CCMP not encrypted violation

Similar Messages

• SecurityMode.TransportWithMessageCredential Binding does not encrypt the message

  When I send a message with SecurityMode.TransportWithMessageCredential  Binding (over https), I can see the decrypted message in the service log file. Isn't the message supposed to be encrypted?
  Bob

  Hi Bob12543,
  In the TransportWithMessageCredential security mode, message security is used to authenticate the client and transport security is used to authenticate the server and provide message confidentiality and integrity, so the encryption
  and signature are ensured at the transport layer. However the transport security mode secures the transfor not the message itself.
  For more information, please try to refer to the following:
  https://msdn.microsoft.com/en-us/library/ms735093.aspx .
  A similar thread:
  https://social.msdn.microsoft.com/Forums/vstudio/en-US/fb39d649-f28e-4803-83a7-6aa7c6ca3673/messages-not-encrypted-using-transportwithmessagecredential?forum=wcf
  Best Regards,
  Amy Peng
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• I am concerned about personal data being not encryption in transit over the Internet and therefore can be seen by other people.

  I am a new Firefox user. I have just installed Firefox 4 on my windows PC today, 5/27/11. I have two major questions:
  1. Accidentally, I clicked some thing at random on the screen (I can't remember what it was) and this page, http://us.config.toolbar.yahoo.com/bh/v2/wp/?view=wc&intl=us&pc=yma3&dc=v2_upgd&cv=2.3., showed up under Yahoo! Toolbar. It informed me that the connection was not encrypted and that information sent over the Internet could be seen by other people. I am not sure what the warning is all about. Does it mean when I use Firefox as a browser to access the Yahoo! and other Internet sites, e.g., my bank, all my personal (username, password, etc.) and bank data will be seen by other unauthorized people? I have never seen a similar warning from other browsers, such as Internet Explorer and Safari? So, if Firefox does not offer protection of personal data, I wonder what's the point of using it. I could have misinterpreted the Firefox warning and would highly appreciated it if you can clarify.
  2. During the installation process, a message showed that Firefox 4 was not compatible with certain features of some of the software already on my PC. I did not copy those features and do not remember what they were except one that was associated with my firewall ZoneAlarm. I could be wrong but I think the message also said Firefox had removed the incompatible features. Please tell me if I should be concerned about it, especially the one that was removed from ZoneAlarm. Will my PC become susceptible to hacker invasions when I use Firefox as the browser? I wish Firefox had given some written explanations along with the incompatibility and removal message so that a user can understand exactly what it is about.
  I would appreciate to hearing from you at your earliest convenience. I have tentatively suspended using Firefox until I can be assured that it is safe to do so without potentially compromising my personal data.
  Thank you.

  That is a generic warning message that you get if you submit a form via a normal HTTP connection (i.e not in via a secure HTTPS connection). That warning pop-up probably has a box to suppress this message in the future.
  If you exchange data with your bank site then there should be a secure connection.
  You can verify that by clicking the Site Identity Button (website's favicon) on the left end of the location bar.
  * https://support.mozilla.com/kb/Site+Identity+Button
  You need to check the ZoneAlarm website to see if they have an update of their software that is compatible with Firefox 4.0.1

• IPSEC packets are not encrypted

  Hello (and Happy Thanksgiving to those in the USA),
  We recently swapped our ASA and re-applied the saved config to the new device. There is a site-to-site VPN that works and a remote client VPN that does not. We use some Cisco VPN clients and some Shrew Soft VPN clients.I've compared the config of the new ASA to that of the old ASA and I cannot find any differences (but the remote client VPN was working on the old ASA). The remote clients do connect and a tunnel is established but they are unable to pass traffic. Systems on the network where the ASA is located are able to access the internet.
  Output of sho crypto isakmp sa (ignore peer #1, that is the working site-to-site VPN)
     Active SA: 2
      Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA d
  Total IKE SA: 2
  1   IKE Peer: xx.168.155.98
      Type    : L2L             Role    : responder
      Rekey   : no              State   : MM_ACTIVE
  2   IKE Peer: xx.211.206.48
      Type    : user            Role    : responder
      Rekey   : no              State   : AM_ACTIVE
  Output of sho crypto ipsec sa (info regarding site-to-site VPN removed). Packets are decrypted but not encrypted.
      Crypto map tag: SYSTEM_DEFAULT_CRYPTO_MAP, seq num: 65535, local addr: publi
  c-ip
        local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
        remote ident (addr/mask/prot/port): (10.20.1.100/255.255.255.255/0/0)
        current_peer: xx.211.206.48, username: me
        dynamic allocated peer ip: 10.20.1.100
        #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
        #pkts decaps: 20, #pkts decrypt: 20, #pkts verify: 20
        #pkts compressed: 0, #pkts decompressed: 0
        #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
        #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
        #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
        #send errors: 0, #recv errors: 0
        local crypto endpt.: public-ip/4500, remote crypto endpt.: xx.211.206.48/4
  500
        path mtu 1500, ipsec overhead 82, media mtu 1500
        current outbound spi: 7E0BF9B9
        current inbound spi : 41B75CCD
      inbound esp sas:
        spi: 0x41B75CCD (1102535885)
           transform: esp-aes esp-sha-hmac no compression
           in use settings ={RA, Tunnel,  NAT-T-Encaps, }
           slot: 0, conn_id: 16384, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
           sa timing: remaining key lifetime (sec): 28776
           IV size: 16 bytes
           replay detection support: Y
           Anti replay bitmap:
            0x00000000 0x00000001
        spi: 0xC06BF0DD (3228299485)
           transform: esp-aes esp-sha-hmac no compression
           in use settings ={RA, Tunnel,  NAT-T-Encaps, Rekeyed}
           slot: 0, conn_id: 16384, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
           sa timing: remaining key lifetime (sec): 28774
           IV size: 16 bytes
           replay detection support: Y
           Anti replay bitmap:
            0x000003FF 0xFFF80001
      outbound esp sas:
        spi: 0x7E0BF9B9 (2114714041)
           transform: esp-aes esp-sha-hmac no compression
           in use settings ={RA, Tunnel,  NAT-T-Encaps, }
           slot: 0, conn_id: 16384, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
           sa timing: remaining key lifetime (sec): 28774
           IV size: 16 bytes
           replay detection support: Y
           Anti replay bitmap:
            0x00000000 0x00000001
        spi: 0xCBF945AC (3422111148)
           transform: esp-aes esp-sha-hmac no compression
           in use settings ={RA, Tunnel,  NAT-T-Encaps, Rekeyed}
           slot: 0, conn_id: 16384, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
           sa timing: remaining key lifetime (sec): 28772
           IV size: 16 bytes
           replay detection support: Y
           Anti replay bitmap:
            0x00000000 0x00000001
  Config from ASA
  : Saved
  : Written by me at 19:56:37.957 pst Tue Nov 26 2013
  ASA Version 8.2(4)
  hostname mfw01
  domain-name company.int
  enable password xxx encrypted
  passwd xxx encrypted
  names
  name xx.174.143.97 cox-gateway description cox-gateway
  name 172.16.10.0 iscsi-network description iscsi-network
  name 192.168.1.0 legacy-network description legacy-network
  name 10.20.50.0 management-network description management-network
  name 10.20.10.0 server-network description server-network
  name 10.20.20.0 user-network description user-network
  name 192.168.1.101 private-em-imap description private-em-imap
  name 10.20.10.2 private-exchange description private-exchange
  name 10.20.10.3 private-ftp description private-ftp
  name 192.168.1.202 private-ip-phones description private-ip-phones
  name 10.20.10.6 private-kaseya description private-kaseya
  name 192.168.1.2 private-mitel-3300 description private-mitel-3300
  name 10.20.10.1 private-pptp description private-pptp
  name 10.20.10.7 private-sharepoint description private-sharepoint
  name 10.20.10.4 private-tportal description private-tportal
  name 10.20.10.8 private-xarios description private-xarios
  name 192.168.1.215 private-xorcom description private-xorcom
  name xx.174.143.99 public-exchange description public-exchange
  name xx.174.143.100 public-ftp description public-ftp
  name xx.174.143.101 public-tportal description public-tportal
  name xx.174.143.102 public-sharepoint description public-sharepoint
  name xx.174.143.103 public-ip-phones description public-ip-phones
  name xx.174.143.104 public-mitel-3300 description public-mitel-3300
  name xx.174.143.105 public-xorcom description public-xorcom
  name xx.174.143.108 public-remote-support description public-remote-support
  name xx.174.143.109 public-xarios description public-xarios
  name xx.174.143.110 public-kaseya description public-kaseya
  name xx.174.143.111 public-pptp description public-pptp
  name 192.168.2.0 Irvine_LAN description Irvine_LAN
  name xx.174.143.98 public-ip
  name 10.20.10.14 private-RevProxy description private-RevProxy
  name xx.174.143.107 public-RevProxy description Public-RevProxy
  name 10.20.10.9 private-XenDesktop description private-XenDesktop
  name xx.174.143.115 public-XenDesktop description public-XenDesktop
  name 10.20.1.1 private-gateway description private-gateway
  name 192.168.1.96 private-remote-support description private-remote-support
  interface Ethernet0/0
  nameif public
  security-level 0
  ip address public-ip 255.255.255.224
  interface Ethernet0/1
  speed 100
  duplex full
  nameif private
  security-level 100
  ip address private-gateway 255.255.255.0
  interface Ethernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  nameif management
  security-level 100
  ip address 192.168.0.1 255.255.255.0
  management-only
  ftp mode passive
  clock timezone pst -8
  clock summer-time PDT recurring
  dns server-group DefaultDNS
  domain-name mills.int
  object-group service ftp
  service-object tcp eq ftp
  service-object tcp eq ftp-data
  object-group service DM_INLINE_SERVICE_1
  group-object ftp
  service-object udp eq tftp
  object-group service DM_INLINE_TCP_1 tcp
  port-object eq 40
  port-object eq ssh
  object-group service web-server
  service-object tcp eq www
  service-object tcp eq https
  object-group service DM_INLINE_SERVICE_2
  service-object tcp eq smtp
  group-object web-server
  object-group service DM_INLINE_SERVICE_3
  service-object tcp eq ssh
  group-object web-server
  object-group service kaseya
  service-object tcp eq 4242
  service-object tcp eq 5721
  service-object tcp eq 8080
  service-object udp eq 5721
  object-group service DM_INLINE_SERVICE_4
  group-object kaseya
  group-object web-server
  object-group service DM_INLINE_SERVICE_5
  service-object gre
  service-object tcp eq pptp
  object-group service VPN
  service-object gre
  service-object esp
  service-object ah
  service-object tcp eq pptp
  service-object udp eq 4500
  service-object udp eq isakmp
  object-group network MILLS_VPN_VLANS
  network-object 10.20.1.0 255.255.255.0
  network-object server-network 255.255.255.0
  network-object user-network 255.255.255.0
  network-object management-network 255.255.255.0
  network-object legacy-network 255.255.255.0
  object-group service InterTel5000
  service-object tcp range 3998 3999
  service-object tcp range 6800 6802
  service-object udp eq 20001
  service-object udp range 5004 5007
  service-object udp range 50098 50508
  service-object udp range 6604 7039
  service-object udp eq bootpc
  service-object udp eq tftp
  service-object tcp eq 4000
  service-object tcp eq 44000
  service-object tcp eq www
  service-object tcp eq https
  service-object tcp eq 5566
  service-object udp eq 5567
  service-object udp range 6004 6603
  service-object tcp eq 6880
  object-group service DM_INLINE_SERVICE_6
  service-object icmp
  service-object tcp eq 2001
  service-object tcp eq 2004
  service-object tcp eq 2005
  object-group service DM_INLINE_SERVICE_7
  service-object icmp
  group-object InterTel5000
  object-group service DM_INLINE_SERVICE_8
  service-object icmp
  service-object tcp eq https
  service-object tcp eq ssh
  object-group service RevProxy tcp
  description RevProxy
  port-object eq 5500
  object-group service XenDesktop tcp
  description Xen
  port-object eq 8080
  port-object eq 2514
  port-object eq 2598
  port-object eq 27000
  port-object eq 7279
  port-object eq 8000
  port-object eq citrix-ica
  access-list public_access_in extended permit object-group DM_INLINE_SERVICE_8 any host public-ip
  access-list public_access_in extended permit object-group VPN any host public-ip
  access-list public_access_in extended permit object-group DM_INLINE_SERVICE_7 any host public-ip-phones
  access-list public_access_in extended permit object-group DM_INLINE_SERVICE_1 any host public-ftp
  access-list public_access_in extended permit tcp any host public-xorcom object-group DM_INLINE_TCP_1
  access-list public_access_in extended permit object-group DM_INLINE_SERVICE_2 any host public-exchange
  access-list public_access_in extended permit tcp any host public-RevProxy object-group RevProxy
  access-list public_access_in extended permit object-group DM_INLINE_SERVICE_3 any host public-remote-support
  access-list public_access_in extended permit object-group DM_INLINE_SERVICE_6 any host public-xarios
  access-list public_access_in extended permit object-group web-server any host public-sharepoint
  access-list public_access_in extended permit object-group web-server any host public-tportal
  access-list public_access_in extended permit object-group DM_INLINE_SERVICE_4 any host public-kaseya
  access-list public_access_in extended permit object-group DM_INLINE_SERVICE_5 any host public-pptp
  access-list public_access_in extended permit ip any host public-XenDesktop
  access-list private_access_in extended permit icmp any any
  access-list private_access_in extended permit ip any any
  access-list VPN_Users_SplitTunnelAcl standard permit server-network 255.255.255.0
  access-list VPN_Users_SplitTunnelAcl standard permit user-network 255.255.255.0
  access-list VPN_Users_SplitTunnelAcl standard permit management-network 255.255.255.0
  access-list VPN_Users_SplitTunnelAcl standard permit 10.20.1.0 255.255.255.0
  access-list VPN_Users_SplitTunnelAcl standard permit legacy-network 255.255.255.0
  access-list private_nat0_outbound extended permit ip object-group MILLS_VPN_VLANS Irvine_LAN 255.255.255.0
  access-list private_nat0_outbound extended permit ip object-group MILLS_VPN_VLANS 10.20.1.96 255.255.255.240
  access-list private_nat0_outbound extended permit ip object-group MILLS_VPN_VLANS 10.90.2.0 255.255.255.0
  access-list public_1_cryptomap extended permit ip object-group MILLS_VPN_VLANS Irvine_LAN 255.255.255.0
  access-list public_2_cryptomap extended permit ip object-group MILLS_VPN_VLANS 10.90.2.0 255.255.255.0
  pager lines 24
  logging enable
  logging list Error-Events level warnings
  logging monitor warnings
  logging buffered warnings
  logging trap warnings
  logging asdm warnings
  logging mail warnings
  logging host private private-kaseya
  logging permit-hostdown
  logging class auth trap alerts
  mtu public 1500
  mtu private 1500
  mtu management 1500
  ip local pool VPN_Users 10.20.1.100-10.20.1.110 mask 255.255.255.0
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (public) 101 interface
  nat (private) 0 access-list private_nat0_outbound
  nat (private) 101 0.0.0.0 0.0.0.0
  nat (management) 101 0.0.0.0 0.0.0.0
  static (private,public) public-ip-phones private-ip-phones netmask 255.255.255.255 dns
  static (private,public) public-ftp private-ftp netmask 255.255.255.255 dns
  static (private,public) public-xorcom private-xorcom netmask 255.255.255.255 dns
  static (private,public) public-exchange private-exchange netmask 255.255.255.255 dns
  static (private,public) public-RevProxy private-RevProxy netmask 255.255.255.255 dns
  static (private,public) public-remote-support private-remote-support netmask 255.255.255.255 dns
  static (private,public) public-xarios private-xarios netmask 255.255.255.255 dns
  static (private,public) public-sharepoint private-sharepoint netmask 255.255.255.255 dns
  static (private,public) public-tportal private-tportal netmask 255.255.255.255 dns
  static (private,public) public-kaseya private-kaseya netmask 255.255.255.255 dns
  static (private,public) public-pptp private-pptp netmask 255.255.255.255 dns
  static (private,public) public-XenDesktop private-XenDesktop netmask 255.255.255.255 dns
  access-group public_access_in in interface public
  access-group private_access_in in interface private
  route public 0.0.0.0 0.0.0.0 cox-gateway 1
  route private server-network 255.255.255.0 10.20.1.254 1
  route private user-network 255.255.255.0 10.20.1.254 1
  route private management-network 255.255.255.0 10.20.1.254 1
  route private iscsi-network 255.255.255.0 10.20.1.254 1
  route private legacy-network 255.255.255.0 10.20.1.254 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  ldap attribute-map admin-control
    map-name  comment Privilege-Level
  ldap attribute-map allow-dialin
    map-name  msNPAllowDialin IETF-Radius-Class
    map-value msNPAllowDialin FALSE NOACCESS
    map-value msNPAllowDialin TRUE IPSecUsers
  ldap attribute-map mills-vpn_users
    map-name  msNPAllowDialin IETF-Radius-Class
    map-value msNPAllowDialin FALSE NOACCESS
    map-value msNPAllowDialin True IPSecUsers
  ldap attribute-map network-admins
    map-name  memberOf IETF-Radius-Service-Type
    map-value memberOf FALSE NOACCESS
    map-value memberOf "Network Admins" 6
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server Mills protocol nt
  aaa-server Mills (private) host private-pptp
  nt-auth-domain-controller ms01.mills.int
  aaa-server Mills_NetAdmin protocol ldap
  aaa-server Mills_NetAdmin (private) host private-pptp
  server-port 389
  ldap-base-dn ou=San Diego,dc=mills,dc=int
  ldap-group-base-dn ou=San Diego,dc=mills,dc=int
  ldap-scope subtree
  ldap-naming-attribute cn
  ldap-login-password *
  ldap-login-dn cn=asa,ou=Service Accounts,ou=San Diego,dc=mills,dc=int
  server-type microsoft
  ldap-attribute-map mills-vpn_users
  aaa-server NetworkAdmins protocol ldap
  aaa-server NetworkAdmins (private) host private-pptp
  ldap-base-dn ou=San Diego,dc=mills,dc=int
  ldap-group-base-dn ou=San Diego,dc=mills,dc=int
  ldap-scope subtree
  ldap-naming-attribute cn
  ldap-login-password *
  ldap-login-dn cn=asa,ou=Service Accounts,ou=San Diego,dc=mills,dc=int
  server-type microsoft
  ldap-attribute-map network-admins
  aaa-server ADVPNUsers protocol ldap
  aaa-server ADVPNUsers (private) host private-pptp
  ldap-base-dn ou=San Diego,dc=mills,dc=int
  ldap-group-base-dn ou=San Diego,dc=mills,dc=int
  ldap-scope subtree
  ldap-naming-attribute cn
  ldap-login-password *
  ldap-login-dn cn=asa,ou=Service Accounts,ou=San Diego,dc=mills,dc=int
  server-type microsoft
  ldap-attribute-map mills-vpn_users
  aaa authentication enable console ADVPNUsers LOCAL
  aaa authentication http console ADVPNUsers LOCAL
  aaa authentication serial console ADVPNUsers LOCAL
  aaa authentication telnet console ADVPNUsers LOCAL
  aaa authentication ssh console ADVPNUsers LOCAL
  http server enable
  http 0.0.0.0 0.0.0.0 management
  http 0.0.0.0 0.0.0.0 public
  http 0.0.0.0 0.0.0.0 private
  snmp-server host private private-kaseya poll community ***** version 2c
  snmp-server location Mills - San Diego
  snmp-server contact Mills Assist
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  sysopt noproxyarp private
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map public_map 1 match address public_1_cryptomap
  crypto map public_map 1 set pfs
  crypto map public_map 1 set peer xx.168.155.98
  crypto map public_map 1 set transform-set ESP-3DES-MD5 ESP-AES-128-SHA
  crypto map public_map 1 set nat-t-disable
  crypto map public_map 1 set phase1-mode aggressive
  crypto map public_map 2 match address public_2_cryptomap
  crypto map public_map 2 set pfs group5
  crypto map public_map 2 set peer xx.181.134.141
  crypto map public_map 2 set transform-set ESP-AES-128-SHA
  crypto map public_map 2 set nat-t-disable
  crypto map public_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map public_map interface public
  crypto isakmp enable public
  crypto isakmp policy 1
  authentication pre-share
  encryption aes
  hash sha
  group 5
  lifetime 86400
  crypto isakmp policy 10
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 30
  authentication pre-share
  encryption 3des
  hash md5
  group 1
  lifetime 28800
  telnet 0.0.0.0 0.0.0.0 private
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 public
  ssh 0.0.0.0 0.0.0.0 private
  ssh 0.0.0.0 0.0.0.0 management
  ssh timeout 5
  console timeout 0
  dhcpd address 192.168.0.2-192.168.0.254 management
  threat-detection basic-threat
  threat-detection statistics access-list
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  ntp authenticate
  ntp server 216.129.110.22 source public
  ntp server 173.244.211.10 source public
  ntp server 24.124.0.251 source public prefer
  webvpn
  enable public
  svc enable
  group-policy NOACCESS internal
  group-policy NOACCESS attributes
  vpn-simultaneous-logins 0
  vpn-tunnel-protocol svc
  group-policy IPSecUsers internal
  group-policy IPSecUsers attributes
  wins-server value 10.20.10.1
  dns-server value 10.20.10.1
  vpn-tunnel-protocol IPSec
  password-storage enable
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value VPN_Users_SplitTunnelAcl
  default-domain value mills.int
  address-pools value VPN_Users
  group-policy Irvine internal
  group-policy Irvine attributes
  vpn-tunnel-protocol IPSec
  username admin password Kra9/kXfLDwlSxis encrypted
  tunnel-group VPN_Users type remote-access
  tunnel-group VPN_Users general-attributes
  address-pool VPN_Users
  authentication-server-group Mills_NetAdmin
  default-group-policy IPSecUsers
  tunnel-group VPN_Users ipsec-attributes
  pre-shared-key *
  tunnel-group xx.189.99.114 type ipsec-l2l
  tunnel-group xx.189.99.114 general-attributes
  default-group-policy Irvine
  tunnel-group xx.189.99.114 ipsec-attributes
  pre-shared-key *
  tunnel-group xx.205.23.76 type ipsec-l2l
  tunnel-group xx.205.23.76 general-attributes
  default-group-policy Irvine
  tunnel-group xx.205.23.76 ipsec-attributes
  pre-shared-key *
  tunnel-group xx.168.155.98 type ipsec-l2l
  tunnel-group xx.168.155.98 general-attributes
  default-group-policy Irvine
  tunnel-group xx.168.155.98 ipsec-attributes
  pre-shared-key *
  class-map global-class
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global-policy
  class global-class
    inspect dns
    inspect esmtp
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect sip 
    inspect skinny 
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect xdmcp
  service-policy global-policy global
  privilege cmd level 3 mode exec command perfmon
  privilege cmd level 3 mode exec command ping
  privilege cmd level 3 mode exec command who
  privilege cmd level 3 mode exec command logging
  privilege cmd level 3 mode exec command failover
  privilege cmd level 3 mode exec command packet-tracer
  privilege show level 5 mode exec command import
  privilege show level 5 mode exec command running-config
  privilege show level 3 mode exec command reload
  privilege show level 3 mode exec command mode
  privilege show level 3 mode exec command firewall
  privilege show level 3 mode exec command asp
  privilege show level 3 mode exec command cpu
  privilege show level 3 mode exec command interface
  privilege show level 3 mode exec command clock
  privilege show level 3 mode exec command dns-hosts
  privilege show level 3 mode exec command access-list
  privilege show level 3 mode exec command logging
  privilege show level 3 mode exec command vlan
  privilege show level 3 mode exec command ip
  privilege show level 3 mode exec command ipv6
  privilege show level 3 mode exec command failover
  privilege show level 3 mode exec command asdm
  privilege show level 3 mode exec command arp
  privilege show level 3 mode exec command route
  privilege show level 3 mode exec command ospf
  privilege show level 3 mode exec command aaa-server
  privilege show level 3 mode exec command aaa
  privilege show level 3 mode exec command eigrp
  privilege show level 3 mode exec command crypto
  privilege show level 3 mode exec command vpn-sessiondb
  privilege show level 3 mode exec command ssh
  privilege show level 3 mode exec command dhcpd
  privilege show level 3 mode exec command vpn
  privilege show level 3 mode exec command blocks
  privilege show level 3 mode exec command wccp
  privilege show level 3 mode exec command webvpn
  privilege show level 3 mode exec command module
  privilege show level 3 mode exec command uauth
  privilege show level 3 mode exec command compression
  privilege show level 3 mode configure command interface
  privilege show level 3 mode configure command clock
  privilege show level 3 mode configure command access-list
  privilege show level 3 mode configure command logging
  privilege show level 3 mode configure command ip
  privilege show level 3 mode configure command failover
  privilege show level 5 mode configure command asdm
  privilege show level 3 mode configure command arp
  privilege show level 3 mode configure command route
  privilege show level 3 mode configure command aaa-server
  privilege show level 3 mode configure command aaa
  privilege show level 3 mode configure command crypto
  privilege show level 3 mode configure command ssh
  privilege show level 3 mode configure command dhcpd
  privilege show level 5 mode configure command privilege
  privilege clear level 3 mode exec command dns-hosts
  privilege clear level 3 mode exec command logging
  privilege clear level 3 mode exec command arp
  privilege clear level 3 mode exec command aaa-server
  privilege clear level 3 mode exec command crypto
  privilege cmd level 3 mode configure command failover
  privilege clear level 3 mode configure command logging
  privilege clear level 3 mode configure command arp
  privilege clear level 3 mode configure command crypto
  privilege clear level 3 mode configure command aaa-server
  prompt hostname context
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:5d5c963680401d150bee94b3c7c85f7a
  Maybe my eyes are glazing over from looking at this for too long. Does anything look wrong? Maybe I missed a command that would not show up in the config?
  Thanks in advance to all who take a look.

  Marius,
  I connected via my VPN client at home and pinged a remote server, attempted to RDP by name and then attempted to RDP by IP address. All were unsuccessful. Here is the packet capture:
  72 packets captured
     1: 09:44:06.304671 10.20.1.100.137 > 10.20.10.1.137:  udp 68
     2: 09:44:06.304885 10.20.1.100.54543 > 10.20.10.1.53:  udp 34
     3: 09:44:07.198384 10.20.1.100.51650 > 10.20.10.1.53:  udp 32
     4: 09:44:07.300353 10.20.1.100.54543 > 10.20.10.1.53:  udp 34
     5: 09:44:07.786504 10.20.1.100.137 > 10.20.10.1.137:  udp 68
     6: 09:44:07.786671 10.20.1.100.137 > 10.20.10.1.137:  udp 68
     7: 09:44:07.786855 10.20.1.100.137 > 10.20.10.1.137:  udp 68
     8: 09:44:08.198399 10.20.1.100.51650 > 10.20.10.1.53:  udp 32
     9: 09:44:09.282608 10.20.1.100.61328 > 10.20.10.1.53:  udp 32
    10: 09:44:09.286667 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    11: 09:44:09.286926 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    12: 09:44:09.287201 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    13: 09:44:09.300491 10.20.1.100.54543 > 10.20.10.1.53:  udp 34
    14: 09:44:10.199193 10.20.1.100.51650 > 10.20.10.1.53:  udp 32
    15: 09:44:10.282150 10.20.1.100.61328 > 10.20.10.1.53:  udp 32
    16: 09:44:11.286865 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    17: 09:44:12.302993 10.20.1.100.61328 > 10.20.10.1.53:  udp 32
    18: 09:44:12.785054 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    19: 09:44:13.301101 10.20.1.100.54543 > 10.20.10.1.53:  udp 34
    20: 09:44:14.204029 10.20.1.100.51650 > 10.20.10.1.53:  udp 32
    21: 09:44:14.287323 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    22: 09:44:14.375331 10.20.1.100 > 10.20.10.1: icmp: echo request
    23: 09:44:16.581589 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    24: 09:44:18.083842 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    25: 09:44:18.199879 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    26: 09:44:19.224063 10.20.1.100 > 10.20.10.1: icmp: echo request
    27: 09:44:19.582367 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    28: 09:44:19.704019 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    29: 09:44:20.288193 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    30: 09:44:21.200307 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    31: 09:44:21.786321 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    32: 09:44:23.289535 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    33: 09:44:24.204777 10.20.1.100 > 10.20.10.1: icmp: echo request
    34: 09:44:29.219440 10.20.1.100 > 10.20.10.1: icmp: echo request
    35: 09:44:29.287460 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    36: 09:44:30.787617 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    37: 09:44:32.287887 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    38: 09:45:00.533816 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    39: 09:45:02.018019 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    40: 09:45:03.160239 10.20.1.100.52764 > 10.20.10.1.53:  udp 34
    41: 09:45:03.350354 10.20.1.100.53948 > 10.20.10.1.53:  udp 38
    42: 09:45:03.521960 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    43: 09:45:04.158408 10.20.1.100.52764 > 10.20.10.1.53:  udp 34
    44: 09:45:04.344342 10.20.1.100.53948 > 10.20.10.1.53:  udp 38
    45: 09:45:06.160681 10.20.1.100.52764 > 10.20.10.1.53:  udp 34
    46: 09:45:06.358593 10.20.1.100.53948 > 10.20.10.1.53:  udp 38
    47: 09:45:10.159125 10.20.1.100.52764 > 10.20.10.1.53:  udp 34
    48: 09:45:10.345227 10.20.1.100.53948 > 10.20.10.1.53:  udp 38
    49: 09:45:14.550478 10.20.1.100.59402 > 10.20.10.1.53:  udp 32
    50: 09:45:15.536166 10.20.1.100.59402 > 10.20.10.1.53:  udp 32
    51: 09:45:17.546144 10.20.1.100.59402 > 10.20.10.1.53:  udp 32
    52: 09:45:21.882812 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    53: 09:45:23.379222 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    54: 09:45:24.893386 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    55: 09:45:41.550035 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    56: 09:45:43.029875 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    57: 09:45:44.541979 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    58: 09:46:10.767782 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    59: 09:46:12.261934 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    60: 09:46:13.776250 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    61: 09:46:19.848970 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    62: 09:46:20.113183 10.20.1.100.49751 > 10.20.10.7.3389: S 3288428077:3288428077(0) win 8192
    63: 09:46:21.331251 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    64: 09:46:22.831423 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    65: 09:46:23.101511 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    66: 09:46:23.123254 10.20.1.100.49751 > 10.20.10.7.3389: S 3288428077:3288428077(0) win 8192
    67: 09:46:24.591705 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    68: 09:46:26.115976 10.20.1.100.137 > 10.20.10.1.137:  udp 50
    69: 09:46:28.834276 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    70: 09:46:29.125817 10.20.1.100.49751 > 10.20.10.7.3389: S 3288428077:3288428077(0) win 8192
    71: 09:46:30.342816 10.20.1.100.137 > 10.20.10.1.137:  udp 68
    72: 09:46:31.840746 10.20.1.100.137 > 10.20.10.1.137:  udp 68
  72 packets shown

• FDE will not encrypt disks

  Hi Everyone,
  I'm running a net-new ZCM 11.3 install and am having trouble with FDE.
  I have a simple FDE policy, configured without PBE enabled, associated to a single Win7 workstation. Current Novell Client and ZENworks Adaptive Agent are installed and all current Windows Updates have been applied.
  The drives will not encrypt though. When the policy is applied to the workstation it goes through all the motions and appears to be successful. FDE on the client though usually gets stuck at "Policy Being Applied" (even after the reboot forced by the policy) although will sometimes fall back to "No Policy Enforced" if I let it sit long enough.
  I've tried this with multiple workstations (though all built from the same image... this image encrypts fine on our old 11.2.4 ZCM), multiple versions of the policy, and even completely different policies.
  In each case, the following errors and warnings get logged on the client each time the policy is applied. I don't see any reference to these errors in the documentation...
  Has anyone seen this?
  Thanks,
  Ian
  Error:
  Full Message:
  Could not find a Handler associated with the following type: Full Disk Encryption Policy.
  Additional Information:
  None
  Severity: Error
  Date: April 8, 2014 10:22:47 AM
  Acknowledged Date: None
  Source: /Devices/Workstations/tor-ianp
  Message ID: ActionMan.HandlerNotFound
  Probable Cause URL: None
  Log ID: 2bf5842476f04b842475dcc454a6ce25
  Related Objects: None
  Error:
  Full Message:
  Could not find a Handler associated with the following type: Full Disk Encryption Policy.
  Additional Information:
  None
  Severity: Error
  Date: April 8, 2014 10:22:47 AM
  Acknowledged Date: None
  Source: /Devices/Workstations/tor-ianp
  Message ID: ActionMan.HandlerNotFound
  Probable Cause URL: None
  Log ID: 6cc2b17e5a1776386db7ac9580fa8b89
  Related Objects: None
  Warning:
  Full Message:
  The action Full Disk Encryption Policy (ID:Full Disk Encryption Policy) failed due to the reason : Could not find a Handler associated with the following type: Full Disk Encryption Policy., however the action is set to continue on failure.
  Additional Information:
  None
  Severity: Warning
  Date: April 8, 2014 10:22:47 AM
  Acknowledged Date: None
  Source: /Devices/Workstations/tor-ianp
  Message ID: ActionMan.ActionContinueOnFailure
  Probable Cause URL: None
  Log ID: 0fed43d717b6ad0d50f0e85b516a8308
  Related Objects: None
  Warning:
  Full Message:
  The handler [NULL] was not found.
  Additional Information:
  None
  Severity: Warning
  Date: April 8, 2014 10:22:47 AM
  Acknowledged Date: None
  Source: /Devices/Workstations/tor-ianp
  Message ID: ActionMan.ExeHandlerNotFound
  Probable Cause URL: None
  Log ID: 0eb0a5dc9637602f4367fa5c8fa7aabf
  Related Objects: /Policies/Win7/Staff Encryption (No PBE)
  Warning:
  Full Message:
  Could not find a Handler associated with the following type: Full Disk Encryption Policy.
  Additional Information:
  None
  Severity: Warning
  Date: April 8, 2014 10:22:47 AM
  Acknowledged Date: None
  Source: /Devices/Workstations/tor-ianp
  Message ID: ActionMan.HandlerNotFound
  Probable Cause URL: None
  Log ID: a87d1a6e792b3fd8d298f891edf84083
  Related Objects: /Policies/Win7/Staff Encryption (No PBE)
  Warning:
  Full Message:
  The action Full Disk Encryption Policy (ID:Full Disk Encryption Policy) failed due to the reason : Could not find a Handler associated with the following type: Full Disk Encryption Policy., however the action is set to continue on failure.
  Additional Information:
  None
  Severity: Warning
  Date: April 8, 2014 10:22:47 AM
  Acknowledged Date: None
  Source: /Devices/Workstations/tor-ianp
  Message ID: ActionMan.ActionContinueOnFailure
  Probable Cause URL: None
  Log ID: de434906afb9fdb4b33dc65ffb6aabdb
  Related Objects: None
  Warning:
  Full Message:
  Could not find a Handler associated with the following type: Full Disk Encryption Policy.
  Additional Information:
  None
  Severity: Warning
  Date: April 8, 2014 10:22:47 AM
  Acknowledged Date: None
  Source: /Devices/Workstations/tor-ianp
  Message ID: ActionMan.HandlerNotFound
  Probable Cause URL: None
  Log ID: be711a0108c144bee714d6576872657d
  Related Objects: None
  Warning:
  Full Message:
  The handler [NULL] was not found.
  Additional Information:
  None
  Severity: Warning
  Date: April 8, 2014 10:22:47 AM
  Acknowledged Date: None
  Source: /Devices/Workstations/tor-ianp
  Message ID: ActionMan.ExeHandlerNotFound
  Probable Cause URL: None
  Log ID: 4b8a73ef1677139ac9208ead88941767
  Related Objects: None

  Originally Posted by chalmerst
  zzzzzzzzzzzzzzzzzzzz
  On my virtual machines, it is enabling fine. On physical hardware, we am seeing the same issue. It starts when first applying policy with an event viewer message stating
  Code:
  Faulting application name: PBAInit.EXE, version: 9.7.3.1, time stamp: 0x53a1b6eb
  Faulting module name: PBAInit.EXE, version: 9.7.3.1, time stamp: 0x53a1b6eb
  Exception code: 0xc0000005
  Fault offset: 0x00000000001ea01d
  Faulting process id: 0x1b78
  Faulting application start time: 0x01d08126d284cb5d
  Faulting application path: C:\Windows\NAC\SBS\PBAInit.EXE
  Faulting module path: C:\Windows\NAC\SBS\PBAInit.EXE
  Report Id: 36feb7d3-ed1a-11e4-9dc7-8019348456dd
  After this reboot, we are seeing the same "Could not find a Handler associated with the following type: Full Disk Encryption Policy" message.

• No matter what website I visit, when I click on the box to the left of the browser bar, it tells me that my internet connection is not encrypted. I've recently got a new router. Could this be a part of the problem? Thanks in advance for any help!

  Help! (Please?)

  That is the Site Identity Button
  * https://support.mozilla.org/kb/Site+Identity+Button
  That button only has useful information if there is a secure HTTPS connection like this forum uses.<br />
  With a regular HTTP connection you will see the "The connection to this web site is not encrypted" message.
  Do you have problems with visiting websites?

• OWSM gateway : Message not encrypted error

  Hi,
  I have a BPEL process which invokes a web service via partner link. Both BPEL and service are secured with OWSM gateway.In the policy defined for BPEL I'm doing Sign Message And Encrypt using XPath expression( which is working). In the policy for webservice I'm doing a Decrypt and Verify Signature . But its not invoking the service and throws a Client:GenericFault saying Message is not encrypted.
  In fact the logs from BPEL after encryption shows encrypted data. But logs in service does not contain the same data.
  Am I doing something wrong? Should I copy something ? I'm using the same keystore for both the policies. The version is 10.1.3.1
  Please help me
  Thanks
  Meer

  All of them are running with Win XP SP2 at work. NAT-Traversal: is Disabled. DMZ is enabled. Thanks

• URL address is not encrypted

  Hi,
  I am taking an online class. I need to asses this URL address and I dont know why I am not able to connect now, it is telling me there is an error. That the connection is not encrypted? Not sure what that means. However have been able to connect to this link since
  Monday 7/11 till now! The only thing I did this morning was clear my history and cookies. I am not sure if this had anything to do with this. Please help me correct this problem, for I need to be able to access this link for my class. Thanks

  Yes. It works for me as well. So it looks that they corrected the problem.
  I see a very large image of 3,564.59 KB (3,650,138 bytes) that is scaled down 2,048px × 3,072px (scaled to 65px × 75px).
  That is usually not a good idea as that requires to download that image.<br />
  Firefox is also not very good at scaling down images, but with such a large reduction that probably wouldn't matter.

• Suddenly web pages that I've visited previously won't load. I right click , click on page info and it says-------Connection Not Encrypted--- How do I fix this??

  Connection Not Encrypted..
  A reply to correct this would be very appreciated!!!
  Thank you.
  Have a great day !

  It is normal for pages accessed using the http:// protocol (rather than the secure sockets https:// protocol) to show the connection not being encrypted.
  Generally speaking, when you have a problem with one particular site, a good "first thing to try" is clearing your Firefox cache and deleting your saved cookies for the site.
  (1) Bypass Firefox's Cache
  Use Ctrl+Shift+r to reload the page fresh from the server.
  (You also can clear Firefox's cache completely using:
  orange Firefox button ''or'' Tools menu > Options > Advanced
  On the Network mini-tab > Cached Web Content : "Clear Now")
  (2) Remove the problem site's cookies (save any pending work first) using either of these. While viewing a page on the site:
  * right-click and choose View Page Info > Security > "View Cookies"
  * Alt+t (open the classic Tools menu) > Page Info > Security > "View Cookies"
  Then try reloading the page. Does that help?

• ERROR: Could not encrypt password for Connection

  Hi
  I am trying to create and run demo application for 'Dveloping RIA using ADF and JDeveloper 11g'.
  When I try to run the application it throws the error- ERROR: Could not encrypt password for Connection 'MyDatabaseConnection'.
  Anyone please guide me how to resolve this issue.
  Thanks

  Can you try delete the Connection and re-create another one to see if it fixes the issue?
  -Arun

• How to unblock youtube website? in page info states "connection not encrypted"

  a few months ago i blocked youtube then i want to unblock it but i don't know how. i see in the page info that states
  (website identity)
  website: www.youtube.com
  owner: this website does not supply ownership information.
  verified by: not specified
  (technical details)
  Connection not encrypted
  The website does not support encryption for the page you are viewing. Information sent over the Internet without encryption can be seen by other people while it is in transit.

  I blocked youtube with this application http://downloads.phpnuke.org/en/download-item-view-y-y-m-b-v-a/YOUTUBE%2BBLOCKER.htm. I reset firefox but it doesn't work. is there another way to unblock youtube?

• A favorite web-site that I used extensively with a previous Firefox version will no longer connect using Firefox 4.0.1 which I upgraded to this morning. The message says "Connection Not Encrypted". How can I access this important site?

  The first message after Firefox fails to connect says "This website does not supply ownership information." Then is says "Connection Not Encrypted."
  Yet my previous Firefox version connected readily to this same site.

  I appreciate this option, to go back to an earlier version, but I really want to use the latest FF, so the counsel from cor-rel, about dealing with cache and cookies, is the solution I pursued. And it worked!
  But thanks for responding to me. It's great to know that such support is out there.

• IKEpacket from x.x.x.x was not encrypted and it should have been

  New to the group and I do have a situation that I hope someone can help me with. I am trying to set up a lab for one of my courses and I am using XP with Cisco VPN Client 5.0.0.3, a Cisco 2621XM router and Cisco Secure ACS version 4.2 configured for RADIUS.
  My problem is this, when I open the VPN client and click connect I get the following message back.
  *Mar 1 01:21:49.935: %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 11.11.11.14 was not encrypted and it should've been. The packet is not getting past the router so I cannot even see if the ACS is working.
  I have searched high and low and have not been able to find an answer to the problem. Can someone here give me a hand?

  I used the configuration from an example from the Cisco website. I will post it here. I also followed the setup outlined in the example for the ACS but it doesn't seem to get that far. Thanks for the help.
  !--- Enable AAA for user authentication and group authorization.
  aaa new-model
  !--- In order to enable extended authentication (Xauth) for user authentication,
  !--- enable the aaa authentication commands.
  !--- "Group radius" specifies RADIUS user authentication.
  aaa authentication login userauthen group radius
  !--- In order to enable group authorization,
  !--- enable the aaa authorization commands.
  aaa authorization network groupauthor group radius
  ip subnet-zero
  ip audit po max-events 100
  !--- Create an Internet Security Association and
  !--- Key Management Protocol (ISAKMP) policy for Phase 1 negotiations.
  crypto isakmp policy 3
  encr 3des
  authentication pre-share
  group 2
  !--- Create the Phase 2 policy for actual data encryption.
  crypto ipsec transform-set myset esp-3des esp-sha-hmac
  !--- Create a dynamic map and
  !--- apply the transform set that was created.
  crypto dynamic-map dynmap 10
  set transform-set myset
  !--- Create the actual crypto map,
  !--- and apply the AAA lists that were created earlier.
  crypto map clientmap client authentication list userauthen
  crypto map clientmap isakmp authorization list groupauthor
  crypto map clientmap client configuration address respond
  crypto map clientmap 10 ipsec-isakmp dynamic dynmap
  fax interface-type fax-mail
  mta receive maximum-recipients 0
  !--- Apply the crypto map on the outside interface.
  interface Ethernet0/0
  ip address 10.1.1.1 255.255.255.0
  half-duplex
  crypto map clientmap
  interface Serial0/0
  no ip address
  shutdown
  interface Ethernet0/1
  ip address 172.18.124.159 255.255.255.0
  no keepalive
  half-duplex
  !--- Create a pool of addresses to be assigned
  to the VPN Clients.
  ip local pool ippool 10.16.20.1 10.16.20.200
  ip classless
  ip route 0.0.0.0 0.0.0.0 10.1.1.2
  ip http server
  ip pim bidir-enable
  !--- Specify the IP address of the RADIUS server,
  !--- along with the RADIUS shared secret key.
  radius-server host 172.18.124.96 auth-port 1645 acct-port 1646 key cisco123
  radius-server retransmit 3
  call rsvp-sync

• Weblogic 10.3 deployException: Could not encrypt password for connection

  Well, I guess this is my first time posting in a forum.
  My problem is that, when trying to run my servlet, using a jdbc:odbc connection
  to an Access-database, I get the following error in the server log:
  Running dependency analysis...
  2009-03-27 16:59:40.106: Writing WAR file to C:\Program Files\JDeveloper\jdeveloper\system\system11.1.1.0.31.51.56\o.j2ee\drs\TableViewApplication\TableViewApplication-tableviewproj-webapp
  2009-03-27 16:59:40.12: Wrote WAR file to C:\Program Files\JDeveloper\jdeveloper\system\system11.1.1.0.31.51.56\o.j2ee\drs\TableViewApplication\TableViewApplication-tableviewproj-webapp
  ERROR: Could not encrypt password for Connection TBLViewConnect.
  The connection I'm using works fine when testing it with the JDeveloper's SQL editor.
  It's properties are:
  Connection Name: TBLViewConnect
  Connection Type: JDBC-ODBC Bridge
  as well as username, password and a local datasource
  I'm running JDeveloper 11.1.1 on Vista 32bit
  Besides, it's my first time using a database-connection with a servlet
  thanks for your help

  guess I could have found that earlier ;)
  I just had to uncheck the "save password" option in the connection menu and write it in the getConnection() method instead.

• When starting Firefox, I get a message that website is not encrypted????

  Message warns that website is not encrypted and not safe. Why would this happen and what is the danger?

  Is that message in a pop-up?
  Can you attach a screenshot?
  *http://en.wikipedia.org/wiki/Screenshot
  *https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem
  Use a compressed image type like PNG or JPG to save the screenshot.