Howto setup VPN between RVS4000 and linux PC ?

Similar Messages

• Site to site vpn between RV215W and ASA5510

  Hello,
  We're trying to establish a site to site vpn between a RV215W (firmware version 1.0.0.16) and an ASA5510 (ASA 8.2(3)).  The ASA currently has 5 other IPSec VPN tunnels running.  It sure does look like I've dotted all my "i's" and crossed all my "t's" with respect to both sides of the tunnel.  What I'm seeing from the 5510 is that there is some sort of communication between the two devices but there is no IPSec tunnel established and no traffic is getting beyond either device.  It shows the RV215W connected but 0 bytes Tx and 0 bytes Rx.
  From the RV215W side of things it shows an IPSec SA not established.  The protocol is IKE and the encryption used is 3des.  Both sides have the same preshare key and are using the same settings.  From each device I can ping the public IP address of the other, but I get no further.  I believe I have ACL's set up to allow traffic from both internal networks.  (although I may not - I'm hardly a Cisco guru, just fumbling my way through this...)
  Any guidance/direction would be greatly appreciated.
  Thank you in advance!

  Hello,
  I have found an article that may provide some assistance with your VPN. It has information on more advanced settings on VPNs for the RV215W. I hope that it may be of some use to you.
  Advanced VPN Setup on RV215W
  Hope it helps,
  Andrew Mayfield

• Remote site redundancy IPSEC VPN between 2911 and ASA

  We already have IPSEC VPN connectivity established between sites but would like to introduce some resilience/redundancy at a remote site.
  Site A has an ASA with one internet circuit.
  Site B has a Cisco 2911 with one internet circuit and we have established site-to-site IPSEC VPN connectivity between the 2911 and the ASA.
  Prior to getting the new internet circuit, Site B had a Cisco 877 with an ADSL line which are still available but aren’t currently in use.
  The internet circuit at Site B has dropped a few times recently so we would like to make use of the ADSL circuit (and potentially the 877 router too) as a backup.
  What is the best way of achieving this?
  We thought about running HSRP between the 877 and 2911 routers at Site B and, in the event of a failure of the router or internet circuit, traffic would failover to the 877 and ADSL.
  However, how would Site A detect the failure? Can we simply rely on Dead Peer Detection and list the public IP address of the internet circuit at Site B first with the public IP address used on the ADSL line second in the list on the ASA? What would happen in a failover scenario and, just as important, when service was restored – I’m not sure DPD would handle that aspect correctly?
  I’ve read briefly elsewhere that GRE might be best to use in this scenario – but I can’t use GRE on the ASA. I have an L3 switch behind the ASA which I may be able to make use of? But I don’t want to disrupt the existing IPSEC VPN connectivity already established between the ASA and the 2911.   Can I keep IPSEC between the ASA and 2911 but then run GRE between the L3 switch and the 2911? If so, how would this best be achieved?  And how could I also introduce the 877 and ADSL line into things to achieve the neccessary redundancy?
  Any help/advice would be appreciated!

  Hello,
  I don't think GRE tunnel that you could set up on the switch  behind ASA would be really helpfull. Still site-2-site tunnel you want  to establish between ASA and some routers, but still it is ASA which needs to make decision about which peer to connect to.
  Possible solution would be to do HSRP between both routers on LAN side and with two independent tunnels/crypto maps (one on each of them). On ASA you would need to set up two hosts in set peer. Problem of this solution is that if one router at side B is going to go down and second ADSL line will take over ASA will not do preempt after you main Internet connection is up again. This would happen after ADSL Internet connection will be down.
  Solution to that would be to assign two different public IP addressess on two different interfaces of ASA. Then you attach two crypto maps to both interfaces and by using sla monitor (let's say icmp to main router, if it does not respond then you change routing for remote LAN to second interface) you are selecting which crypto map (with one peer this time) should be used.
  I hope what I wrote makes some sense.

• Remote VPN between ASA5505 and Netscreen SSG140

  Dears,
  I'm trying to set up a VPN between an ASA 5505 and  SSG40Juniper and the VPN keep flaping:
  Nov 27 04:47:27 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, NP encrypt rule look up for crypto map TEST 1 matching ACL ACL_VPN: returned cs_id=cd2e0998; encrypt_rule=cd39bd50; tunnelFlow_rule=cd488220
  Nov 27 04:47:27 [IKEv1]Group = 89.XXX, IP = 89.XXX, Security negotiation complete for LAN-to-LAN Group (89.XXX)  Responder, Inbound SPI = 0xb98f5dbe, Outbound SPI = 0xddd1484a
  Nov 27 04:47:27 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, IKE got a KEY_ADD msg for SA: SPI = 0xddd1484a
  Nov 27 04:47:27 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, Pitcher: received KEY_UPDATE, spi 0xb98f5dbe
  Nov 27 04:47:27 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, Starting P2 rekey timer: 3060 seconds.
  Nov 27 04:47:27 [IKEv1]Group = 89.XXX, IP = 89.XXX, PHASE 2 COMPLETED (msgid=f46e307a)
  Nov 27 04:47:31 [IKEv1]IKE Receiver: Packet received on 81.1XXX:500 from 89.XXX:500
  Nov 27 04:47:31 [IKEv1]Group = 89.XXX, IP = 89.XXX, Duplicate Phase 2 packet detected.  Retransmitting last packet.
  Nov 27 04:47:31 [IKEv1]Group = 89.XXX, IP = 89.XXX, Responder resending lost, last msg
  Nov 27 04:47:31 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, Starting P2 rekey timer: 3056 seconds.
  Nov 27 04:47:31 [IKEv1]Group = 89.XXX, IP = 89.XXX, PHASE 2 COMPLETED (msgid=f46e307a)
  Nov 27 04:47:35 [IKEv1]IKE Receiver: Packet received on 81.XXX:500 from 89.XXX:500
  Nov 27 04:47:35 [IKEv1]Group = 89.XXX, IP = 89.XXX, Duplicate Phase 2 packet detected.  Retransmitting last packet.
  Nov 27 04:47:35 [IKEv1]Group = 89.XXX, IP = 89.XXX, Responder resending lost, last msg
  Nov 27 04:47:35 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, Starting P2 rekey timer: 3052 seconds.
  Nov 27 04:47:35 [IKEv1]Group = 89.XXX, IP = 89.XXX, PHASE 2 COMPLETED (msgid=f46e307a)
  Nov 27 04:47:38 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, Sending keep-alive of type DPD R-U-THERE (seq number 0x1a4070b7)
  Nov 27 04:47:38 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, constructing blank hash payload
  Nov 27 04:47:38 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, constructing qm hash payload
  Nov 27 04:47:38 [IKEv1]IP = 89.XXX, IKE_DECODE SENDING Message (msgid=8977946c) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 80
  Nov 27 04:47:38 [IKEv1]IKE Receiver: Packet received on 81.XXX:500 from 89.XXX:500
  Nov 27 04:47:38 [IKEv1]IP = 89.XXX, IKE_DECODE RECEIVED Message (msgid=8e9a1247) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 80
  Nov 27 04:47:38 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, processing hash payload
  Nov 27 04:47:38 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, processing notify payload
  Nov 27 04:47:38 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x1a4070b7)
  Nov 27 04:47:39 [IKEv1]IKE Receiver: Packet received on 81.XXX:500 from 89.XXX:500
  Nov 27 04:47:39 [IKEv1]Group = 89.XXX, IP = 89.XXX, Duplicate Phase 2 packet detected.  Retransmitting last packet.
  Nov 27 04:47:39 [IKEv1]Group = 89.XXX, IP = 89.XXX, Responder resending lost, last msg
  Nov 27 04:47:39 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, Starting P2 rekey timer: 3048 seconds.
  Nov 27 04:47:39 [IKEv1]Group = 89.XXX, IP = 89.XXX, PHASE 2 COMPLETED (msgid=f46e307a)
  Nov 27 04:47:43 [IKEv1]IKE Receiver: Packet received on 81.XXX:500 from 89.XXX:500
  Nov 27 04:47:43 [IKEv1]Group = 89.XXX, IP = 89.XXX, Duplicate Phase 2 packet detected.  Retransmitting last packet.
  Nov 27 04:47:43 [IKEv1]Group = 89.XXX, IP = 89.XXX, QM FSM error (P2 struct &0xcd58eee8, mess id 0xf46e307a)!
  Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, IKE QM Responder FSM error history (struct &0xcd58eee8)  <state>, <event>:  QM_DONE, EV_ERROR-->QM_ACTIVE, EV_RESEND_MSG-->QM_ACTIVE, NullEvent-->QM_ACTIVE, EV_VM_START-->QM_ACTIVE, EV_ACTIVE-->QM_RSND_LST_MSG, EV_RESET_LIFETIME-->QM_RSND_LST_MSG, EV_IS_REKEY_SECS-->QM_RSND_LST_MSG, EV_RESEND_MSG
  Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, sending delete/delete with reason message
  Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, constructing blank hash payload
  Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, constructing IPSec delete payload
  Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, constructing qm hash payload
  Nov 27 04:47:43 [IKEv1]IP = 89.XXX, IKE_DECODE SENDING Message (msgid=57422aa9) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 64
  Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, IKE Deleting SA: Remote Proxy 172.24.0.0, Local Proxy 10.143.0.0
  Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, IKE SA MM:08bcc57b rcv'd Terminate: state MM_ACTIVE  flags 0x00000042, refcnt 1, tuncnt 0
  Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, IKE SA MM:08bcc57b terminating:  flags 0x01000002, refcnt 0, tuncnt 0
  Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, sending delete/delete with reason message
  Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, constructing blank hash payload
  Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, constructing IKE delete payload
  Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, constructing qm hash payload
  Nov 27 04:47:43 [IKEv1]IP = 89.XXX, IKE_DECODE SENDING Message (msgid=c364409e) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 76
  Nov 27 04:47:43 [IKEv1 DEBUG]Pitcher: received key delete msg, spi 0xb98f5dbe
  Nov 27 04:47:43 [IKEv1 DEBUG]Pitcher: received key delete msg, spi 0xb98f5dbe
  Nov 27 04:47:43 [IKEv1]Group = 89.XXX, IP = 89.XXX, Session is being torn down. Reason: Lost Service
  Nov 27 04:47:43 [IKEv1]Ignoring msg to mark SA with dsID 1658880 dead because SA delete
  On the Cisco side
  crypto ipsec ikev1 transform-set ESP-3DES-ESP-MD5-HMAC esp-3des esp-md5-hmac
  crypto ipsec security-association pmtu-aging infinite
  crypto map TEST 1 match address ACL_VPN
  crypto map TEST 1 set peer 89.XXX.XXX.XXX
  crypto map TEST 1 set ikev1 transform-set ESP-3DES-ESP-MD5-HMAC
  crypto map TEST interface outside
  crypto ca trustpool policy
  no crypto isakmp nat-traversal
  crypto ikev1 enable outside
  crypto ikev1 policy 1
   authentication pre-share
   encryption 3des
   hash md5
   group 2
   lifetime 86400
  access-list ACL_VPN extended permit ip 10.143.0.0 255.255.0.0 172.24.0.0 255.255.0.0
  On the juniper side:
  set ike gateway "TO_XXX_ASA" address 81.XXX.XXX.XXX Main outgoing-interface "ethernet0/2" preshare "XXXXXXX" proposal "pre-g2-3des-md5"
  set vpn "DATACENTER_XXX_ASA" proxy-id local-ip 172.24.0.0/16 remote-ip 10.143.0.0/16 "ANY" 
  set vpn "DATACENTER_XXX_ASA" gateway "TO_XXX_ASA" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-md5" 
  set vpn "DATACENTER_XXX_ASA" monitor optimized rekey
  set vpn "DATACENTER_XXX_ASA" id 0x78 bind interface tunnel.2
  set vpn "DATACENTER_XXX_ASA" gateway "TO_XXX_ASA" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-md5" 
  set vpn "DATACENTER_XXX_ASA" monitor source-interface ethernet0/2 destination-ip 10.143.0.1 optimized rekey
  set vpn "DATACENTER_XXX_ASA" id 0x7b bind interface tunnel.2
  PFS is disabled.
  Any idea why I receive these errors?
   Duplicate Phase 2 packet detected.  Retransmitting last packet.
  QM FSM error (P2 struct &0xcd58eee8, mess id 0xf46e307a)!

  Hey,
  anybody any idea on this problem? We encountered this problem also.
  i can see in ASA log that phase1 is completed.
  after that we get the msg for phase2 completed.
  but followed with a "responder resending lost, last msg" this 3 times, than a QM FSM error and the tunnel being shut down on our end.
  the other side, is getting an active SA, but ofc not working.
  any idea?
  5 Jan 23 2015 14:59:14 713120 Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, PHASE 2 COMPLETED (msgid=440ce73e)
  7 Jan 23 2015 14:59:18 713906 IKE Receiver: Packet received on yy.yy.yy.yy:500 from xx.xx.xx.xx:500
  5 Jan 23 2015 14:59:18 713201 Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, Duplicate Phase 2 packet detected.  Retransmitting last packet.
  6 Jan 23 2015 14:59:18 713905 Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, Responder resending lost, last msg
  7 Jan 23 2015 14:59:18 715080 Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, Starting P2 rekey timer: 27357 seconds.
  5 Jan 23 2015 14:59:18 713120 Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, PHASE 2 COMPLETED (msgid=440ce73e)
  3x times
  3 Jan 23 2015 14:59:30 713902 Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, QM FSM error (P2 struct &0x00007fff2a9921f0, mess id 0x440ce73e)!
  with kind regards,
  Bernd

• Creating network between Mac and Linux

  Hello guys! I need to set up network between my iMac and Ubuntu linux. iMac is connected in internet by Airport and Fon Wifi Router witch is connected in router which is connected to adsl -modem. My pc is connected directly to router. Both computers have access to internet. Is there any easy solutions to share files with mac and linux? I don't need any webservers etc, I just want to share files.
  Other question related to this, why is my mac's ip address like 192.168... and linux ip addrress is 84.250...?
  Thanks allready!

  Though I'm not newbie with computers, I'm really confused becouse I haven't set up network like this never before.
  Not a problem, no worry... we all know something somebody else doesn't and vice versa.
  My linux says that my DHCP -IP is 193.210.18.18, is that related to this in any way?
  Yes, if the Mac had an IP of 193.210.18.x, (but not 18 for x), then connection would be simple, but I think we must have two devices passing out IPs. What is the Mac's IP again?
  http://www.helpdesk.umd.edu/topics/communication/ethernet/office/winxp/2882/
  Do you have any advice where I could start looking from the right IP of my linux?
  http://www.webmasterforums.com/networks-clusters/1804-find-ip-address-my-linux-b ox.html
  I'm not sure if its even configurable.
  http://tinyurl.com/2gug9s

• VPN between Mac and Windows? share printer and USB drive

  Hey everyone, I'm out at college and have a Windows SP2 desktop set up in my room with the printer and our external hard drive. I travel around campus with my macbook pro (10.5), and it'd be really nice to access the printer and my external hard drive.
  Problem is that since its a huge vast network, I think its near impossible to do a direct "IP" connect to it. So the next option is to use a VPN, which I have experience with Windows and Hamachi, but I have no idea how to incorporate a VPN between a mac and a windows computer.
  Thanks!

  Hi Eric and welcome to Discussions and the Apple world.
  Mac OSX can read and write from Windows partitions (like the BootCamp Windows partition you are about to create) when using FAT32 as file system for Windows.
  However with FAT32 you are limited to a partition size of 32GB.
  Mac OSX can also read from Windows partitions that uses the NTFS file system, but it can not write to them unless you use a third-party helper like either Paragons NTFS for Mac http://www.paragon-software.com/home/ntfs-mac/ or NTFS-3G http://www.ntfs-3g.org/
  Windows can not even see or use a Mac OSX partition without additional help by MacDrive http://www.mediafour.com/products/macdrive/
  Regards
  Stefan

• Issue bringing up VPN between ASA and Checkpoint - HELP

  Hi all
  We are having major issues bringing up a vpn between our ASA and third party checkpoint, it seems if the checkpoint initiates the connection it works, but if we initiate it from the ASA it doesnt come up.
  on the ASA I see the following
  any ideas what this is ?
  7
  Jan 30 2014
  11:52:03
  715065
  IP = 159.50.93.1, IKE MM Initiator FSM error history (struct &0x79c4bb68) , : MM_DONE, EV_ERROR-->MM_WAIT_MSG2, EV_RETRY-->MM_WAIT_MSG2, EV_TIMEOUT-->MM_WAIT_MSG2, NullEvent-->MM_SND_MSG1, EV_SND_MSG-->MM_SND_MSG1, EV_START_TMR-->MM_SND_MSG1, EV_RESEND_MSG-->MM_WAIT_MSG2, EV_RETRY

  Phase 2 failures means several things:
  Encryption domain (interesting traffics) fail to match.  Checkpoint tends to supper net network together, by design,
  Phase 2 parameters such as ESP, PFS and seconds timeouts do not match.
  Why don't you put in relevance configuration on the ASA and if possible, ask the checkpoint firewall guy to do the following on the firewall:
  - output of "uname -a" and "fw ver"
  - is this Nokia, Windows or Secureplatform Checkpoint?
  - run the following commands on the firewall:  "debug ike off", "debug ike trunc"  and send you the ike.elg file.  That file can be decoded with the IKEView.exe and it will tell you exactly where things are wrong. 
  Disable/turn OFF kilobytes timeouts is not the solution. 

• Routable VPN Between ASA and Windows RRAS

  Hi all,
  I'm trying to figure out the best way to create a routable VPN between my production network and a small DR server that I have colo'd offsite.
  On the production side I have an ASA 5515-X (10.1.0.0/23) and on the DR side I have a Windows Server 2012 R2 server running RRAS, DHCP, NAT, and Hyper-V.  The DR server has a virtual environment with a subnet of 10.5.0.0/24 behind NAT (diagram attached for a visual).  I've seen some tutorials online for how to create a routable VPN between the two, some utilizing the Windows Advanced Firwall to create an IPSec tunnel.  So far, I've not been able to get the tunnel to come up.
  Before I spend even more time trying to troubleshoot this, I was wondering what the best way to create a secure connection between these two subnets is and if anybody has done something similar successfully.
  Thanks,
  Jason

  None yet, I've been stuck on this for a while now.  My latest attempt caused the DR site to go offline and required hands-on at the colo site to get it back online due to a bad ipsec policy, so I've backed off a bit on trying things.

• VPN between WRVS4400N and CISCO 857 router

  Hi ALL,
  Am trying to VPN the two and have setup the WRVS4400N side using IPSec (seems easy enough). Has anyone any experience on the 857 router side? Would you kindly show how that can be configured? Or just point me to any good source doing it will be good too. Thanks!

  ip nat inside source route-map nonat interface FastEthernet0 overload
  access-list 110 deny ip 10.20.10.0 0.0.0.255 10.10.10.0 0.0.0.255
  access-list 110 permit ip 10.20.10.0 0.0.0.255 any
  route-map nonat permit 10
  match ip address 110
  or better (if you have for example the IP public 1.2.3.5)
  ip nat pool 1.2.3.5 1.2.3.5 1.2.3.5 prefix-length 30
  ip nat inside source list nat-to-internet pool 1.2.3.5 overload
  ip access-list extended nat-to-internet
  deny   ip 10.20.10.0 0.0.0.255 10.10.10.0 0.0.0.255
  permit ip 10.20.10.0 0.0.0.255 any
  deny   ip any any

• VPN between RV042 and Cisco 2801

  HI
  Kindly help me out. I'm configuring a p2p vpn between a cisco 2801 with IOS 12.3 and a linksys RV042. I'm getting following error on Linksys and Cisco respectively.
  [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
  Dec 19 02:40:42 2011
       VPN Log
      Received informational payload, type NO_PROPOSAL_CHOSEN
  dst             src             state               conn-id     slot    status
  x.x.x.x       x.x.x.x   MM_NO_STATE          0        0       ACTIVE
  Below are my config:
  Linksys RV042:
  Keying Mode: IKE with Preshared Key
  Phase1 DH Group: Group2
  Phase1 Encryption: 3DES
  Phase1 Authentication: MD5
  Phase1 SA Life Time: 28800
  Perfect forward secrecy : enabled
  Phase2 DH Group: Group2
  Phase2 Encryption: 3DES
  Phase2 Authentication: MD5
  Phase2 SA Life Time: 28800
  Preshared Key: xxxxxx
  Cisco 2801:
  crypto isakmp policy 11
  encr 3des
  authentication pre-share
  group 2
  lifetime 28800
  crypto isakmp key xxxxxx address xxxxxx
  no crypto isakmp ccm
  crypto ipsec transform-set STRONGER esp-3des esp-md5-hmac
  crypto map myvpn 10 ipsec-isakmp
  set peer xxxxxx
  set transform-set STRONGER
  set pfs group2
  match address 103
  interface FastEthernet0/0
  ip address 10.0.0.56 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  no ip route-cache
  duplex auto
  speed auto
  no mop enabled
  interface FastEthernet0/1
  ip address xxxx xxxx
  ip nat outside
  ip virtual-reassembly
  no ip route-cache
  duplex auto
  speed auto
  crypto map myvpn
  ip nat pool branch xxxxxx xxxxx netmask 255.255.255.240
  ip nat inside source route-map nonat pool branch overload
  access-list 103 permit ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255
  access-list 110 deny   ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255
  access-list 110 permit ip 10.0.0.0 0.0.0.255 any
  snmp-server community public RO
  route-map nonat permit 10
  match ip address 110
  Rgards
  SAM

  Hi,
  It looks like you are using the default hash for the crypto isakmp policy and that your connection is failing on the phase 1 negotiation.  The default hash on the crypto isakmp policy is sha.  On the 2801 try adding hash md5.
  crypto isakmp policy 11
  encr 3des
  hash md5
  authentication pre-share
  group 2
  lifetime 28800
  Let me know if that helps.
  Thank you,
  Jason NIckle

• IndexOf - difference between Win and Linux encoding

  Hello folks, wondering if someone could put me on the right track over this little problem with porting a java app to Linux...
  I have a nice little program, developed on (the latest) JDK under windows which reads a custom file format, locates the second occurance of the substring 'PNG', ignores everything before the character before this PNG (hence the -1 below) and saves the remainder, which is now a bog-standard PNG image. The first 'PNG substring always occurs within the first 50 bytes (hence the 50 below) and the second around the 2kB mark. Here's the line that finds the location of the second 'PNG' in the file loaded into strFileContent:
  location = strFileContent.indexOf( "PNG", 50 )-1;All is well compiled and run on windows, say file 'test1.xyz' produces a value for location of 2076 and saves a nice PNG called 'test1.png'.
  When I haul it over to Linux (Ubuntu 9.04) and lo, location comes out as 1964 for the same file, and of course the file is no-longer a PNG because there are an extra 112 bytes on the front end. Running the windows compile of the code or a fresh Linux compile makes no difference.
  I'm suspecting Win and Linux Java count, perhaps, line endings or some such differently, perhaps have to check an encoding. I'd appreciate any pointers on correcting this to work on both platforms (ultimately I'm trying to appease a Mac user, but don't have a Mac to play with at the moment).
  Cheers,
  K.
  Ken

  phaethon2008 wrote:
  I'm suspecting Win and Linux Java count, perhaps, line endings or some such differently, perhaps have to check an encoding. I'd appreciate any pointers on correcting this to work on both platforms (ultimately I'm trying to appease a Mac user, but don't have a Mac to play with at the moment).The immediate cause of your problem is probably that Windows uses a 8bit encoding as the default (probably some ISO-8859-{noformat}*{noformat} variant or the Windows-bastardization of it), while Ubuntu uses UTF-8, which has a varying number of bytes per character.
  The much more important underlying problem is that you're trying to treat binary data as if it were text. A PNG image is not text. Handling binary data in Strings (or char[]) is a sure way to invite desaster.
  You must convert your code to handle InputStream/OutputStream/byte[] instead of Reader/Writer/String/char[].

• Dataguard 11g setup between AIX and Linux

  Hi,
  We are planning to move our Oracle databases from AIX 6.1 to Oracle Linux 6.2
  To reduce the downtime, we are thinking of setting up a dataguard (physical or logical) and do the switchover.
  Have you performed this before?
  Will you pls send me the steps?
  Thanks,
  DR

  Hello again;
  I thinking no for the same reason.
  When my shop moved from AIX to Linux we just install Oracle on Linux and patched it to the same level as the AIX. We created users, tablespaces, job etc in advance and then just used import/export to move the needed schema's. Data Pump make this much easier.
  Do a schema(s) compare and switch when ready. But in any event I don't believe Data Guard can help you. You mostly have a migrate issue.
  Please consider closing your question when complete.
  h3. Oracle Database 10g & Multi-Terabyte Database Migration
  http://www.oracle.com/technetwork/database/features/availability/thehartfordprofile-xtts-133180.pdf
  h3. Incrementally Updating Transportable Tablespaces using RMAN
  http://www.oracle.com/technetwork/database/features/availability/itts-130873.pdf
  h3. Platform Migration Using Transportable Database Oracle Database 11g and 10g Release 2
  http://www.oracle.com/technetwork/database/features/availability/maa-wp-10gr2-platformmigrationtdb-131164.pdf
  Best Regards
  mseberg
  Edited by: mseberg on Nov 13, 2012 6:31 PM

• VPN for Mac. Want to create VPN between Mac and Windows XP

  Hey everyone, I'm looking to try and create a VPN for when I'm in college between my Desktop I'll have in my dorm (running Windows XP) and my Macbook Pro (running Mac 10.5). I have a printer and an external hard drive hooked up to my desktop, and I want to make it so that only I can access it through the VPN.
  Is this possible?

  Hi soccerdude21490-
  +Is this possible?+
  Theoretically yes. However, it would be up to the school to allow you access through their network.
  The first step would be to contact the school's IT department and ask them if they will allow such a connection, and if so, could they please provide you with the settings (ip address etc.).
  Luck-
  -DP

• VPN between IOS and ASA

  Hello my friends,
  I have been trying to establish VPN connectivity between IOS cisco router and ASA firewall over the internet - no luck so far. I think I am missing some important bit of the configuration.
  Here are my configuration commands:
  Router:
  crypto isakmp policy 20
  encryption 3des
  auth pre-share
  hash md5
  group 2
  crypto isakmp key XXX address 103.252.AAA.AAA
  crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac
  crypto map MAP 5 ipsec-isakmp
  set transform 3DES-MD5
  match address VPN
  set peer 103.252.AAA.AAA
  ip access-list extended VPN
   permit ip 10.110.25.0 0.0.0.255 10.10.0.0 0.0.255.255
   permit icmp 10.110.25.0 0.0.0.255 10.10.0.0 0.0.255.255
  ASA commands:
  sysopt connection permit-vpn
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  tunnel-group 203.167.BBB.BBB type ipsec-l2l
  tunnel-group 203.167.BBB.BBB ipsec-attributes
  pre-shared-key XXX
  access-list LIST permit ip 10.10.0.0 255.255.0.0 10.110.25.0 255.255.255.0
  access-list LIST permit icmp 10.10.0.0 255.255.0.0 10.110.25.0 255.255.255.0
  crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac
  crypto map VPN 10 set transform-set 3DES-MD5
  crypto map VPN 10 match address LIST
  crypto map VPN 10 set peer 203.167.BBB.BBB
  crypto map VPN interface outside
  Do you have any idea what is wrong? Thank you a lot in advance.

  I managed to get this from the show crypto ipsec sa
       local crypto endpt.: 203.167.BBB.BBB, remote crypto endpt.: 103.252.AAA.AAA
       path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/1
       current outbound spi: 0x0(0)
       PFS (Y/N): N, DH group: none
       inbound esp sas:
       inbound ah sas:
       inbound pcp sas:
       outbound esp sas:
       outbound ah sas:
       outbound pcp sas:
       local crypto endpt.: 203.167.BBB.BBB, remote crypto endpt.: 103.252.AAA.AAA
       path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/1
       current outbound spi: 0x0(0)
       PFS (Y/N): N, DH group: none
  And  details from show crypto session detail
  Interface: GigabitEthernet0/1
  Session status: DOWN
  Peer: 103.252.AAA.AAA port 500 fvrf: (none) ivrf: (none)
        Desc: (none)
        Phase1_id: (none)
    IPSEC FLOW: permit 1 10.110.25.0/255.255.255.0 10.10.0.0/255.255.0.0
          Active SAs: 0, origin: crypto map
          Inbound:  #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
          Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0

• PCNS between AD and Linux based LDAP

  Is it possible to sync passwords between an AD domain and a Linux based LDAP?
  All accounts in LDAP are present in AD. The initial flow would preferable be:
  LDAP password -> AD
  and from there on onwards, all password changes from AD should flow back to LDAP.
  Thanks

  Hi,
  I would be interested to see if the password sync can happen or you may like to find one of the 3rd party tool which can do that, so far i know i never worked with password sync service between the two, you may like to read these articles:
  http://technet.microsoft.com/en-us/magazine/2008.12.linux.aspx
  http://www.chriscowley.me.uk/blog/2013/12/16/integrating-rhel-with-active-directory/
  Best of luck, cheers
  Thanks
  Inderjit