255 255.255.255.255 0.0.0.0 0.0.0.0 261
68 09:45:07.912 10/01/13 Sev=Info/4 CM/0x63100038
Successfully saved route changes to file.
69 09:45:07.912 10/01/13 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 96.11.251.1 96.11.251.149 261
**.**.***.*** 255.255.255.255 96.11.251.1 96.11.251.149 100
96.11.251.0 255.255.255.0 96.11.251.149 96.11.251.149 261
96.11.251.149 255.255.255.255 96.11.251.149 96.11.251.149 261
96.11.251.255 255.255.255.255 96.11.251.149 96.11.251.149 261
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 261
192.168.1.3 255.255.255.255 192.168.1.3 192.168.1.3 261
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 261
192.168.2.0 255.255.255.0 192.168.2.70 192.168.2.70 261
192.168.2.0 255.255.255.0 192.168.2.1 192.168.2.70 100
192.168.2.70 255.255.255.255 192.168.2.70 192.168.2.70 261
192.168.2.255 255.255.255.255 192.168.2.70 192.168.2.70 261
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 96.11.251.149 96.11.251.149 261
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 261
224.0.0.0 240.0.0.0 192.168.2.70 192.168.2.70 261
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 96.11.251.149 96.11.251.149 261
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 261
255.255.255.255 255.255.255.255 192.168.2.70 192.168.2.70 261
70 09:45:07.912 10/01/13 Sev=Info/6 CM/0x63100036
The routing table was updated for the Virtual Adapter
71 09:45:07.912 10/01/13 Sev=Info/4 CM/0x6310001A
One secure connection established
72 09:45:07.943 10/01/13 Sev=Info/4 CM/0x6310003B
Address watch added for 96.11.251.149. Current hostname: psaserver, Current address(es): 192.168.2.70, 96.11.251.149, 192.168.1.3.
73 09:45:07.943 10/01/13 Sev=Info/4 CM/0x6310003B
Address watch added for 192.168.2.70. Current hostname: psaserver, Current address(es): 192.168.2.70, 96.11.251.149, 192.168.1.3.
74 09:45:07.943 10/01/13 Sev=Info/5 CM/0x63100001
Did not find the Smartcard to watch for removal
75 09:45:07.943 10/01/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
76 09:45:07.943 10/01/13 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
77 09:45:07.943 10/01/13 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x1c4cafaa into key list
78 09:45:07.943 10/01/13 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
79 09:45:07.943 10/01/13 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0xc5bfbe3e into key list
80 09:45:07.943 10/01/13 Sev=Info/4 IPSEC/0x6370002F
Assigned VA private interface addr 192.168.2.70
81 09:45:07.943 10/01/13 Sev=Info/4 IPSEC/0x63700037
Configure public interface: 96.11.251.149. SG: **.**.***.***
82 09:45:07.943 10/01/13 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 1.
83 09:45:13.459 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to **.**.***.***
84 09:45:13.459 10/01/13 Sev=Info/6 IKE/0x6300003D
Sending DPD request to **.**.***.***, our seq# = 107205276
85 09:45:13.474 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
86 09:45:13.474 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from **.**.***.***
87 09:45:13.474 10/01/13 Sev=Info/5 IKE/0x63000040
Received DPD ACK from **.**.***.***, seq# received = 107205276, seq# expected = 107205276
88 09:45:15.959 10/01/13 Sev=Info/4 IPSEC/0x63700019
Activate outbound key with SPI=0x1c4cafaa for inbound key with SPI=0xc5bfbe3e
89 09:46:00.947 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to **.**.***.***
90 09:46:00.947 10/01/13 Sev=Info/6 IKE/0x6300003D
Sending DPD request to **.**.***.***, our seq# = 107205277
91 09:46:01.529 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
92 09:46:01.529 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from **.**.***.***
93 09:46:01.529 10/01/13 Sev=Info/5 IKE/0x63000040
Received DPD ACK from **.**.***.***, seq# received = 107205277, seq# expected = 107205277
94 09:46:11.952 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to **.**.***.***
95 09:46:11.952 10/01/13 Sev=Info/6 IKE/0x6300003D
Sending DPD request to **.**.***.***, our seq# = 107205278
96 09:46:11.979 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
97 09:46:11.979 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from **.**.***.***
98 09:46:11.979 10/01/13 Sev=Info/5 IKE/0x63000040
Received DPD ACK from **.**.***.***, seq# received = 107205278, seq# expected = 107205278
Any help would be appreciated, thanks!I made the change that you requested by moving the VPN pool to the 192.168.3.0 network. Unfortunately, now traffic isn't flowing to the inside network at all. I was going to make a specific route as you suggested, but as far as I can see the routes are already being created correctly on the VPN client's end.
Here is the route print off of the computer behind the (test) client:
===========================================================================
Interface List
21...00 05 9a 3c 78 00 ......Cisco Systems VPN Adapter for 64-bit Windows
10...00 15 5d 01 02 01 ......Microsoft Hyper-V Network Adapter
15...00 15 5d 01 02 02 ......Microsoft Hyper-V Network Adapter #2
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 96.11.251.1 96.11.251.149 261
69.61.228.178 255.255.255.255 96.11.251.1 96.11.251.149 100
96.11.251.0 255.255.255.0 On-link 96.11.251.149 261
96.11.251.149 255.255.255.255 On-link 96.11.251.149 261
96.11.251.255 255.255.255.255 On-link 96.11.251.149 261
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 261
192.168.1.3 255.255.255.255 On-link 192.168.1.3 261
192.168.1.255 255.255.255.255 On-link 192.168.1.3 261
192.168.2.0 255.255.255.0 192.168.3.1 192.168.3.70 100
192.168.3.0 255.255.255.0 On-link 192.168.3.70 261
192.168.3.70 255.255.255.255 On-link 192.168.3.70 261
192.168.3.255 255.255.255.255 On-link 192.168.3.70 261
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 261
224.0.0.0 240.0.0.0 On-link 96.11.251.149 261
224.0.0.0 240.0.0.0 On-link 192.168.3.70 261
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 261
255.255.255.255 255.255.255.255 On-link 96.11.251.149 261
255.255.255.255 255.255.255.255 On-link 192.168.3.70 261
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 96.11.251.1 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 1020 ::/0 2002:c058:6301::c058:6301
14 1020 ::/0 2002:c058:6301::1
1 306 ::1/128 On-link
14 1005 2002::/16 On-link
14 261 2002:600b:fb95::600b:fb95/128
On-link
15 261 fe80::/64 On-link
10 261 fe80::/64 On-link
21 261 fe80::/64 On-link
10 261 fe80::64ae:bae7:3dc0:c8c4/128
On-link
21 261 fe80::e9f7:e24:3147:bd/128
On-link
15 261 fe80::f116:2dfd:1771:125a/128
On-link
1 306 ff00::/8 On-link
15 261 ff00::/8 On-link
10 261 ff00::/8 On-link
21 261 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
And here is the updated running config in case you need it:
: Saved
ASA Version 8.4(1)
hostname NCHCO
enable password hTjwXz/V8EuTw9p9 encrypted
passwd hTjwXz/V8EuTw9p9 encrypted
names
name 192.168.2.0 NCHCO description City Offices
name 192.168.2.80 VPN_End
name 192.168.2.70 VPN_Start
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 69.61.228.178 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
boot system disk0:/asa841-k8.bin
ftp mode passive
object network NCHCO
subnet 192.168.2.0 255.255.255.0
object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
object network obj-192.168.2.64
subnet 192.168.2.64 255.255.255.224
object network obj-0.0.0.0
subnet 0.0.0.0 255.255.255.0
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Webserver
object network FINX
host 192.168.2.11
object service rdp
service tcp source range 1 65535 destination eq 3389
description rdp
object network obj-192.168.3.0
subnet 192.168.3.0 255.255.255.0
object network obj-192.168.2.0
subnet 192.168.2.0 255.255.255.0
access-list outside_nat0_outbound extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list outside_nat0_outbound extended permit ip object NCHCO 192.168.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.2.64 255.255.255.224
access-list inside_nat0_outbound extended permit ip 0.0.0.0 255.255.255.0 192.168.2.64 255.255.255.224
access-list outside_1_cryptomap extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list outside_1_cryptomap_1 extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list LAN_Access standard permit 192.168.2.0 255.255.255.0
access-list LAN_Access standard permit 0.0.0.0 255.255.255.0
access-list NCHCO_splitTunnelAcl_1 standard permit 192.168.2.0 255.255.255.0
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
access-list AnyConnect_Client_Local_Print extended deny ip any any
access-list outside_access_in extended permit tcp any object FINX eq 3389
access-list outside_access_in_1 extended permit object rdp any object FINX
access-list outside_specific_blocks extended deny ip host 121.168.66.35 any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPN_Pool VPN_Start-VPN_End mask 255.255.255.0
ip local pool VPN_Split_Pool 192.168.3.70-192.168.3.80 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-649.bin
no asdm history enable
arp timeout 14400
nat (inside,any) source static NCHCO NCHCO destination static obj-192.168.1.0 obj-192.168.1.0
nat (inside,any) source static any any destination static obj-192.168.2.64 obj-192.168.2.64
nat (inside,any) source static obj-0.0.0.0 obj-0.0.0.0 destination static obj-192.168.2.64 obj-192.168.2.64
object network obj_any
nat (inside,outside) dynamic interface
object network FINX
nat (inside,outside) static interface service tcp 3389 3389
access-group outside_access_in_1 in interface outside
route outside 0.0.0.0 0.0.0.0 69.61.228.177 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
network-acl outside_nat0_outbound
webvpn
svc ask enable default svc
http server enable
http 192.168.1.0 255.255.255.0 inside
http 69.61.228.178 255.255.255.255 outside
http 74.218.158.238 255.255.255.255 outside
http NCHCO 255.255.255.0 inside
http 96.11.251.186 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set l2tp-transform esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set l2tp-transform mode transport
crypto ipsec ikev1 transform-set vpn-transform esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_MD5 mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map dyn-map 10 set pfs group1
crypto dynamic-map dyn-map 10 set ikev1 transform-set l2tp-transform vpn-transform
crypto dynamic-map dyn-map 10 set reverse-route
crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer 74.219.208.50
crypto map outside_map 1 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto map vpn-map 1 match address outside_1_cryptomap_1
crypto map vpn-map 1 set pfs group1
crypto map vpn-map 1 set peer 74.219.208.50
crypto map vpn-map 1 set ikev1 transform-set ESP-3DES-SHA
crypto map vpn-map 10 ipsec-isakmp dynamic dyn-map
crypto isakmp identity address
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 ipsec-over-tcp port 10000
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto ikev1 policy 15
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 35
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
client-update enable
telnet 192.168.1.0 255.255.255.0 inside
telnet NCHCO 255.255.255.0 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh NCHCO 255.255.255.0 inside
ssh 96.11.251.186 255.255.255.255 outside
ssh timeout 5
console timeout 0
dhcpd address 192.168.2.150-192.168.2.225 inside
dhcpd dns 216.68.4.10 216.68.5.10 interface inside
dhcpd lease 64000 interface inside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.2.1
vpn-tunnel-protocol ikev1 l2tp-ipsec
default-domain value nchco.local
group-policy DfltGrpPolicy attributes
dns-server value 192.168.2.1
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
password-storage enable
ipsec-udp enable
intercept-dhcp 255.255.255.0 enable
address-pools value VPN_Split_Pool
group-policy NCHCO internal
group-policy NCHCO attributes
dns-server value 192.168.2.1 8.8.8.8
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value NCHCO_splitTunnelAcl_1
default-domain value NCHCO.local
username admin password LbMiJuAJjDaFb2uw encrypted privilege 15
username 8njferg password yB1lHEVmHZGj5C2Z encrypted privilege 15
username NCHvpn99 password dhn.JzttvRmMbHsP encrypted
tunnel-group DefaultRAGroup general-attributes
address-pool (inside) VPN_Pool
address-pool VPN_Split_Pool
authentication-server-group (inside) LOCAL
authentication-server-group (outside) LOCAL
authorization-server-group LOCAL
authorization-server-group (inside) LOCAL
authorization-server-group (outside) LOCAL
default-group-policy DefaultRAGroup
strip-realm
strip-group
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate nocheck
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
no authentication ms-chap-v1
authentication ms-chap-v2
tunnel-group DefaultWEBVPNGroup ppp-attributes
authentication pap
authentication ms-chap-v2
tunnel-group 74.219.208.50 type ipsec-l2l
tunnel-group 74.219.208.50 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group NCHCO type remote-access
tunnel-group NCHCO general-attributes
address-pool VPN_Split_Pool
default-group-policy NCHCO
tunnel-group NCHCO ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:9e8466cd318c0bd35bc660fa65ba7a03
: end
asdm image disk0:/asdm-649.bin
asdm location VPN_Start 255.255.255.255 inside
asdm location VPN_End 255.255.255.255 inside
no asdm history enable
Thanks again for your help,
Matthew -
Hello everyone
I'm installing a new site-to-site VPN connection between two sites, having problems bringing the tunnel online.
We have two ASA 5505 firewalls - one at our Central site, and another for our customer at the Remote site.
I wiped both firewalls with write erase, installed the latest IOS version 9.2 on both firewalls.
I'm not sure if the new IOS is causing the problem, we have several site-to-site vpn’s all working with IOS 8.4 5
I'm enclosing the configs for both ASA firewalls for you to review and see if I missed something or what's changed in the IOS that maybe causing our tunnel issue.
Thank youCentral site
packet-tracer input inside tcp 10.10.1.100 12345 10.4.1.1$
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
nat (inside,outside) source static any any destination static REMOTE-ONE REMOTE-ONE
Additional Information:
NAT divert to egress interface outside
Untranslate 10.4.1.100/80 to 10.4.1.100/80
Phase: 3
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside,outside) source static any any destination static REMOTE-ONE REMOTE-ONE
Additional Information:
Static translate 10.10.1.100/12345 to 10.10.1.100/12345
Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
nat (inside,outside) source static any any destination static REMOTE-ONE REMOTE-ONE
Additional Information:
Phase: 7
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 817, packet dispatched to next module
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow
Remote site
packet-tracer input inside tcp 10.4.1.100 12345 10.10.1.1$
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
nat (inside,outside) source static any any destination static net-remote net-remote
Additional Information:
NAT divert to egress interface outside
Untranslate 10.10.1.100/80 to 10.10.1.100/80
Phase: 3
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside,outside) source static any any destination static net-remote net-remote
Additional Information:
Static translate 10.4.1.100/12345 to 10.4.1.100/12345
Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
nat (inside,outside) source static any any destination static net-remote net-remote
Additional Information:
Phase: 7
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 774, packet dispatched to next module
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow
After running the command we see both firewalls have the same pre shared key -
VPN Problem: Can't route to other network clients
Hi,
I can't ping the other clients on the network when I'm connected to VPN from outside.
But accessing internet trough VPN works. (Sending all data through VPN).
So in fact, I can only ping the VPN server I'm connected to.
Maybe someone here has an idea what I'm doing wrong here.
Here is my setup:
internet
I
I
Airport Extreme (internal IP 192.168.3.1, Router with NAT Port forwarding to 192.168.3.3)
I
I
Switch----macMini (192.168.3.3, OS X Server 10.4.10 with VPN, DHCP, DNS, NAT enabled)
l
l
Other Clients on the Network (Clients have DNS entry 192.168.3.3 192.168.3.1, Router is 192.168.3.1)
The services DHCP, DNS working well for internal clients.
Has someone an idea?
Thanks a lot.
Alex
Message was edited by: SyndromeFirst, ping is ICMP traffic, different from other kinds of (eg, TCP) traffic like AFP.
See http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/productstechnote09186a00800a6057.shtml
traceroute also uses some ICMP traffic but might also be using UDP, see
http://en.wikipedia.org/wiki/Traceroute
http://www.linuxplanet.com/linuxplanet/tutorials/6524/1/
However, in testing, I can indeed ping the server, when I connect to a remote Mac OS X Server via the Mac OS X supplied vpn. But there is no AP Extreme in the path. So the two big factors are: limitations and/or configuration of the AP, and firewall settings for each/any machine involved.
The Airport Extreme is really quite limited, compared to any more full-featured routing device - in terms of just how granular you can be with controlling traffic flow.
(As a total aside, I'd recommend investing in something like a Zyxel Zywall 2 Plus (or similar or better) and running the AP in bridge mode for wireless clients.)
When you've connected via VPN, please run
netstat -rn to see what your default gateway is, that's actually being used.
Finally, what led you to try these tests ? What other problems are you having, what primary issue(s) are you trying to solve ? -
Hello, I have been trying to configure a VPN with Cisco Asa 5505 and Cisco VPN client 5.X for 3 weeks and I am not being able to accomplish it, so I decided to reset to factory defaults and start over again.
I used ASDM 6.4 VPN wizard to configure it (I selected exempt local network from NAT and enabled split tunneling, but I have tried other combinations as well).
Tunnel seems to be established properly since I do see an endpoint while using 'sh crypto isakmp sa' but 'sh crypto ipsec sa' shows no packets encrypted or decrypted, so VPN is not working as expected. I can't ping or rdp to internal LAN:
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
The running-config it created is:
ciscoasa# sh run
: Saved
ASA Version 8.4(2)
hostname ciscoasa
enable password XXXX encrypted
passwd XXXX encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 172.16.1.254 255.255.0.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group ADSL_Telefonica
ip address pppoe setroute
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_10.0.0.0_24
subnet 10.0.0.0 255.255.255.0
object network NETWORK_OBJ_172.16.0.0_16
subnet 172.16.0.0 255.255.0.0
access-list test_splitTunnelAcl standard permit 172.16.0.0 255.255.0.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
ip local pool test 10.0.0.1-10.0.0.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source static NETWORK_OBJ_172.16.0.0_16 NETWORK_OBJ_172.16.0.0_16 destination static NETWORK_OBJ_10.0.0.0_24 NETWORK_OBJ_10.0.0.0_24 no-proxy-arp route-lookup
object network obj_any
nat (inside,outside) dynamic interface
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 172.16.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 172.16.0.0 255.255.0.0 inside
telnet timeout 55
ssh 172.16.0.0 255.255.0.0 inside
ssh timeout 55
console timeout 0
vpdn group ADSL_Telefonica request dialout pppoe
vpdn group ADSL_Telefonica localname adslppp@telefonicanetpa
vpdn group ADSL_Telefonica ppp authentication pap
vpdn username adslppp@telefonicanetpa password *****
dhcpd auto_config outside
dhcpd address 172.16.2.2-172.16.2.129 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy test internal
group-policy test attributes
dns-server value 172.16.1.1
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value test_splitTunnelAcl
username test password XXXXXX encrypted privilege 0
username test attributes
vpn-group-policy test
username ignacio password XXXXXXX encrypted
tunnel-group test type remote-access
tunnel-group test general-attributes
address-pool test
default-group-policy test
tunnel-group test ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:c8935bd572dfd37e81c6aa9f9dc8207c
: end
Thank you very much for your helpYes, it was a VPN client problem. I was doing test with a WWAN card and it seems it is not compatible with windows 7.
• The VPN Client on Windows 7 does not support WWAN devices (also called wireless data cards).
I should have read Release Notes before. Thank you very much for your help and effort. -
VPN problem behind ASA5505 -regular translation creation failed for protocol 50
Dear All,
I have to connect behind my ASA5505 with an VPN klient to an other site.
First time i got this failure.
"Deny protocol 50 src inside:192.168.50.X dst outside:x.x.x.x by access-group "acl_in" [0x0, 0x0]"
Than I opened our inside (src 192.168.50.0) network the UDP 500,4500 TCP 500,4500,10000 and ESP (dest x.x.x.x remote firewall ip).
access-list acl_in extended permit esp host 192.168.50.0 host x.x.x.x eq isakmp
access-list acl_in extended permit udp host 192.168.50.0 host x.x.x.x eq 500
access-list acl_in extended permit eudp host 192.168.50.0 host x.x.x.x eq 4500
etc.
After that i could connect for the remote firewall with vpn client but i couldn't reach any PC1s on there side and ping gives back no anwser.
Deny protocol 50 was solved but i got an other problem:
"regular translation creation failed for protocol 50 src inside:192.168.50.X dst outside:x.x.x.x"
I found somewhere thet lines can help:
crypto isakmp nat-traversal
inspect ipsec-pass-thru
But this wasn't usefull.
I tried a many thing but i'm stuck.
Could somebody help me what can i do to solve this problem?
Thanks for all anwsers!The solution was the following for one IP!
object network x.x.x.x (inside IP)
host x.x.x.x (inside IP)
nat (inside,outside) static y.y.y.y (remote IP) -
VPN problems.. Cant connect due to tunneling issues.
I cant log into my company intranet using my VPN.. other people at my company have no problem using their mac, but I cant seem to get in
I get this error.
Network Connect cannot establish a secure session. Network Connect cannot start the tunneling service. See the Log Viewer for more information.
Here are the logs if anyone knows what they mean and can help it would be great.
2011-05-26 17:06:06.204 ncproxyd-admintool[13313] config.info Removing key "ncproxyd_saved_routes" from the persistent store (config.cpp:273)
2011-05-26 17:06:06.204 ncproxyd-admintool[13313] NCAdminHelper.info removing ncproxyd_saved_routes (NCAdminHelper.cpp:1020)
2011-05-26 17:06:06.204 ncproxyd-admintool[13313] NCAdminHelper.warn restore_dns_configuration: failed to rename /etc/hosts.bak to /etc/hosts: No such file or directory (NCAdminHelper.cpp:810)
2011-05-26 17:06:06.214 Network Connect[13291] DSIPC.para Recevied message bytes: (186) <0><0><0><ba><81>$<9b><dd>&\<11><18><b><4><e0><cd>$<f4><da>2<e3>H<a1><95><df><a 5><7f><17>><9><9f>b<cd>I4<ae><ea>v<fe><81><a6><dd>D<7f><aa>~|G<b6>mV$<a>'u<f0>=< a>Nil<d5>r~n<92><6>=A<e7>#<c5><da>A<9f>O<c3>p<82>E<d><e8><e6>b<fb><15>-<f5><9d>< e9><fa><5><e6>1<f5><9a><fb><a8><d9>m<e7>PmZ<a6><98>I<ee>MP<7f><d1><92><12><9f>30 <dd>|<eb> <b4>X<aa><ce>o<88>l[b<2><d8>6<b7>.K<ba><9c><97><96><7f>]<b3>J<83><eb>.<c><b5><< a><a>eH<a2><b9><12><99><9c><bb><eb>D<bd>|0&<ab>k<fc>`<13><af>6<9d><cf>(T<9d><8d> <e5><fe>7<8f>r<fb> (ipc.cpp:727)
2011-06-02 13:50:52.231 ../../webserver/:093 [ Thread-9] [RuntimeExec] Executing ["/bin/sh" "-c" "ps xco 'state,pid,command' | awk '/^[^zZ].+[N]etwork Connect/ { print $2 }'" ]...
2011-06-02 13:50:52.980 ../../webserver/:100 [ Thread-9] [RuntimeExec] Process ID = java.lang.UNIXProcess@4d8f9b75
2011-06-02 13:50:54.012 ../../webserver/:141 [ Thread-9] [RuntimeExec] ExitValue of waitFor() = 0
2011-06-02 13:50:54.013 ../../webserver/:166 [ Thread-9] [RuntimeExec] ... done executing [/bin/sh] waitFor()=[java.lang.UNIXProcess@4d8f9b75] outputStream=[empty -null output stream-] statusStream=[empty -null status stream-]
DSAppControlThre:000 (06/02 13:50:54.013)[ Thread-9] Checking to see if the application is already running
2011-06-02 13:50:54.013 ../../webserver/:093 [ Thread-9] [RuntimeExec] Executing ["/bin/sh" "-c" "ps xaco 'state,pid,command' | awk '/^[^zZ].+[N]etwork Connect/ { print $2 }'" ]...
2011-06-02 13:50:54.041 ../../webserver/:100 [ Thread-9] [RuntimeExec] Process ID = java.lang.UNIXProcess@10d4f27
2011-06-02 13:50:54.214 ../../webserver/:141 [ Thread-9] [RuntimeExec] ExitValue of waitFor() = 0
2011-06-02 13:50:54.216 ../../webserver/:166 [ Thread-9] [RuntimeExec] ... done executing [/bin/sh] waitFor()=[java.lang.UNIXProcess@10d4f27] outputStream=[empty -null output stream-] statusStream=[empty -null status stream-]
DSAppControlThre:000 (06/02 13:50:54.216)[ Thread-9] The application is NOT already running
NCAppInstallImpl:000 (06/02 13:50:54.216)[ Thread-9] Attempting to launch the application (mode 1)
NCAppInstallImpl:000 (06/02 13:50:54.219)[ Thread-9] Running this command: /Applications/Network Connect.app/Contents/MacOS/Network Connect -NCLaunchType 1 -AppleLanguages ( en )
NCAppInstallImpl:000 (06/02 13:50:54.283)[ Thread-9] Pushing parameter [ProductVersion=14619] to the app
NCAppInstallImpl:000 (06/02 13:50:54.285)[ Thread-9] Pushing parameter [SystemVersion=6.4.0] to the app
NCAppInstallImpl:000 (06/02 13:50:54.285)[ Thread-9] Pushing parameter [action=install] to the app
NCAppInstallImpl:000 (06/02 13:50:54.285)[ Thread-9] Pushing parameter [autolaunch=1] to the app
NCAppInstallImpl:000 (06/02 13:50:54.285)[ Thread-9] Pushing parameter [cert_md5=d0ba5f2839b732e6972d55ea9e6c40e6] to the app
NCAppInstallImpl:000 (06/02 13:50:54.285)[ Thread-9] Pushing parameter [dns-suffix=adt.com] to the app
NCAppInstallImpl:000 (06/02 13:50:54.286)[ Thread-9] Pushing parameter [enable_logging=1] to the app
NCAppInstallImpl:000 (06/02 13:50:54.286)[ Thread-9] Pushing parameter [enable_logupload=1] to the app
NCAppInstallImpl:000 (06/02 13:50:54.286)[ Thread-9] Pushing parameter [internal-proxy-config=no] to the app
NCAppInstallImpl:000 (06/02 13:50:54.286)[ Thread-9] Pushing parameter [ivehost=go.adt.com] to the app
NCAppInstallImpl:000 (06/02 13:50:54.286)[ Thread-9] Pushing parameter [launch_url=] to the app
NCAppInstallImpl:000 (06/02 13:50:54.287)[ Thread-9] Pushing parameter [linux_end_script=] to the app
NCAppInstallImpl:000 (06/02 13:50:54.287)[ Thread-9] Pushing parameter [linux_start_script=] to the app
NCAppInstallImpl:000 (06/02 13:50:54.287)[ Thread-9] Pushing parameter [locale=en] to the app
NCAppInstallImpl:000 (06/02 13:50:54.287)[ Thread-9] Pushing parameter [mac_end_script=] to the app
NCAppInstallImpl:000 (06/02 13:50:54.287)[ Thread-9] Pushing parameter [mac_start_script=] to the app
NCAppInstallImpl:000 (06/02 13:50:54.287)[ Thread-9] Pushing parameter [ncp_read_timeout=120] to the app
NCAppInstallImpl:000 (06/02 13:50:54.288)[ Thread-9] Pushing parameter [redir_url=/dana/home/index.cgi] to the app
NCAppInstallImpl:000 (06/02 13:50:54.288)[ Thread-9] Pushing parameter [redir_win=Please_Wait7819] to the app
NCAppInstallImpl:000 (06/02 13:50:54.288)[ Thread-9] Pushing parameter [signin_url=/] to the app
NCAppInstallImpl:000 (06/02 13:50:54.288)[ Thread-9] Pushing parameter [switch-dns-search-order=enabled] to the app
NCAppInstallImpl:000 (06/02 13:50:54.288)[ Thread-9] Pushing parameter [uninstall_on_quit=0] to the app
NCAppInstallImpl:000 (06/02 13:50:54.289)[ Thread-9] Pushing parameter [upgradeMode=2] to the app
NCAppInstallImpl:000 (06/02 13:50:54.289)[ Thread-9] Pushing parameter [win_end_script=] to the app
NCAppInstallImpl:000 (06/02 13:50:54.289)[ Thread-9] Pushing parameter [win_skip_start_script=0] to the app
NCAppInstallImpl:000 (06/02 13:50:54.289)[ Thread-9] Pushing parameter [win_start_script=] to the app
NCAppInstallImpl:000 (06/02 13:50:54.289)[ Thread-9] Pushing parameter [=null] to the app
NCAppInstallImpl:000 (06/02 13:50:54.289)[ Thread-9] Pushing parameter [cookies=<hidden>] to the app
DSAppControlThre:000 (06/02 13:50:54.290)[ Thread-9] Checking to see if the application is already running
2011-06-02 13:50:54.290 ../../webserver/:093 [ Thread-9] [RuntimeExec] Executing ["/bin/sh" "-c" "ps xco 'state,pid,command' | awk '/^[^zZ].+[N]etwork Connect/ { print $2 }'" ]...
2011-06-02 13:50:54.324 ../../webserver/:100 [ Thread-9] [RuntimeExec] Process ID = java.lang.UNIXProcess@56b61c3
2011-06-02 13:50:54.330 ../../webserver/:045 [ Thread-15] [RuntimeExec] Result [22538]
2011-06-02 13:50:54.332 ../../webserver/:141 [ Thread-9] [RuntimeExec] ExitValue of waitFor() = 0
2011-06-02 13:50:54.333 ../../webserver/:166 [ Thread-9] [RuntimeExec] ... done executing [/bin/sh] waitFor()=[java.lang.UNIXProcess@56b61c3] outputStream=[22538] statusStream=[empty -null status stream-]
NCAppController.:000 (06/02 13:50:54.333)[ Thread-9] Starting quit sequence...
NCAppController.:000 (06/02 13:50:54.333)[ Thread-9] Cleaning up
NCAppController.:000 (06/02 13:50:54.333)[ Thread-9] doQuit trying to load /dana/home/index.cgi
NCAppController.:000 (06/02 13:50:54.333)[ Thread-9] Loading https://go.adt.com/dana/home/index.cgi in current window
NCAppController.:000 (06/02 13:51:16.724)[applet-NCAppController.class] Entering NCAppController.init() on Thu Jun 02 13:51:16 PDT 2011
NCAppController.:000 (06/02 13:51:16.724)[applet-NCAppController.class] New NCAppController session release [6.4.0]
NCAppController.:000 (06/02 13:51:16.724)[applet-NCAppController.class] Build number [14619]
NCAppController.:000 (06/02 13:51:16.766)[applet-NCAppController.class] This host needs a i386 binary
NCAppController.:000 (06/02 13:51:16.833)[applet-NCAppController.class] Param ProductVersion=14619
NCAppController.:000 (06/02 13:51:16.833)[applet-NCAppController.class] Param SystemVersion=6.4.0
NCAppController.:000 (06/02 13:51:16.833)[applet-NCAppController.class] Param action=install
NCAppController.:000 (06/02 13:51:16.834)[applet-NCAppController.class] Param autolaunch=0
NCAppController.:000 (06/02 13:51:16.834)[applet-NCAppController.class] Param cert_md5=d0ba5f2839b732e6972d55ea9e6c40e6
NCAppController.:000 (06/02 13:51:16.834)[applet-NCAppController.class] Param dns-suffix=adt.com
NCAppController.:000 (06/02 13:51:16.834)[applet-NCAppController.class] Param enable_logging=1
NCAppController.:000 (06/02 13:51:16.834)[applet-NCAppController.class] Param enable_logupload=1
NCAppController.:000 (06/02 13:51:16.834)[applet-NCAppController.class] Param internal-proxy-config=no
NCAppController.:000 (06/02 13:51:16.834)[applet-NCAppController.class] Param ivehost=go.adt.com
NCAppController.:000 (06/02 13:51:16.835)[applet-NCAppController.class] Param launch_url=
NCAppController.:000 (06/02 13:51:16.835)[applet-NCAppController.class] Param linux_end_script=
NCAppController.:000 (06/02 13:51:16.835)[applet-NCAppController.class] Param linux_start_script=
NCAppController.:000 (06/02 13:51:16.835)[applet-NCAppController.class] Param locale=en
NCAppController.:000 (06/02 13:51:16.835)[applet-NCAppController.class] Param mac_end_script=
NCAppController.:000 (06/02 13:51:16.835)[applet-NCAppController.class] Param mac_start_script=
NCAppController.:000 (06/02 13:51:16.836)[applet-NCAppController.class] Param ncp_read_timeout=120
NCAppController.:000 (06/02 13:51:16.836)[applet-NCAppController.class] Param redir_url=/dana/home/starter.cgi?startpageonly=1
NCAppController.:000 (06/02 13:51:16.836)[applet-NCAppController.class] Param redir_win=Please_Wait7819
NCAppController.:000 (06/02 13:51:16.836)[applet-NCAppController.class] Param signin_url=/
NCAppController.:000 (06/02 13:51:16.836)[applet-NCAppController.class] Param switch-dns-search-order=enabled
NCAppController.:000 (06/02 13:51:16.836)[applet-NCAppController.class] Param uninstall_on_quit=0
NCAppController.:000 (06/02 13:51:16.837)[applet-NCAppController.class] Param upgradeMode=2
NCAppController.:000 (06/02 13:51:16.837)[applet-NCAppController.class] Param win_end_script=
NCAppController.:000 (06/02 13:51:16.837)[applet-NCAppController.class] Param win_skip_start_script=0
NCAppController.:000 (06/02 13:51:16.837)[applet-NCAppController.class] Param win_start_script=
NCAppController.:000 (06/02 13:51:16.837)[applet-NCAppController.class] Param =null
NCAppController.:000 (06/02 13:51:16.837)[applet-NCAppController.class] Param cookies=<hidden>
DSAppControlThre:000 (06/02 13:51:16.841)[ Thread-21] Beginning install...
NCAppInstallImpl:000 (06/02 13:51:16.841)[ Thread-21] Checking installed version
NCAppInstallImpl:000 (06/02 13:51:16.911)[ Thread-21] Version on disk is 14619
NCAppInstallImpl:000 (06/02 13:51:16.911)[ Thread-21] This version is 14619
NCAppInstallImpl:000 (06/02 13:51:16.911)[ Thread-21] Checking if correct locale is installed
DSAppControlThre:000 (06/02 13:51:16.912)[ Thread-21] Checking to see if the application is already running
2011-06-02 13:51:10.387 Network Connect[22538] NCController.info -applicationDidFinishLaunching: Network Connect 6.4.0 (14619)/Version 10.6.6 (Build 10J567) starting (NCController.m:98)
2011-06-02 13:51:10.721 Network Connect[22538] NCController.info -applicationDidFinishLaunching: launched from applet/application launcher (launchType: 1), waiting for parameters (NCController.m:133)
2011-06-02 13:51:10.762 Network Connect[22538] DSIPCConnection.info -_clearIPCBuffer: Clearing the IPC buffer (DSIPCConnection.mm:526)
2011-06-02 13:51:11.386 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter internal-proxy-config = "no" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.387 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received internal-proxy-config = no (NCController.m:1297)
2011-06-02 13:51:11.387 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter ivehost = "go.adt.com" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.387 Network Connect[22538] NCController.info -ipc:appletSetIVEParameter:: applet says to connect to go.adt.com. (NCController+NCIPC.m:13)
2011-06-02 13:51:11.387 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received ivehost = go.adt.com (NCController.m:1297)
2011-06-02 13:51:11.387 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter launch_url = "" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.387 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received launch_url = (NCController.m:1297)
2011-06-02 13:51:11.387 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter linux_end_script = "" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.387 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received linux_end_script = (NCController.m:1297)
2011-06-02 13:51:11.387 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter linux_start_script = "" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.387 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received linux_start_script = (NCController.m:1297)
2011-06-02 13:51:11.387 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter locale = "en" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.387 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received locale = en (NCController.m:1297)
2011-06-02 13:51:11.387 Network Connect[22538] NCController.info -loginWindowController:setClientParameter:value: saving locale preference (
en
) as AppleLanguages for use on next launch. (NCController.m:1324)
2011-06-02 13:51:11.388 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter mac_end_script = "" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.388 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received mac_end_script = (NCController.m:1297)
2011-06-02 13:51:11.388 Network Connect[22538] NCScriptLauncher.info -scheduleScriptAtPath:forEventIdentifier: scheduled for NCScriptLauncherPostDisconnectEventIdentifier (NCScriptLauncher.m:35)
2011-06-02 13:51:11.388 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter mac_start_script = "" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.388 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received mac_start_script = (NCController.m:1297)
2011-06-02 13:51:11.388 Network Connect[22538] NCScriptLauncher.info -scheduleScriptAtPath:forEventIdentifier: scheduled for NCScriptLauncherPostConnectEventIdentifier (NCScriptLauncher.m:35)
2011-06-02 13:51:11.388 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter ncp_read_timeout = "120" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.388 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received ncp_read_timeout = 120 (NCController.m:1297)
2011-06-02 13:51:11.388 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter redir_url = "/dana/home/index.cgi" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.388 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received redir_url = /dana/home/index.cgi (NCController.m:1297)
2011-06-02 13:51:11.388 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter redir_win = "Please_Wait7819" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.388 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received redir_win = Please_Wait7819 (NCController.m:1297)
2011-06-02 13:51:11.388 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter signin_url = "/" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.388 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received signin_url = / (NCController.m:1297)
2011-06-02 13:51:11.388 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter switch-dns-search-order = "enabled" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.388 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received switch-dns-search-order = enabled (NCController.m:1297)
2011-06-02 13:51:11.389 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter uninstall_on_quit = "0" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.389 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received uninstall_on_quit = 0 (NCController.m:1297)
2011-06-02 13:51:11.389 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter upgradeMode = "2" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.389 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received upgradeMode = 2 (NCController.m:1297)
2011-06-02 13:51:11.389 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter win_end_script = "" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.389 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received win_end_script = (NCController.m:1297)
2011-06-02 13:51:11.389 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter win_skip_start_script = "0" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.389 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received win_skip_start_script = 0 (NCController.m:1297)
2011-06-02 13:51:11.389 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter win_start_script = "" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.389 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received win_start_script = (NCController.m:1297)
2011-06-02 13:51:11.389 Network Connect[22538] NCController.para -ipc:appletSetIVEParameter:: received applet parameter cookies = "DSLastAccess=1307047821; DSFirstAccess=1307047819; DSID=bff2f274c3d8f863f7e631151c7a9bd3; DSSignInURL=/" (NCController+NCIPC.m:10)
2011-06-02 13:51:11.389 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received DSLastAccess = 1307047821 (NCController.m:1297)
2011-06-02 13:51:11.389 Network Connect[22538] DSSessionContext.info -addCookieWithName:domain:value: Adding cookie with name DSLastAccess, domain go.adt.com, and value <hidden> (DSSessionContext.m:81)
2011-06-02 13:51:11.389 Network Connect[22538] DSSessionContext.info -cookie: Didn't find DSLastAccess cookie! (DSSessionContext.m:68)
2011-06-02 13:51:11.814 Network Connect[22538] DSSessionContext.info -addCookieWithName:domain:value: Creating a new DSLastAccess cookie (DSSessionContext.m:148)
2011-06-02 13:51:11.814 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received DSFirstAccess = 1307047819 (NCController.m:1297)
2011-06-02 13:51:11.814 Network Connect[22538] DSSessionContext.info -addCookieWithName:domain:value: Adding cookie with name DSFirstAccess, domain go.adt.com, and value <hidden> (DSSessionContext.m:81)
2011-06-02 13:51:11.814 Network Connect[22538] DSSessionContext.info -cookie: Didn't find DSFirstAccess cookie! (DSSessionContext.m:68)
2011-06-02 13:51:11.887 Network Connect[22538] DSSessionContext.info -addCookieWithName:domain:value: Creating a new DSFirstAccess cookie (DSSessionContext.m:148)
2011-06-02 13:51:11.887 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received DSID = bff2f274c3d8f863f7e631151c7a9bd3 (NCController.m:1297)
2011-06-02 13:51:11.887 Network Connect[22538] DSSessionContext.info -addCookieWithName:domain:value: Adding cookie with name DSID, domain go.adt.com, and value <hidden> (DSSessionContext.m:81)
2011-06-02 13:51:11.887 Network Connect[22538] DSSessionContext.info -cookie: Didn't find DSID cookie! (DSSessionContext.m:68)
2011-06-02 13:51:11.887 Network Connect[22538] DSSessionContext.info -addCookieWithName:domain:value: Creating a new DSID cookie (DSSessionContext.m:148)
2011-06-02 13:51:11.887 Network Connect[22538] NCController.para -loginWindowController:setClientParameter:value: received DSSignInURL = / (NCController.m:1297)
2011-06-02 13:51:11.887 Network Connect[22538] DSSessionContext.info -addCookieWithName:domain:value: Adding cookie with name DSSignInURL, domain go.adt.com, and value <hidden> (DSSessionContext.m:81)
2011-06-02 13:51:11.887 Network Connect[22538] DSSessionContext.info -cookie: Didn't find DSSignInURL cookie! (DSSessionContext.m:68)
2011-06-02 13:51:11.887 Network Connect[22538] DSSessionContext.info -addCookieWithName:domain:value: Creating a new DSSignInURL cookie (DSSessionContext.m:148)
2011-06-02 13:51:12.393 Network Connect[22538] DSLoginWindowController.info -windowDidLoad setting user-agent to Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/6533.20.25 (KHTML, like Gecko) Network Connect (like Safari)/14619 (DSLoginWindowController.m:105)
2011-06-02 13:51:14.343 Network Connect[22538] DSLoginWindowController.info -showWindowWithWebLogin No proxy to resolve.. (DSLoginWindowController.m:824)
2011-06-02 13:51:14.343 Network Connect[22538] NCController.info -enterResolvingProxiesStateWithOldState: reconfiguring and resolving proxies (NCController+NCStateChanges.m:112)
2011-06-02 13:51:14.344 Network Connect[22538] NCController.info -reconfigure Reconfiguring on en1 (NCController.m:824)
2011-06-02 13:51:14.789 Network Connect[22538] DSHTTPSProxyResolver.info -resolveProxiesInBackground No HTTPS proxy (DSHTTPSProxyResolver.m:378)
2011-06-02 13:51:15.227 Network Connect[22538] nc.mac.app.1200.error <DSError 0x2a04f0 domain=nc.mac.app code=1200 "Network Connect can't launch service" userInfo={
DSErrorClassName = NCController;
DSErrorLocalizedAlertText = "Network Connect cannot start the tunneling service. See the Log Viewer for more information.";
DSErrorLocalizedAlertTitle = "Network Connect cannot establish a secure session.";
DSErrorLocalizedFirstButtonTitle = Cancel;
DSErrorLocalizedSecondButtonTitle = DSOptions;
DSErrorMethodName = "enterWaitingOnServiceStateWithOldState:";
DSErrorStackBackTrace = (
"atos not installed: hex trace: 0x11007e97 0x110088d5 0x105f8 0x3fd6 0x12008469 0x12008d6c 0x3fd6 0x1201914d 0xf7e0 0x9867cedd 0x9867ce48 0x986b9698 0x11016b46 0x11006148 0x110063ba 0x11017f4e 0x96cb5588 0x9865e793 0x9865e19a 0x96caa384 0x96d82038 0x986424cb 0x9863ff8f 0x9863f464 0x9863f291 0x92884004 0x92883cf7 0x92883c40 0x96f5b78d 0x96f5afce 0x96f1d247 0x96f152d9 0xde2a 0x2656 0x2571 0x5"
path = "/usr/local/juniper/nc/6.4.0/ncproxyd";
reason = "working directory doesn't exist.";
} (NCController+NCStateChanges.m:160)>
2011-06-02 13:51:15.294 Network Connect[22538] diag.info ifconfig -a: lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
2011-06-02 13:51:15.294 Network Connect[22538] diag.info inet6 ::1 prefixlen 128
2011-06-02 13:51:15.294 Network Connect[22538] diag.info inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
2011-06-02 13:51:15.294 Network Connect[22538] diag.info inet 127.0.0.1 netmask 0xff000000
2011-06-02 13:51:15.294 Network Connect[22538] diag.info gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
2011-06-02 13:51:15.294 Network Connect[22538] diag.info stf0: flags=0<> mtu 1280
2011-06-02 13:51:15.294 Network Connect[22538] diag.info en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
2011-06-02 13:51:15.294 Network Connect[22538] diag.info ether d4:9a:20:ec:fe:36
2011-06-02 13:51:15.294 Network Connect[22538] diag.info media: autoselect
2011-06-02 13:51:15.294 Network Connect[22538] diag.info status: inactive
2011-06-02 13:51:15.294 Network Connect[22538] diag.info en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
2011-06-02 13:51:15.294 Network Connect[22538] diag.info ether 34:15:9e:8d:11:36
2011-06-02 13:51:15.294 Network Connect[22538] diag.info inet6 fe80::3615:9eff:fe8d:1136%en1 prefixlen 64 scopeid 0x5
2011-06-02 13:51:15.294 Network Connect[22538] diag.info inet 192.168.1.65 netmask 0xffffff00 broadcast 192.168.1.255
2011-06-02 13:51:15.294 Network Connect[22538] diag.info inet6 ::3615:9eff:fe8d:1136 prefixlen 64 autoconf
2011-06-02 13:51:15.294 Network Connect[22538] diag.info media: autoselect
2011-06-02 13:51:15.294 Network Connect[22538] diag.info status: active
2011-06-02 13:51:15.294 Network Connect[22538] diag.info netstat -rnf inet: -a: Routing tables
2011-06-02 13:51:15.294 Network Connect[22538] diag.info Internet:
2011-06-02 13:51:15.294 Network Connect[22538] diag.info Destination Gateway Flags Refs Use Netif Expire
2011-06-02 13:51:15.294 Network Connect[22538] diag.info default 192.168.1.254 UGSc 28 0 en1
2011-06-02 13:51:15.294 Network Connect[22538] diag.info 127 127.0.0.1 UCS 0 0 lo0
2011-06-02 13:51:15.294 Network Connect[22538] diag.info 127.0.0.1 127.0.0.1 UH 0 958 lo0
2011-06-02 13:51:15.294 Network Connect[22538] diag.info 169.254 link#5 UCS 0 0 en1
2011-06-02 13:51:15.294 Network Connect[22538] diag.info 192.168.1 link#5 UCS 6 0 en1
2011-06-02 13:51:15.294 Network Connect[22538] diag.info 192.168.1.64 0:1b:63:f3:64:4f UHLWI 0 0 en1 239
2011-06-02 13:51:15.294 Network Connect[22538] diag.info 192.168.1.65 127.0.0.1 UHS 0 703 lo0
2011-06-02 13:51:15.294 Network Connect[22538] diag.info 192.168.1.70 24:ab:81:fd:8:46 UHLWI 0 0 en1 100
2011-06-02 13:51:15.294 Network Connect[22538] diag.info 192.168.1.74 0:1b:63:c8:71:2 UHLWI 1 627 en1 548
2011-06-02 13:51:15.294 Network Connect[22538] diag.info 192.168.1.254 0:1b:5b:6e:35:a1 UHLWI 39 226 en1 1199
2011-06-02 13:51:15.294 Network Connect[22538] diag.info 192.168.1.255 link#5 UHLWbI 2 85 en1
2011-06-02 13:51:15.294 Network Connect[22538] diag.info resolv.conf: #
2011-06-02 13:51:15.294 Network Connect[22538] diag.info # Mac OS X Notice
2011-06-02 13:51:15.294 Network Connect[22538] diag.info #
2011-06-02 13:51:15.294 Network Connect[22538] diag.info # This file is not used by the host name and address resolution
2011-06-02 13:51:15.294 Network Connect[22538] diag.info # or the DNS query routing mechanisms used by most processes on
2011-06-02 13:51:15.294 Network Connect[22538] diag.info # this Mac OS X system.
2011-06-02 13:51:15.294 Network Connect[22538] diag.info #
2011-06-02 13:51:15.294 Network Connect[22538] diag.info # This file is automatically generated.
2011-06-02 13:51:15.294 Network Connect[22538] diag.info #
2011-06-02 13:51:15.294 Network Connect[22538] diag.info domain gateway.2wire.net
2011-06-02 13:51:15.294 Network Connect[22538] diag.info nameserver 192.168.1.254
2011-06-02 13:51:16.912 ../../webserver/:093 [ Thread-21] [RuntimeExec] Executing ["/bin/sh" "-c" "ps xco 'state,pid,command' | awk '/^[^zZ].+[N]etwork Connect/ { print $2 }'" ]...
2011-06-02 13:51:16.964 ../../webserver/:100 [ Thread-21] [RuntimeExec] Process ID = java.lang.UNIXProcess@cc7f9e
2011-06-02 13:51:16.970 ../../webserver/:045 [ Thread-23] [RuntimeExec] Result [22538]
2011-06-02 13:51:16.972 ../../webserver/:141 [ Thread-21] [RuntimeExec] ExitValue of waitFor() = 0
2011-06-02 13:51:16.972 ../../webserver/:166 [ Thread-21] [RuntimeExec] ... done executing [/bin/sh] waitFor()=[java.lang.UNIXProcess@cc7f9e] outputStream=[22538] statusStream=[empty -null status stream-]
DSAppControlThre:000 (06/02 13:51:16.973)[ Thread-21] The application is already running with PID 22538
NCAppController.:000 (06/02 13:51:18.775)[ Thread-21] Starting quit sequence...
NCAppController.:000 (06/02 13:51:18.776)[ Thread-21] Cleaning up
NCAppController.:000 (06/02 13:51:18.777)[ Thread-21] doQuit trying to load /dana/home/starter.cgi?startpageonly=1
NCAppController.:000 (06/02 13:51:18.777)[ Thread-21] Loading https://go.adt.com/dana/home/starter.cgi?startpageonly=1 in current window
NCAppController.:000 (06/02 13:58:03.266)[applet-NCAppController.class] Entering NCAppController.init() on Thu Jun 02 13:58:03 PDT 2011
NCAppController.:000 (06/02 13:58:03.311)[applet-NCAppController.class] New NCAppController session release [6.4.0]
NCAppController.:000 (06/02 13:58:03.311)[applet-NCAppController.class] Build number [14619]
NCAppController.:000 (06/02 13:58:03.387)[applet-NCAppController.class] This host needs a i386 binary
NCAppController.:000 (06/02 13:58:03.452)[applet-NCAppController.class] Param ProductVersion=14619
NCAppController.:000 (06/02 13:58:03.452)[applet-NCAppController.class] Param SystemVersion=6.4.0
NCAppController.:000 (06/02 13:58:03.452)[applet-NCAppController.class] Param action=install
NCAppController.:000 (06/02 13:58:03.452)[applet-NCAppController.class] Param autolaunch=0
NCAppController.:000 (06/02 13:58:03.452)[applet-NCAppController.class] Param cert_md5=d0ba5f2839b732e6972d55ea9e6c40e6
NCAppController.:000 (06/02 13:58:03.452)[applet-NCAppController.class] Param dns-suffix=adt.com
NCAppController.:000 (06/02 13:58:03.453)[applet-NCAppController.class] Param enable_logging=1
NCAppController.:000 (06/02 13:58:03.453)[applet-NCAppController.class] Param enable_logupload=1
NCAppController.:000 (06/02 13:58:03.453)[applet-NCAppController.class] Param internal-proxy-config=no
NCAppController.:000 (06/02 13:58:03.453)[applet-NCAppController.class] Param ivehost=go.adt.com
NCAppController.:000 (06/02 13:58:03.453)[applet-NCAppController.class] Param launch_url=
NCAppController.:000 (06/02 13:58:03.453)[applet-NCAppController.class] Param linux_end_script=
NCAppController.:000 (06/02 13:58:03.496)[applet-NCAppController.class] Param linux_start_script=
NCAppController.:000 (06/02 13:58:03.496)[applet-NCAppController.class] Param locale=en
NCAppController.:000 (06/02 13:58:03.496)[applet-NCAppController.class] Param mac_end_script=
NCAppController.:000 (06/02 13:58:03.497)[applet-NCAppController.class] Param mac_start_script=
NCAppController.:000 (06/02 13:58:03.497)[applet-NCAppController.class] Param ncp_read_timeout=120
NCAppController.:000 (06/02 13:58:03.497)[applet-NCAppController.class] Param redir_url=/dana/home/starter.cgi?startpageonly=1
NCAppController.:000 (06/02 13:58:03.498)[applet-NCAppController.class] Param redir_win=Please_Wait7819
NCAppController.:000 (06/02 13:58:03.498)[applet-NCAppController.class] Param signin_url=/
NCAppController.:000 (06/02 13:58:03.498)[applet-NCAppController.class] Param switch-dns-search-order=enabled
NCAppController.:000 (06/02 13:58:03.498)[applet-NCAppController.class] Param uninstall_on_quit=0
NCAppController.:000 (06/02 13:58:03.498)[applet-NCAppController.class] Param upgradeMode=2
NCAppController.:000 (06/02 13:58:03.498)[applet-NCAppController.class] Param win_end_script=
NCAppController.:000 (06/02 13:58:03.499)[applet-NCAppController.class] Param win_skip_start_script=0
NCAppController.:000 (06/02 13:58:03.499)[applet-NCAppController.class] Param win_start_script=
NCAppController.:000 (06/02 13:58:03.499)[applet-NCAppController.class] Param =null
NCAppController.:000 (06/02 13:58:03.499)[applet-NCAppController.class] Param cookies=<hidden>
DSAppControlThre:000 (06/02 13:58:03.505)[ Thread-29] Beginning install...
NCAppInstallImpl:000 (06/02 13:58:03.505)[ Thread-29] Checking installed version
NCAppInstallImpl:000 (06/02 13:58:03.534)[ Thread-29] Version on disk is 14619
NCAppInstallImpl:000 (06/02 13:58:03.534)[ Thread-29] This version is 14619
NCAppInstallImpl:000 (06/02 13:58:03.534)[ Thread-29] Checking if correct locale is installed
DSAppControlThre:000 (06/02 13:58:03.570)[ Thread-29] Checking to see if the application is already running
2011-06-02 13:51:38.496 Network Connect[22538] NCProxyMonitor.warn -quit quitting ncproxyd (0) (NCProxyMonitor.mm:132)
2011-06-02 13:51:38.496 Network Connect[22538] DSIPCConnection.warn -enqueueMessageWithName:types: IPC message nc_quit sent while _writeFileHandle == nil (DSIPCConnection.mm:455)
2011-06-02 13:51:38.531 Network Connect[22538] NCAdminFunctions.info calling ncproxyd to restore system configuration. (NCAdminFunctions.mm:111)
2011-06-02 13:51:38.779 Network Connect[22538] http_connection.para Starting a timed connect with SSL session 0x2bdd30, proxy 0:0, and timeout 30 (http_connection.cpp:175)
2011-06-02 13:51:38.779 Network Connect[22538] http_connection.para Entering state_start_connection (http_connection.cpp:285)
2011-06-02 13:51:38.806 ncproxyd-admintool[22557] DSIPC.para Recevied message bytes: (52) <0><0><0>4<a1><4><85><d8>/X<16>>1<1c><ff><c7>:<f4><db>2<e4>c<bc><82><c9><8f>`<1 a>M<14><fa>.<f><a>2<c0><8c><1f><99><87><fc><d7>Ud<ab>u<10><7><96>w<1f><fc> (ipc.cpp:727)
2011-06-02 13:51:38.846 Network Connect[22538] http_connection.para Entering state_continue_connection (http_connection.cpp:302)
2011-06-02 13:51:38.846 ncproxyd-admintool[22557] NCAdminHelper.info looking for ncproxyd in 63 processes (NCAdminHelper.cpp:1131)
2011-06-02 13:51:38.847 Network Connect[22538] http_connection.para Entering state_ssl_connect (http_connection.cpp:471)
2011-06-02 13:51:38.847 ncproxyd-admintool[22557] rmon.info got system route 0.0.0.0/0.0.0.0 gw 192.168.1.254 metric 1 via 0x00000000 (routemon.cpp:572)
2011-06-02 13:51:38.847 ncproxyd-admintool[22557] rmon.info got system route 127.0.0.0/255.0.0.0 gw 127.0.0.1 metric 1 via 0x00000000 (routemon.cpp:572)
2011-06-02 13:51:38.847 ncproxyd-admintool[22557] rmon.info got system route 127.0.0.1/255.255.255.255 gw 127.0.0.1 metric 1 via 0x00000000 (routemon.cpp:572)
2011-06-02 13:51:38.847 ncproxyd-admintool[22557] rmon.info got system route 169.254.0.0/255.255.0.0 gw 0.0.0.0 metric 1 via 0x00000005 (routemon.cpp:572)
2011-06-02 13:51:38.847 ncproxyd-admintool[22557] rmon.info got system route 192.168.1.0/255.255.255.0 gw 0.0.0.0 metric 1 via 0x00000005 (routemon.cpp:572)
2011-06-02 13:51:38.847 ncproxyd-admintool[22557] rmon.info got system route 192.168.1.65/255.255.255.255 gw 127.0.0.1 metric 1 via 0x00000000 (routemon.cpp:572)
2011-06-02 13:51:38.847 ncproxyd-admintool[22557] ncproxyd.info No added routes to delete (ncproxyd.cpp:242)
2011-06-02 13:51:38.847 ncproxyd-admintool[22557] config.info Removing key "ncproxyd_added_routes" from the persistent store (config.cpp:273)
2011-06-02 13:51:38.847 ncproxyd-admintool[22557] NCAdminHelper.info removing ncproxyd_added_routes (NCAdminHelper.cpp:1020)
2011-06-02 13:51:38.847 ncproxyd-admintool[22557] ncproxyd.info No routes to restore (ncproxyd.cpp:251)
2011-06-02 13:51:38.847 ncproxyd-admintool[22557] config.info Removing key "ncproxyd_saved_routes" from the persistent store (config.cpp:273)
2011-06-02 13:51:38.847 ncproxyd-admintool[22557] NCAdminHelper.info removing ncproxyd_saved_routes (NCAdminHelper.cpp:1020)
2011-06-02 13:51:38.848 ncproxyd-admintool[22557] NCAdminHelper.warn restore_dns_configuration: failed to rename /etc/hosts.bak to /etc/hosts: No such file or directory (NCAdminHelper.cpp:810)
2011-06-02 13:51:38.917 Network Connect[22538] DSIPC.para Recevied message bytes: (186) <0><0><0><ba><81>$<9b><dd>&\<11><18><b><4><e0><cd>$<f4><da>2<e3>H<a1><95><df><a 5><7f><17>><9><9f><12>|<c9>4<ae><ea>v<fe><81><a6><dd>D<7f><aa>~|G<b6>mV$<a>'u<f0 >=<a>Nil<d5>r~n<92><6>=A<e7>#<c5><da>A<9f>O<c3>p<82>E<d><e8><e6>b<fb><15>-<f5><9 d><e9><fa><5><e6>1<f5><9a><fb><a8><d9>m<e7>PmZ<a6><98>I<ee>MP<7f><d1><92><12><9f >30 <dd>|<eb> <b4>X<aa><ce>o<88>l[b<2><d8>6<b7>.K<ba><9c><97><96><7f>]<b3>J<83><eb>.<c><b5><< a><a>eH<a2><b9><12><99><9c><bb><eb>D<bd>|0&<ab>k<fc>`<13><af>6<9d><cf>(T<9d><8d> <e5><fe>7<8f>r<fb> (ipc.cpp:727)
2011-06-02 13:58:03.569 ../../webserver/:093 [ Thread-29] [RuntimeExec] Executing ["/bin/sh" "-c" "ps xco 'state,pid,command' | awk '/^[^zZ].+[N]etwork Connect/ { print $2 }'" ]...
2011-06-02 13:58:03.607 ../../webserver/:100 [ Thread-29] [RuntimeExec] Process ID = java.lang.UNIXProcess@2af6a882
2011-06-02 13:58:03.679 ../../webserver/:141 [ Thread-29] [RuntimeExec] ExitValue of waitFor() = 0
2011-06-02 13:58:03.680 ../../webserver/:166 [ Thread-29] [RuntimeExec] ... done executing [/bin/sh] waitFor()=[java.lang.UNIXProcess@2af6a882] outputStream=[empty -null output stream-] statusStream=[empty -null status stream-]
DSAppControlThre:000 (06/02 13:58:03.681)[ Thread-29] Checking to see if the application is already running
2011-06-02 13:58:03.680 ../../webserver/:093 [ Thread-29] [RuntimeExec] Executing ["/bin/sh" "-c" "ps xaco 'state,pid,command' | awk '/^[^zZ].+[N]etwork Connect/ { print $2 }'" ]...
2011-06-02 13:58:03.720 ../../webserver/:100 [ Thread-29] [RuntimeExec] Process ID = java.lang.UNIXProcess@6a25b72a
2011-06-02 13:58:03.736 ../../webserver/:141 [ Thread-29] [RuntimeExec] ExitValue of waitFor() = 0
2011-06-02 13:58:03.737 ../../webserver/:166 [ Thread-29] [RuntimeExec] ... done executing [/bin/sh] waitFor()=[java.lang.UNIXProcess@6a25b72a] outputStream=[empty -null output stream-] statusStream=[empty -null status stream-]
DSAppControlThre:000 (06/02 13:58:03.738)[ Thread-29] The application is NOT already running
NCAppInstallImpl:000 (06/02 13:58:03.740)[ Thread-29] Attempting to launch the application (mode 1)
NCAppInstallImpl:000 (06/02 13:58:03.741)[ Thread-29] Running this command: /Applications/Network Connect.app/Contents/MacOS/Network Connect -NCLaunchType 1 -AppleLanguages ( en )
NCAppInstallImpl:000 (06/02 13:58:03.809)[ Thread-29] Pushing parameter [ProductVersion=14619] to the app
NCAppInstallImpl:000 (06/02 13:58:03.810)[ Thread-29] Pushing parameter [SystemVersion=6.4.0] to the app
NCAppInstallImpl:000 (06/02 13:58:03.866)[ Thread-29] Pushing parameter [action=install] to the app
NCAppInstallImpl:000 (06/02 13:58:03.866)[ Thread-29] Pushing parameter [autolaunch=0] to the app
NCAppInstallImpl:000 (06/02 13:58:03.867)[ Thread-29] Pushing parameter [cert_md5=d0ba5f2839b732e6972d55ea9e6c40e6] to the app
NCAppInstallImpl:000 (06/02 13:58:03.867)[ Thread-29] Pushing parameter [dns-suffix=adt.com] to the app
NCAppInstallImpl:000 (06/02 13:58:03.867)[ Thread-29] Pushing parameter [enable_logging=1] to the app
NCAppInstallImpl:000 (06/02 13:58:03.868)[ Thread-29] Pushing parameter [enable_logupload=1] to the app
NCAppInstallImpl:000 (06/02 13:58:03.868)[ Thread-29] Pushing parameter [internal-proxy-config=no] to the app
NCAppInstallImpl:000 (06/02 13:58:03.868)[ Thread-29] Pushing parameter [ivehost=go.adt.com] to the app
NCAppInstallImpl:000 (06/02 13:58:03.868)[ Thread-29] Pushing parameter [launch_url=] to the app
NCAppInstallImpl:000 (06/02 13:58:03.868)[ Thread-29] Pushing parameter [linux_end_script=] to the app
NCAppInstallImpl:000 (06/02 13:58:03.868)[ Thread-29] Pushing parameter [linux_start_script=] to the app
NCAppInstallImpl:000 (06/02 13:58:03.869)[ Thread-29] Pushing parameter [locale=en] to the app
NCAppInstallImpl:000 (06/02 13:58:03.869)[ Thread-29] Pushing parameter [mac_end_script=] to the app
NCAppInstallImpl:000 (06/02 13:58:03.869)[ Thread-29] Pushing parameter [mac_start_script=] to the app
NCAppInstallImpl:000 (06/02 13:58:03.869)[ Thread-29] Pushing parameter [ncp_read_timeout=120] to the app
NCAppInstallImpl:000 (06/02 13:58:03.869)[ Thread-29] Pushing parameter [redir_url=/dana/home/starter.cgi?startpageonly=1] to the app
NCAppInstallImpl:000 (06/02 13:58:03.869)[ Thread-29] Pushing parameter [redir_win=Please_Wait7819] to the app
NCAppInstallImpl:000 (06/02 13:58:03.870)[ Thread-29] Pushing parameter [signin_url=/] to the app
NCAppInstallImpl:000 (06/02 13:58:03.870)[ Thread-29] Pushing parameter [switch-dns-search-order=enabled] to the app
NCAppInstallImpl:000 (06/02 13:58:03.870)[ Thread-29] Pushing parameter [uninstall_on_quit=0] to the app
NCAppInstallImpl:000 (06/02 13:58:03.870)[ Thread-29] Pushing parameter [upgradeMode=2] to the app
NCAppInstallImpl:000 (06/02 13:58:03.870)[ Thread-29] Pushing parameter [win_end_script=] to the app
NCAppInstallImpl:000 (06/02 13:58:03.870)[ Thread-29] Pushing parameter [win_skip_start_script=0] to the app
NCAppInstallImpl:000 (06/02 13:58:03.871)[ Thread-29] Pushing parameter [win_start_script=] to the app
NCAppInstallImpl:000 (06/02 13:58:03.871)[ Thread-29] Pushing parameter [=null] to the app
NCAppInstallImpl:000 (06/02 13:58:03.871)[ Thread-29] Pushing parameter [cookies=<hidden>] to the app
DSAppControlThre:000 (06/02 13:58:03.871)[ Thread-29] Checking to see if the application is already running
2011-06-02 13:58:03.871 ../../webserver/:093 [ Thread-29] [RuntimeExec] Executing ["/bin/sh" "-c" "ps xco 'state,pid,command' | awk '/^[^zZ].+[N]etwork Connect/ { print $2 }'" ]...
2011-06-02 13:58:03.916 ../../webserver/:100 [ Thread-29] [RuntimeExec] Process ID = java.lang.UNIXProcess@6dabbec4
2011-06-02 13:58:03.920 ../../webserver/:045 [ Thread-35] [RuntimeExec] Result [22587]
2011-06-02 13:58:03.921 ../../webserver/:141 [ Thread-29] [RuntimeExec] ExitValue of waitFor() = 0
2011-06-02 13:58:03.921 ../../webserver/:166 [ Thread-29] [RuntimeExec] ... done executing [/bin/sh] waitFor()=[java.lang.UNIXProcess@6dabbec4] outputStream=[22587] statusStream=[empty -null status stream-]
NCAppController.:000 (06/02 13:58:03.922)[ Thread-29] Starting quit sequence...
NCAppController.:000 (06/02 13:58:03.922)[ Thread-29] Cleaning up
NCAppController.:000 (06/02 13:58:03.923)[ Thread-29] doQuit trying to load /dana/home/starter.cgi?startpageonly=1
NCAppController.:000 (06/02 13:58:03.923)[ Thread-29] Loading https://go.adt.com/dana/home/starter.cgi?startpageonly=1 in current window
2011-06-02 13:58:08.899 Network Connect[22587] NCController.info -applicationDidFinishLaunching: Network Connect 6.4.0 (14619)/Version 10.6.6 (Build 10J567) starting (NCController.m:98)
2011-06-02 13:58:09.111 Network Connect[22587] NCController.info -applicationDidFinishLaunching: launched from applet/application launcher (launchType: 1), waiting for parameters (NCController.m:133)
2011-06-02 13:58:09.113 Network Connect[22587] DSIPCConnection.info -_clearIPCBuffer: Clearing the IPC buffer (DSIPCConnection.mm:526)
2011-06-02 13:58:09.154 Network Connect[22587] DSSessionContext.info -addCookieWithName:domain:value: Creating a new DSFirstAccess cookie (DSSessionContext.m:148)
2011-06-02 13:58:09.154 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received DSID = bff2f274c3d8f863f7e631151c7a9bd3 (NCController.m:1297)
2011-06-02 13:58:09.154 Network Connect[22587] DSSessionContext.info -addCookieWithName:domain:value: Adding cookie with name DSID, domain go.adt.com, and value <hidden> (DSSessionContext.m:81)
2011-06-02 13:58:09.154 Network Connect[22587] DSSessionContext.info -cookie: Didn't find DSID cookie! (DSSessionContext.m:68)
2011-06-02 13:58:09.154 Network Connect[22587] DSSessionContext.info -addCookieWithName:domain:value: Creating a new DSID cookie (DSSessionContext.m:148)
2011-06-02 13:58:09.155 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received DSSignInURL = / (NCController.m:1297)
2011-06-02 13:58:09.155 Network Connect[22587] DSSessionContext.info -addCookieWithName:domain:value: Adding cookie with name DSSignInURL, domain go.adt.com, and value <hidden> (DSSessionContext.m:81)
2011-06-02 13:58:09.155 Network Connect[22587] DSSessionContext.info -cookie: Didn't find DSSignInURL cookie! (DSSessionContext.m:68)
2011-06-02 13:58:09.155 Network Connect[22587] DSSessionContext.info -addCookieWithName:domain:value: Creating a new DSSignInURL cookie (DSSessionContext.m:148)
2011-06-02 13:58:09.174 Network Connect[22587] DSLoginWindowController.info -windowDidLoad setting user-agent to Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/6533.20.25 (KHTML, like Gecko) Network Connect (like Safari)/14619 (DSLoginWindowController.m:105)
2011-06-02 13:58:09.387 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter internal-proxy-config = "no" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.391 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received internal-proxy-config = no (NCController.m:1297)
2011-06-02 13:58:09.392 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter ivehost = "go.adt.com" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.392 Network Connect[22587] NCController.info -ipc:appletSetIVEParameter:: applet says to connect to go.adt.com. (NCController+NCIPC.m:13)
2011-06-02 13:58:09.393 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received ivehost = go.adt.com (NCController.m:1297)
2011-06-02 13:58:09.393 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter launch_url = "" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.394 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received launch_url = (NCController.m:1297)
2011-06-02 13:58:09.394 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter linux_end_script = "" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.395 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received linux_end_script = (NCController.m:1297)
2011-06-02 13:58:09.395 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter linux_start_script = "" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.396 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received linux_start_script = (NCController.m:1297)
2011-06-02 13:58:09.396 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter locale = "en" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.396 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received locale = en (NCController.m:1297)
2011-06-02 13:58:09.397 Network Connect[22587] NCController.info -loginWindowController:setClientParameter:value: saving locale preference (
en
) as AppleLanguages for use on next launch. (NCController.m:1324)
2011-06-02 13:58:09.398 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter mac_end_script = "" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.399 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received mac_end_script = (NCController.m:1297)
2011-06-02 13:58:09.399 Network Connect[22587] NCScriptLauncher.info -scheduleScriptAtPath:forEventIdentifier: scheduled for NCScriptLauncherPostDisconnectEventIdentifier (NCScriptLauncher.m:35)
2011-06-02 13:58:09.400 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter mac_start_script = "" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.400 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received mac_start_script = (NCController.m:1297)
2011-06-02 13:58:09.400 Network Connect[22587] NCScriptLauncher.info -scheduleScriptAtPath:forEventIdentifier: scheduled for NCScriptLauncherPostConnectEventIdentifier (NCScriptLauncher.m:35)
2011-06-02 13:58:09.401 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter ncp_read_timeout = "120" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.401 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received ncp_read_timeout = 120 (NCController.m:1297)
2011-06-02 13:58:09.402 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter redir_url = "/dana/home/starter.cgi?startpageonly=1" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.402 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received redir_url = /dana/home/starter.cgi?startpageonly=1 (NCController.m:1297)
2011-06-02 13:58:09.403 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter redir_win = "Please_Wait7819" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.403 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received redir_win = Please_Wait7819 (NCController.m:1297)
2011-06-02 13:58:09.404 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter signin_url = "/" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.404 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received signin_url = / (NCController.m:1297)
2011-06-02 13:58:09.404 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter switch-dns-search-order = "enabled" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.405 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received switch-dns-search-order = enabled (NCController.m:1297)
2011-06-02 13:58:09.406 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter uninstall_on_quit = "0" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.406 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received uninstall_on_quit = 0 (NCController.m:1297)
2011-06-02 13:58:09.406 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter upgradeMode = "2" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.407 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received upgradeMode = 2 (NCController.m:1297)
2011-06-02 13:58:09.407 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter win_end_script = "" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.408 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received win_end_script = (NCController.m:1297)
2011-06-02 13:58:09.408 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter win_skip_start_script = "0" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.408 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received win_skip_start_script = 0 (NCController.m:1297)
2011-06-02 13:58:09.409 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter win_start_script = "" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.409 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received win_start_script = (NCController.m:1297)
2011-06-02 13:58:09.410 Network Connect[22587] NCController.para -ipc:appletSetIVEParameter:: received applet parameter cookies = "DSLastAccess=1307048282; DSFirstAccess=1307047819; DSID=bff2f274c3d8f863f7e631151c7a9bd3; DSSignInURL=/" (NCController+NCIPC.m:10)
2011-06-02 13:58:09.410 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received DSLastAccess = 1307048282 (NCController.m:1297)
2011-06-02 13:58:09.411 Network Connect[22587] DSSessionContext.info -addCookieWithName:domain:value: Adding cookie with name DSLastAccess, domain go.adt.com, and value <hidden> (DSSessionContext.m:81)
2011-06-02 13:58:09.411 Network Connect[22587] DSSessionContext.info -cookie: Didn't find DSLastAccess cookie! (DSSessionContext.m:68)
2011-06-02 13:58:09.748 Network Connect[22587] DSLoginWindowController.info -showWindowWithWebLogin No proxy to resolve.. (DSLoginWindowController.m:824)
2011-06-02 13:58:09.748 Network Connect[22587] NCController.info -enterResolvingProxiesStateWithOldState: reconfiguring and resolving proxies (NCController+NCStateChanges.m:112)
2011-06-02 13:58:09.748 Network Connect[22587] NCController.info -reconfigure Reconfiguring on en1 (NCController.m:824)
2011-06-02 13:58:09.788 Network Connect[22587] DSHTTPSProxyResolver.info -resolveProxiesInBackground No HTTPS proxy (DSHTTPSProxyResolver.m:378)
2011-06-02 13:58:09.841 Network Connect[22587] DSSessionContext.info -addCookieWithName:domain:value: Creating a new DSLastAccess cookie (DSSessionContext.m:148)
2011-06-02 13:58:09.842 Network Connect[22587] NCController.para -loginWindowController:setClientParameter:value: received DSFirstAccess = 1307047819 (NCController.m:1297)
2011-06-02 13:58:09.843 Network Connect[22587] DSSessionContext.info -addCookieWithName:domain:value: Adding cookie with name DSFirstAccess, domain go.adt.com, and value <hidden> (DSSessionContext.m:81)
2011-06-02 13:58:09.843 Network Connect[22587] DSSessionContext.info -cookie: Didn't find DSFirstAccess cookie! (DSSessionContext.m:68)
2011-06-02 13:58:09.847 Network Connect[22587] nc.mac.app.1200.error <DSError 0x28bf20 domain=nc.mac.app code=1200 "Network Connect can't launch service" userInfo={
DSErrorClassName = NCController;
DSErrorLocalizedAlertText = "Network Connect cannot start the tunneling service. See the Log Viewer for more information.";
DSErrorLocalizedAlertTitle = "Network Connect cannot establish a secure session.";
DSErrorLocalizedFirstButtonTitle = Cancel;
DSErrorLocalizedSecondButtonTitle = DSOptions;
DSErrorMethodName = "enterWaitingOnServiceStateWithOldState:";
DSErrorStackBackTrace = (
"atos not installed: hex trace: 0x11007e97 0x110088d5 0x105f8 0x3fd6 0x12008469 0x12008d6c 0x3fd6 0x1201914d 0xf7e0 0x9867cedd 0x9867ce48 0x986b9698 0x11016b46 0x11006148 0x110063ba 0x11017f4e 0x96cb5588 0x9865e793 0x9865e19a 0x96caa384 0x96d82038 0x986424cb 0x9863ff8f 0x9863f464 0x9863f291 0x92884004 0x92883cf7 0x92883c40 0x96f5b78d 0x96f5afce 0x96f1d247 0x96f152d9 0xde2a 0x2656 0x2571 0x5"
path = "/usr/local/juniper/nc/6.4.0/ncproxyd";
reason = "working directory doesn't exist.";
} (NCController+NCStateChanges.m:160)>
2011-06-02 13:58:09.895 Network Connect[22587] diag.info ifconfig -a: lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
2011-06-02 13:58:09.895 Network Connect[22587] diag.info inet6 ::1 prefixlen 128
2011-06-02 13:58:09.895 Network Connect[22587] diag.info inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
2011-06-02 13:58:09.895 Network Connect[22587] diag.info inet 127.0.0.1 netmask 0xff000000
2011-06-02 13:58:09.895 Network Connect[22587] diag.info gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
2011-06-02 13:58:09.895 Network Connect[22587] diag.info stf0: flags=0<> mtu 1280
2011-06-02 13:58:09.895 Network Connect[22587] diag.info en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
2011-06-02 13:58:09.895 Network Connect[22587] diag.info ether d4:9a:20:ec:fe:36
2011-06-02 13:58:09.895 Network Connect[22587] diag.info media: autoselect
2011-06-02 13:58:09.895 Network Connect[22587] diag.info status: inactive
2011-06-02 13:58:09.895 Network Connect[22587] diag.info en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
2011-06-02 13:58:09.895 Network Connect[22587] diag.info ether 34:15:9e:8d:11:36
2011-06-02 13:58:09.895 Network Connect[22587] diag.info inet6 fe80::3615:9eff:fe8d:1136%en1 prefixlen 64 scopeid 0x5
2011-06-02 13:58:09.895 Network Connect[22587] diag.info inet 192.168.1.65 netmask 0xffffff00 broadcast 192.168.1.255
2011-06-02 13:58:09.895 Network Connect[22587] diag.info inet6 ::3615:9eff:fe8d:1136 prefixlen 64 autoconf
2011-06-02 13:58:09.895 Network Connect[22587] diag.info media: autoselect
2011-06-02 13:58:09.895 Network Connect[22587] diag.info status: active
2011-06-02 13:58:09.895 Network Connect[22587] diag.info netstat -rnf inet: -a: Routing tables
2011-06-02 13:58:09.895 Network Connect[22587] diag.info Internet:
2011-06-02 13:58:09.895 Network Connect[22587] diag.info Destination Gateway Flags Refs Use Netif Expire
2011-06-02 13:58:09.895 Network Connect[22587] diag.info default 192.168.1.254 UGSc 15 0 en1rtdolfan13 I have the same problem with my new mac Mac OS X (10.6.7). My other mac worked fine. I work for the same company as you also.. please let me know if you found a solution and I will do the same. Our "help desk" does not know anything about macs which makes no sense to me. We have 4 mac users in our office and we can not log on with the VPN.. kinda frustrating.
hope we can resolve this soon! -
Hi....
windows 8.1 64 bit
my problem is Check point vpn configure complite,
but not access VPN'
Massage shows " Server is not responding or cannot to be reached "Hi,
Any VPN error code? The error message indicates that the VPN client cannot reach the server. This can happen if the VPN server is not properly connected to the network, the network is temporarily down, or if the server or network is overloaded with traffic.
The error also occurs if the VPN client has incorrect configuration settings, so please eliminate the network connection issue and configuration issue.
Meanhwhile, manke sure the Firewall and anti-virus program are not blocking the connectin, you can temporarily disable them as a test.
We can also refer to this link for troubleshooting
http://windows.microsoft.com/en-hk/windows7/why-am-i-having-problems-with-my-vpn-connection
Yolanda Zhu
TechNet Community Support -
Need help configuring VPN - problems accessing the networks
Hi everyone, hope someone can help me out here.
I'm administering the network for our small company. We basically have two sets of machines - public ones with fixed net addresses (mail, web, dns servers, etc), and private ones behind a wireless router/nat.
Our main need here is to be able to VPN in to the public side, in particular, the mailserver, so that we can get around all the stupid things that get done to SMTP when we connect at the BedBug Inn ("Free wifi, administered by gibbons").
Secondarily, it would be nice to be able to connect to and browse some of the internal machines.
So here is what I did:
* Installed 10.4.10 Server on a machine with two ethernet interfaces, one that has a public IP address, the other connects into the private network. When I'm actually at that machine, things work fine - I can browse the private network shares, connect to the net, etc.
* Configured VPN. I have no problems getting a VPN connection, both sides are happy. The VPN assigns incoming clients IP addresses in the private network IP range, but outside those assigned by the wireless router's NAT.
* Added 192.168.2.1/255 (the private network) and 12.17.29.193/224 (the public network) to the Network Routing Definition box under VPN/Settings/Client Information.
However, here's where it all falls down. Once the VPN is established, I can't connect to any of the public machines, and the only private-side device that seems to respond is the Wireless/NAT box (A Belkin N1). So the only thing I can do is administer the Belkin remotely, which, while nice, is not exactly what I had in mind.
Doing a traceroute while VPN is active to my mailserver shows the first hop direct to the VPN machine, then off into * * * heaven (though I have no idea if traceroute works over VPN!).
One curious note: when I change the order of the Network Routing Definitions so that the public network comes first, and the private one second, I can't contact the Belkin box.
Any advice, oh wise and powerful masters of technology?
Various, but the server is running on a G4 Mac OS X (10.4.10)I said:
"let's assume I VPN to the wireless box"
You replied:
"That's not correct as it is not the device running the VPN endpoint - in this case. "
But wouldn't I have to (on the VPN client) specify the public IP of the wireless box in order connect (because the packets are forwarded) to the actual OS X box running the VPN? Otherwise, it can't see it.
Part of the problem I have is that I can't dedicate a whole machine to VPN. The OS X machine running VPN is also running DNS, and will eventually run our mailserver and perhaps FTP, web, etc, as I slowly migrate stuff to it.
So this machine has to have a public IP address. It cannot be hidden behind the wireless NAT. And it seems to me that this is the crux of the problem. What I think you are telling me is that if the VPN machine was entirely hidden behind the wireless NAT, and had no direct public (WAN) interface, then since all the packets destined for the outside world (including my public servers)would have to go through the NAT, and all would be OK.
If so, then it seems to me that the best solution is to use something like OpenVPN on another OS X (not OS X Server, since I only have one of those) machine in the private network. Since the incoming VPN traffic will be Mac only, it shouldn't be an issue, L2TP-only is fine.
"Otherwise you have to run NAT and the firewall in the VPN server too and use private IPs for VPN clients - or use "only" it (remove the other NAT box and put it on the LAN only). Using only one device for NAT/gw means less configuration."
It is entirely unclear to me, in my setup, what effect turning on NAT on the VPN box (or perhaps, just IP forwarding) would have -- and if I do turn on NAT, would I still have the VPN assign IP's to clients in the internal private network's range, or would I use a different range (ie: private is 192.168.237.xxx, VPN assigns 192.168.239.xxx) and expect the NAT to handle the conversion?
I'm a bit leery of just trying it and seeing what happens because it if mucks things up so badly that the server becomes unreachable (via server admin), I'll have to schlep down to the office to fix it.
"Other things to consider is "bottlenecks" between your LAN and WAN."
Not a real issue. We have a small office, and a relatively small pipe to the internet. Most of the traffic from that pipe is from the public machines anyway. The traffic that goes through the wireless router is basically websurfing and hitting the mailserver.
I could, of course, use the VPN OS X machine as the NAT/DHCP server, and hang the wireless router off the internal network as a simple access point. But would that resolve all the VPN issues?
Once again, thanks for your helpful and prompt replies. -
10.4.8 and Cisco/VPN problem solved
Hi,
This and related issues have arisen in threads on the past month, regarding the Cisco VPN v 4.9005 (and perhaps other VPN software) not working the same after the 10.4.8 upgrade. The problems relate to either not making a VPN connection, or data transfer after the successful connection is made, once the upgrade happened.
The workaround was to run the Network Setup Assistant every time to do the connection properly before launching the VPN. But this is a pain.
The eventual solution was simple, although effecting it was not straightforward. It was necessary to do a clean install of the VPN client. This is something that I could not accomplish manually, despite suggestions from the discussion group as to which files to remove, because it was difficult to find all the files that the install put it. But, at least on my machines, it could be done by command line in Terminal - cd to /usr/local/bin, ls vpn_uninstall to see if it is there, and if so, sudo ./vpn_uninstall.
I don't know if other machines can do this or if this was part of our local IT install, but IT WORKED. I AM FREE!
Waynethat's odd....
I'm running cisco client 4.6.04 on OS X 10.4.8 and VNC without any problems...
the only difference is my radius server is an NT box, but I can AFP and VNC to my Mac on that network. -
VPN Problem: Kerberos & Mail Service
We're having a problem with our new deployment of Leopard Server. We have successfully set up a bunch of services, but are having two problems.
1. Kerberos Authentication
When we select kerberos as the authentication method, authentication fails with the error "cannot contact any kdc for requested realm" all other uses of Kerberos on the network work without a hitch. Any tips to point us in the right direction to troubleshoot. We can connect our users just fine with the MS-CHAPv2 method.
2. Email SMTP sending
We have enabled only SMTP relays for local hosts on our network, but my hope was that when connected via VPN users would be able to send using our SMTP servers. We will have lots of users who will be 90%+ "off" the network and connected only with VPN, so we need to figure out a way for them to be able to send emails.
Any thoughts, I searched but couldnt find what I was looking for.1. As I understand it the KDC must be reachable BEFORE you try connecting to your LAN using VPN if using Kerberos as the authentication method.
2. Should work if using internal DNS (or IP number in Mail for SMTP server address) in VPN config so the client can find the SMTP server through the VPN. Or should work if authenticating SMTP(s) and/or if using other port for "submission" of mail.
Some ISPs and others block outgoing SMTP on port 25 and force you to go through their SMTP relay or allow Webmail only.
If authenting VPN using some other method you can use the Kerberos application manually afterwards when connected to login/authenticate to the KDC for other services.
Machines are connected to OD "hard" (show up as machine records in OD)? -
5505 Strange vpn problem I can only connect if the pc has a WAN IP addess
I have a asa5505 if an outside computer has a wan ip address it will see the computers on the network. If the computer is behind a router (any router) it will connect fine but will not see any computers on the network. All computer on the in the vpn are a 10.1.1.0 network and the connecting computers are on a 192.168.1.0 network. All subnet mask are 255.255.255.0. Thanks in advance.
Add the following command to your ASA.
crypto isakmp nat-traversal
In ASDM, it would be located as a checkbox "Enable NAT-T" located under config -> vpn -> ipsec -> ipsec rules -> select the dynamic entry -> Tunnel Policy advanced tab -> enable nat-t
This will allow users behind pat devices to use nat-t and should solve your problem.
Please rate if it helps. -
New 2.4 Macbook and Cisco VPN problems?
Is anyone else using the new MacBook Pro's with Cisco VPN? I cannot get the software to work, I get an error 51 "unable to connect to VPN subsystem" at every launch. I've ininstalled and reinstalled the cisco software, I'm using the latest VPN 4.9. I've got a 2.3 macbook pro sitting right next to it, and it runs the cisco software fine. Something with the Santa Rosa set? Any help would be greatly appreciated. I have no other network issues. All the software is up to date, system, cisco, etc. Thanks...
Fixed my own problem, appears it's Parallels related, after I reinstalled the new parallels 3.0, cisco started working fine. Whew....;-) Hope this helps others.
Maybe you are looking for
-
How do I search for a specific artist in the itunes store? I can't find a search bar.
I am trying to find a specific artist who's music I want to purchase but I can not locate a manual search bar to input the artist name. I do not want to nor do I have the time to look through all featured artists to locate the specific artist to purc
-
Legit OS 7.1 download is available from O2 UK and Telenor Norway, you can download sofware from either of these two networks. However, you must delete the vendor file before installing, unless you are "with" either of these two service providers, in
-
My new Mac mini (refurbished by Apple) won't play nice...
I just bought an Apple-refurbished Mac mini and when I turn it on, it goes right into Open Firmware (Unix??). Also, when I type mac-boot at this prompt I get the "?" folder. To top that off, the CD/DVD Combo drive won't accept a CD or DVD, it springs
-
Import Placeholders in Profile Manager not working
What is the trick to getting the import placeholders option to work in Profile Manager. The instructions say to format a CSV file with name, serial number, UUID, IMEI and MEID numbers all separated by commas and if you don't have a number to leave th
-
How to move the "i" in an iPhone app
Hi, I have been bouncing my head on this one...I am developing an iPhone app with the famous "i" icon in the lower-right corner of the screen. I need to move this icon to another area of the screen OR change its color. For the life of me, I cannot fi