Cisco 881 ISR IPSec VPN Tunnel does not pass traffic from the vlan.
I have a cisco 881 ISR Router with a site-to-site IPsec vpn tunnel to a mikrotik device on the other end (I inherited this from my client). The tunnel is constructed properly and is up, however traffic does not pass or get routed to the FA4 interface. I see in my packet captures that it hits the vlan1 interface (vlans are required on the L2 ports) and does not pass to the tunnel.
This is my configuration:
141Kerioth#sh config
Using 3763 out of 262136 bytes
! Last configuration change at 01:02:41 UTC Mon May 26 2014 by admin
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname 141Kerioth
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
aaa new-model
141Kerioth#do wr mem
^
% Invalid input detected at '^' marker.
141Kerioth#wr mem
Building configuration...
[OK]
141Kerioth#sh run
Building configuration...
Current configuration : 5053 bytes
! Last configuration change at 01:38:06 UTC Mon May 26 2014 by admin
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname 141Kerioth
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
aaa new-model
aaa authentication login default local
aaa authentication ppp default local
aaa session-id common
memory-size iomem 10
crypto pki trustpoint TP-self-signed-580381394
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-580381394
revocation-check none
rsakeypair TP-self-signed-580381394
crypto pki certificate chain TP-self-signed-580381394
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 35383033 38313339 34301E17 0D313430 35323231 38323333
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3538 30333831
33393430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
B001A012 2CA6970C 0648798B 2A786704 84F2D989 83974B19 9B4287F2 4503D2C9
173F23C4 FF34D160 202A7565 4A1CE08B 60B3ADAE 6E19EE6E 9CD39E72 71F9650E
930F22FE C4441F9C 2D7DD420 71F75DFC 3CCAC94E BA304685 E0E62658 A3E8D01C
D01D7D6A 5AF0B0E6 3CF6AF3A B7E51F83 9BF6D38E 65254E1F 71369718 ADADD691
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 168014D6 24878F12 1FFADF2F 537A438E 6DD7FB6B D79E4130 1D060355
1D0E0416 0414D624 878F121F FADF2F53 7A438E6D D7FB6BD7 9E41300D 06092A86
4886F70D 01010505 00038181 00771667 FCA66002 8AB9E5FB F210012F C50B586F
9A9640BB 45B4CEFD 030A38C0 E610AAC8 B41EF3C4 E55810F9 B2C727CF C1DEFCF1
0846E7BC 1D95420E 5DADB5F8 EFE7EB37 B5433B80 4FF787D4 B1F2A527 06F065A4
00522E97 A9D2335C E83C4AE1 E68D7A41 9D0046A7 ADCC282B 7527F84D E71CC567
14EF37EA 15E57AD0 3C5D01F3 EF
quit
ip dhcp excluded-address 10.0.16.1
ip dhcp pool ccp-pool
import all
network 10.0.16.0 255.255.255.0
default-router 10.0.16.1
dns-server 8.8.8.8
lease 0 2
ip domain name kerioth.com
ip host hostname.domain z.z.z.z
ip name-server 8.8.8.8
ip name-server 4.2.2.2
ip cef
no ipv6 cef
license udi pid CISCO881-K9 sn FTX180483DD
username admin privilege 15 secret 4 CmmfIy.RPySmo4Q2gEIZ2jlr3J.bTBAszoe5Bry0z4c
username meadowbrook privilege 0 password 0 $8UBr#Ux
username meadowbrook autocommand exit
policy-map type inspect outbound-policy
crypto isakmp policy 1
encr 3des
authentication pre-share
group 5
crypto isakmp key 141Township address z.z.z.z
crypto isakmp keepalive 10
crypto ipsec transform-set TS esp-3des esp-sha-hmac
mode tunnel
crypto map mymap 10 ipsec-isakmp
set peer z.z.z.z
set transform-set TS
match address 115
interface Loopback0
no ip address
interface Tunnel1
no ip address
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface FastEthernet4
description $FW_OUTSIDE_WAN$
ip address 50.y.y.y 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map mymap
interface Vlan1
description $ETH_LAN$
ip address 10.0.16.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 115 interface Vlan1 overload
ip nat inside source list 199 interface FastEthernet4 overload
ip nat inside source route-map nonat interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 50.x.x.x
access-list 110 deny ip 10.0.16.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 110 permit ip 10.0.16.0 0.0.0.255 any
access-list 115 permit ip 10.0.16.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 144 permit icmp host c.c.c.c host 10.0.1.50
access-list 144 permit icmp host p.p.p.p host 10.0.16.105
access-list 199 permit ip a.a.a.a 0.0.0.255 any
no cdp run
route-map nonat permit 10
match ip address 100
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 1 in
exec-timeout 30 0
privilege level 15
transport preferred ssh
transport input ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
cns trusted-server all-agents x.x.x.x
cns trusted-server all-agents hostname
cns trusted-server all-agents hostname.domain
cns id hardware-serial
cns id hardware-serial event
cns id hardware-serial image
cns event hostname.domain 11011
cns config initial hostname.domain 80
cns config partial hostname.domain 80
cns exec 80
end
Why do you have following command on the PIX?
crypto map outside_map 40 set transform-set 165.228.x.x
Also you have this transform set on the PIX:
crypto ipsec transform-set 10.112.60.0 esp-aes-256 esp-sha-hmac
This does not match the transfor set on the router:
crypto ipsec transform-set tritest esp-3des esp-md5-hmac
Where are you using the access-list/route-map
101 ?
Similar Messages
-
L2L issue, the tunnel does not getting up from one direction
Hello,
We have configure a L2L vpn between Asa and 1841 router. We are facing this issue.
The tunnel is not getting up from the 1841 site never. When we are trying to generate traffic from the ASA site the tunnel is up and we can see decryps and encryps packets.
Router 1841 Config:
crypto isakmp policy 100
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key * address 213.249.XX.XX
crypto ipsec transform-set XXXXX esp-3des esp-md5-hmac
crypto map EKO_BG 100 ipsec-isakmp
set peer 213.249.x.x
set security-association lifetime seconds 28800
set transform-set XXXXX
set pfs group2
match address 111
interface FastEthernet0/0.2
encapsulation dot1Q 3338
ip address 212.200.30.130 255.255.255.252
ip nat outside
ip virtual-reassembly
crypto map XXXXX
ip nat pool nat_pool 93.87.XX.XX 93.87.XX.XX prefix-length 29
ip nat inside source list 101 pool nat_pool overload
ip nat inside source static 10.70.2.10 93.87.18.161
ip nat inside source static 10.70.25.10 93.87.18.162
ip nat inside source static 10.70.36.5 93.87.18.163
ip nat inside source static 10.70.39.10 93.87.18.164
ip nat inside source static 10.70.5.10 93.87.18.165
access-list 101 deny ip 10.70.200.0 0.0.0.255 any
access-list 101 permit ip 10.70.0.0 0.0.255.255 any
access-list 111 permit ip 10.70.200.0 0.0.0.255 172.40.10.100 0.0.0.3
Asa Config:
access-list inside_nat0_outbound extended permit ip 172.40.10.100 255.255.255.252 10.70.200.0 255.255.255.0
access-list outside_cryptomap_320 remark xxxxxxx
access-list outside_cryptomap_320 extended permit ip 172.40.10.100 255.255.255.252 10.70.200.0 255.255.255.0
access-list inside_pnat_outbound_V5 extended permit ip host 10.8.x.x 10.70.200.0 255.255.255.0
pager lines 24
nat (inside) 9 access-list inside_pnat_outbound_V5
crypto ipsec transform-set xxxxx esp-3des esp-md5-hmac
crypto map mymap 150 match address
crypto map mymap 150 set pfs
crypto map mymap 150 set peer XXXXXX
crypto map mymap 150 set transform-set XXX
crypto map mymap 150 set security-association lifetime seconds 28800
crypto map mymap 150 set security-association lifetime kilobytes 10000
crypto map mymap 320 match address outside_cryptomap_320
crypto map mymap 320 set pfs
crypto map mymap 320 set peer XXXXX
crypto map mymap 320 set transform-set XXXXX
crypto map mymap 320 set security-association lifetime seconds 28800
crypto map mymap 320 set security-association lifetime kilobytes 4608000
crypto map mymap 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map mymap interface outside
isakmp policy 150 authentication pre-share
isakmp policy 150 encryption 3des
isakmp policy 150 hash md5
isakmp policy 150 group 2
tunnel-group 212.200.x.x type ipsec-l2l
tunnel-group 212.200.x.x ipsec-attributes
pre-shared-key *
Please advise.
Thank you.hello Ashley,
thank you for this info. Now from the router site the tunneling is getting up and I can see packets but althought the tunnel is up it can not make telnet to our server (172.40.10.100) on a specific port.
We from ASA site can ping router Site and make telnet.
Any ideas???
Thank you all from your answers! -
I bought a macbook pro on november 2011 wich had Lion OS installed on it. Playback plug-in in Mainstage 2.1.3 does not play files from the beginning (it leaves out like 50 mSecs or so). Is there a way to revert to Snow Leopard OS?
BrettGoudy wrote:
...Is there any way I can install a partition that runs snow leopard on my early 2011 MB pro with what I have (new SSD, New RAM, Current version Lion running, no external drive, lack of original snow leopard disks [I lost them ] and the general 10.6.3 snow leopard boot disks)...
As the last post suggests, call Apple and order a replacement original disc for about $17. They will ask you the model and serial numbers.
Your retail version of Snow Leopard OS 10.6.3 will not work on that Mac as it requires a minimum of OS X 10.6.7 to boot and operate.
Another alternative is to again borrow another Mac to install your retail Snow Leopard into an external HD or partition, upgrade it to 10.6.8 and then clone it back to a partition on your MBP. -
Does WCCP support traffic from different VLANs(mapped to VRFs)?
Hello,
I have the following scenario from the WAN to the Data Center and from the WAN to the Branch:
1. Router 2800/7200 with three (3) MPLS VRFs (VRF Lite)
2. Switch 3750 with three (3) WAN VLANs (one for each VRF) and three (3) LAN User Traffic VLANs (one for each ASA Context) and one WAE VLAN
3. WAE with WCCP enabled for one VLAN in the switch
4. ASA with three (3) Contexts
5. Three (3) Internal LANs (one for each Context)
In summary, there are three flows of traffic which are separated along the way from Branch to Data Center. WAEs are working for one VLAN(VRF1) and WCCP is enabled at the 3750 Switch to do the redirection (not in the router). The question is: does WCCP support traffic from different VLANs (similar to inline 802.1Q) and handle all three flows separate? If so, what should the configuration be at the switch and the WAE?
Thanks.The VRF awareness for 12.4(T) is still probably 8-12 months out. VRF aware WCCP features are definitely in the pipeline, but nothing has been publically published on availability timelines.
It's now publically available on the forum... but , I've only found it on the 3750 and 3550 documentation.
at the 3750 you will need to place the redirect statement on each of the VLANs, ip wccp 61 redirect in
Kindly find here GRE Tunnel with VRF Configuration Example:
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00801e1294.shtml
I have gotten as far as the WAE registering the router:
"WCCP configuration for TCP Promiscuous service 61 and 62 succeeded.
WCCP configuration for TCP Promiscuous succeeded.Please remember to
configure WCCP service 61 and 62 on the corresponding router."
wae01#sh wccp router
Router Information for Service: TCP Promiscuous 61
Routers Configured and Seeing this Wide Area Engine(1)
Router Id Sent To Recv ID
0.0.0.0 209.1.1.1 0000022F
The router registers the WAE as a WCCP client:
router04#
"*Feb 4 18:56:09.892: %WCCP-5-SERVICEFOUND: Service 61 acquired on WCCP
client 209.1.1.2"
"*Feb 4 18:56:09.892: %WCCP-5-SERVICEFOUND: Service 62 acquired on WCCP
client 209.1.1.2"
The router however cannot figure out what its ID is and does not see
itself as a WCCP group router.
router04#sh ip wccp
Global WCCP information:
Router information:
Router Identifier: -not yet determined-
Protocol Version: 2.0
Service Identifier: 61
Number of Service Group Clients: 1
Number of Service Group Routers: 0
Total Packets s/w Redirected: 0
Process: 0
Fast: 0
CEF: 0
Redirect access-list: ACCELERATED-TRAFFIC
Total Packets Denied Redirect: 0
Total Packets Unassigned: 25957
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
This is a short summary of important commands for working with VRF's.
View the VRF instances and the associated interfaces.
ml-mr-c6-gs#show ip vrf
Name Default RD Interfaces
blurvrf 100:2 Vlan215
Vlan326
tgvrf 100:1 Vlan132
Vlan325
TenGigabitEthernet1/1
ml-mr-c6-gs#
Show the routing table for a specific VRF.
ml-mr-c6-gs#show ip route vrf tgvrf
Routing Table: tgvrf
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external,
---More--
Gateway of last resort is 128.117.243.57 to network 0.0.0.0
O E2 192.52.106.0/24 [110/1] via 128.117.243.57, 1d19h, Vlan325
O E2 192.168.150.0/24 [110/160] via 128.117.243.57, 1d19h, Vlan325
172.17.0.0/29 is subnetted, 3 subnets
O E2 172.17.1.16 [110/0] via 128.117.243.57, 1d19h, Vlan325
O E2 172.17.1.8 [110/1] via 128.117.243.57, 1d19h, Vlan325
O E2 172.17.1.0 [110/1] via 128.117.243.57, 1d19h, Vlan325
--More--
Debugging should otherwise be similar to a regular switch or router.
Final Teragrid VRF Design and Diagrams
http://www.cisl.ucar.edu/nets/devices/routers/cisco/vrf/final.shtml
Teragrid Testbed Design
http://www.cisl.ucar.edu/nets/devices/routers/cisco/vrf/testbed.shtml
Cisco 4500 Series Switch Cisco IOS s/w config guide 12.1(20)EW
Configuring VRF-Lite
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/20ew/configuration/guide/vrf.html
sachin garg -
Site-2-Site IPSEC VPN tunnel will not come up.
Hello Experts,
Just wondering if I can get some help on setting up a IPSEC VPN tunnel between a Cisco 2921 and ASA 550x. Below is the config
show run | s crypto
crypto pki token default removal timeout 0
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
lifetime 28800
crypto isakmp key xxxxxxxxxxxxxxxxxxxxxx address A.A.A.A
crypto ipsec transform-set ESP-AES128-SHA esp-aes esp-sha-hmac
mode transport
crypto map ICQ-2-ILAND 1 ipsec-isakmp
set peer A.A.A.A
set transform-set ESP-AES128-SHA
match address iland_london_s2s_vpn
crypto map ICQ-2-ILAND
The config on the remote end has not been shared with me, so I don't know if I am doing something wrong locally or if the remote end is wrongly configured.
The command Sh crypto isakmp sa displays the following
show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
A.A.A.A B.B.B.B MM_NO_STATE 1231 ACTIVE (deleted)
IPv6 Crypto ISAKMP SA
show crypto session
Crypto session current status
Interface: GigabitEthernet0/0
Session status: DOWN-NEGOTIATING
Peer: A.A.A.A port 500
IKEv1 SA: local B.B.B.B/500 remote A.A.A.A/500 Inactive
IKEv1 SA: local B.B.B.B/500 remote A.A.A.A/500 Inactive
IPSEC FLOW: permit ip 10.20.111.0/255.255.255.0 10.120.1.0/255.255.255.0
Active SAs: 0, origin: crypto map
IPSEC FLOW: permit ip 10.10.0.0/255.255.0.0 10.120.1.0/255.255.255.0
Active SAs: 0, origin: crypto map
The debug logs from the debug crypto isakmp command are listed below.
ISAKMP:(0): local preshared key found
Dec 6 08:51:52.019: ISAKMP : Scanning profiles for xauth ...
Dec 6 08:51:52.019: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
Dec 6 08:51:52.019: ISAKMP: encryption AES-CBC
Dec 6 08:51:52.019: ISAKMP: keylength of 128
Dec 6 08:51:52.019: ISAKMP: hash SHA
Dec 6 08:51:52.019: ISAKMP: default group 2
Dec 6 08:51:52.019: ISAKMP: auth pre-share
Dec 6 08:51:52.019: ISAKMP: life type in seconds
Dec 6 08:51:52.019: ISAKMP: life duration (basic) of 28800
Dec 6 08:51:52.019: ISAKMP:(0):atts are acceptable. Next payload is 0
Dec 6 08:51:52.019: ISAKMP:(0):Acceptable atts:actual life: 0
Dec 6 08:51:52.019: ISAKMP:(0):Acceptable atts:life: 0
Dec 6 08:51:52.019: ISAKMP:(0):Basic life_in_seconds:28800
Dec 6 08:51:52.019: ISAKMP:(0):Returning Actual lifetime: 28800
Dec 6 08:51:52.019: ISAKMP:(0)::Started lifetime timer: 28800.
Dec 6 08:51:52.019: ISAKMP:(0): processing vendor id payload
Dec 6 08:51:52.019: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Dec 6 08:51:52.019: ISAKMP:(0): vendor ID is NAT-T v2
Dec 6 08:51:52.019: ISAKMP:(0): processing vendor id payload
Dec 6 08:51:52.019: ISAKMP:(0): processing IKE frag vendor id payload
Dec 6 08:51:52.019: ISAKMP:(0):Support for IKE Fragmentation not enabled
Dec 6 08:51:52.019: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Dec 6 08:51:52.019: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2
Dec 6 08:51:52.019: ISAKMP:(0): sending packet to A.A.A.A my_port 500 peer_port 500 (I) MM_SA_SETUP
Dec 6 08:51:52.019: ISAKMP:(0):Sending an IKE IPv4 Packet.
Dec 6 08:51:52.019: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Dec 6 08:51:52.019: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3
Dec 6 08:51:52.155: ISAKMP (0): received packet from A.A.A.A dport 500 sport 500 Global (I) MM_SA_SETUP
Dec 6 08:51:52.155: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Dec 6 08:51:52.155: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4
Dec 6 08:51:52.155: ISAKMP:(0): processing KE payload. message ID = 0
Dec 6 08:51:52.175: ISAKMP:(0): processing NONCE payload. message ID = 0
Dec 6 08:51:52.175: ISAKMP:(0):found peer pre-shared key matching A.A.A.A
Dec 6 08:51:52.175: ISAKMP:(1227): processing vendor id payload
Dec 6 08:51:52.175: ISAKMP:(1227): vendor ID is Unity
Dec 6 08:51:52.175: ISAKMP:(1227): processing vendor id payload
Dec 6 08:51:52.175: ISAKMP:(1227): vendor ID seems Unity/DPD but major 92 mismatch
Dec 6 08:51:52.175: ISAKMP:(1227): vendor ID is XAUTH
Dec 6 08:51:52.175: ISAKMP:(1227): processing vendor id payload
Dec 6 08:51:52.175: ISAKMP:(1227): speaking to another IOS box!
Dec 6 08:51:52.175: ISAKMP:(1227): processing vendor id payload
Dec 6 08:51:52.175: ISAKMP:(1227):vendor ID seems Unity/DPD but hash mismatch
Dec 6 08:51:52.175: ISAKMP:received payload type 20
Dec 6 08:51:52.175: ISAKMP (1227): His hash no match - this node outside NAT
Dec 6 08:51:52.175: ISAKMP:received payload type 20
Dec 6 08:51:52.175: ISAKMP (1227): No NAT Found for self or peer
Dec 6 08:51:52.175: ISAKMP:(1227):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Dec 6 08:51:52.179: ISAKMP:(1227):Old State = IKE_I_MM4 New State = IKE_I_MM4
Dec 6 08:51:52.179: ISAKMP:(1227):Send initial contact
Dec 6 08:51:52.179: ISAKMP:(1227):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
Dec 6 08:51:52.179: ISAKMP (1227): ID payload
next-payload : 8
type : 1
address : B.B.B.B
protocol : 17
port : 500
length : 12
Dec 6 08:51:52.179: ISAKMP:(1227):Total payload length: 12
Dec 6 08:51:52.179: ISAKMP:(1227): sending packet to A.A.A.A my_port 500 peer_port 500 (I) MM_KEY_EXCH
Dec 6 08:51:52.179: ISAKMP:(1227):Sending an IKE IPv4 Packet.
Dec 6 08:51:52.179: ISAKMP:(1227):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Dec 6 08:51:52.179: ISAKMP:(1227):Old State = IKE_I_MM4 New State = IKE_I_MM5
Dec 6 08:51:52.315: ISAKMP (1227): received packet from A.A.A.A dport 500 sport 500 Global (I) MM_KEY_EXCH
Dec 6 08:51:52.315: ISAKMP:(1227): processing ID payload. message ID = 0
Dec 6 08:51:52.315: ISAKMP (1227): ID payload
next-payload : 8
type : 1
address : A.A.A.A
protocol : 17
port : 0
length : 12
Dec 6 08:51:52.315: ISAKMP:(0):: peer matches *none* of the profiles
Dec 6 08:51:52.315: ISAKMP:(1227): processing HASH payload. message ID = 0
Dec 6 08:51:52.315: ISAKMP:received payload type 17
Dec 6 08:51:52.315: ISAKMP:(1227): processing vendor id payload
Dec 6 08:51:52.315: ISAKMP:(1227): vendor ID is DPD
Dec 6 08:51:52.315: ISAKMP:(1227):SA authentication status:
authenticated
Dec 6 08:51:52.315: ISAKMP:(1227):SA has been authenticated with A.A.A.A
Dec 6 08:51:52.315: ISAKMP: Trying to insert a peer B.B.B.B/A.A.A.A/500/, and inserted successfully 2B79E8BC.
Dec 6 08:51:52.315: ISAKMP:(1227):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Dec 6 08:51:52.315: ISAKMP:(1227):Old State = IKE_I_MM5 New State = IKE_I_MM6
Dec 6 08:51:52.315: ISAKMP:(1227):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Dec 6 08:51:52.315: ISAKMP:(1227):Old State = IKE_I_MM6 New State = IKE_I_MM6
Dec 6 08:51:52.315: ISAKMP:(1227):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Dec 6 08:51:52.315: ISAKMP:(1227):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE
Dec 6 08:51:52.315: ISAKMP:(1227):beginning Quick Mode exchange, M-ID of 1511581970
Dec 6 08:51:52.315: ISAKMP:(1227):QM Initiator gets spi
Dec 6 08:51:52.315: ISAKMP:(1227): sending packet to A.A.A.A my_port 500 peer_port 500 (I) QM_IDLE
Dec 6 08:51:52.315: ISAKMP:(1227):Sending an IKE IPv4 Packet.
Dec 6 08:51:52.315: ISAKMP:(1227):Node 1511581970, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
Dec 6 08:51:52.315: ISAKMP:(1227):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
Dec 6 08:51:52.315: ISAKMP:(1227):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
Dec 6 08:51:52.315: ISAKMP:(1227):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Dec 6 08:51:52.455: ISAKMP (1227): received packet from A.A.A.A dport 500 sport 500 Global (I) QM_IDLE
Dec 6 08:51:52.455: ISAKMP: set new node -1740216573 to QM_IDLE
Dec 6 08:51:52.455: ISAKMP:(1227): processing HASH payload. message ID = 2554750723
Dec 6 08:51:52.455: ISAKMP:(1227): processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
spi 0, message ID = 2554750723, sa = 0x2B78D574
Dec 6 08:51:52.455: ISAKMP:(1227):deleting node -1740216573 error FALSE reason "Informational (in) state 1"
Dec 6 08:51:52.455: ISAKMP:(1227):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Dec 6 08:51:52.455: ISAKMP:(1227):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Dec 6 08:51:52.455: ISAKMP (1227): received packet from A.A.A.A dport 500 sport 500 Global (I) QM_IDLE
Dec 6 08:51:52.455: ISAKMP: set new node 1297146574 to QM_IDLE
Dec 6 08:51:52.455: ISAKMP:(1227): processing HASH payload. message ID = 1297146574
Dec 6 08:51:52.455: ISAKMP:(1227): processing DELETE payload. message ID = 1297146574
Dec 6 08:51:52.455: ISAKMP:(1227):peer does not do paranoid keepalives.
Dec 6 08:51:52.455: ISAKMP:(1227):deleting SA reason "No reason" state (I) QM_IDLE (peer A.A.A.A)
Dec 6 08:51:52.455: ISAKMP:(1227):deleting node 1297146574 error FALSE reason "Informational (in) state 1"
Dec 6 08:51:52.455: ISAKMP: set new node -1178304129 to QM_IDLE
Dec 6 08:51:52.455: ISAKMP:(1227): sending packet to A.A.A.A my_port 500 peer_port 500 (I) QM_IDLE
Dec 6 08:51:52.455: ISAKMP:(1227):Sending an IKE IPv4 Packet.
Dec 6 08:51:52.455: ISAKMP:(1227):purging node -1178304129
Dec 6 08:51:52.455: ISAKMP:(1227):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Dec 6 08:51:52.455: ISAKMP:(1227):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA
Dec 6 08:51:52.455: ISAKMP:(1227):deleting SA reason "No reason" state (I) QM_IDLE (peer A.A.A.A)
Dec 6 08:51:52.455: ISAKMP: Unlocking peer struct 0x2B79E8BC for isadb_mark_sa_deleted(), count 0
Dec 6 08:51:52.455: ISAKMP: Deleting peer node by peer_reap for A.A.A.A: 2B79E8BC
Dec 6 08:51:52.455: ISAKMP:(1227):deleting node 1511581970 error FALSE reason "IKE deleted"
Dec 6 08:51:52.455: ISAKMP:(1227):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Dec 6 08:51:52.455: ISAKMP:(1227):Old State = IKE_DEST_SA New State = IKE_DEST_SA
would appreciate any help you can provide.
Regards,
Sidney DsouzaHi Anuj,
thanks for responding. Here are the logs from the debug crypto ipsec
Dec 10 15:54:38.099 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= B.B.B.B:500, remote= A.A.A.A:500,
local_proxy= 10.20.0.0/255.255.0.0/0/0 (type=4),
remote_proxy= 10.120.1.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-aes esp-sha-hmac (Tunnel),
lifedur= 3600s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
Dec 10 15:54:38.671 UTC: IPSEC(key_engine): got a queue event with 1 KMI message(s)
thats all that appeared after pinging the remote subnet. -
Cisco ASA & Router Site to Site VPN up but not passing traffic
Dear all,
Please help me the attached document vpn issue, site-to-site vpn is up but I am not able to passing traffic.
Advance Thanks
ahossainASA#
ASA Version 8.2(1)
hostname Active
domain-name test.com
interface Ethernet0/0
description LAN/STATE Failover Interface
interface Ethernet0/1
speed 100
nameif outside
security-level 0
ip address 212.71.53.38 255.255.255.224 standby 212.71.53.37
interface Ethernet0/2
nameif DMZ
security-level 50
ip address 192.168.50.1 255.255.255.0 standby 192.168.50.4
interface Ethernet0/3
description INSIDE
speed 100
nameif inside
security-level 100
ip address 10.1.1.1 255.255.255.0 standby 10.1.1.2
interface Management0/0
shutdown
no nameif
no security-level
no ip address
boot system disk0:/asa821-k8.bin
boot config disk0:/running-config
ftp mode passive
dns server-group DefaultDNS
domain-name test.com
access-list deny-flow-max 1
access-list alert-interval 2
access-list allow extended permit ip any any
access-list VPN extended permit ip any any
access-list OUTSIDE extended permit ip any any
access-list al-outside extended permit ip any host 212.107.106.129
access-list al-outside extended permit ip any any
access-list encrypt_acl extended permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
access-list outside_access_in extended permit ip any any
access-list inside_access_out extended permit ip any any
access-list DMZ_access_out extended permit ip any any
access-list inside_access_in extended permit ip any any
access-list DMZ_access_in extended permit ip any any
access-list outside_access_in_1 extended permit ip any any
access-list no-nat extended permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu DMZ 1500
mtu inside 1500
failover
failover lan unit primary
failover lan interface failover Ethernet0/0
failover key *****
failover link failover Ethernet0/0
failover interface ip failover 10.10.10.1 255.255.255.252 standby 10.10.10.2
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any DMZ
icmp permit any inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
access-group outside_access_in_1 in interface outside
route outside 0.0.0.0 0.0.0.0 212.71.53.36 1
route outside 10.2.2.0 255.255.255.0 212.71.53.36 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
service resetoutside
crypto ipsec transform-set mal esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map mal 10 set peer 212.107.106.129
crypto map IPSec_map 10 match address encrypt_acl
crypto map IPSec_map 10 set peer 212.107.106.129
crypto map IPSec_map 10 set transform-set mal
crypto map IPSec_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 0.0.0.0 0.0.0.0 outside
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key XXXXXX address 212.71.53.38
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set mal esp-3des esp-md5-hmac
crypto map mal 10 ipsec-isakmp
set peer 212.71.53.38
set transform-set mal
match address 120
interface Loopback0
ip address 10.3.3.1 255.255.255.0
ip virtual-reassembly in
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 172.20.34.54 255.255.255.252
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
crypto map mal
interface GigabitEthernet0/1
ip address 212.107.106.129 255.255.255.248
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
crypto map mal
interface GigabitEthernet0/2
description *!* LAN *!*
ip address 10.2.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ip forward-protocol nd
ip http server
ip http secure-server
ip nat pool OUTPOOL 212.107.106.132 212.107.106.132 netmask 255.255.255.248
ip nat inside source route-map nonat pool OUTPOOL overload
ip route 0.0.0.0 0.0.0.0 172.20.34.53
ip route 10.1.1.0 255.255.255.0 212.107.106.130
ip route 192.168.50.0 255.255.255.0 212.71.53.38
ip access-list extended outside
remark CCP_ACL Category=1
permit ip any any log
ip access-list extended outside1
remark CCP_ACL Category=1
permit ip any any log
access-list 110 permit tcp 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 120 permit ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 130 deny ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 130 deny ip 10.2.2.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 130 permit ip 10.2.2.0 0.0.0.255 any
route-map nonat permit 10
match ip address 130
control-plane
ASA Version 8.2(1)
hostname Active
domain-name test.com
interface Ethernet0/0
description LAN/STATE Failover Interface
interface Ethernet0/1
speed 100
nameif outside
security-level 0
ip address 212.71.53.38 255.255.255.224 standby 212.71.53.37
interface Ethernet0/2
nameif DMZ
security-level 50
ip address 192.168.50.1 255.255.255.0 standby 192.168.50.4
interface Ethernet0/3
description INSIDE
speed 100
nameif inside
security-level 100
ip address 10.1.1.1 255.255.255.0 standby 10.1.1.2
interface Management0/0
shutdown
no nameif
no security-level
no ip address
boot system disk0:/asa821-k8.bin
boot config disk0:/running-config
ftp mode passive
dns server-group DefaultDNS
domain-name test.com
access-list deny-flow-max 1
access-list alert-interval 2
access-list allow extended permit ip any any
access-list VPN extended permit ip any any
access-list OUTSIDE extended permit ip any any
access-list al-outside extended permit ip any host 212.107.106.129
access-list al-outside extended permit ip any any
access-list encrypt_acl extended permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
access-list outside_access_in extended permit ip any any
access-list inside_access_out extended permit ip any any
access-list DMZ_access_out extended permit ip any any
access-list inside_access_in extended permit ip any any
access-list DMZ_access_in extended permit ip any any
access-list outside_access_in_1 extended permit ip any any
access-list no-nat extended permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu DMZ 1500
mtu inside 1500
failover
failover lan unit primary
failover lan interface failover Ethernet0/0
failover key *****
failover link failover Ethernet0/0
failover interface ip failover 10.10.10.1 255.255.255.252 standby 10.10.10.2
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any DMZ
icmp permit any inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
access-group outside_access_in_1 in interface outside
route outside 0.0.0.0 0.0.0.0 212.71.53.36 1
route outside 10.2.2.0 255.255.255.0 212.71.53.36 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
service resetoutside
crypto ipsec transform-set mal esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map mal 10 set peer 212.107.106.129
crypto map IPSec_map 10 match address encrypt_acl
crypto map IPSec_map 10 set peer 212.107.106.129
crypto map IPSec_map 10 set transform-set mal
crypto map IPSec_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 0.0.0.0 0.0.0.0 outside
==================================================================
Remote-Router#
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key XXXXXX address 212.71.53.38
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set mal esp-3des esp-md5-hmac
crypto map mal 10 ipsec-isakmp
set peer 212.71.53.38
set transform-set mal
match address 120
interface Loopback0
ip address 10.3.3.1 255.255.255.0
ip virtual-reassembly in
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 172.20.34.54 255.255.255.252
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
crypto map mal
interface GigabitEthernet0/1
ip address 212.107.106.129 255.255.255.248
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
crypto map mal
interface GigabitEthernet0/2
description *!* LAN *!*
ip address 10.2.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ip forward-protocol nd
ip http server
ip http secure-server
ip nat pool OUTPOOL 212.107.106.132 212.107.106.132 netmask 255.255.255.248
ip nat inside source route-map nonat pool OUTPOOL overload
ip route 0.0.0.0 0.0.0.0 172.20.34.53
ip route 10.1.1.0 255.255.255.0 212.107.106.130
ip route 192.168.50.0 255.255.255.0 212.71.53.38
ip access-list extended outside
remark CCP_ACL Category=1
permit ip any any log
ip access-list extended outside1
remark CCP_ACL Category=1
permit ip any any log
access-list 110 permit tcp 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 120 permit ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 130 deny ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 130 deny ip 10.2.2.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 130 permit ip 10.2.2.0 0.0.0.255 any
route-map nonat permit 10
match ip address 130
control-plane -
Remote Access VPN connecting but not passing traffic
I have a remote access VPN configured on a device here. I'm able to connect a device and it assigns me an IP address out of the pool, and injects the routes to its local network, but I'm not able to pass any traffic through the VPN and none of the IPSec SA counters increment for the dial-in connection. I've compared the config here to the samples from documentation and I don't know what I'm missing. Config is below.
3118-FWL001(config)# sho run
: Saved
ASA Version 7.2(3)
hostname 3118-FWL001
domain-name rr-rentals.com
enable password hEgvNHfNHV8zypPu encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 199.X.X.162 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
passwd 2KFQnbNIdI.2KYOU encrypted
banner exec
banner exec
banner exec
banner exec Any attempted or unauthorized access, use, or modification is prohibited.
banner exec Unauthorized users may face criminal and/or civil penalties.
banner exec The use of this system may be monitored and recorded.
banner exec If the monitoring reveals possible evidence of criminal activity, Adhost can
banner exec provide the records to law enforcement.
banner exec Be safe! Do not share your access information with anyone!
banner exec
banner exec
banner exec
banner asdm
banner asdm
banner asdm
banner asdm Any attempted or unauthorized access, use, or modification is prohibited.
banner asdm Unauthorized users may face criminal and/or civil penalties.
banner asdm The use of this system may be monitored and recorded.
banner asdm If the monitoring reveals possible evidence of criminal activity, Adhost can
banner asdm provide the records to law enforcement.
banner asdm Be safe! Do not share your access information with anyone!
banner asdm
banner asdm
banner asdm
ftp mode passive
dns server-group DefaultDNS
domain-name rr-rentals.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_acl extended permit ip any host 199.X.X.163
access-list outside_acl extended permit icmp any any echo
access-list outside_acl extended permit icmp any any echo-reply
access-list outside_acl extended permit tcp 216.X.X.64 255.255.255.192 any
access-list outside_acl extended permit tcp host 76.X.X.166 any eq 3389
access-list outside_acl extended permit tcp 67.X.X.192 255.255.255.224 any eq 3389
access-list outside_acl extended permit tcp any any eq ftp
access-list outside_acl extended permit tcp any any eq ftp-data
access-list outside_acl extended permit tcp host 72.X.X.71 any eq 3389
access-list outside_acl extended permit tcp host 26.X.X.155 any eq 3389
access-list outside_acl extended permit tcp host 24.X.X.155 any eq 3389
access-list outside_acl extended permit icmp any any unreachable
access-list outside_acl extended permit icmp any any time-exceeded
access-list outside_acl extended permit tcp host 71.X.X.170 any eq 3389
access-list outside_acl extended permit tcp host 24.X.X.200 any eq 3389
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.20.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside_2_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list outside_4_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list outside_3_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list rr-vpn_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0
access-list rr-vpn_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging buffer-size 1048576
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 192.168.20.1-192.168.20.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 199.X.X.163 192.168.10.2 netmask 255.255.255.255
access-group outside_acl in interface outside
route outside 0.0.0.0 0.0.0.0 199.X.X.161 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication enable console LOCAL
aaa authentication serial console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 216.X.X.64 255.255.255.192 outside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection tcpmss 1200
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer 50.X.X.58
crypto map outside_map 1 set transform-set ESP-AES-128-SHA
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs
crypto map outside_map 2 set peer 75.X.X.253
crypto map outside_map 2 set transform-set ESP-AES-128-SHA
crypto map outside_map 3 match address outside_3_cryptomap
crypto map outside_map 3 set pfs
crypto map outside_map 3 set peer 173.X.X.69
crypto map outside_map 3 set transform-set ESP-AES-128-SHA
crypto map outside_map 4 match address outside_4_cryptomap
crypto map outside_map 4 set pfs
crypto map outside_map 4 set peer 70.X.X.194
crypto map outside_map 4 set transform-set ESP-AES-128-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 5
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 192.168.10.2 255.255.255.255 inside
ssh 192.168.0.0 255.255.0.0 inside
ssh 216.X.X.64 255.255.255.192 outside
ssh 50.X.X.58 255.255.255.255 outside
ssh timeout 60
ssh version 2
console timeout 0
management-access inside
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
inspect icmp error
service-policy global_policy global
tftp-server outside 216.X.X.116 3118-FWL001.config
group-policy rr-vpn internal
group-policy rr-vpn attributes
dns-server value 216.X.X.12 66.X.X.11
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value rr-vpn_splitTunnelAcl
username rrlee password B6rKS8LmKC50oIXK encrypted privilege 0
username rrlee attributes
vpn-group-policy rr-vpn
username cschirado password QYICGrOFAZ9iPWpp encrypted privilege 0
username cschirado attributes
vpn-group-policy rr-vpn
username daniel password SZsXZCSuVXcFn9NB encrypted privilege 15
username adhostadm password 7P2Y2Ow1o0.VSjvh encrypted privilege 15
username troy password amZKsxVU.8N9kKPb encrypted privilege 0
username troy attributes
vpn-group-policy rr-vpn
username troyr password Hek9zbMrM6wEDSfi encrypted privilege 15
username druiz password 33oau7XOcvhJ3DMv encrypted privilege 0
username druiz attributes
vpn-group-policy rr-vpn
username theresa password qWsPnR.vfjXzlunC encrypted privilege 0
username theresa attributes
vpn-group-policy rr-vpn
username kevin password R5DPfUVhzGCEg6pu encrypted privilege 0
username kevin attributes
vpn-group-policy rr-vpn
username andrea password MyhIPdH6UJQDon77 encrypted privilege 0
username andrea attributes
vpn-group-policy rr-vpn
tunnel-group 50.X.X.58 type ipsec-l2l
tunnel-group 50.X.X.58 ipsec-attributes
pre-shared-key *
tunnel-group 75.X.X.253 type ipsec-l2l
tunnel-group 75.X.X.253 ipsec-attributes
pre-shared-key *
tunnel-group 72.X.X.71 type ipsec-l2l
tunnel-group 72.X.X.71 ipsec-attributes
pre-shared-key *
tunnel-group 173.X.X.69 type ipsec-l2l
tunnel-group 173.X.X.69 ipsec-attributes
pre-shared-key *
tunnel-group rr-vpn type ipsec-ra
tunnel-group rr-vpn general-attributes
address-pool vpnpool
default-group-policy rr-vpn
tunnel-group rr-vpn ipsec-attributes
pre-shared-key *
tunnel-group 70.X.X.194 type ipsec-l2l
tunnel-group 70.X.X.194 ipsec-attributes
pre-shared-key *
prompt hostname contextHere are the results of the commands you requested. I'm not able to ping either direction.
Thanks,
James
3118-FWL001# sho cry isa sa
Active SA: 5
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 5
1 IKE Peer: 50.34.254.58
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
2 IKE Peer: 173.10.71.69
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
3 IKE Peer: 75.151.109.253
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
4 IKE Peer: 70.99.88.194
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
5 IKE Peer: 216.211.143.85
Type : user Role : responder
Rekey : no State : AM_ACTIVE
3118-FWL001# sho cry ips sa
interface: outside
Crypto map tag: outside_dyn_map, seq num: 20, local addr: 199.21.66.162
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (192.168.20.2/255.255.255.255/0/0)
current_peer: 216.211.143.85, username: kevin
dynamic allocated peer ip: 192.168.20.2
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 199.21.66.162, remote crypto endpt.: 216.211.143.85
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: CBF94621
inbound esp sas:
spi: 0x8D8279CA (2374138314)
transform: esp-3des esp-sha-hmac none
in use settings ={RA, Tunnel, }
slot: 0, conn_id: 200, crypto-map: outside_dyn_map
sa timing: remaining key lifetime (sec): 28715
IV size: 8 bytes
replay detection support: Y
outbound esp sas:
spi: 0xCBF94621 (3422111265)
transform: esp-3des esp-sha-hmac none
in use settings ={RA, Tunnel, }
slot: 0, conn_id: 200, crypto-map: outside_dyn_map
sa timing: remaining key lifetime (sec): 28715
IV size: 8 bytes
replay detection support: Y
Crypto map tag: outside_map, seq num: 1, local addr: 199.21.66.162
access-list outside_1_cryptomap permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
current_peer: 50.34.254.58
#pkts encaps: 15356573, #pkts encrypt: 15356573, #pkts digest: 15356573
#pkts decaps: 9021115, #pkts decrypt: 9021114, #pkts verify: 9021114
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 15356573, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 199.21.66.162, remote crypto endpt.: 50.34.254.58
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: FE16571B
inbound esp sas:
spi: 0x78BD7E4F (2025684559)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 86, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4263158/5788)
IV size: 16 bytes
replay detection support: Y
outbound esp sas:
spi: 0xFE16571B (4262876955)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 86, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4064653/5788)
IV size: 16 bytes
replay detection support: Y
Crypto map tag: outside_map, seq num: 4, local addr: 199.21.66.162
access-list outside_4_cryptomap permit ip 192.168.10.0 255.255.255.0 192.168.4.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.4.0/255.255.255.0/0/0)
current_peer: 70.99.88.194
#pkts encaps: 491814, #pkts encrypt: 491814, #pkts digest: 491814
#pkts decaps: 416810, #pkts decrypt: 416810, #pkts verify: 416810
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 491814, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 199.21.66.162, remote crypto endpt.: 70.99.88.194
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: 533F55E1
inbound esp sas:
spi: 0xE2F461AD (3807666605)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 194, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4273818/27167)
IV size: 16 bytes
replay detection support: Y
outbound esp sas:
spi: 0x533F55E1 (1396659681)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 194, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4266133/27167)
IV size: 16 bytes
replay detection support: Y
Crypto map tag: outside_map, seq num: 2, local addr: 199.21.66.162
access-list outside_2_cryptomap permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
current_peer: 75.151.109.253
#pkts encaps: 207718, #pkts encrypt: 207718, #pkts digest: 207718
#pkts decaps: 142739, #pkts decrypt: 142739, #pkts verify: 142739
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 207722, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 199.21.66.162, remote crypto endpt.: 75.151.109.253
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: 8D74AC18
inbound esp sas:
spi: 0x0CF7F70B (217577227)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 195, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4274490/23242)
IV size: 16 bytes
replay detection support: Y
outbound esp sas:
spi: 0x8D74AC18 (2373233688)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 195, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4270718/23242)
IV size: 16 bytes
replay detection support: Y
Crypto map tag: outside_map, seq num: 3, local addr: 199.21.66.162
access-list outside_3_cryptomap permit ip 192.168.10.0 255.255.255.0 192.168.3.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.3.0/255.255.255.0/0/0)
current_peer: 173.10.71.69
#pkts encaps: 3427935, #pkts encrypt: 3427935, #pkts digest: 3427935
#pkts decaps: 2006044, #pkts decrypt: 2006044, #pkts verify: 2006044
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 3427935, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 199.21.66.162, remote crypto endpt.: 173.10.71.69
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: 2E8A6147
inbound esp sas:
spi: 0x467968AB (1182361771)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 154, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4270213/18597)
IV size: 16 bytes
replay detection support: Y
outbound esp sas:
spi: 0x2E8A6147 (780820807)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 154, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4162093/18597)
IV size: 16 bytes
replay detection support: Y
3118-FWL001# sho run route
route outside 0.0.0.0 0.0.0.0 199.21.66.161 1 -
L2L tunnel up, not passing traffic...all of a sudden
I've had a tunnel in place on a 5505 to a remote network i don't control...so my troubleshooting there is limited. But the tunnel has been in place for over a year without issue. Suddenly it doesn't appear to be passing traffic. But it is in at least one direction.
Remote network:192.168.191.0/24
Local ASA side: 10.220.78.0/24
I had a constant ping started from 192.168.191.10 > 10.220.78.23
Which is a Windows server pinging a Windows workstation.
When i debug icmp on the ASA i get:
ICMP echo request from outside:192.168.191.10 to inside:10.220.78.23 ID=1 seq=2866 len=32
ICMP echo reply from inside:10.220.78.23 to outside:192.168.191.10 ID=1 seq=2866 len=32
Which confirms to me that the remote network is in fact traversing the tunnel and hitting the 10.220.78.23 device, which is in fact responding, and the reply is being sent out the ASA.
The tunnel negotiates and comes up any time I reset it, by all accounts it looks correct.
The problem is not limited to ICMP as I'm unable to net use or map drives, nor can 192.168.191.10 print to the printer at 10.220.78.20.
But once i saw the icmp trace output I pretty much figured it has to be on the remote end...so....
My question, can I absolutely infer from this that the issue resides on the remote end?Some additional info. Aside from the ping they have running from the remote network, which is shown in the above icmp trace, if i run packet tracer from the local network to the remote, tunnel's up/traffic is allowed. Not a big surprise since the tunnel does negotiate and stay up.
I captured packets from the ASA and I can see the local 10.220.78.23 device sending the reply to 192.168.191.10. Matching up with the icmp trace.
I had them run a packet capture on their firewall and confirmed, the ICMP requests from 192.168.191.10 are being encapsulated and sent on the tunnel. Again confirmed in my mind since i see the requests on the ASA. But they don't ever see the response.
There's no tcp adjust mss command on the ASA but there's this in the config:
ASA# sh run all sys
no sysopt connection timewait
sysopt connection tcpmss 1380
sysopt connection tcpmss minimum 0
sysopt connection permit-vpn
sysopt connection reclassify-vpn
no sysopt connection preserve-vpn-flows
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
no sysopt radius ignore-secret
no sysopt noproxyarp inside
no sysopt noproxyarp outside
Any other ideas? -
The "Awesome Bar" is not working. It does not recall anything from the Bookmarks
Just updated to new Firefox. In the past, when I would start to type a site in the address bar firefox would complete it as it was already in my bookmarks. But now it does not do anything. It just sits there waiting for me to complete the address. I could start to type Netf and it automatically finish Netflix.com
Why is this happening. Also, for the first couple days of the new version I had to go back into Tools, Options and reset things at least 3 or 4 times before they would finally stay the way I wanted them.
I would tell it Never Remember History and after while I would look and it would say, Remember History. I wanted a Blank Start page, and it kept changing it. It's okay now but the Awesome Bar is not working at all.Do your bookmarks show up in the auto-suggest drop-down list?
''If not:'' Under Options > Privacy, in the bottom section, does it still show that Firefox should suggest Bookmarks in the Location bar?
If auto-suggest works but the autofill isn't happening, you could double-check that it has not been disabled here:
(1) In a new tab, type or paste '''about:config''' in the address bar and press Enter. Click the button promising to be careful.
(2) In the search box above the list, type or paste '''autof''' and pause while the list is filtered
(3) If the '''browser.urlbar.autoFill''' preference is bold and "user set" to false, double-click it to switch its value back to the default value of true. That should work in new tabs.
It's it already true, hmm, I wonder whether this is a private browsing issue? (I didn't test with automatic private browsing.) -
Link posted on Facebook does not import Photo from the site
When I paste a link to a status line on Facebook, it imports the title and annotation of the page correctly. However, the Facebook does not show any photo from the page (as it does with other websites).
Is there a way to force Facebook to show a photo alongside the title etc?
I am trying to post for instance this: http://www.cykasy.cz/Atlas/Cycas_xipholepis.html
and would like to show some of the pictures on Facebook too.It seems that the only solution is to write a piece of code into the header of the page and that will tell facebook where to pull the title, description and the photo from. The code that needs to be inserted is below.
THE PROBLEM - this solution doesn't work if you have built your site using iweb. Everyone that has iweb has responded to the solution (everywhere this is written about) has said this.
Does anyone know another work around?
The solution for anyone without iweb:
<meta name="title" content="INSERT CONTENT HERE" />
<meta name="description" content="INSERT CONTENT HERE" />
<link rel="image_src" href="INSERT LOCATION OF PHOTO WEB ADDRESS HERE" /> -
Hi, I am not able to hear playback of audio from the speakers on my laptop. Only if I connect a headphone I am able to hear. Kindly help resolve.
Regards,
Vivek. V.Hi
1) Try a Hard Reset as follows.
Remove any devices connected to the notebook. Shut down the notebook, unplug the AC Adapter and then remove the battery. Hold down the Power button for 30 seconds. Re-insert the battery, plug in the AC Adapter and start the notebook - check if the speakers are now working.
2) Please First check if the speaker icon on the unit is not muted.
3) Go to device manager and uninstall the Sound driver and restart and unit will install the driver automatically.
4) Try doing System restore to the date when the unit was working fine.
5) Try to update the driver from hp.com website for Audio & Bios.
Let us know how it goes!
"I work for HP."
****Click the (purple thumbs up icon in the lower right corner of a post) to say thanks****
****Please mark Accept As Solution if it solves your problem****
Regards
Manjunath -
My daughter forgot her access code to her itouch. Itunes can't access it when i plug it in. it is registered under my id. how do we reset the passcode without the passcode?
Place the iOS device in Recovery Mode and then connect to your computer and restore via iTunes. The iPod will be erased.
iOS: Wrong passcode results in red disabled screen
If recovery mode does not work try DFU mode.
How to put iPod touch / iPhone into DFU mode « Karthik's scribblings -
HTTP POST method does not pass parameters to the server
Hi ,
I am using SSO using VSJ product and implemented using a filter.
I have problems as below
1. Every request to the web server will be intercepted by this vsj filter and if sso does not succeed it will send 403
2. my system will detect 403 in web.xml and redirect to login page
3. user key in username and password and log in
4. after successful login set the HttpSession and redirect to homepage
Problem is subsquent form submit / ajax call using "POST" method cannot pass any parameters to the servers ( parameters sent using POST will be null in the servers ) ? GET is okay
If i comment out the vsj filter altogether , everything works as per normal.
My Question is
1. Is there anyway to overcome come ?
2. Is there any method to clear off whatever this sso vsj has set ( clear cookies / start new browser instance / etc ) in order to forget the state
Any idea?
ThanksYes.
here to illustrate
public MyFilter extends VSJAuthFilter
*public void doFilter(){*
*if(session.getAttribute("loginSucces") != true){*
super.doFilter(); //call VSJ Auth filter to perform SSO in order to get User Principal populated.
*}else{*
chain.doFilter(); // normal filter
My Filter only intercepts *.jsp and *.do
Basically here is the pattern that i observe
1. If i hit default url (homepage.do) for the first time it will trigger the super.doFilter() , it will then throw 403 and redirect to login.html , after success and go to homepage , subsequent POST parameter is missing
2. if i hit the external login page directly just to simulate ( eg : login.html ) it wont trigger this filter , after success and go to homepage , subsequenet POST parameter is okay
3. GET is always ok
I am using weblogic server 10.x btw
Thanks -
IPod touch music does not start songs from the beginning
the songs on an ipod touch does not start from the beginning how do you fix this
In your iTunes Library, check the songs to see if they are set to Remember playback position. If they are, turn that off and Sync the iPod with iTunes for these new changes to take effect.
Highlight a song, right-click/Get Info/Options>Remember playback position: -
The new tab is visible on the the tab bar but clicking on it does not open a new tab.Neither can I open a new tab from the File drop down menu, nor the Ctrl+T method as indicated in the troubleshooting guide.
Un-install the '''''Ask Toolbar''''' which many users have reported causing that problem.
*http://support.mozilla.com/en-US/kb/Uninstalling+add-ons
*http://support.mozilla.com/en-US/kb/Cannot%20uninstall%20an%20add-on
<br />
<br />
'''You need to update the following.''' The Plugin version(s) shown below was/were submitted with your question and is/are out of date. You should update to avoid known security issues with the version(s) you have installed. Click on "More system info..." to the right of your question to see what was included with your question.
*Adobe Shockwave for Director Netscape plug-in, version 11.5
*Shockwave Flash 10.1 r102
*Next Generation Java Plug-in 1.6.0_24 for Mozilla browsers
#'''''Check your plugin versions''''' on either of the following links':
#*http://www.mozilla.com/en-US/plugincheck/
#*https://www-trunk.stage.mozilla.com/en-US/plugincheck/
#*'''Note: plugin check page does not have information on all plugin versions'''
#*There are plugin specific testing links available from this page:
#**http://kb.mozillazine.org/Testing_plugins
#'''Update Shockwave for Director'''
#*NOTE: this is not the same as Shockwave Flash; this installs the Shockwave Player.
#*Use Firefox to download and SAVE the installer to your hard drive from the link in the article below (Desktop is a good place so you can find it).
#*When the download is complete, exit Firefox (File > Exit)
#*locate and double-click in the installer you just downloaded, let the install complete.
#*Restart Firefox and check your plugins again.
#*'''<u>Download link and more information</u>''': http://support.mozilla.com/en-US/kb/Using+the+Shockwave+plugin+with+Firefox
#'''Update the [[Managing the Flash plugin|Flash]] plugin''' to the latest version.
#*Download and SAVE to your Desktop so you can find the installer later
#*If you do not have the current version, click on the "Player Download Center" link on the "'''Download and information'''" or "'''Download Manual installers'''" below
#*After download is complete, exit Firefox
#*Click on the installer you just downloaded and install
#**Windows 7 and Vista: may need to right-click the installer and choose "Run as Administrator"
#*Start Firefox and check your version again or test the installation by going back to the download link below
#*'''Download and information''': http://www.adobe.com/software/flash/about/
#**Use Firefox to go to the above site to update the Firefox plugin (will also install plugin for most other browsers; except IE)
#**Use IE to go to the above site to update the IE ActiveX
#*'''Download Manual installers'''.
#**http://kb2.adobe.com/cps/191/tn_19166.html#main_ManualInstaller
#**Note separate links for:
#***Plugin for Firefox and most other browsers
#***ActiveX for IE
#'''Update the [[Java]] plugin''' to the latest version.
#*Download site: http://www.oracle.com/technetwork/java/javase/downloads/index.html (Java Platform: Download JRE)
#**'''''Be sure to <u>un-check the Yahoo Toolbar</u> option during the install if you do not want it installed.
#*Also see "Manual Update" in this article to update from the Java Control Panel in Windows Control Panel: http://support.mozilla.com/en-US/kb/Using+the+Java+plugin+with+Firefox#Updates
#* Removing old versions (if needed): http://www.java.com/en/download/faq/remove_olderversions.xml
#* Remove multiple Java Console extensions (if needed): http://kb.mozillazine.org/Firefox_:_FAQs_:_Install_Java#Multiple_Java_Console_extensions
#*Java Test: http://www.java.com/en/download/help/testvm.xml
Maybe you are looking for
-
Guys, Not sure if this is the right place to ask. Was not sure. Please excuse if in error. There is this particular webpage that displays a form with a text field and a submit button. I am trying to write a java program that will try to fill the file
-
...I cannot download tracks from iMatch. What is the fix?
-
Mouse freezing in FCP? please help
Hello everyone, I've been using FCP for a few years now and have never encountered this issue until the last couple weeks (to my knowledge I haven't had any changes to my system within that time). I haven't been able to find anything on the subject,
-
Whats the best/fastest format to convert avchd to, for edit purposes?
Whats best format to convert 1920/1080 avchd to, for editing purposes? I tryed converting to HDV but didnt like the quality. I then tryed to convert the raw avchd files to mpeg2 @ 35 mbps. That is much cleaner but renders slow...about 1-1 ratio. Look
-
Where I can download iTunes 10.6.3?
my Ipod have ah new software and in iTunes , say that i need ah de las version in iTunes , where i can download iTunes 10.6.3