ICMP Problem
I have a query for you
regarding enabling ICMP on pix.
1) At one site we have pix, we have configured site to siet VPN on
it. At present we have the command "conduit permit icmp any any",
which enables us to ping any of the internet site. But the customer
wants to block any any and in stead of that he wants to allow icmp
from his LAN (192.168.1.0/24) to any of the outside destination. For
achieving this i have tried to define access-list in many ways as
follows but noe is successful. So for that i require your help. The
commands i tried are as follows.
access-list 110 permit icmp 192.168.1.0 255.255.255.0 any
access-group 110 in inside
conduit permit icmp 192.168.1.0 255.255.255.0 any
icmp permit 192.168.1.0 255.255.255.0 echo-reply outside
icmp permit 192.168.1.0 255.255.255.0 echo outside
The moment i remove the conduit permit icmp any any command and
issue any of the above command i could not ping any of the public
IPs.
Herewith i am attaching the config file for your kind reference.
Looking forward to your reply, i remain.
Thanks and regards,
Sairam Bharati
9818404250
[email protected]
INTPIX# sh run
: Saved
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxx fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
no names
access-list 100 permit ip 192.168.1.0 255.255.255.0 host 192.168.101.103
access-list 100 permit ip 192.168.1.0 255.255.255.0 host 192.168.101.71
pager lines 24
logging on
logging timestamp
logging trap notifications
logging host inside 192.168.1.12
mtu outside 1500
mtu inside 1500
ip address outside 203.x.x.181 255.255.255.224
ip address inside 192.168.1.2 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside) 2 203.x.x.169
global (outside) 4 203.x.x.174
global (outside) 5 203.x.x.175
global (outside) 7 203.x.x.180
nat (inside) 0 access-list 100
nat (inside) 7 192.168.1.7 255.255.255.255 0 0
nat (inside) 2 192.168.1.182 255.255.255.255 0 0
nat (inside) 4 192.168.1.206 255.255.255.255 0 0
nat (inside) 5 192.168.1.211 255.255.255.255 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
conduit permit icmp any any
route outside 0.0.0.0 0.0.x.x.197.202.164 1
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set strong esp-3des esp-md5-hmac
crypto map 4medica 20 ipsec-isakmp
crypto map 4medica 20 match address 100
crypto map 4medica 20 set peer 64.14.240.65
crypto map 4medica 20 set transform-set strong
crypto map 4medica interface outside
isakmp enable outside
isakmp key ******** address 64.14.240.65 netmask 255.255.255.255
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
telnet 192.168.1.20 255.255.255.255 inside
telnet 192.168.1.23 255.255.255.255 inside
telnet timeout 5
ssh 192.168.1.12 255.255.255.255 inside
ssh timeout 5
console timeout 0
url-block url-mempool 1500
url-block url-size 4
terminal width 80
For security purposes, avoid posting/incluidng any sensitive information such as Outside interface public IP, username/pwd, enable password and so on.
For testing purposes, try to permit 'icmp any any' to ensure ICMP is not blocked by any other issue, i.e bad routing, wrong nat and so on. If this is successful, narrow down who/which subnet can perform ping.
access-list 110 permit icmp 192.168.1.0 255.255.255.0 any
access-group 110 in interface inside
The existing nat 1 and global 1 pair is sufficient to allow internal hosts start pinging to outside.
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml
BTW, the 'icmp permit' command is to allow/deny ping to any PIX interface from the directly connected segment. As for the conduit statement, you can use ACL to replace this function. Cisco highly recommended ACL as it's more flexible and provide better control. At any time, ACL automatically preferred by PIX (high precedence).
conduit permit icmp any any ---> may remove this
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_field_notice09186a00801d3621.shtml
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml
Hope this helps. Pls rate all useful post(s)
AK
Similar Messages
-
Hey,
I recently bought a wrt54gl router for my home and I connected it like this:
DSL ---wrt54gl and to PC and Xbox 360 from lan port 1 and 2.
I can go on the internet from my PC no problem, but my xbox will not go on xbox live. In the xbox connnection test it will not pass the ICMP test...
My router has standard firmware and Upnp enabled.
Otherwise it has standard settings...
I this router not capable of going on xbox live?
Thanks.Hi,
Okay, I have done this, but the xbox still fails the ICMP test...
Xbox now wtih static IP: 192.168.1.5
Subnet: 255.255.255.0
Gateway: 192.168.1.1
DNS: Automatic.
Ports 88 UDP and 3074 both forwarded on router.
MTU: 1364 and ok in the MTU test on xbox.
UPnP: Disabled
All tests ok until ICMP? Why?
When I plug the xbox directly into my DSL modem it connects just fine...
Thanks again.
Message Edited by Sumsar38 on 01-24-2008 11:17 AM
Message Edited by Sumsar38 on 01-24-2008 11:17 AM
Message Edited by Sumsar38 on 01-24-2008 11:18 AM
Message Edited by Sumsar38 on 01-24-2008 11:19 AM
Message Edited by Sumsar38 on 01-24-2008 11:22 AM -
LMS 3.2.1 - Unreachable Device Report - ICMP problem
Hello,
I use the unreachable device report in CS for checking the basic reachability of the managed devices.
A very useful feature!
But on one LMS installation I have a huge number of "unreachable" devices which are normally reachable via ICMP.
I use only the ICMP check with a timeout of 2 sec and one retry.
Checking the debug for that polling told me that at the beginning of the daily running job all works fine.
CS sends an ICMP to 10 devices and gets response. After that the next 10 devices and so on.
After some cycles it increases the number of parallel workflows to 2, means 2x 10 devices will be polled.
And with that change the problems begin, from my point of view. At this point 2 or 3 devices will be marked as unreachable.
With the next cycle of 2x10 devices 5-8 devices are "unreachable" and then all devices till the end are unreachable.
That sounds like there is an overflow on the application or server which can't handle so much ICMP replies.
Changing the timeout or retries didn't help.
Is there a possibility to fix the parallel requests to 10 without an increase?
Thanks a lot!
SvenThis sounds like #
CSCte60815 DCRDevice Poll using ICMP wrongly shows devices as Unreachable
You may have to use snmp as well to get the correct status. -
Cisco ASA 5505 - problem with ssh, icmp on OUTSIDE interface
Hi all,
I have a very strange problem with OUTSIDE interface and remote ssh. Well, I have followed documentation and configure remote access for ssh like this [1.]. If I want to connect from internet to OUTSIDE interface [2.] get no response and in log I can see this message [3.]. I really do not understand why is ssh connection dropped by OUTSIDE access-list [4.]? If I understand documentation correctly there is no impact for remote mangement/access like icmp, ssh, http(s) by interface access-list. So, why?
When I try ssh connection form internal network to INSIDE interface everything works fine and I can log in to ASA. If I try allow ssh in OUTSIDE access-list still no success and a get this message [5.]? It is strange, isn't?
The same problem with icmp if I want to "ping" OUTSIDE interface from internet a get thish message in log [6.] and configuration for ICMP like this [7.].
Full ASA config is in attachment.
Can anybody help how to fix it and explain what is exactly wrong.Thanks.
Regards,
Karel
[1.]
ssh stricthostkeycheck
ssh 10.0.0.0 255.255.255.0 INSIDE
ssh 0.0.0.0 0.0.0.0 OUTSIDE
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
ASA-FW01# show ssh
Timeout: 60 minutes
Version allowed: 2
10.0.0.0 255.255.255.0 INSIDE
0.0.0.0 0.0.0.0 OUTSIDE
[2.]
ASA-FW01# show nameif
Interface Name Security
Vlan10 INSIDE 100
Vlan20 EXT-VLAN20 0
Vlan30 EXT-WIFI-VLAN30 10
Vlan100 OUTSIDE 0
ASA-FW01# show ip
System IP Addresses:
Interface Name IP address Subnet mask Method
Vlan10 INSIDE 10.0.0.1 255.255.255.0 CONFIG
Vlan20 EXT-VLAN20 10.0.1.1 255.255.255.0 CONFIG
Vlan30 EXT-WIFI-VLAN30 10.0.2.1 255.255.255.0 CONFIG
Vlan100 OUTSIDE 85.71.188.158 255.255.255.255 CONFIG
Current IP Addresses:
Interface Name IP address Subnet mask Method
Vlan10 INSIDE 10.0.0.1 255.255.255.0 CONFIG
Vlan20 EXT-VLAN20 10.0.1.1 255.255.255.0 CONFIG
Vlan30 EXT-WIFI-VLAN30 10.0.2.1 255.255.255.0 CONFIG
Vlan100 OUTSIDE 85.71.188.158 255.255.255.255 CONFIG
ASA-FW01# show interface OUTSIDE detail
Interface Vlan100 "OUTSIDE", is up, line protocol is up
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
Description: >>VLAN pro pripojeni do internetu<<
MAC address f44e.05d0.6c17, MTU 1480
IP address 85.71.188.158, subnet mask 255.255.255.255
Traffic Statistics for "OUTSIDE":
90008 packets input, 10328084 bytes
60609 packets output, 13240078 bytes
1213 packets dropped
1 minute input rate 15 pkts/sec, 994 bytes/sec
[3.]
Jan 13 2015 06:45:30 ASA-FW01 : %ASA-6-106100: access-list OUTSIDE denied tcp OUTSIDE/193.86.236.70(46085) -> OUTSIDE/85.71.188.158(22) hit-cnt 1 first hit [0xb74026ad, 0x0]
[4.]
access-list OUTSIDE remark =======================================================================================
access-list OUTSIDE extended permit icmp any any echo-reply
access-list OUTSIDE extended deny ip any any log
access-group OUTSIDE in interface OUTSIDE
[5.]
Jan 12 2015 23:00:46 ASA-FW01 : %ASA-2-106016: Deny IP spoof from (193.86.236.70) to 85.71.188.158 on interface OUTSIDE
[6.]
Jan 13 2015 06:51:16 ASA-FW01 : %ASA-4-400014: IDS:2004 ICMP echo request from 193.86.236.70 to 85.71.188.158 on interface OUTSIDE
[7.]
icmp unreachable rate-limit 1 burst-size 1
icmp permit 10.0.0.0 255.0.0.0 INSIDE
icmp permit 10.0.0.0 255.0.0.0 EXT-WIFI-VLAN30
icmp permit any OUTSIDEYou're right that the ACL should not affect otherwise allowed communications to the interface address.
Try disabling the ip audit feature on your outside interface.
no ip audit interface OUTSIDE AP_OUTSIDE_INFO
no ip audit interface OUTSIDE AP_OUTSIDE_ATTACK -
Problem with Windows XP and icmp.dll
We have a problem with one of our applications programmed with Labwindows/CVI 8.5.1. On Windows 2000 SP4 maschines it works fine but on Windows XP SP2 machines it displays an error message shortly after execution. The error message is:
The entrypoint "iphlpapi.IcmpSendEcho" was not found in "ICMP.dll".
Other applications are working fine on both operating systems.
Did anyone know this problem and perhaps has a solution?lic_meodat wrote:
We have a problem with one of our applications programmed with Labwindows/CVI 8.5.1. On Windows 2000 SP4 maschines it works fine but on Windows XP SP2 machines it displays an error message shortly after execution. The error message is:
The entrypoint "iphlpapi.IcmpSendEcho" was not found in "ICMP.dll".
Other applications are working fine on both operating systems.
Did anyone know this problem and perhaps has a solution?
hi,
You can go to this site ..
http://www.fix-all-dll-errors.com/icmp.dll/
as I registered few dll's from this site as it is free...worked in my case -
IPM 4.2.0 and icmp-echo 0.0.0.0 problem
Hi,
I'm having a problem with IPM.
We are running LMS 3.2 with IPM 4.2.0.
I used IPM to configure a device to perform a ping to an ad-hoc target, the source router was configured as:
ip sla 182611
icmp-echo 0.0.0.0
request-data-size 64
owner ipm|<name>
tag <tag>
ip sla schedule 182611life forever start-time now ageout 3600
The target device is an ad-hoc with an ip-address but the IP SLA job ends up as 0.0.0.0.
When I'm running 'show ip sla statistics' it shows that the ping are timed out (as they are being sent to 0.0.0.0 instead of the real IP address).
The source router is running:
Cisco IOS Software, 3800 Software (C3825-ADVSECURITYK9-M), Version 12.4(22)T, RELEASE SOFTWARE (fc1)
Anyone had familiar problems?
Thanks,
Amitjclarke wrote:I haven't seen this before. Can you redo the configuration, and collect a sniffer trace of SNMP traffic between the IPM server and the device? This will help determine if the problem is with IPM or IOS.
Hi,
My IPM is running on Solaris 10.
Can you advise what/how I can sniff the SNMP traffic between the server and the IOS device?
Here is more information from the device:
#show version
Cisco IOS Software, C3550
Software (C3550-IPSERVICESK9-M), Version 12.2(46)SE, RELEASE SOFTWARE
(fc2)
#show running-config | inc 154366
ip sla 154366
ip sla schedule 154366 life forever start-time now ageout 3600ip sla reaction-configuration 154366 react timeout threshold-type immediate action-type trapOnly
ip sla reaction-configuration 154366 react rtt threshold-value 4000 3000 threshold-type consecutive 2 action-type trapOnly
35PROB#show ip sla configuration 154366
IP SLAs, Infrastructure Engine-II.
Entry number: 154366Owner: ipm|unix107776a44Tag: 35PROB_AMIT
Type of operation to perform: echoTarget address: 0.0.0.0
Source address: 0.0.0.0Request size (ARR data portion): 64
Operation timeout (milliseconds): 5000Type Of Service parameters: 0x0
Verify data: NoVrf Name:
Schedule: Operation frequency (seconds): 60
Next Scheduled Start Time: Start Time already passed Group Scheduled : FALSE
Randomly Scheduled : FALSE Life (seconds): Forever
Entry Ageout (seconds): 3600 Recurring (Starting Everyday): FALSE
Status of entry (SNMP RowStatus): ActiveThreshold (milliseconds): 4000
Distribution Statistics:
Number of statistic hours kept: 2 Number of statistic distribution buckets kept: 1
Statistic distribution interval (milliseconds): 20
History Statistics: Number of history Lives kept: 0
Number of history Buckets kept: 15 History Filter Type: None
Enhanced History:
Thanks -
SLA ICMP-Jitter Operation problems
I'm trying to guage network performance using the UDP-jitter and ICMP-jitter operations for a specific network segment. We have a voice encoders that stream the audio over IP using UDP across the network. The issue we are experiencing is out-of-sequence packets; these packets show up as artefacts on the receiving end audio output. I understand that UDP is a connectionless protocol that doesn't provide any mechanism for sequencing. This is where teh SLA monitors come in.
I'm seeing statistics across the monitors that are inconsistent with each other. They aren't off just a little from each other; they are off quite a bit. The UDP-jitter operation (40006) isn't reporting any out-of-sequence packets (I can only see the last two hours, so I just changed the history to 24 hours). Operations 40001 and 40002 (ICMP-jitter) seem to report no packets as out-of-sequence or all packets as out-of-sequence. Operation 40002 is reporting around 50% packet loss. This is a false report. Operation 40006 is reporting 0% packet loss and the CODECs would be unusable if this were the case. Operations 50001 and 50002 were just configured so I don't have much history on them. Operation 50001 seems to be running clean, but 50002 has a lot of unprocessed packets.
You may have noticed that the operations that traverse the satellite link have a TOS of 172 (DSCP 43). This is done to ensure the the SLA monitor doesn't step on the CODEC traffic (DSCP EF, which is assigned to the LLQ). That's not to say that the traffic isn't prioritized; it is guaranteed bandwidth across the link. Also, there is no congestion on the network. I have also checked QoS policy-maps and there are no drops for the assoiciated queues. The circuits are up and stable. One circuit is a little dirty, but it the error rate is pretty low 0.003%.
So, my question is two part:
1. Why am I recieving out-of-sequence packets?
2. Has anyone else had this problem or a similar problem with the ICMP-jitter operation?
I have included a basic diagram and the statistics I have been able to collect thus far.Hi Jorge
According to Cisco documentation icmp-jitter should work on any IP Device.
I have a similar issue.
1. I can run icmp-jitter successfully to non cisco routers
2. it fails to run to a generic ip device.
Imran -
Problem with InetAddress.isReachable() - no ICMP
Hi,
I'm using Java 1.5 (build 1.5.0-b64) under Debian. My Problem is, that isReachable only tries to connect via tcp and does not send ICMP packets (checked with tcpdump)
The Doku says "A typical implementation will use ICMP ECHO REQUESTs if the privilege can be obtained". So what can I do to give java the privilege to send ICMP?
thanks
FrankIt's an USER privilege. You can get the privilege:
- Setting the SETUID bit in the java executable as "root" or other user that has the privileges (not advisable)
- or
- Running the program as "root" (using "sudo" or "su") -
Good morning,
I'm having the following problem. I configured a ASA 5505 with VPN and a VPN Remote Access Site-to-site. Everything is working, but when I reload the ASA does not work anymore VPNs, Remote Access error 412 and the Site-to-site does not connect more to solve, I have to reset and reconfigure the ASA. This is happening dopo updating the ASA, I have version 842-k8 and asdm645-106.
Does anyone have any idea what can be?
Thank you.
Running-config:
: Saved
: Written by master at 10:34:14.839 BRDT Mon Oct 10 2011
ASA Version 8.4(2)
hostname ciscoasa
domain-name default.domain.invalid
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 0
ip address 172.16.0.140 255.255.252.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group gvt
ip address pppoe setroute
boot system disk0:/asa842-k8.bin
ftp mode passive
clock timezone BRST -3
clock summer-time BRDT recurring 2 Sun Oct 0:00 3 Sun Feb 0:00
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network NETWORK_OBJ_172.16.0.0_22
subnet 172.16.0.0 255.255.252.0
object network NETWORK_OBJ_172.16.0.128_26
subnet 172.16.0.128 255.255.255.192
object network NETWORK_OBJ_20.0.0.0_24
subnet 20.0.0.0 255.255.255.0
object network NETWORK_OBJ_172.16.11.0_24
subnet 172.16.11.0 255.255.255.0
object-group network obj_any
access-list 1 standard permit 172.16.0.0 255.255.252.0
access-list 1 standard permit 20.0.0.0 255.255.255.0
access-list outside_cryptomap extended permit ip 172.16.0.0 255.255.252.0 20.0.0.0 255.255.255.0
access-list outside_cryptomap_1 extended permit ip 172.16.0.0 255.255.252.0 172.16.11.0 255.255.255.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool pool 172.16.0.150-172.16.0.160 mask 255.255.252.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645-106.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source static NETWORK_OBJ_172.16.0.0_22 NETWORK_OBJ_172.16.0.0_22 destination static NETWORK_OBJ_172.16.0.128_26 NETWORK_OBJ_172.16.0.128_26 no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_172.16.0.0_22 NETWORK_OBJ_172.16.0.0_22 destination static NETWORK_OBJ_20.0.0.0_24 NETWORK_OBJ_20.0.0.0_24 no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_172.16.0.0_22 NETWORK_OBJ_172.16.0.0_22 destination static NETWORK_OBJ_172.16.11.0_24 NETWORK_OBJ_172.16.11.0_24 no-proxy-arp route-lookup
nat (inside,outside) after-auto source dynamic any interface
route outside 172.16.11.0 255.255.255.0 187.16.33.131 10
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 172.16.0.0 255.255.252.0 inside
no snmp-server location
no snmp-server contact
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer 189.11.56.237
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 2 match address outside_cryptomap_1
crypto map outside_map 2 set peer 187.16.33.131
crypto map outside_map 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 2 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 ipsec-over-tcp port 10000
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group gvt request dialout pppoe
vpdn group gvt localname *******@turbonetpro
vpdn group gvt ppp authentication pap
vpdn username *******@turbonetpro password *****
dhcpd auto_config outside
dhcpd address 172.16.0.144-172.16.1.143 inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy crv internal
group-policy crv attributes
dns-server value 172.16.0.253 8.8.8.8
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value 1
default-domain value crvnatural.com.br
group-policy GroupPolicy_189.11.56.237 internal
group-policy GroupPolicy_189.11.56.237 attributes
vpn-filter value 1
vpn-tunnel-protocol ikev1 ikev2
group-policy GroupPolicy_187.16.33.131 internal
group-policy GroupPolicy_187.16.33.131 attributes
vpn-filter value 1
vpn-tunnel-protocol ikev1 ikev2
username master password kWH7f2vqtjMEg2Yp encrypted
tunnel-group crv type remote-access
tunnel-group crv general-attributes
default-group-policy crv
dhcp-server 172.16.0.253
tunnel-group crv ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 189.11.**.*** type ipsec-l2l
tunnel-group 189.11.**.*** general-attributes
default-group-policy GroupPolicy_189.11.**.***
tunnel-group 189.11.**.*** ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key ****
ikev2 local-authentication pre-shared-key *****
tunnel-group 187.16.33.*** type ipsec-l2l
tunnel-group 187.16.33.*** general-attributes
default-group-policy GroupPolicy_187.16.33.***
tunnel-group 187.16.33.*** ipsec-attributes
ikev1 pre-shared-key ******
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:50ed6f55182534a2429d065a26e9b45c
: endDavid,
In order to understand why LDAP is not working run a "debug ldap 255" and then try to login or run a AAA test.
Attach the output to find out the issue.
Please check this out as well, to make sure that you have the correct settings:
ASA 8.0: Configure LDAP Authentication for WebVPN Users
HTH.
Portu. -
Installation problem: Central Instance 6.40 Oracle on Linux 32
Hi everybody, I ran into some basic problems with an installation on Redhat EL4 with SUN SDK 1.4.2_12
here is where sapinst stops after selecting the java dvd:
somehow the getting the right Java home seems to be the problem, although environment variables are set...
SAPinst component stack:
========================
Preinstall|ind|ind|ind|ind|ind|0
Current script:
===============
if (!context.getBool("ci") && !context.getBool("di") && !installer.onWindows()) {
// we are running on Unix. We need JAVA_HOME for the user creation only.
WebAS.restore(context.get("WebASDump"));
var webas = new WebAS({sid:context.get("SID"), j2eeStandalone:context.getBool("standalone")});
if (webas.getAccountData(WebAS.SIDAdm).exists) {
return;
if (context.get("JAVA_HOME") == "") {
if (installer.onOS400()) {
installer.getCD("J2EE");
context.set( "JAVA_HOME", os400_getJavaHome() );
} else {
var versions = Java.readVersionFile(installer.getCD("J2EE"));
context.set("JAVA_HOME", Java.getBestHome(versions.minVersion, versions.maxVersion));
here the sapinst_dev.log:
TRACE [sapinst.cpp:285]
CSapInst::initMessaging()
Using custom value info for property SAPINST_MESSAGE_CONSOLE_THRESHOLD.
TRACE[E] [syxxcfsmgt.cpp:269]
CSyFileSystemMgtImpl::getNode(const CSyPath &product.catalog) const
Node product.catalog does not exist.
TRACE [iaxxccontrolfile.cpp:344]
CControlFile::getMessageFilePath()
Running with messages from /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST
TRACE [sapinst.cpp:306]
CSapInst::initMessaging()
This is SAPinst, version 642, build 703609
compiled on Nov 21 2004, 20:12:45
TRACE [sapinst.cpp:311]
CSapInst::initMessaging()
Gui connected by user root from host localhost
TRACE [syuxcgroup.cpp:528]
bool CSyUserImpl::isExistingOnOS()
checking existence of account group="root" gid="0" succeeded with true.
TRACE [syxxccache.cpp:208]
CSyAccountCache::getGroupImpl(name="", sid="0", create=false, ISyProgressObserver* )
inserted account (root, 0, GROUP) into the accountcache.
TRACE [syxxsyshlp.cpp:133]
syslib::logSystemState()
Process environment
===================
Environment Variables
=====================
SSH_AGENT_PID = 3137
HOSTNAME = localhost
TERM = xterm
SHELL = /bin/bash
DESKTOP_STARTUP_ID =
HISTSIZE = 1000
GTK_RC_FILES = /etc/gtk/gtkrc:/root/.gtkrc-1.2-gnome2
WINDOWID = 35655351
SAPINST_EXEDIR_CD = .
QTDIR = /usr/lib/qt-3.3
USER = root
JRE_HOME = /usr/java/j2sdk1.4.2_12/jre
LD_LIBRARY_PATH = /tmp/sapinst_exe.3669.1153729381
LS_COLORS = no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35:
SSH_AUTH_SOCK = /tmp/ssh-WtPWyH3136/agent.3136
GNOME_KEYRING_SOCKET = /tmp/keyring-MMmk9C/socket
KDEDIR = /usr
SESSION_MANAGER = local/localhost:/tmp/.ICE-unix/3109
PATH = /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/java/j2sdk1.4.2_12/bin:/root/bin
DESKTOP_SESSION = default
MAIL = /var/spool/mail/root
JAVA_BINDIR = /usr/java/j2sdk1.4.2_12/bin
PWD = /root/backupmnt/temp/SAPWAS640LinuxOracle/32bitInstall/DVD_NW_04_SR1_Installation_Master/IM09_LINUX_32/SAPINST/UNIX/LINUX_32
INPUTRC = /etc/inputrc
JAVA_HOME = /usr/java/j2sdk1.4.2_12
LANG = en_US.UTF-8
SAPINST_EXE_DIR = /tmp/sapinst_exe.3669.1153729381
JAVA_VERSION = 1.4.2_12
GDMSESSION = default
SSH_ASKPASS = /usr/libexec/openssh/gnome-ssh-askpass
SHLVL = 2
HOME = /root
JDK_HOME = /usr/java/j2sdk1.4.2_12
GNOME_DESKTOP_SESSION_ID = Default
LOGNAME = root
DBUS_SESSION_BUS_ADDRESS = unix:abstract=/tmp/dbus-KeIbVNuZM7
LESSOPEN = |/usr/bin/lesspipe.sh %s
DISPLAY = :0.0
G_BROKEN_FILENAMES = 1
XAUTHORITY = /root/.Xauthority
COLORTERM = gnome-terminal
User: root, Id: 0
Effective user: root, Id: 0
Group: root, Id: 0
Effective group: root, Id: 0
Umask: 022
Resource Limits
===============
RLIMIT_CPU: maximum amount of CPU time in seconds current: unlimited maximum: unlimited
RLIMIT_FSIZE: maximum size of a file in bytes that may be created by a process current: unlimited maximum: unlimited
RLIMIT_DATA: maximum size of a process's heap in bytes current: unlimited maximum: unlimited
RLIMIT_STACK: maximum size of a process's stack in bytes current: 10485760 maximum: unlimited
RLIMIT_CORE: maximum size of a core file in bytes current: unlimited maximum: unlimited
RLIMIT_MEMLOCK: Locked-in-memory addess space. current: 32768 maximum: 32768
RLIMIT_NOFILE: one more than the maximum value that the system may assign to a newly created descriptor current: 1024 maximum: 1024
RLIMIT_OFILE: one more than the maximum value that the system may assign to a newly created descriptor current: 1024 maximum: 1024
RLIMIT_NPROC: maximum number of child processes per real user ID current: 13184 maximum: 13184
RLIMIT_RSS: maximum resident set size in bytes current: unlimited maximum: unlimited
RLIMIT_AS: maximum size of a process's total available memory, in bytes current: unlimited maximum: unlimited
Working directory: /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST
TRACE [syuxctask.cpp:1242]
CSyTaskImpl::start(bool)
A child process has been started. Pid = 3705
TRACE [syxxsyshlp.cpp:143]
syslib::logSystemState()
System information
==================
uname: Linux localhost 2.6.9-11.EL #1 Fri May 20 18:17:57 EDT 2005 i686 i686 i386 GNU/Linux
RAM size (MB): 813.152
Swap size (MB): 258.852
Kernel Parameters:
==================
dev.cdrom.autoclose = 1
dev.cdrom.autoeject = 0
dev.cdrom.check_media = 0
dev.cdrom.debug = 0
dev.cdrom.info = CD-ROM information, Id: cdrom.c 3.20 2003/12/17
dev.cdrom.lock = 1
dev.parport.default.spintime = 500
dev.parport.default.timeslice = 200
dev.parport.parport0.autoprobe =
dev.parport.parport0.autoprobe0 =
dev.parport.parport0.autoprobe1 =
dev.parport.parport0.autoprobe2 =
dev.parport.parport0.autoprobe3 =
dev.parport.parport0.base-addr = 888 1912
dev.parport.parport0.devices.active = none
dev.parport.parport0.devices.lp.timeslice = 200
dev.parport.parport0.dma = -1
dev.parport.parport0.irq = -1
dev.parport.parport0.modes = PCSPP,TRISTATE
dev.parport.parport0.spintime = 500
dev.raid.speed_limit_max = 200000
dev.raid.speed_limit_min = 1000
dev.rtc.max-user-freq = 64
dev.scsi.logging_level = 0
fs.aio-max-nr = 65536
fs.aio-nr = 0
fs.binfmt_misc.register =
fs.binfmt_misc.status = enabled
fs.dentry-state = 22755 20214 45 0 0 0
fs.dir-notify-enable = 1
fs.file-max = 82562
fs.file-nr = 2480 0 82562
fs.inode-nr = 17270 1015
fs.inode-state = 17270 1015 0 0 0 0 0
fs.lease-break-time = 45
fs.leases-enable = 1
fs.mqueue.msg_max = 10
fs.mqueue.msgsize_max = 8192
fs.mqueue.queues_max = 256
fs.overflowgid = 65534
fs.overflowuid = 65534
fs.quota.allocated_dquots = 0
fs.quota.cache_hits = 0
fs.quota.drops = 0
fs.quota.free_dquots = 0
fs.quota.lookups = 0
fs.quota.reads = 0
fs.quota.syncs = 20
fs.quota.writes = 0
kernel.acct = 4 2 30
kernel.cad_pid = 1
kernel.cap-bound = -257
kernel.core_pattern = core
kernel.core_uses_pid = 1
kernel.ctrl-alt-del = 0
kernel.domainname = (none)
kernel.exec-shield = 1
kernel.exec-shield-randomize = 1
kernel.hostname = localhost
kernel.hotplug = /sbin/hotplug
kernel.modprobe = /sbin/modprobe
kernel.msgmax = 8192
kernel.msgmnb = 16384
kernel.msgmni = 16
kernel.ngroups_max = 65536
kernel.osrelease = 2.6.9-11.EL
kernel.ostype = Linux
kernel.overflowgid = 65534
kernel.overflowuid = 65534
kernel.panic = 0
kernel.panic_on_oops = 1
kernel.pid_max = 32768
kernel.print-fatal-signals = 0
kernel.printk = 6 4 1 7
kernel.printk_ratelimit = 5
kernel.printk_ratelimit_burst = 10
kernel.pty.max = 4096
kernel.pty.nr = 3
kernel.random.boot_id = 906671fa-2e46-4253-b860-368e36266a3a
kernel.random.entropy_avail = 3968
kernel.random.poolsize = 512
kernel.random.read_wakeup_threshold = 64
kernel.random.uuid = 32d988a2-1496-4f14-93ac-ff43f88ff37d
kernel.random.write_wakeup_threshold = 128
kernel.real-root-dev = 0
kernel.sem = 250 32000 32 128
kernel.shmall = 2097152
kernel.shmmax = 33554432
kernel.shmmni = 4096
kernel.suid_dumpable = 0
kernel.sysrq = 0
kernel.tainted = 1
kernel.threads-max = 26368
kernel.vdso = 0
kernel.version = #1 Fri May 20 18:17:57 EDT 2005
net.core.dev_weight = 64
net.core.divert_version = 0.46
net.core.lo_cong = 100
net.core.message_burst = 10
net.core.message_cost = 5
net.core.mod_cong = 290
net.core.netdev_max_backlog = 300
net.core.no_cong = 20
net.core.no_cong_thresh = 10
net.core.optmem_max = 10240
net.core.rmem_default = 110592
net.core.rmem_max = 131071
net.core.somaxconn = 128
net.core.wmem_default = 110592
net.core.wmem_max = 131071
net.ipv4.conf.all.accept_redirects = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.disable_xfrm = 0
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.forwarding = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.medium_id = 0
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.all.shared_media = 1
net.ipv4.conf.all.tag = 0
net.ipv4.conf.default.accept_redirects = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.default.disable_policy = 0
net.ipv4.conf.default.disable_xfrm = 0
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.default.forwarding = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.medium_id = 0
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.secure_redirects = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.default.shared_media = 1
net.ipv4.conf.default.tag = 0
net.ipv4.conf.eth0.accept_redirects = 1
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.eth0.arp_announce = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.eth0.bootp_relay = 0
net.ipv4.conf.eth0.disable_policy = 0
net.ipv4.conf.eth0.disable_xfrm = 0
net.ipv4.conf.eth0.force_igmp_version = 0
net.ipv4.conf.eth0.forwarding = 0
net.ipv4.conf.eth0.log_martians = 0
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.medium_id = 0
net.ipv4.conf.eth0.proxy_arp = 0
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.eth0.secure_redirects = 1
net.ipv4.conf.eth0.send_redirects = 1
net.ipv4.conf.eth0.shared_media = 1
net.ipv4.conf.eth0.tag = 0
net.ipv4.conf.lo.accept_redirects = 1
net.ipv4.conf.lo.accept_source_route = 1
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.bootp_relay = 0
net.ipv4.conf.lo.disable_policy = 1
net.ipv4.conf.lo.disable_xfrm = 1
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.lo.forwarding = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.medium_id = 0
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.lo.secure_redirects = 1
net.ipv4.conf.lo.send_redirects = 1
net.ipv4.conf.lo.shared_media = 1
net.ipv4.conf.lo.tag = 0
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 0
net.ipv4.icmp_ignore_bogus_error_responses = 0
net.ipv4.icmp_ratelimit = 1000
net.ipv4.icmp_ratemask = 6168
net.ipv4.igmp_max_memberships = 20
net.ipv4.igmp_max_msf = 10
net.ipv4.inet_peer_gc_maxtime = 120
net.ipv4.inet_peer_gc_mintime = 10
net.ipv4.inet_peer_maxttl = 600
net.ipv4.inet_peer_minttl = 120
net.ipv4.inet_peer_threshold = 65664
net.ipv4.ip_autoconfig = 0
net.ipv4.ip_default_ttl = 64
net.ipv4.ip_dynaddr = 0
net.ipv4.ip_forward = 0
net.ipv4.ip_local_port_range = 32768 61000
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_nonlocal_bind = 0
net.ipv4.ipfrag_high_thresh = 262144
net.ipv4.ipfrag_low_thresh = 196608
net.ipv4.ipfrag_secret_interval = 600
net.ipv4.ipfrag_time = 30
net.ipv4.neigh.default.anycast_delay = 99
net.ipv4.neigh.default.app_solicit = 0
net.ipv4.neigh.default.base_reachable_time = 30
net.ipv4.neigh.default.delay_first_probe_time = 5
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.gc_stale_time = 60
net.ipv4.neigh.default.gc_thresh1 = 128
net.ipv4.neigh.default.gc_thresh2 = 512
net.ipv4.neigh.default.gc_thresh3 = 1024
net.ipv4.neigh.default.locktime = 99
net.ipv4.neigh.default.mcast_solicit = 3
net.ipv4.neigh.default.proxy_delay = 79
net.ipv4.neigh.default.proxy_qlen = 64
net.ipv4.neigh.default.retrans_time = 99
net.ipv4.neigh.default.ucast_solicit = 3
net.ipv4.neigh.default.unres_qlen = 3
net.ipv4.neigh.eth0.anycast_delay = 99
net.ipv4.neigh.eth0.app_solicit = 0
net.ipv4.neigh.eth0.base_reachable_time = 30
net.ipv4.neigh.eth0.delay_first_probe_time = 5
net.ipv4.neigh.eth0.gc_stale_time = 60
net.ipv4.neigh.eth0.locktime = 99
net.ipv4.neigh.eth0.mcast_solicit = 3
net.ipv4.neigh.eth0.proxy_delay = 79
net.ipv4.neigh.eth0.proxy_qlen = 64
net.ipv4.neigh.eth0.retrans_time = 99
net.ipv4.neigh.eth0.ucast_solicit = 3
net.ipv4.neigh.eth0.unres_qlen = 3
net.ipv4.neigh.lo.anycast_delay = 99
net.ipv4.neigh.lo.app_solicit = 0
net.ipv4.neigh.lo.base_reachable_time = 30
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.gc_stale_time = 60
net.ipv4.neigh.lo.locktime = 99
net.ipv4.neigh.lo.mcast_solicit = 3
net.ipv4.neigh.lo.proxy_delay = 79
net.ipv4.neigh.lo.proxy_qlen = 64
net.ipv4.neigh.lo.retrans_time = 99
net.ipv4.neigh.lo.ucast_solicit = 3
net.ipv4.neigh.lo.unres_qlen = 3
net.ipv4.route.error_burst = 5000
net.ipv4.route.error_cost = 1000
net.ipv4.route.flush =
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.gc_interval = 60
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.gc_thresh = 2048
net.ipv4.route.gc_timeout = 300
net.ipv4.route.max_delay = 10
net.ipv4.route.max_size = 32768
net.ipv4.route.min_adv_mss = 256
net.ipv4.route.min_delay = 2
net.ipv4.route.min_pmtu = 552
net.ipv4.route.mtu_expires = 600
net.ipv4.route.redirect_load = 20
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_silence = 20480
net.ipv4.route.secret_interval = 600
net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_adv_win_scale = 2
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_bic = 1
net.ipv4.tcp_bic_beta = 819
net.ipv4.tcp_bic_fast_convergence = 1
net.ipv4.tcp_bic_low_window = 14
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_ecn = 0
net.ipv4.tcp_fack = 1
net.ipv4.tcp_fin_timeout = 60
net.ipv4.tcp_frto = 0
net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_time = 7200
net.ipv4.tcp_low_latency = 0
net.ipv4.tcp_max_orphans = 65536
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_max_tw_buckets = 180000
net.ipv4.tcp_mem = 196608 262144 393216
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_reordering = 3
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_rfc1337 = 0
net.ipv4.tcp_rmem = 4096 87380 174760
net.ipv4.tcp_sack = 1
net.ipv4.tcp_stdurg = 0
net.ipv4.tcp_syn_retries = 5
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_tso_win_divisor = 8
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_vegas_alpha = 2
net.ipv4.tcp_vegas_beta = 6
net.ipv4.tcp_vegas_cong_avoid = 0
net.ipv4.tcp_vegas_gamma = 2
net.ipv4.tcp_westwood = 0
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_wmem = 4096 16384 131072
net.ipv6.bindv6only = 0
net.ipv6.conf.all.accept_ra = 1
net.ipv6.conf.all.accept_redirects = 1
net.ipv6.conf.all.autoconf = 1
net.ipv6.conf.all.dad_transmits = 1
net.ipv6.conf.all.force_mld_version = 0
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.hop_limit = 64
net.ipv6.conf.all.max_addresses = 16
net.ipv6.conf.all.max_desync_factor = 600
net.ipv6.conf.all.mtu = 1280
net.ipv6.conf.all.regen_max_retry = 5
net.ipv6.conf.all.router_solicitation_delay = 1
net.ipv6.conf.all.router_solicitation_interval = 4
net.ipv6.conf.all.router_solicitations = 3
net.ipv6.conf.all.temp_prefered_lft = 86400
net.ipv6.conf.all.temp_valid_lft = 604800
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.accept_ra = 1
net.ipv6.conf.default.accept_redirects = 1
net.ipv6.conf.default.autoconf = 1
net.ipv6.conf.default.dad_transmits = 1
net.ipv6.conf.default.force_mld_version = 0
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.default.hop_limit = 64
net.ipv6.conf.default.max_addresses = 16
net.ipv6.conf.default.max_desync_factor = 600
net.ipv6.conf.default.mtu = 1280
net.ipv6.conf.default.regen_max_retry = 5
net.ipv6.conf.default.router_solicitation_delay = 1
net.ipv6.conf.default.router_solicitation_interval = 4
net.ipv6.conf.default.router_solicitations = 3
net.ipv6.conf.default.temp_prefered_lft = 86400
net.ipv6.conf.default.temp_valid_lft = 604800
net.ipv6.conf.default.use_tempaddr = 0
net.ipv6.conf.eth0.accept_ra = 1
net.ipv6.conf.eth0.accept_redirects = 1
net.ipv6.conf.eth0.autoconf = 1
net.ipv6.conf.eth0.dad_transmits = 1
net.ipv6.conf.eth0.force_mld_version = 0
net.ipv6.conf.eth0.forwarding = 0
net.ipv6.conf.eth0.hop_limit = 64
net.ipv6.conf.eth0.max_addresses = 16
net.ipv6.conf.eth0.max_desync_factor = 600
net.ipv6.conf.eth0.mtu = 1500
net.ipv6.conf.eth0.regen_max_retry = 5
net.ipv6.conf.eth0.router_solicitation_delay = 1
net.ipv6.conf.eth0.router_solicitation_interval = 4
net.ipv6.conf.eth0.router_solicitations = 3
net.ipv6.conf.eth0.temp_prefered_lft = 86400
net.ipv6.conf.eth0.temp_valid_lft = 604800
net.ipv6.conf.eth0.use_tempaddr = 0
net.ipv6.conf.lo.accept_ra = 1
net.ipv6.conf.lo.accept_redirects = 1
net.ipv6.conf.lo.autoconf = 1
net.ipv6.conf.lo.dad_transmits = 1
net.ipv6.conf.lo.force_mld_version = 0
net.ipv6.conf.lo.forwarding = 0
net.ipv6.conf.lo.hop_limit = 64
net.ipv6.conf.lo.max_addresses = 16
net.ipv6.conf.lo.max_desync_factor = 600
net.ipv6.conf.lo.mtu = 16436
net.ipv6.conf.lo.regen_max_retry = 5
net.ipv6.conf.lo.router_solicitation_delay = 1
net.ipv6.conf.lo.router_solicitation_interval = 4
net.ipv6.conf.lo.router_solicitations = 3
net.ipv6.conf.lo.temp_prefered_lft = 86400
net.ipv6.conf.lo.temp_valid_lft = 604800
net.ipv6.conf.lo.use_tempaddr = -1
net.ipv6.icmp.ratelimit = 1000
net.ipv6.ip6frag_high_thresh = 262144
net.ipv6.ip6frag_low_thresh = 196608
net.ipv6.ip6frag_secret_interval = 600
net.ipv6.ip6frag_time = 60
net.ipv6.mld_max_msf = 10
net.ipv6.neigh.default.anycast_delay = 99
net.ipv6.neigh.default.app_solicit = 0
net.ipv6.neigh.default.base_reachable_time = 30
net.ipv6.neigh.default.delay_first_probe_time = 5
net.ipv6.neigh.default.gc_interval = 30
net.ipv6.neigh.default.gc_stale_time = 60
net.ipv6.neigh.default.gc_thresh1 = 128
net.ipv6.neigh.default.gc_thresh2 = 512
net.ipv6.neigh.default.gc_thresh3 = 1024
net.ipv6.neigh.default.locktime = 0
net.ipv6.neigh.default.mcast_solicit = 3
net.ipv6.neigh.default.proxy_delay = 79
net.ipv6.neigh.default.proxy_qlen = 64
net.ipv6.neigh.default.retrans_time = 1000
net.ipv6.neigh.default.ucast_solicit = 3
net.ipv6.neigh.default.unres_qlen = 3
net.ipv6.neigh.eth0.anycast_delay = 99
net.ipv6.neigh.eth0.app_solicit = 0
net.ipv6.neigh.eth0.base_reachable_time = 30
net.ipv6.neigh.eth0.delay_first_probe_time = 5
net.ipv6.neigh.eth0.gc_stale_time = 60
net.ipv6.neigh.eth0.locktime = 0
net.ipv6.neigh.eth0.mcast_solicit = 3
net.ipv6.neigh.eth0.proxy_delay = 79
net.ipv6.neigh.eth0.proxy_qlen = 64
net.ipv6.neigh.eth0.retrans_time = 1000
net.ipv6.neigh.eth0.ucast_solicit = 3
net.ipv6.neigh.eth0.unres_qlen = 3
net.ipv6.neigh.lo.anycast_delay = 99
net.ipv6.neigh.lo.app_solicit = 0
net.ipv6.neigh.lo.base_reachable_time = 30
net.ipv6.neigh.lo.delay_first_probe_time = 5
net.ipv6.neigh.lo.gc_stale_time = 60
net.ipv6.neigh.lo.locktime = 0
net.ipv6.neigh.lo.mcast_solicit = 3
net.ipv6.neigh.lo.proxy_delay = 79
net.ipv6.neigh.lo.proxy_qlen = 64
net.ipv6.neigh.lo.retrans_time = 1000
net.ipv6.neigh.lo.ucast_solicit = 3
net.ipv6.neigh.lo.unres_qlen = 3
net.ipv6.route.flush =
net.ipv6.route.gc_elasticity = 0
net.ipv6.route.gc_interval = 30
net.ipv6.route.gc_min_interval = 0
net.ipv6.route.gc_thresh = 1024
net.ipv6.route.gc_timeout = 60
net.ipv6.route.max_size = 4096
net.ipv6.route.min_adv_mss = 1
net.ipv6.route.mtu_expires = 600
net.token-ring.rif_timeout = 600000
net.unix.max_dgram_qlen = 10
sunrpc.nfs_debug = 0
sunrpc.nfsd_debug = 0
sunrpc.nlm_debug = 0
sunrpc.rpc_debug = 0
sunrpc.tcp_slot_table_entries = 16
sunrpc.udp_slot_table_entries = 16
vm.block_dump = 0
vm.dirty_background_ratio = 10
vm.dirty_expire_centisecs = 3000
vm.dirty_ratio = 40
vm.dirty_writeback_centisecs = 500
vm.hugetlb_shm_group = 0
vm.laptop_mode = 0
vm.legacy_va_layout = 0
vm.lower_zone_protection = 0
vm.max_map_count = 65536
vm.min_free_kbytes = 918
vm.nr_hugepages = 0
vm.nr_pdflush_threads = 2
vm.overcommit_memory = 0
vm.overcommit_ratio = 50
vm.page-cluster = 3
vm.swappiness = 60
vm.vfs_cache_pressure = 100
TRACE
Running with control file control.xml version 642 and changelist 703273
TRACE[E] [syxxcfsmgt.cpp:269]
CSyFileSystemMgtImpl::getNode(const CSyPath &product.catalog) const
Node product.catalog does not exist.
TRACE [iaxxccontrolfile.cpp:142]
CControlFile::getKeydbControlFileName()
Running with keydb file keydb.xml
TRACE[E] [syxxcfsmgt.cpp:269]
CSyFileSystemMgtImpl::getNode(const CSyPath &product.catalog) const
Node product.catalog does not exist.
TRACE [iaxxccontrolfile.cpp:235]
CControlFile::getDialogControlFileName()
Running with dialog control file dialog.xml
TRACE [iaxxccontrolfile.cpp:184]
CControlFile::getResourecFileName()
Running with resource file /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST/helppool.xml
INFO 2006-07-24 10:23:29 [syxxcfile.cpp:446]
CSyFileImpl::copy(const CSyPath & q0w9e9r8t7.1.xml, ISyNode::eCopyMode 3, ISyProgressObserver*) const
Copying file /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST/keydb.xml to: q0w9e9r8t7.1.xml.
INFO 2006-07-24 10:23:29 [syuxcpath.cpp:369]
CSyPath::createFile()
Creating file /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST/q0w9e9r8t7.1.xml.
INFO 2006-07-24 10:23:30 [iaxxclib.cpp:83]
load()
Working directory changed to /tmp/sapinst_exe.3669.1153729381.
TRACE [iaxxclib.cpp:165]
load()
Opened iaccdlib.so
INFO 2006-07-24 10:23:30 [iaxxclib.cpp:108]
load()
Working directory changed to /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST.
TRACE [iaxxcdgprc.cpp:635]
CDialogProcessor::processDialogs()
Executing dialog step Preinstall|ind|ind|ind|ind|ind|0|checkRuntimeSystem
INFO 2006-07-24 10:23:30 [iaxxclib.cpp:83]
load()
Working directory changed to /tmp/sapinst_exe.3669.1153729381.
TRACE [iaxxclib.cpp:165]
load()
Opened iamodos.so
INFO 2006-07-24 10:23:30 [iaxxclib.cpp:108]
load()
Working directory changed to /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST.
TRACE [iaxxccntrl.cpp:493]
CController::stepExecuted()
The step checkRuntimeSystem with key Preinstall|ind|ind|ind|ind|ind|0|checkRuntimeSystem has been executed successfully.
TRACE [iaxxcdgprc.cpp:635]
CDialogProcessor::processDialogs()
Executing dialog step Preinstall|ind|ind|ind|ind|ind|0|SetDefaults
TRACE [iaxxccntrl.cpp:493]
CController::stepExecuted()
The step SetDefaults with key Preinstall|ind|ind|ind|ind|ind|0|SetDefaults has been executed successfully.
INFO 2006-07-24 10:23:31 [syxxcfile.cpp:446]
CSyFileImpl::copy(const CSyPath & /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST/keydb.1.xml, ISyNode::eCopyMode 3, ISyProgressObserver*) const
Copying file /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST/keydb.xml to: /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST/keydb.1.xml.
INFO 2006-07-24 10:23:31 [syuxcpath.cpp:369]
CSyPath::createFile()
Creating file /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST/keydb.1.xml.
TRACE [iaxxcdgprc.cpp:635]
CDialogProcessor::processDialogs()
Executing dialog step Preinstall|ind|ind|ind|ind|ind|0|diSummarize
TRACE [iaxxccntrl.cpp:493]
CController::stepExecuted()
The step diSummarize with key Preinstall|ind|ind|ind|ind|ind|0|diSummarize has been executed successfully.
TRACE [iaxxcdgprc.cpp:635]
CDialogProcessor::processDialogs()
Executing dialog step Preinstall|ind|ind|ind|ind|ind|0|diProgress
TRACE [iaxxccntrl.cpp:493]
CController::stepExecuted()
The step diProgress with key Preinstall|ind|ind|ind|ind|ind|0|diProgress has been executed successfully.
INFO 2006-07-24 10:23:32 [syuxcpath.cpp:369]
CSyPath::createFile()
Creating file /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST/summary.html.
PHASE 2006-07-24 10:23:32 [iaxxcwalker.cpp:416]
CDomWalker::printPhaseInfo()
Prepare the installation program.
INFO 2006-07-24 10:23:48 [iaxxcwalker.cpp:59]
CDomWalker::walk()
Installation start: Monday, 24 July 2006, 10:23:26; installation directory: /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST; product to be installed: SAP NetWeaver '04 Support Release 1> Java System> Oracle> Central System> Custom Installation - Java System
TRACE<i> [iaxxclib.cpp:83]
load()
Working directory changed to /tmp/sapinst_exe.3669.1153729381.
TRACE [iaxxclib.cpp:165]
load()
Opened iamodora.so
TRACE<i> [iaxxclib.cpp:108]
load()
Working directory changed to /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST.
TRACE [iaxxccntrl.cpp:398]
CController::activateEvaluator()
The controller registered the module COraInputChecker
TRACE<i> [iaxxclib.cpp:83]
load()
Working directory changed to /tmp/sapinst_exe.3669.1153729381.
TRACE [iaxxclib.cpp:165]
load()
Opened iamodada.so
TRACE<i> [iaxxclib.cpp:108]
load()
Working directory changed to /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST.
TRACE [iaxxccntrl.cpp:398]
CController::activateEvaluator()
The controller registered the module CIaSdbActor
TRACE [iaxxcdgprc.cpp:635]
CDialogProcessor::processDialogs()
Executing dialog step J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|fillContext
INFO 2006-07-24 10:23:48 [iaxxclib.cpp:83]
load()
Working directory changed to /tmp/sapinst_exe.3669.1153729381.
TRACE [iaxxclib.cpp:165]
load()
Opened iajsmod.so
INFO 2006-07-24 10:23:48 [iaxxclib.cpp:108]
load()
Working directory changed to /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST.
TRACE [iaxxejsexp.cpp:208]
EJS_Installer::writeTraceToLogBook()
t_J2EE_Dialogs.remove(WHERE 1=1)
TRACE [iaxxejsexp.cpp:208]
EJS_Installer::writeTraceToLogBook()
t_J2EE_Dialogs.insertRow({
di:false
oneHost:true
}), inserting
TRACE [iaxxccntrl.cpp:493]
CController::stepExecuted()
The step fillContext with key J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|fillContext has been executed successfully.
TRACE [iaxxcdgprc.cpp:635]
CDialogProcessor::processDialogs()
Executing dialog step J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDialogs|ind|ind|ind|WebAS|630|0|readProductXml
TRACE [iaxxejsexp.cpp:208]
EJS_Installer::writeTraceToLogBook()
Reading additional shipment information from product.xml...
TRACE [iaxxejsexp.cpp:208]
EJS_Installer::writeTraceToLogBook()
tProductInfo.updateRow({
Name:WebAs
Version:640
}, WHERE ROWNUM=0), updating
TRACE [iaxxejsexp.cpp:208]
EJS_Installer::writeTraceToLogBook()
IA_CONTR_DBPLATFORM.updateRow({
DBPLATFORM:ORA
}, WHERE ROWNUM=0), updating
TRACE [iaxxejsexp.cpp:208]
EJS_Installer::writeTraceToLogBook()
Table: tWhat
Name:What
Value:INST
Name:InstanceType
Value:DI
Name:DbType
Value:NEWDB
Name:DataType
Value:SAP
Name:MigType
Value:STD
Name:INQMY
Value:NO
Name:IsCluster
Value:NO
Name:IsClusterA
Value:NO
Name:IsClusterB
Value:NO
Name:UNICODE
Value:YES
Name:Db6Engine
Value:EE
Name:IGS
Value:YES
Name:CCM4X
Value:NO
Name:HETFS
Value:false
Name:LCCLIENT
Value:false
Name:J2EE630
Value:false
Name:DB2Connectivity
Value:DRDA
Name:SDM_JDBCDRIVER_DB4
Value:engine
Name:LCUSERDATAADMIN
Value:false
Name:SeparateSCS
Value:false
Name:EEENodeNumber
Value:EEENode0
TRACE [iaxxccntrl.cpp:493]
CController::stepExecuted()
The step readProductXml with key J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDialogs|ind|ind|ind|WebAS|630|0|readProductXml has been executed successfully.
TRACE [iaxxcdgprc.cpp:635]
CDialogProcessor::processDialogs()
Executing dialog step J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDialogs|ind|ind|ind|WebAS|630|0|setDefaults
TRACE [iaxxejsexp.cpp:208]
EJS_Installer::writeTraceToLogBook()
t_systems.remove(WHERE 1=1)
INFO 2006-07-24 10:23:49
CJSlibModule::writeInfo_impl()
Looking for SAP system instances installed on this host...
INFO 2006-07-24 10:23:49
CJSlibModule::writeInfo_impl()
No installed instances found!
TRACE [syxxcnamrs.cpp:278]
PSyHostsEntry CSyIPNameResolverImpl::getHostByName(const iastring& hostName) const
IP name localhost resolves to IP address(es): 127.0.0.1
TRACE [syxxcnamrs.cpp:208]
PSyHostsEntry CSyIPNameResolverImpl::getHostByAddress(const iastring& ipAddress) const
IP address 127.0.0.1 resolves to IP name(s): localhost
TRACE [iaxxbhosts.cpp:674]
CIaOsHosts::resolveHostName()
hostname after reverse lookup is: localhost
TRACE [iaxxejsexp.cpp:208]
EJS_Installer::writeTraceToLogBook()
shells.updateRow({
shell:/bin/bash
}, WHERE shell='/bin/bash'), inserting
TRACE [iaxxccntrl.cpp:493]
CController::stepExecuted()
The step setDefaults with key J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDialogs|ind|ind|ind|WebAS|630|0|setDefaults has been executed successfully.
TRACE [iaxxcdgprc.cpp:635]
CDialogProcessor::processDialogs()
Executing dialog step J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDialogs|ind|ind|ind|WebAS|630|0|DNSCheck
INFO 2006-07-24 10:23:50
CJSlibModule::writeInfo_impl()
DNS is configured correctly.
TRACE [iaxxccntrl.cpp:493]
CController::stepExecuted()
The step DNSCheck with key J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDialogs|ind|ind|ind|WebAS|630|0|DNSCheck has been executed successfully.
TRACE [iaxxcdgprc.cpp:635]
CDialogProcessor::processDialogs()
Executing dialog step J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDialogs|ind|ind|ind|WebAS|630|0|MemoryCheck
TRACE [iaxxccntrl.cpp:493]
CController::stepExecuted()
The step MemoryCheck with key J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDialogs|ind|ind|ind|WebAS|630|0|MemoryCheck has been executed successfully.
TRACE [iaxxcdgprc.cpp:635]
CDialogProcessor::processDialogs()
Executing dialog step J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDialogs|ind|ind|ind|WebAS|630|0|virtualHostCheck
TRACE [iaxxccntrl.cpp:493]
CController::stepExecuted()
The step virtualHostCheck with key J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDialogs|ind|ind|ind|WebAS|630|0|virtualHostCheck has been executed successfully.
TRACE [iaxxcdgprc.cpp:635]
CDialogProcessor::processDialogs()
Executing dialog step J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDialogs|ind|ind|ind|WebAS|630|0|askWhat
INFO 2006-07-24 10:23:51 [iaxxclib.cpp:83]
load()
Working directory changed to /tmp/sapinst_exe.3669.1153729381.
TRACE [iaxxclib.cpp:165]
load()
Opened iamodutl.so
INFO 2006-07-24 10:23:51 [iaxxclib.cpp:108]
load()
Working directory changed to /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST.
TRACE [iaxxccntrl.cpp:493]
CController::stepExecuted()
The step askWhat with key J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDialogs|ind|ind|ind|WebAS|630|0|askWhat has been executed successfully.
TRACE [iaxxcdgprc.cpp:635]
CDialogProcessor::processDialogs()
Executing dialog step J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDialogs|ind|ind|ind|WebAS|630|0|askPrep
TRACE [iaxxgenimp.cpp:189]
showDialog()
showing dlg d_webas630_prepare_ci_unix
TRACE [iaxxgenimp.cpp:205]
showDialog()
<dialog sid="d_webas630_prepare_ci_unix">
<dialog/>
TRACE [iaxxgenimp.cpp:845]
showDialog()
waiting for an answer from gui
TRACE [iaxxdlghnd.cpp:98]
CDialogHandler::doHandleDoc()
CDialogHandler: ACTION_NEXT requested
TRACE [iaxxejsexp.cpp:208]
EJS_Installer::writeTraceToLogBook()
profile directory '/sapmnt/J2E/profile' does not exist. Returning undefined.
TRACE [iaxxgenimp.cpp:212]
showDialog()
<dialog sid="d_webas630_prepare_ci_unix">
<dialog/>
TRACE [iaxxccntrl.cpp:493]
CController::stepExecuted()
The step askPrep with key J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDialogs|ind|ind|ind|WebAS|630|0|askPrep has been executed successfully.
TRACE [iaxxcdgprc.cpp:635]
CDialogProcessor::processDialogs()
Executing dialog step J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDialogs|ind|ind|ind|WebAS|630|0|getJavaHome
TRACE [iaxxgenimp.cpp:189]
showDialog()
showing dlg diCdServerMissingPackageWithCdName
TRACE [iaxxgenimp.cpp:205]
showDialog()
<dialog sid="diCdServerMissingPackageWithCdName">
<dialog/>
TRACE [iaxxgenimp.cpp:845]
showDialog()
waiting for an answer from gui
TRACE [iaxxdlghnd.cpp:98]
CDialogHandler::doHandleDoc()
CDialogHandler: ACTION_NEXT requested
TRACE [iaxxgenimp.cpp:212]
showDialog()
<dialog sid="diCdServerMissingPackageWithCdName">
<dialog/>
INFO 2006-07-24 10:24:17 [syxxcfile.cpp:446]
CSyFileImpl::copy(const CSyPath & ., ISyNode::eCopyMode 3, ISyProgressObserver*) const
Copying file /root/backupmnt/temp/51030724_2/DVD_NW_04_SR1_SAP_Web_AS_JAVA/J2EE_OSINDEP/JDKVersion.xml to: ..
INFO 2006-07-24 10:24:17 [syuxcpath.cpp:369]
CSyPath::createFile()
Creating file /tmp/sapinst_instdir/NW04SR1/WEBAS_JAVA/CENTRAL/ONE_HOST/JDKVersion.xml.
TRACE [syuxctask.cpp:1242]
CSyTaskImpl::start(bool)
A child process has been started. Pid = 3706
ERROR 2006-07-24 10:24:17 [iaxxbprocess.cpp:927]
CIaOsProcess::getReturnCode_impl()
FSL-04005 Unable to wait for process with ID 3706. No child processes
ERROR 2006-07-24 10:24:17 [iaxxbprocess.cpp:948]
CIaOsProcess::getReturnCode_impl()
FSL-04006 A system call failed due to unknown reasons: A process could not be waited for. No child processes.
TRACE [iaxxejsbas.hpp:270]
EJS_Base::dispatchFunctionCall()
JS Callback has thrown std::ESyException: A process could not be waited for. No child processes
WARNING 2006-07-24 10:24:17 [iaxxccntrl.cpp:477]
CController::stepExecuted()
The step getJavaHome with step key J2EE_EngineEnterprise_OneHost|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDialogs|ind|ind|ind|WebAS|630|0|getJavaHome was executed with status ERROR.
TRACE [iaxxcsihlp.hpp:301]
main()
An error occurred during the installation of component SAP NetWeaver '04 Support Release 1> Java System> Oracle> Central System> Custom Installation - Java System. Press the log view button to get extended error information or press OK to terminate the installation. Log files are written to SAP NetWeaver '04 Support Release 1> Java System> Oracle> Central System> Custom Installation - Java System.
TRACE [iaxxgenimp.cpp:845]
showDialog()
waiting for an answer from gui
TRACE [iaxxdlghnd.cpp:180]
CDialogHandler::doHandleDoc()
ACTION_OK received
WARNING 2006-07-24 10:24:41 [iaxxcsihlp.hpp:250]
main()
An error occurred during the installation.
Has anybody an idea whats wrong here?
thanxThanx Jeff!
and sorry for replying so late
like with many other things, reading notes carefully can help a lot
problem was solved by setting
LD_ASSUME_KERNEL=2.4.1
for sapinst as described in sap note 722273 -
After performing the OS X 10.10.2 update, OpenGL applications, for example Starry Night Pro fail to run, there are numerous windows update/refresh problems (incomplete refresh, remnants of window/frame borders), and some applications, for example Google Chrome are unusable, as cursor motion in the application window causes the display to flash horizontal bars in the window.
I've tried a variety of things, including downloading the most current release of Xcode, turning on/off transparency in Accessibility, graphics switching, and a few other things, but the problem persists.
The App Store display behaves similarly. I am running a MacBook Pro.
This is the output from EtreCheck:
Problem description:
Screen/windows corruption
EtreCheck version: 2.1.8 (121)
Report generated March 11, 2015 at 10:26:15 PM CDT
Download EtreCheck from http://etresoft.com/etrecheck
Click the [Click for support] links for help with non-Apple products.
Click the [Click for details] links for more information about that line.
Hardware Information: ℹ️
MacBook Pro (15-inch, Mid 2012) (Technical Specifications)
MacBook Pro - model: MacBookPro9,1
1 2.6 GHz Intel Core i7 CPU: 4-core
16 GB RAM Upgradeable
BANK 0/DIMM0
8 GB DDR3 1600 MHz ok
BANK 1/DIMM0
8 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en1: 802.11 a/b/g/n
Battery Health: Normal - Cycle count 36
Video Information: ℹ️
Intel HD Graphics 4000
NVIDIA GeForce GT 650M - VRAM: 1024 MB
System Software: ℹ️
OS X 10.10.2 (14C1510) - Time since boot: 23:26:45
Disk Information: ℹ️
APPLE HDD HTS547575A9E384 disk0 : (750.16 GB)
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
Macintosh HD (disk1) / : 748.96 GB (146.71 GB free)
Encrypted AES-XTS Unlocked
Core Storage: disk0s2 749.30 GB Online
HL-DT-ST DVDRW GS31N
USB Information: ℹ️
Apple Inc. FaceTime HD Camera (Built-in)
Apple iPod
Western Digital My Book 1 TB
EFI (disk3s1) <not mounted> : 210 MB
WDP1 (disk3s2) /Volumes/WDP1 : 333.40 GB (9.12 GB free)
WDP2 (disk3s3) /Volumes/WDP2 : 333.40 GB (2.55 GB free)
WDP3 (disk3s4) /Volumes/WDP3 : 332.79 GB (94.00 GB free)
Western Digital My Book 1140 2 TB
EFI (disk4s1) <not mounted> : 210 MB
2TB_1 (disk4s2) /Volumes/2TB_1 : 666.79 GB (31.36 GB free)
2TB_2 (disk4s3) /Volumes/2TB_2 : 666.79 GB (58.76 GB free)
2TB_3 (disk4s4) /Volumes/2TB_3 : 666.18 GB (70.41 GB free)
Logitech USB Receiver
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Computer, Inc. IR Receiver
Logitech USB Receiver
Thunderbolt Information: ℹ️
Apple Inc. thunderbolt_bus
Gatekeeper: ℹ️
Anywhere
Kernel Extensions: ℹ️
/Applications/Parallels Access.app
[loaded] com.parallels.virtualsound (1.0.36 36 - SDK 10.6) [Click for support]
/Applications/Parallels Desktop.app
[not loaded] com.parallels.kext.hypervisor (10.1.1 28614 - SDK 10.7) [Click for support]
[not loaded] com.parallels.kext.netbridge (10.1.1 28614 - SDK 10.7) [Click for support]
[not loaded] com.parallels.kext.usbconnect (10.1.1 28614 - SDK 10.7) [Click for support]
[not loaded] com.parallels.kext.vnic (10.1.1 28614 - SDK 10.7) [Click for support]
/Applications/Utilities/DiskWarrior.app
[not loaded] com.alsoft.Preview (4.1) [Click for support]
/Library/Extensions
[loaded] com.epson.driver.EPSONProjectorUDAudio (1.40 - SDK 10.6) [Click for support]
/System/Library/Extensions
[not loaded] com.FTDI.driver.FTDIUSBSerialDriver (2.2.18 - SDK 10.6) [Click for support]
[loaded] com.Logitech.Control Center.HID Driver (3.6.0 - SDK 10.6) [Click for support]
[loaded] com.Logitech.Unifying.HID Driver (1.2.0 - SDK 10.6) [Click for support]
[not loaded] com.Ralink.driver.RT73 (1.1.6) [Click for support]
[not loaded] com.beceem.BeceemAppleWiMAXAdapter (5.2.56d16) [Click for support]
[not loaded] com.cisco.nke.ipsec (2.0.1) [Click for support]
[not loaded] com.devguru.driver.DIFMCDFree (1.1.0) [Click for support]
[not loaded] com.devguru.driver.DIFMSerial (1.1.0) [Click for support]
[not loaded] com.fklt.driver (1.8.0) [Click for support]
[not loaded] com.novatelwireless.driver.3G (2.2.8) [Click for support]
[not loaded] com.novatelwireless.driver.DisableAutoInstall (1.2) [Click for support]
[not loaded] com.prolific.driver.PL2303 (2.0.0) [Click for support]
[not loaded] com.rim.driver.BlackBerryUSBDriverInt (0.0.39) [Click for support]
[not loaded] com.rim.driver.BlackBerryUSBDriverVSP (0.0.39) [Click for support]
[not loaded] com.sbig.driver.SBIGUSBEDriver (4.70) [Click for support]
[not loaded] com.sbig.driver.SBIGUSBLoader (4.70.2) [Click for support]
[not loaded] com.sierrawireless.driver.SierraDevSupport (2.0.6) [Click for support]
[not loaded] com.sierrawireless.driver.SierraFSCSupport (2.0.6) [Click for support]
[not loaded] com.tomtom.driver.UsbEthernetGadget (1.0.0d1) [Click for support]
[not loaded] com.wacom.kext.wacomtablet (6.3.7 - SDK 10.8) [Click for support]
[not loaded] org.emul.driver.EarthMate (1.0.0d1) [Click for support]
/System/Library/Extensions/NovatelWireless3G.kext/Contents/Plugins
[not loaded] com.novatelwireless.driver.3GData (2.2.8) [Click for support]
Launch Agents: ℹ️
[not loaded] com.adobe.AAM.Updater-1.0.plist [Click for support]
[running] com.adobe.AdobeCreativeCloud.plist [Click for support]
[not loaded] com.canon.MFManager.plist [Click for support]
[loaded] com.divx.dms.agent.plist [Click for support]
[loaded] com.divx.update.agent.plist [Click for support]
[loaded] com.google.keystone.agent.plist [Click for support]
[running] com.kodak.BonjourAgent.plist [Click for support]
[running] com.Logitech.Control Center.Daemon.plist [Click for support]
[loaded] com.oracle.java.Java-Updater.plist [Click for support]
[running] com.parallels.mobile.prl_deskctl_agent.launchagent.plist [Click for support]
[running] com.wacom.wacomtablet.plist [Click for support]
[loaded] org.macosforge.xquartz.startx.plist [Click for support]
Launch Daemons: ℹ️
[running] com.adobe.adobeupdatedaemon.plist [Click for support]
[loaded] com.adobe.fpsaud.plist [Click for support]
[running] com.autodesk.backburner_manager.plist [Click for support]
[running] com.autodesk.backburner_server.plist [Click for support]
[loaded] com.autodesk.backburner_start.plist [Click for support]
[loaded] com.google.keystone.daemon.plist [Click for support]
[running] com.makerbot.conveyor.plist [Click for support]
[loaded] com.oracle.java.Helper-Tool.plist [Click for support]
[loaded] com.oracle.java.JavaUpdateHelper.plist [Click for support]
[running] com.parallels.mobile.dispatcher.launchdaemon.plist [Click for support]
[loaded] com.parallels.mobile.kextloader.launchdaemon.plist [Click for support]
[loaded] org.macosforge.xquartz.privileged_startx.plist [Click for support]
User Launch Agents: ℹ️
[loaded] com.adobe.AAM.Updater-1.0.plist [Click for support]
[loaded] com.adobe.ARM.[...].plist [Click for support]
[loaded] com.adobe.ARM.[...].plist [Click for support]
[loaded] com.adobe.ARM.[...].plist [Click for support]
[loaded] com.adobe.ARM.[...].plist [Click for support]
[loaded] com.citrixonline.GoToMeeting.G2MUpdate.plist [Click for support]
[loaded] com.kodak.KODAK AiO Firmware Updater.plist [Click for support]
[loaded] com.kodak.KODAK AiO Software Updater.plist [Click for support]
[running] com.parallels.mobile.startgui.launchagent.plist [Click for support]
[loaded] com.valvesoftware.steamclean.plist [Click for support]
User Login Items: ℹ️
Google Drive Application (/Applications/Google Drive.app)
USB Display Agent Application (/Applications/USB Display/USB Display.app/Contents/Resources/USB Display Agent.app)
USB Display Agent Application (/Applications/USB Display/USB Display.app/Contents/Resources/USB Display Agent.app)
Internet Plug-ins: ℹ️
WacomNetscape: Version: 2.1.0-1 - SDK 10.8 [Click for support]
OVSHelper: Version: 1.1 [Click for support]
Default Browser: Version: 600 - SDK 10.10
Google Earth Web Plug-in: Version: 6.0 [Click for support]
SlingPlayer: Version: Unknown [Click for support]
RealPlayer Plugin: Version: Unknown [Click for support]
AdobeAAMDetect: Version: AdobeAAMDetect 2.0.0.0 - SDK 10.7 [Click for support]
FlashPlayer-10.6: Version: 16.0.0.305 - SDK 10.6 [Click for support]
DivX Web Player: Version: 3.2.4.1250 - SDK 10.6 [Click for support]
Silverlight: Version: 5.1.10411.0 - SDK 10.6 [Click for support]
Flash Player: Version: 16.0.0.305 - SDK 10.6 [Click for support]
QuickTime Plugin: Version: 7.7.3
iPhotoPhotocast: Version: 6.0
WacomTabletPlugin: Version: WacomTabletPlugin 2.1.0.2 [Click for support]
AdobePDFViewer: Version: 9.5.5 [Click for support]
JavaAppletPlugin: Version: Java 8 Update 40 Check version
User internet Plug-ins: ℹ️
fbplugin_1_0_3: Version: Unknown [Click for support]
BrowserPlus_2.6.0: Version: 2.6.0 [Click for support]
CitrixOnlineWebDeploymentPlugin: Version: 1.0.105 [Click for support]
fbplugin_1_0_1: Version: Unknown [Click for support]
Picasa: Version: 1.0 [Click for support]
Safari Extensions: ℹ️
Open in Internet Explorer
3rd Party Preference Panes: ℹ️
Flash Player [Click for support]
Flip4Mac WMV [Click for support]
GoPro [Click for support]
Growl [Click for support]
Java [Click for support]
Logitech Control Center [Click for support]
MacFUSE [Click for support]
Perian [Click for support]
Time Machine: ℹ️
Skip System Files: NO
Mobile backups: OFF
Auto backup: NO - Auto backup turned off
Volumes being backed up:
Macintosh HD: Disk size: 748.96 GB Disk used: 602.25 GB
Destinations:
WDP3 [Local]
Total size: 332.79 GB
Total number of backups: 2
Oldest backup: 2013-04-03 12:26:32 +0000
Last backup: 2013-04-03 12:26:32 +0000
Size of backup disk: Too small
Backup size 332.79 GB < (Disk used 602.25 GB X 3)
STAR_TECH_EXT [Local]
Total size: 499.76 GB
Total number of backups: 2
Oldest backup: 2013-04-03 14:26:44 +0000
Last backup: 2013-04-03 14:26:44 +0000
Size of backup disk: Too small
Backup size 499.76 GB < (Disk used 602.25 GB X 3)
Top Processes by CPU: ℹ️
3% WindowServer
1% Creative Cloud
0% firefox
0% fontd
0% AdobeUpdateDaemon
Top Processes by Memory: ℹ️
670 MB Safari
567 MB firefox
464 MB softwareupdated
395 MB mds_stores
309 MB WindowServer
Virtual Memory Information: ℹ️
1.43 GB Free RAM
7.87 GB Active RAM
6.40 GB Inactive RAM
1.47 GB Wired RAM
7.30 GB Page-ins
205 KB Page-outs
Diagnostics Information: ℹ️
Mar 11, 2015, 04:04:23 PM /Library/Logs/DiagnosticReports/ScreenSaverEngine_2015-03-11-160423_[redacted]. cpu_resource.diag [Click for details]
Mar 11, 2015, 02:54:29 PM /Library/Logs/DiagnosticReports/ScreenSaverEngine_2015-03-11-145429_[redacted]. cpu_resource.diag [Click for details]
Mar 11, 2015, 10:18:18 AM /Library/Logs/DiagnosticReports/ScreenSaverEngine_2015-03-11-101818_[redacted]. cpu_resource.diag [Click for details]
Mar 10, 2015, 10:55:10 PM Self test - passed
Mar 9, 2015, 03:21:58 AM /Library/Logs/DiagnosticReports/SubmitDiagInfo_2015-03-09-032158_[redacted].cpu _resource.diag [Click for details]Here is the diagnostic script output:
Start time: 12:06:12 03/14/15
Revision: 1290
Model Identifier: MacBookPro9,1
System Version: OS X 10.10.2 (14C1510)
Kernel Version: Darwin 14.1.0
Time since boot: 3 days 13:11
UID: 502
Memory
BANK 0/DIMM0
Size: 8 GB
Speed: 1600 MHz
Status: OK
Manufacturer: 0x859B
BANK 1/DIMM0
Size: 8 GB
Speed: 1600 MHz
Status: OK
Manufacturer: 0x859B
USB
Hub (Belkin Corporation)
My Book 1140 (Western Digital Technologies, Inc.)
My Book (Western Digital Technologies, Inc.)
USB Receiver (Logitech Inc.)
USB Receiver (Logitech Inc.)
FileVault 2: On
Activity
CPU: user 13%, system 7%
CPU usage (%)
plugin-container (UID 502): 100.0
com.apple.WebKit (UID 502): 26.2
File opens (per sec)
AdobeUpdateDaem (UID 0) => /tmp/UUID_OUT (status 60): 6
Energy (lifetime)
WindowServer (UID 88): 7.44
com.apple.WebKit.WebContent (UID 502): 7.22
Energy (sampled)
plugin-container (UID 502): 99.13
com.apple.WebKit.WebContent (UID 502): 23.60
WindowServer (UID 88): 21.29
com.apple.WebKit.WebContent (UID 502): 13.16
Console (UID 502): 12.28
Memory (MB)
kernel_task (UID 0): 1327
Font issues: 1
Listeners
launchd: ftp
System caches/logs
3.6 GiB: /System/Library/Caches/com.apple.coresymbolicationd/data
Diagnostic reports
2015-02-19 com.apple.WebKit.WebContent crash
2015-02-20 Topaz Adjust 5 crash
2015-02-20 Topaz ReStyle crash
2015-02-20 com.apple.WebKit.WebContent crash x2
2015-02-21 com.apple.WebKit.WebContent crash x2
2015-02-25 com.apple.WebKit.WebContent crash
2015-03-04 system_profiler crash
2015-03-07 com.apple.WebKit.WebContent crash
2015-03-08 MPEG Streamclip hang x2
2015-03-08 com.apple.WebKit.WebContent crash
I/O errors
disk2s2: close: journal 0xffffff8049bb9c20, is invalid. aborting outstanding transactions 1
disk2s2: do_jnl_io: strategy err 0x6 1
disk2s3: close: journal 0xffffff8049bb9740, is invalid. aborting outstanding transactions 1
disk2s3: do_jnl_io: strategy err 0x6 1
disk2s4: close: journal 0xffffff8049bb9260, is invalid. aborting outstanding transactions 1
disk2s4: do_jnl_io: strategy err 0x6 1
disk3s2: do_jnl_io: strategy err 0x6 1
disk3s3: close: journal 0xffffff8049bb95a0, is invalid. aborting outstanding transactions 1
disk3s3: do_jnl_io: strategy err 0x6 1
disk3s4: close: journal 0xffffff8049bb9400, is invalid. aborting outstanding transactions 1
disk3s4: do_jnl_io: strategy err 0x6 1
disk4s3: close: journal 0xffffff8023522c20, is invalid. aborting outstanding transactions 1
disk4s3: do_jnl_io: strategy err 0x6 1
Volumes
disk1: /
disk5s3: /Volumes/WDP2
disk5s2: /Volumes/WDP1
disk5s4: /Volumes/WDP3
disk6s2: /Volumes/2TB_1
disk6s4: /Volumes/2TB_3
disk6s3: /Volumes/2TB_2
disk7s2: /Volumes/Starry Night Pro 7
HID errors: 3
Kernel log
Mar 8 17:08:19 firefox (map: 0xffffff80501790f0) triggered DYLD shared region unnest for map: 0xffffff80501790f0, region 0x7fff8a200000->0x7fff8a400000. While not abnormal for debuggers, this increases system memory footprint until the target exits.
Mar 8 17:08:59 firefox (map: 0xffffff8051e54870) triggered DYLD shared region unnest for map: 0xffffff8051e54870, region 0x7fff8a200000->0x7fff8a400000. While not abnormal for debuggers, this increases system memory footprint until the target exits.
Mar 9 08:11:09 jnl: disk2s4: close: journal 0xffffff8049bb9260, is invalid. aborting outstanding transactions
Mar 9 08:11:09 jnl: disk3s4: close: journal 0xffffff8049bb9400, is invalid. aborting outstanding transactions
Mar 9 08:11:09 jnl: disk2s3: close: journal 0xffffff8049bb9740, is invalid. aborting outstanding transactions
Mar 9 08:11:09 jnl: disk3s3: close: journal 0xffffff8049bb95a0, is invalid. aborting outstanding transactions
Mar 9 08:11:09 jnl: disk3s2: write_journal_header: error writing the journal header!
Mar 9 08:11:09 jnl: disk2s2: close: journal 0xffffff8049bb9c20, is invalid. aborting outstanding transactions
Mar 9 11:42:59 firefox (map: 0xffffff8031b5e780) triggered DYLD shared region unnest for map: 0xffffff8031b5e780, region 0x7fff89e00000->0x7fff8a000000. While not abnormal for debuggers, this increases system memory footprint until the target exits.
Mar 10 13:44:08 Limiting closed port RST response from 310 to 250 packets per second
Mar 10 23:03:12 firefox (map: 0xffffff802a954780) triggered DYLD shared region unnest for map: 0xffffff802a954780, region 0x7fff90000000->0x7fff90200000. While not abnormal for debuggers, this increases system memory footprint until the target exits.
Mar 10 23:20:37 Limiting icmp unreach response from 302 to 250 packets per second
Mar 11 08:39:04 jnl: disk4s3: write_journal_header: error writing the journal header!
Mar 11 08:39:04 jnl: disk4s3: close: journal 0xffffff8023522c20, is invalid. aborting outstanding transactions
Mar 13 17:42:33 Limiting icmp unreach response from 428 to 250 packets per second
Mar 13 17:42:34 Limiting icmp unreach response from 433 to 250 packets per second
System log
Mar 14 09:09:18 VTDecoderXPCService: GVA warning: failed to get a service for display id: 4128828
Mar 14 09:09:18 VTDecoderXPCService: GVA warning: failed to get a service for display id: 4128829
Mar 14 09:09:18 VTDecoderXPCService: GVA warning: failed to get a service for display id: 4128830
Mar 14 09:09:18 VTDecoderXPCService: GVA warning: failed to get a service for display id: 4128831
Mar 14 09:14:35 Adobe Photoshop Elements Editor: Error loading /Applications/Adobe Photoshop Elements 10/Support Files/Plug-Ins/onOne Library.8li/Contents/MacOS/onOne Library: dlopen(/Applications/Adobe Photoshop Elements 10/Support Files/Plug-Ins/onOne Library.8li/Contents/MacOS/onOne Library, 262): no suitable image found. Did find:
/Applications/Adobe Photoshop Elements 10/Support Files/Plug-Ins/onOne Library.8li/Contents/MacOS/onOne Library: mach-o, but wrong architecture
Mar 14 09:14:35 Adobe Photoshop Elements Editor: Error loading /Applications/Adobe Photoshop Elements 10/Support Files/Plug-Ins/onOne Library.8li/Contents/MacOS/onOne Library: dlopen(/Applications/Adobe Photoshop Elements 10/Support Files/Plug-Ins/onOne Library.8li/Contents/MacOS/onOne Library, 262): no suitable image found. Did find:
/Applications/Adobe Photoshop Elements 10/Support Files/Plug-Ins/onOne Library.8li/Contents/MacOS/onOne Library: mach-o, but wrong architecture
Mar 14 09:14:35 Adobe Photoshop Elements Editor: Error loading /Applications/Adobe Photoshop Elements 10/Support Files/Plug-Ins/onOne Library.8li/Contents/MacOS/onOne Library: dlopen(/Applications/Adobe Photoshop Elements 10/Support Files/Plug-Ins/onOne Library.8li/Contents/MacOS/onOne Library, 262): no suitable image found. Did find:
/Applications/Adobe Photoshop Elements 10/Support Files/Plug-Ins/onOne Library.8li/Contents/MacOS/onOne Library: mach-o, but wrong architecture
Mar 14 09:32:27 com.apple.sbd: SOSCCThisDeviceIsInCircle SOSCCThisDeviceIsInCircle!! 7
Mar 14 09:35:28 WindowServer: disable_update_timeout: UI updates were forcibly disabled by application "Finder" for over 1.00 seconds. Server has re-enabled them.
Mar 14 09:47:41 WindowServer: disable_update_timeout: UI updates were forcibly disabled by application "Installer" for over 1.00 seconds. Server has re-enabled them.
Mar 14 09:50:38 WindowServer: disable_update_timeout: UI updates were forcibly disabled by application "Finder" for over 1.00 seconds. Server has re-enabled them.
Mar 14 09:52:55 WindowServer: WSGetSurfaceInWindow : Invalid surface 583724228 for window 1898
Mar 14 10:09:38 WindowServer: disable_update_timeout: UI updates were forcibly disabled by application "com.apple.appkit.xpc.openAndSav" for over 1.00 seconds. Server has re-enabled them.
Mar 14 10:09:38 WindowServer: disable_update_timeout: UI updates were forcibly disabled by application "com.apple.WebKit.Plugin.64" for over 1.00 seconds. Server has re-enabled them.
Mar 14 10:09:48 WindowServer: disable_update_timeout: UI updates were forcibly disabled by application "com.apple.appkit.xpc.openAndSav" for over 1.00 seconds. Server has re-enabled them.
Mar 14 10:09:49 WindowServer: disable_update_timeout: UI updates were forcibly disabled by application "com.apple.WebKit.Plugin.64" for over 1.00 seconds. Server has re-enabled them.
Mar 14 10:09:55 WindowServer: disable_update_timeout: UI updates were forcibly disabled by application "com.apple.appkit.xpc.openAndSav" for over 1.00 seconds. Server has re-enabled them.
Mar 14 10:10:08 WindowServer: disable_update_timeout: UI updates were forcibly disabled by application "com.apple.appkit.xpc.openAndSav" for over 1.00 seconds. Server has re-enabled them.
Mar 14 10:39:34 launchservicesd: Application App:"loginwindow" asn:0x0-1001 pid:69 refs=7 @ 0x7fd821519070 tried to be brought forward, but isn't in fPermittedFrontApps ( ( "LSApplication:0x0-0x29a29a pid=25591 "ScreenSaverEngine"")), so denying. : LASSession.cp #1521 SetFrontApplication() q=LSSession 100005/0x186a5 queue
Mar 14 10:39:34 launchservicesd: Application App:"loginwindow" asn:0x0-1001 pid:69 refs=8 @ 0x7fd821519070 tried to be brought forward, but isn't in fPermittedFrontApps ( ( "LSApplication:0x0-0x29a29a pid=25591 "ScreenSaverEngine"")), so denying. : LASSession.cp #1521 SetFrontApplication() q=LSSession 100005/0x186a5 queue
Mar 14 11:57:26 launchservicesd: Application App:"loginwindow" asn:0x0-1001 pid:69 refs=7 @ 0x7fd821519070 tried to be brought forward, but isn't in fPermittedFrontApps ( ( "LSApplication:0x0-0x29f29f pid=26088 "ScreenSaverEngine"")), so denying. : LASSession.cp #1521 SetFrontApplication() q=LSSession 100005/0x186a5 queue
Mar 14 11:57:26 launchservicesd: Application App:"loginwindow" asn:0x0-1001 pid:69 refs=8 @ 0x7fd821519070 tried to be brought forward, but isn't in fPermittedFrontApps ( ( "LSApplication:0x0-0x29f29f pid=26088 "ScreenSaverEngine"")), so denying. : LASSession.cp #1521 SetFrontApplication() q=LSSession 100005/0x186a5 queue
launchd log
Mar 8 17:07:46 com.apple.xpc.launchd.domain.system: Session adoption is only allowed in user domains.
Mar 8 17:08:18 com.apple.xpc.launchd.user.502.100006.Aqua: Could not import service from caller: caller = otherbsd.341, service = com.garmin.renu.service, error = 119: Service is disabled
Mar 8 17:08:18 com.apple.xpc.launchd.user.502.100006.Aqua: Could not import service from caller: caller = otherbsd.341, service = com.apple.photostream-agent, error = 119: Service is disabled
Mar 9 11:41:23 com.apple.xpc.launchd.domain.system: Session adoption is only allowed in user domains.
Mar 9 11:41:51 com.apple.xpc.launchd.user.502.100006.Aqua: Could not import service from caller: caller = otherbsd.274, service = com.garmin.renu.service, error = 119: Service is disabled
Mar 9 11:41:51 com.apple.xpc.launchd.user.502.100006.Aqua: Could not import service from caller: caller = otherbsd.274, service = com.apple.photostream-agent, error = 119: Service is disabled
Mar 10 22:48:48 com.apple.xpc.launchd.domain.user.loginwindow.14802.4294967295: Could not import service from caller: caller = imklaunchagent.14852, service = com.parallels.inputmethod.ParallelsIM.5712, error = 134: Service cannot load in requested session
Mar 10 22:48:58 com.apple.xpc.launchd.domain.user.loginwindow.14802.4294967295: Could not import service from caller: caller = WacomTabletDriv.14813, service = com.wacom.WacomTouchDriver.183780, error = 134: Service cannot load in requested session
Mar 10 22:48:59 com.apple.xpc.launchd.domain.user.loginwindow.14802.4294967295: Could not import service from caller: caller = prl_deskctl_age.14812, service = com.parallels.mobile.prl_deskctl_agent.220416.UUID, error = 134: Service cannot load in requested session
Mar 10 22:48:59 com.apple.xpc.launchd.domain.user.loginwindow.14802.4294967295: Could not import service from caller: caller = WacomTabletDriv.14813, service = com.wacom.TabletDriver.184064, error = 134: Service cannot load in requested session
Mar 10 22:56:21 com.apple.xpc.launchd.domain.system: Session adoption is only allowed in user domains.
Mar 10 22:59:02 com.apple.xpc.launchd.user.502.100005.Aqua: Could not import service from caller: caller = otherbsd.340, service = com.garmin.renu.service, error = 119: Service is disabled
Mar 10 22:59:02 com.apple.xpc.launchd.user.502.100005.Aqua: Could not import service from caller: caller = otherbsd.340, service = com.apple.photostream-agent, error = 119: Service is disabled
Loaded kernel extensions
com.Logitech.Control Center.HID Driver (3.6.0)
com.Logitech.Unifying.HID Driver (1.2.0)
com.epson.driver.EPSONProjectorUDAudio (1.40)
com.parallels.virtualsound (1.0.36 36)
System services loaded
com.adobe.adobeupdatedaemon
com.adobe.fpsaud
com.apple.watchdogd
com.autodesk.backburner_manager
com.autodesk.backburner_server
com.autodesk.backburner_start
com.google.keystone.daemon
com.makerbot.conveyor.daemon
com.oracle.java.Helper-Tool
com.oracle.java.JavaUpdateHelper
com.parallels.mobile.dispatcher.launchdaemon
com.parallels.mobile.kextloader.launchdaemon
org.macosforge.xquartz.privileged_startx
System services disabled
com.apple.security.FDERecoveryAgent
com.apple.mtmd
com.apple.mrt
com.apple.mtmfs
Login services loaded
com.GoPro.GoPro-Importer
com.Logitech.Control Center.Daemon
com.adobe.AAM.Scheduler-1.0
com.adobe.ARM.UUID
com.adobe.ARM.UUID
com.adobe.ARM.UUID
com.adobe.AdobeCreativeCloud
com.apple.Safari
- status: 78
com.apple.mrt.uiagent
com.citrixonline.GoToMeeting.G2MUpdate
com.divx.dms.agent
com.divx.update.agent
com.google.keystone.system.agent
com.kodak.BonjourAgent
com.kodak.KODAK AiO Firmware Updater
com.kodak.KODAK AiO Software Updater
com.oracle.java.Java-Updater
com.parallels.mobile.prl_deskctl_agent.launchagent
com.parallels.mobile.startgui.launchagent
com.valvesoftware.steamclean
com.wacom.wacomtablet
gldrvmond
org.macosforge.xquartz.startx
Global login items
/Applications/USB Display/USB Display.app/Contents/Resources/USB Display Agent.app
/Applications/USB Display/USB Display.app/Contents/Resources/USB Display Agent.app
User login items
Google Drive
- /Applications/Google Drive.app
USB Display Agent
- /Applications/USB Display/USB Display.app/Contents/Resources/USB Display Agent.app
USB Display Agent
- /Applications/USB Display/USB Display.app/Contents/Resources/USB Display Agent.app
User crontab
#SqzS VERSION = 1.0.0
#SYMANTEC SCHEDULER CRON ENTRIES. THESE ENTRIES ARE AUTOMATICALLY GENERATED
#PLEASE DO NOT EDIT.
# Enc=1 Name="Update Virus Protection" EvType1=1 EvType2=0 Sched=2
0 8 * * 5 "/Library/Application Support/Symantec/Scheduler/SymSecondaryLaunch.app/Contents/schedLauncher" 1 "/Applications/Symantec Solutions/LiveUpdate.app/Contents/MacOS/LiveUpdate" " " "oapp" "aevt" "exAG" "-update LUdf"
# Enc=1 Name="My AntiVirus Scan Task" EvType1=2 EvType2=0 Sched=2
#0 9 * * 6 "/Library/Application Support/Symantec/Scheduler/SymSecondaryLaunch.app/Contents/schedLauncher" -n 2 "/Library/Application Support/Symantec/AntiVirus/ScanNotification.app/Contents/scheduledScanner" " " "NVsi" "SCae" "path" '/' "kydo" "niCE" "long" 0
# Enc=1 Name="My Product Update Task" EvType1=1 EvType2=0 Sched=3
0 8 * * * "/Library/Application Support/Symantec/Scheduler/SymSecondaryLaunch.app/Contents/schedLauncher" 3 "/Applications/Symantec Solutions/LiveUpdate.app/Contents/MacOS/LiveUpdate" " " "oapp" "aevt" "exAG" "-update LUlu"
#SqzS END SYMANTEC CRON ENTRIES
Safari extensions
Open in Internet Explorer
- com.parallels.openinie
Widgets
TimeCalc
eCalc_Scientific
iCloud errors
bird 137
cloudd 18
storedownloadd 2
CallHistorySyncHelper 2
Continuity errors
lsuseractivityd 21
sharingd 11
Restricted files: 10847
Lockfiles: 19
High file counts
Desktop: 84
Accessibility
Keyboard Zoom: On
Scroll Zoom: On
Contents of /Library/LaunchAgents/com.canon.MFManager.plist
- mod date: May 22 05:23:32 2012
- checksum: 290641261
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.canon.MFManager</string>
<key>Program</key>
<string>/Applications/Canon Utilities/ImageBrowser EX/ExtApp/MFManager.app/Contents/MacOS/MFManager</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Canon Utilities/ImageBrowser EX/ExtApp/MFManager.app/Contents/MacOS/MFManager</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.divx.dms.agent.plist
- mod date: Nov 17 02:11:48 2014
- checksum: 637650676
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.divx.dms.agent</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/DivX/DivXMediaServer.app/Contents/MacOS/DivXMediaServer</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.divx.update.agent.plist
- mod date: May 19 16:24:29 2014
- checksum: 3867571547
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.divx.update.agent</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/DivX/DivXUpdate.app/Contents/MacOS/DivXUpdate</string>
<string>/silent</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>10800</integer>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.kodak.BonjourAgent.plist
- mod date: Sep 21 01:39:00 2012
- checksum: 2625351456
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Kodak Version</key>
<string>7.1.6.10</string>
<key>Label</key>
<string>com.kodak.BonjourAgent</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/Library/Printers/Kodak/AiO_Printers/KodakAiOBonjourAgent.app/Contents/ MacOS/KodakAiOBonjourAgent</string>
</array>
<key>ServiceIPC</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.oracle.java.Java-Updater.plist
- mod date: Feb 15 11:22:20 2014
- checksum: 2857777334
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.oracle.java.Java-Updater</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater</string>
<string>-bgcheck</string>
</array>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>71</integer>
<key>Minute</key>
<integer>54</integer>
<key>Weekday</key>
<integer>5</integer>
</dict>
</dict>
...and 1 more line(s)
Contents of /Library/LaunchAgents/com.parallels.mobile.prl_deskctl_agent.launchagent.plist
- mod date: Feb 24 10:45:51 2015
- checksum: 1795713191
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnableTransactions</key>
<true/>
<key>KeepAlive</key>
<dict>
<key>PathState</key>
<dict>
<key>/etc/com.parallels.mobile.prl_deskctl_agent.launchd</key>
<true/>
</dict>
</dict>
<key>Label</key>
<string>com.parallels.mobile.prl_deskctl_agent.launchagent</string>
<key>LimitLoadToSessionType</key>
<array>
<string>Aqua</string>
<string>LoginWindow</string>
</array>
<key>Program</key>
<string>/Applications/Parallels Access.app/Contents/MacOS/Parallels Access Agent.app/Contents/MacOS/prl_deskctl_agent</string>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.wacom.wacomtablet.plist
- mod date: Oct 11 17:37:46 2013
- checksum: 2972905917
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnvironmentVariables</key>
<dict>
<key>RUN_WITH_LAUNCHD</key>
<string>1</string>
</dict>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<true/>
</dict>
<key>Label</key>
<string>com.wacom.wacomtablet</string>
<key>LimitLoadToSessionType</key>
<array>
<string>Aqua</string>
<string>LoginWindow</string>
</array>
<key>Program</key>
<string>/Library/Application Support/Tablet/WacomTabletSpringboard</string>
<key>RunAtLoad</key>
<true/>
...and 4 more line(s)
Contents of /Library/LaunchAgents/org.macosforge.xquartz.startx.plist
- mod date: Aug 11 16:52:54 2014
- checksum: 2451978492
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.macosforge.xquartz.startx</string>
<key>ProgramArguments</key>
<array>
<string>/opt/X11/lib/X11/xinit/launchd_startx</string>
<string>/opt/X11/bin/startx</string>
<string>--</string>
<string>/opt/X11/bin/Xquartz</string>
</array>
<key>Sockets</key>
<dict>
<key>org.macosforge.xquartz:0</key>
<dict>
<key>SecureSocketWithKey</key>
<string>DISPLAY</string>
</dict>
</dict>
<key>ServiceIPC</key>
<true/>
<key>EnableTransactions</key>
<true/>
...and 2 more line(s)
Contents of /Library/LaunchDaemons/com.autodesk.backburner_manager.plist
- mod date: Feb 4 12:44:56 2013
- checksum: 3394451584
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<dict>
<key>PathState</key>
<dict>
<key>/usr/discreet/backburner/nrapi.conf</key>
<true/>
</dict>
</dict>
<key>Label</key>
<string>com.autodesk.backburner_manager</string>
<key>ProgramArguments</key>
<array>
<string>/usr/discreet/backburner/backburnerManager</string>
</array>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.autodesk.backburner_server.plist
- mod date: Feb 4 12:44:56 2013
- checksum: 2405015914
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<dict>
<key>PathState</key>
<dict>
<key>/usr/discreet/backburner/nrapi.conf</key>
<true/>
</dict>
</dict>
<key>Label</key>
<string>com.autodesk.backburner_server</string>
<key>ProgramArguments</key>
<array>
<string>/usr/discreet/backburner/backburnerServer</string>
</array>
<key>Nice</key>
<integer>18</integer>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.autodesk.backburner_start.plist
- mod date: Feb 4 12:44:56 2013
- checksum: 597826117
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>RunAtLoad</key>
<true/>
<key>Label</key>
<string>com.autodesk.backburner_start</string>
<key>ProgramArguments</key>
<array>
<string>/usr/discreet/backburner/backburner</string>
<string>boot</string>
</array>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.makerbot.conveyor.plist
- mod date: Dec 2 11:47:26 2013
- checksum: 147573995
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<false/>
<key>Label</key>
<string>com.makerbot.conveyor.daemon</string>
<key>WorkingDirectory</key>
<string>/Library/MakerBot</string>
<key>ProgramArguments</key>
<array>
<string>/Library/MakerBot/conveyor-svc</string>
<string>--config_file</string>
<string>/Library/MakerBot/conveyor.conf</string>
</array>
<key>KeepAlive</key>
<true/>
<key>EnvironmentVariables</key>
<dict/>
<key>RunAtLoad</key>
<true/>
<key>UserName</key>
<string>_conveyor</string>
</dict>
...and 1 more line(s)
Contents of /Library/LaunchDaemons/com.parallels.mobile.dispatcher.launchdaemon.plist
- mod date: Feb 24 10:45:50 2015
- checksum: 1994226602
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ExitTimeOut</key>
<integer>150</integer>
<key>Label</key>
<string>com.parallels.mobile.dispatcher.launchdaemon</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Parallels Access.app/Contents/MacOS/Parallels Access Dispatcher Service.app/Contents/MacOS/prl_pm_service</string>
<string>-e</string>
<string>--logfile</string>
<string>/var/log/prl_disp_service_server.log</string>
<string>--pidfile</string>
<string>/var/run/prl_pm_service.pid</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.parallels.mobile.kextloader.launchdaemon.plist
- mod date: Feb 24 10:45:51 2015
- checksum: 3938648138
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ExitTimeOut</key>
<integer>150</integer>
<key>Label</key>
<string>com.parallels.mobile.kextloader.launchdaemon</string>
<key>ProgramArguments</key>
<array>
<string>/sbin/kextload</string>
<string>/Applications/Parallels Access.app/Contents/Library/Extensions/10.9/prl_virtual_sound.kext</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of /private/etc/ssh_config
- mod date: Nov 19 19:03:16 2012
- checksum: 1281775184
Host *
SendEnv LANG LC_*
Host *
XAuthLocation /opt/X11/bin/xauth
Contents of Library/LaunchAgents/com.adobe.ARM.UUID.plist
- mod date: Jan 20 19:45:18 2011
- checksum: 408149527
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARM.UUID</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>12600</integer>
</dict>
</plist>
Contents of Library/LaunchAgents/com.adobe.ARM.UUID.plist
- mod date: Jan 29 16:03:43 2010
- checksum: 2544798274
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARM.UUID</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Adobe Reader 8/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>12600</integer>
</dict>
</plist>
Contents of Library/LaunchAgents/com.adobe.ARM.UUID.plist
- mod date: Sep 11 18:20:35 2011
- checksum: 2170691092
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARM.UUID</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Adobe Reader 9/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>12600</integer>
</dict>
</plist>
Contents of Library/LaunchAgents/com.adobe.ARM.UUID.plist
- mod date: Oct 19 12:47:52 2009
- checksum: 10744905
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARM.UUID</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Adobe Acrobat 8 Professional/Adobe Acrobat Professional.app/Contents/MacOS/Updater/Adobe Acrobat Updater Helper.app/Contents/MacOS/Adobe Acrobat Updater Helper</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>12600</integer>
</dict>
</plist>
Contents of Library/LaunchAgents/com.apple.FolderActions.folders.plist
- mod date: Jan 30 08:36:08 2015
- checksum: 1189540302
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.FolderActions.folders</string>
<key>Program</key>
<string>/usr/bin/osascript</string>
<key>ProgramArguments</key>
<array>
<string>osascript</string>
<string>-e</string>
<string>tell application "Folder Actions Dispatcher" to tick</string>
</array>
<key>WatchPaths</key>
<array/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.apple.SafariBookmarksSyncer.plist
- mod date: Dec 18 09:24:48 2008
- checksum: 3493273791
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.Safari</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Safari.app/Contents/SafariSyncClient.app/Contents/MacOS/S afariSyncClient</string>
<string>--sync</string>
<string>com.apple.Safari</string>
<string>--entitynames</string>
<string>com.apple.bookmarks.Bookmark,com.apple.bookmarks.Folder</string>
</array>
<key>RunAtLoad</key>
<false/>
<key>ThrottleInterval</key>
<integer>60</integer>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Library/Safari/Bookmarks.plist</string>
</array>
</dict>
...and 1 more line(s)
Contents of Library/LaunchAgents/com.citrixonline.GoToMeeting.G2MUpdate.plist
- mod date: Dec 15 10:55:51 2014
- checksum: 3001252484
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.citrixonline.GoToMeeting.G2MUpdate</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/CitrixOnline/GoToMeeting/G2MUpdate</string>
</array>
<key>StartInterval</key>
<integer>3660</integer>
</dict>
</plist>
Contents of Library/LaunchAgents/com.parallels.mobile.startgui.launchagent.plist
- mod date: Mar 10 23:00:25 2015
- checksum: 662430762
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ExitTimeOut</key>
<integer>150</integer>
<key>Label</key>
<string>com.parallels.mobile.startgui.launchagent</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Parallels Access.app/Contents/MacOS/prl_deskctl_wizard</string>
<string>--autorun</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.valvesoftware.steamclean.plist
- mod date: Mar 7 15:48:06 2014
- checksum: 1327160095
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.valvesoftware.steamclean</string>
<key>Program</key>
<string>/Users/USER/Library/Application Support/Steam/SteamApps/steamclean</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Steam/SteamApps/steamclean</string>
<string>Public</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>SteamContentPaths</key>
<array>
<string>/Users/USER/Library/Application Support/Steam/SteamApps</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Applications/Steam.app</string>
</array>
</dict>
</plist>
App extensions
com.google.GoogleDrive.FinderSyncAPIExtension
com.parallels.desktop.console.Resource-Monitor
Installations
Topaz Detail2: 11/15/12, 2:58 PM
Topaz DeNoise 5: 11/15/12, 2:57 PM
Topaz Adjust 5: 1 -
Problem with VPN client on Cisco 1801
Hi,
I have configured a new router for a customer.
All works fine but i have a strange issue with the VPN client.
When i start the VPN the client don't close the connection, ask for password, start to negotiate security policy the show the not connected status.
This is the log form the VPN client:
Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
1 14:37:59.133 04/08/13 Sev=Info/6 GUI/0x63B00011
Reloaded the Certificates in all Certificate Stores successfully.
2 14:38:01.321 04/08/13 Sev=Info/4 CM/0x63100002
Begin connection process
3 14:38:01.335 04/08/13 Sev=Info/4 CM/0x63100004
Establish secure connection
4 14:38:01.335 04/08/13 Sev=Info/4 CM/0x63100024
Attempt connection with server "asgardvpn.dyndns.info"
5 14:38:02.380 04/08/13 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 79.52.36.120.
6 14:38:02.384 04/08/13 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
7 14:38:02.388 04/08/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 79.52.36.120
8 14:38:02.396 04/08/13 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
9 14:38:02.396 04/08/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
10 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 79.52.36.120
11 14:38:02.460 04/08/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from 79.52.36.120
12 14:38:02.506 04/08/13 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
13 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
14 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x63000001
Peer supports DPD
15 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
16 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
17 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
18 14:38:02.465 04/08/13 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
19 14:38:02.465 04/08/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 79.52.36.120
20 14:38:02.465 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
21 14:38:02.465 04/08/13 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0xCEFD, Remote Port = 0x1194
22 14:38:02.465 04/08/13 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
23 14:38:02.465 04/08/13 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
24 14:38:02.502 04/08/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 79.52.36.120
25 14:38:02.502 04/08/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 79.52.36.120
26 14:38:02.502 04/08/13 Sev=Info/4 CM/0x63100015
Launch xAuth application
27 14:38:07.623 04/08/13 Sev=Info/4 CM/0x63100017
xAuth application returned
28 14:38:07.623 04/08/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 79.52.36.120
29 14:38:12.656 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
30 14:38:22.808 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
31 14:38:32.949 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
32 14:38:43.089 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
33 14:38:53.230 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
34 14:39:03.371 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
35 14:39:13.514 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
36 14:39:23.652 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
37 14:39:33.807 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
38 14:39:43.948 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
39 14:39:54.088 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
40 14:40:04.233 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
41 14:40:14.384 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
42 14:40:24.510 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
43 14:40:34.666 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
44 14:40:44.807 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
45 14:40:54.947 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
46 14:41:05.090 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
47 14:41:15.230 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
48 14:41:25.370 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
49 14:41:35.524 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
50 14:41:45.665 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
51 14:41:55.805 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
52 14:42:05.951 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
53 14:42:16.089 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
54 14:42:26.228 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
55 14:42:36.383 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
56 14:42:46.523 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
57 14:42:56.664 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
58 14:43:02.748 04/08/13 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=2B1FFC3754E3B290 R_Cookie=73D546631A33B5D6) reason = DEL_REASON_CANNOT_AUTH
59 14:43:02.748 04/08/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to 79.52.36.120
60 14:43:03.248 04/08/13 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=2B1FFC3754E3B290 R_Cookie=73D546631A33B5D6) reason = DEL_REASON_CANNOT_AUTH
61 14:43:03.248 04/08/13 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "asgardvpn.dyndns.info" because of "DEL_REASON_CANNOT_AUTH"
62 14:43:03.248 04/08/13 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
63 14:43:03.262 04/08/13 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
64 14:43:03.262 04/08/13 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
65 14:43:03.265 04/08/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
66 14:43:03.265 04/08/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
67 14:43:03.265 04/08/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
68 14:43:03.265 04/08/13 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
And this is the conf from the 1801:
hostname xxx
boot-start-marker
boot-end-marker
enable secret 5 xxx
aaa new-model
aaa authentication login xauthlist local
aaa authorization network groupauthor local
aaa session-id common
dot11 syslog
no ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.1.1 10.0.1.10
ip dhcp excluded-address 10.0.1.60 10.0.1.200
ip dhcp excluded-address 10.0.1.225
ip dhcp excluded-address 10.0.1.250
ip dhcp pool LAN
network 10.0.1.0 255.255.255.0
default-router 10.0.1.10
dns-server 10.0.1.200 8.8.8.8
domain-name xxx
lease infinite
ip name-server 10.0.1.200
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip inspect log drop-pkt
ip inspect name Firewall cuseeme
ip inspect name Firewall dns
ip inspect name Firewall ftp
ip inspect name Firewall h323
ip inspect name Firewall icmp
ip inspect name Firewall imap
ip inspect name Firewall pop3
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall rtsp
ip inspect name Firewall esmtp
ip inspect name Firewall sqlnet
ip inspect name Firewall streamworks
ip inspect name Firewall tftp
ip inspect name Firewall vdolive
ip inspect name Firewall udp
ip inspect name Firewall tcp
ip inspect name Firewall https
ip inspect name Firewall http
multilink bundle-name authenticated
username xxx password 0 xxxx
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group xxx
key xxx
dns 10.0.1.200
wins 10.0.1.200
domain xxx
pool ippool
acl 101
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec transform-set xauthtransform esp-des esp-md5-hmac
crypto dynamic-map dynmap 10
set transform-set myset
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
archive
log config
hidekeys
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
dsl operating-mode adsl2+
hold-queue 224 in
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Vlan1
ip address 10.0.1.10 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp pap sent-username aliceadsl password 0 aliceadsl
crypto map clientmap
ip local pool ippool 10.16.20.1 10.16.20.200
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 10.0.1.2
ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 10.0.1.60 1056 interface Dialer0 1056
ip nat inside source static tcp 10.0.1.60 1056 interface Dialer0 1056
ip nat inside source static tcp 10.0.1.60 3111 interface Dialer0 3111
ip nat inside source static udp 10.0.1.60 3111 interface Dialer0 3111
ip nat inside source list 101 interface Dialer0 overload
access-list 101 remark *** ACL nonat ***
access-list 101 deny ip 10.0.1.0 0.0.0.255 10.16.20.0 0.0.0.255
access-list 101 permit ip 10.0.1.0 0.0.0.255 any
access-list 150 remark *** ACL split tunnel ***
access-list 150 permit ip 10.0.1.0 0.0.0.255 10.16.20.0 0.0.0.255
control-plane
line con 0
no modem enable
line aux 0
line vty 0 4
password xxx
scheduler max-task-time 5000
end
Anyone can help me ?
Sometimes the vpn can be vreated using the iPhone or iPad vpn client...I am having a simuliar issue with my ASA 5505 that I have set up. I am trying to VPN into the Office. I have no problem accessing the Office network when I am on the internet without the ASA 5505. After I installed the 5505, and there is internet access, I try to connect to the Office network without success. The VPN connects with the following error.
3 Dec 31 2007 05:30:00 305006 xxx.xx.114.97
regular translation creation failed for protocol 50 src inside:192.168.1.9 dst outside:xxx.xx.114.97
HELP? -
Hi,
I have a strange network problem, can anybody help?
Basic configuration
I have three networks 10.190.0.0, 10.192.0.0 and 10.193.0.0 joined by a single server running Solaris 11 B64a with a dual port intel card and onboard intel card (e1000g0/g1/g2) each port is plugged into the gigabit port of a seperate Dell powerconnect switch.
they have ip addresses of 10.190.0.2, 10.192.0.1 and 10.193.0.1
The problem. I have connected from a remote machine through a solaris router machine on the 10.190.0.0 network to a computer on the 10.192.0.0 network (Beyond a switch).
The terminal works fine!
if I ping the 10.190.0.1 which is the other router beyond the box with the three network interfaces packets are not seen by the pinging box. However, if I snoop the interface on the three interface router I see both the ICMP echo requests and replies.
After a considerable length of time 10-30 seconds, a load of the packets suddenly appear on the pinging machine and then continue normally.
I would like to understand:
a) where were the packets during the time between the snoop seeing them leave and them arriving at the destination?
b) why does the terminal not suffer any delays?
We are suffering with a lot of strange network issues at this new site and I am trying to figure out if its the new dell switches, the solaris network stack or something else entirely!
Anybody got any idea whats going on?
Please Help I am baffled.It may just be the pinging machine has received the packets, but it will not display them on screen until it has found a name for the remote IP address (or until it times out waiting for one).
Do you get the same behavior with 'ping -n' ?
Darren -
Hi there,
i have a problem with Routing on ASA 5505.
Here is a brief explanation of the topology:
DC Upstream IP: 77.246.165.141/30
ASA 5505 Upstream to DC IP: 77.246.165.142/30
Interface outside.
There is a Cisco Switch connected to one of ASA Ethernet ports, forming Public/DMZ VLAN.
ASA 5505 Public VLAN interface ip: 31.24.36.1/26
Cisco 3750 Public VLAN interface ip: 31.24.36.62, default gateway: 31.24.36.1, IP Routing enabled on Switch.
From the Cisco Switch I can access the Internet with source ip: 31.24.36.62.
Now I have asked from DC additional subnet: 31.24.36.192/26 and they have it routed correctly towards the ASA Outside interface ip: 77.246.165.142.
I have created additional Public2 VLAN on the Switch with IP address of: 31.24.36.193/26.
On the ASA 5505 i added the route to this Public2 VLAN:
#route public 31.24.36.192 255.255.255.192 31.24.36.62 1
Now the problem is that from the Switch with Source IP: 31.24.36.193 i can ping ASA 5505 Public VLAN IP: 31.24.36.1 so the routing between subnets 31.24.36.0/26 and 31.24.36.192/26 is working OK on both the ASA 5505 and the Switch.
But I can't access the Internet from the Switch with Source IP: 31.24.36.193.Thanks for the replies.
I am running:
Cisco Adaptive Security Appliance Software Version 8.2(2)
As for NAT configuration, there is NAT configured between the Outside Interface IP and the Internal Subnet:
global (outside) 1 interface
nat (inside) 1 192.168.X.0 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
also there is NAT exemption configured because of the Site-to-Site IPSec VPN that we have:
nat (inside) 0 access-list inside_nat0_outbound1
access-list inside_nat0_outbound1 extended permit ip any 192.168.X.0 255.255.255.0
access-list inside_nat0_outbound1 extended permit ip 192.168.X.0 255.255.255.0 OtherSiteLAN 255.255.255.0
access-list inside_nat0_outbound1 extended permit ip any 192.168.X.240 255.255.255.248
access-list inside_nat0_outbound1 extended permit ip 192.168.X.0 255.255.255.128 OtherSiteLAN 255.255.255.0
I don't have any ACL configured on the Public interface in any direction.
Here is the configuration on the Switch regarding this scenario:
interface FastEthernet2/0/X
description Access Port for Public Subnet(31.24.32.0/26) to ASA
switchport access vlan 500
switchport mode access
interface Vlan500
description Public VLAN 1
ip address 31.24.36.62 255.255.255.192
interface Vlan510
description Public VLAN 2
ip address 31.24.36.193 255.255.255.192
ip route 0.0.0.0 0.0.0.0 31.24.36.1
Here is the output when pinging the ASA Public Interface IP with source IP address of: 31.24.36.193(VLAN 510)
SWITCH#ping 31.24.36.1 source vlan 510
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 31.24.36.1, timeout is 2 seconds:
Packet sent with a source address of 31.24.36.193
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
And here is when I try to ping some Internet host:
SWITCH#ping 8.8.8.8 source vlan 510
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 31.24.36.193
Success rate is 0 percent (0/5) -
Remote Access VPN Problem with ASA 5505
After about ~1 year of having the Cisco VPN Client connecting to a ASA 5505 without any problems, suddenly one day it stops working. The client is able to get a connection to the ASA and browse the local network for only about 30 seconds after connection. After that, no access is available to the network behind the ASA. I tried everything that I can think of to try and troubleshoot the problem, but at this point I am just banging my head against a wall. Does anyone know what could cause this?
Here is the running cfg of the ASA
: Saved
ASA Version 8.4(1)
hostname NCHCO
enable password xxxxxxxxxxxxxxx encrypted
passwd xxxxxxxxxxx encrypted
names
name 192.168.2.0 NCHCO description City Offices
name 192.168.2.80 VPN_End
name 192.168.2.70 VPN_Start
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address **.**.***.*** 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
boot system disk0:/asa841-k8.bin
ftp mode passive
object network NCHCO
subnet 192.168.2.0 255.255.255.0
object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
object network obj-192.168.2.64
subnet 192.168.2.64 255.255.255.224
object network obj-0.0.0.0
subnet 0.0.0.0 255.255.255.0
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Webserver
object network FINX
host 192.168.2.11
object service rdp
service tcp source range 1 65535 destination eq 3389
description rdp
access-list outside_nat0_outbound extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list outside_nat0_outbound extended permit ip object NCHCO 192.168.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.2.64 255.255.255.224
access-list inside_nat0_outbound extended permit ip 0.0.0.0 255.255.255.0 192.168.2.64 255.255.255.224
access-list outside_1_cryptomap extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list outside_1_cryptomap_1 extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list LAN_Access standard permit 192.168.2.0 255.255.255.0
access-list LAN_Access standard permit 0.0.0.0 255.255.255.0
access-list NCHCO_splitTunnelAcl_1 standard permit 192.168.2.0 255.255.255.0
access-list AnyConnect_Client_Local_Print extended deny ip any any
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
access-list outside_access_in extended permit tcp any object FINX eq 3389
access-list outside_access_in_1 extended permit object rdp any object FINX
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPN_Pool VPN_Start-VPN_End mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-649.bin
no asdm history enable
arp timeout 14400
nat (inside,any) source static NCHCO NCHCO destination static obj-192.168.1.0 obj-192.168.1.0
nat (inside,any) source static any any destination static obj-192.168.2.64 obj-192.168.2.64
nat (inside,any) source static obj-0.0.0.0 obj-0.0.0.0 destination static obj-192.168.2.64 obj-192.168.2.64
object network obj_any
nat (inside,outside) dynamic interface
object network FINX
nat (inside,outside) static interface service tcp 3389 3389
access-group outside_access_in_1 in interface outside
route outside 0.0.0.0 0.0.0.0 69.61.228.177 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
network-acl outside_nat0_outbound
webvpn
svc ask enable default svc
http server enable
http 192.168.1.0 255.255.255.0 inside
http **.**.***.*** 255.255.255.255 outside
http **.**.***.*** 255.255.255.255 outside
http NCHCO 255.255.255.0 inside
http 96.11.251.186 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set l2tp-transform esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set l2tp-transform mode transport
crypto ipsec ikev1 transform-set vpn-transform esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_MD5 mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map dyn-map 10 set pfs group1
crypto dynamic-map dyn-map 10 set ikev1 transform-set l2tp-transform vpn-transform
crypto dynamic-map dyn-map 10 set reverse-route
crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer 74.219.208.50
crypto map outside_map 1 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto map vpn-map 1 match address outside_1_cryptomap_1
crypto map vpn-map 1 set pfs group1
crypto map vpn-map 1 set peer 74.219.208.50
crypto map vpn-map 1 set ikev1 transform-set ESP-3DES-SHA
crypto map vpn-map 10 ipsec-isakmp dynamic dyn-map
crypto isakmp identity address
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 ipsec-over-tcp port 10000
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto ikev1 policy 15
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 35
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
client-update enable
telnet 192.168.1.0 255.255.255.0 inside
telnet NCHCO 255.255.255.0 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh NCHCO 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd address 192.168.2.150-192.168.2.225 inside
dhcpd dns 216.68.4.10 216.68.5.10 interface inside
dhcpd lease 64000 interface inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.2.1
vpn-tunnel-protocol ikev1 l2tp-ipsec
default-domain value nchco.local
group-policy DfltGrpPolicy attributes
dns-server value 192.168.2.1
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
password-storage enable
ipsec-udp enable
intercept-dhcp 255.255.255.0 enable
address-pools value VPN_Pool
group-policy NCHCO internal
group-policy NCHCO attributes
dns-server value 192.168.2.1 8.8.8.8
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value NCHCO_splitTunnelAcl_1
default-domain value NCHCO.local
username admin password LbMiJuAJjDaFb2uw encrypted privilege 15
username 8njferg password yB1lHEVmHZGj5C2Z encrypted privilege 15
username NCHvpn99 password dhn.JzttvRmMbHsP encrypted
tunnel-group DefaultRAGroup general-attributes
address-pool (inside) VPN_Pool
address-pool VPN_Pool
authentication-server-group (inside) LOCAL
authentication-server-group (outside) LOCAL
authorization-server-group LOCAL
authorization-server-group (inside) LOCAL
authorization-server-group (outside) LOCAL
default-group-policy DefaultRAGroup
strip-realm
strip-group
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate nocheck
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
no authentication ms-chap-v1
authentication ms-chap-v2
tunnel-group DefaultWEBVPNGroup ppp-attributes
authentication pap
authentication ms-chap-v2
tunnel-group 74.219.208.50 type ipsec-l2l
tunnel-group 74.219.208.50 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group NCHCO type remote-access
tunnel-group NCHCO general-attributes
address-pool VPN_Pool
default-group-policy NCHCO
tunnel-group NCHCO ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:a2110206e1af06974c858fb40c6de2fc
: end
asdm image disk0:/asdm-649.bin
asdm location VPN_Start 255.255.255.255 inside
asdm location VPN_End 255.255.255.255 inside
no asdm history enable
And here is the logs from the Cisco VPN Client when it browses, then fails to browse the network behind the ASA:
Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
1 09:44:55.677 10/01/13 Sev=Info/6 CERT/0x63600026
Attempting to find a Certificate using Serial Hash.
2 09:44:55.677 10/01/13 Sev=Info/6 CERT/0x63600027
Found a Certificate using Serial Hash.
3 09:44:55.693 10/01/13 Sev=Info/6 GUI/0x63B00011
Reloaded the Certificates in all Certificate Stores successfully.
4 09:45:02.802 10/01/13 Sev=Info/4 CM/0x63100002
Begin connection process
5 09:45:02.802 10/01/13 Sev=Info/4 CM/0x63100004
Establish secure connection
6 09:45:02.802 10/01/13 Sev=Info/4 CM/0x63100024
Attempt connection with server "**.**.***.***"
7 09:45:02.802 10/01/13 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with **.**.***.***.
8 09:45:02.818 10/01/13 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
9 09:45:02.865 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to **.**.***.***
10 09:45:02.896 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
11 09:45:02.896 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?)) from **.**.***.***
12 09:45:02.896 10/01/13 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
13 09:45:02.896 10/01/13 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
14 09:45:02.896 10/01/13 Sev=Info/5 IKE/0x63000001
Peer supports DPD
15 09:45:02.896 10/01/13 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
16 09:45:02.896 10/01/13 Sev=Info/5 IKE/0x63000001
Peer supports IKE fragmentation payloads
17 09:45:02.927 10/01/13 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
18 09:45:02.927 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to **.**.***.***
19 09:45:02.927 10/01/13 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0xDD3B, Remote Port = 0x01F4
20 09:45:02.927 10/01/13 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end is NOT behind a NAT device
21 09:45:02.927 10/01/13 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
22 09:45:02.943 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
23 09:45:02.943 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from **.**.***.***
24 09:45:02.943 10/01/13 Sev=Info/4 CM/0x63100015
Launch xAuth application
25 09:45:03.037 10/01/13 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
26 09:45:03.037 10/01/13 Sev=Info/4 CM/0x63100017
xAuth application returned
27 09:45:03.037 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to **.**.***.***
28 09:45:03.037 10/01/13 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
29 09:45:03.037 10/01/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
30 09:45:03.083 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
31 09:45:03.083 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from **.**.***.***
32 09:45:03.083 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to **.**.***.***
33 09:45:03.083 10/01/13 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
34 09:45:03.083 10/01/13 Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator
35 09:45:03.083 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to **.**.***.***
36 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
37 09:45:03.146 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from **.**.***.***
38 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.2.70
39 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK: , value = 255.255.255.0
40 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.2.1
41 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(2): , value = 8.8.8.8
42 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000001
43 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000001
44 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #1
subnet = 192.168.2.0
mask = 255.255.255.0
protocol = 0
src port = 0
dest port=0
45 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = NCHCO.local
46 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_UDP_NAT_PORT, value = 0x00002710
47 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
48 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc ASA5505 Version 8.4(1) built by builders on Mon 31-Jan-11 02:11
49 09:45:03.146 10/01/13 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SMARTCARD_REMOVAL_DISCONNECT: , value = 0x00000001
50 09:45:03.146 10/01/13 Sev=Info/4 CM/0x63100019
Mode Config data received
51 09:45:03.146 10/01/13 Sev=Info/4 IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.2.70, GW IP = **.**.***.***, Remote IP = 0.0.0.0
52 09:45:03.146 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to **.**.***.***
53 09:45:03.177 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
54 09:45:03.177 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from **.**.***.***
55 09:45:03.177 10/01/13 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
56 09:45:03.177 10/01/13 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
57 09:45:03.193 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
58 09:45:03.193 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIME) from **.**.***.***
59 09:45:03.193 10/01/13 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 28800 seconds
60 09:45:03.193 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH) to **.**.***.***
61 09:45:03.193 10/01/13 Sev=Info/5 IKE/0x63000059
Loading IPsec SA (MsgID=967A3C93 OUTBOUND SPI = 0xAAAF4C1C INBOUND SPI = 0x3EBEBFC5)
62 09:45:03.193 10/01/13 Sev=Info/5 IKE/0x63000025
Loaded OUTBOUND ESP SPI: 0xAAAF4C1C
63 09:45:03.193 10/01/13 Sev=Info/5 IKE/0x63000026
Loaded INBOUND ESP SPI: 0x3EBEBFC5
64 09:45:03.193 10/01/13 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 96.11.251.1 96.11.251.149 261
96.11.251.0 255.255.255.0 96.11.251.149 96.11.251.149 261
96.11.251.149 255.255.255.255 96.11.251.149 96.11.251.149 261
96.11.251.255 255.255.255.255 96.11.251.149 96.11.251.149 261
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 261
192.168.1.3 255.255.255.255 192.168.1.3 192.168.1.3 261
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 261
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 96.11.251.149 96.11.251.149 261
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 261
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 96.11.251.149 96.11.251.149 261
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 261
65 09:45:03.521 10/01/13 Sev=Info/6 CVPND/0x63400001
Launch VAInst64 to control IPSec Virtual Adapter
66 09:45:03.896 10/01/13 Sev=Info/4 CM/0x63100034
The Virtual Adapter was enabled:
IP=192.168.2.70/255.255.255.0
DNS=192.168.2.1,8.8.8.8
WINS=0.0.0.0,0.0.0.0
Domain=NCHCO.local
Split DNS Names=
67 09:45:03.912 10/01/13 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 96.11.251.1 96.11.251.149 261
96.11.251.0 255.255.255.0 96.11.251.149 96.11.251.149 261
96.11.251.149 255.255.255.255 96.11.251.149 96.11.251.149 261
96.11.251.255 255.255.255.255 96.11.251.149 96.11.251.149 261
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 261
192.168.1.3 255.255.255.255 192.168.1.3 192.168.1.3 261
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 261
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 96.11.251.149 96.11.251.149 261
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 261
224.0.0.0 240.0.0.0 0.0.0.0 0.0.0.0 261
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 96.11.251.149 96.11.251.149 261
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 261
255.255.255.255 255.255.255.255 0.0.0.0 0.0.0.0 261
68 09:45:07.912 10/01/13 Sev=Info/4 CM/0x63100038
Successfully saved route changes to file.
69 09:45:07.912 10/01/13 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 96.11.251.1 96.11.251.149 261
**.**.***.*** 255.255.255.255 96.11.251.1 96.11.251.149 100
96.11.251.0 255.255.255.0 96.11.251.149 96.11.251.149 261
96.11.251.149 255.255.255.255 96.11.251.149 96.11.251.149 261
96.11.251.255 255.255.255.255 96.11.251.149 96.11.251.149 261
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 261
192.168.1.3 255.255.255.255 192.168.1.3 192.168.1.3 261
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 261
192.168.2.0 255.255.255.0 192.168.2.70 192.168.2.70 261
192.168.2.0 255.255.255.0 192.168.2.1 192.168.2.70 100
192.168.2.70 255.255.255.255 192.168.2.70 192.168.2.70 261
192.168.2.255 255.255.255.255 192.168.2.70 192.168.2.70 261
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 96.11.251.149 96.11.251.149 261
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 261
224.0.0.0 240.0.0.0 192.168.2.70 192.168.2.70 261
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 96.11.251.149 96.11.251.149 261
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 261
255.255.255.255 255.255.255.255 192.168.2.70 192.168.2.70 261
70 09:45:07.912 10/01/13 Sev=Info/6 CM/0x63100036
The routing table was updated for the Virtual Adapter
71 09:45:07.912 10/01/13 Sev=Info/4 CM/0x6310001A
One secure connection established
72 09:45:07.943 10/01/13 Sev=Info/4 CM/0x6310003B
Address watch added for 96.11.251.149. Current hostname: psaserver, Current address(es): 192.168.2.70, 96.11.251.149, 192.168.1.3.
73 09:45:07.943 10/01/13 Sev=Info/4 CM/0x6310003B
Address watch added for 192.168.2.70. Current hostname: psaserver, Current address(es): 192.168.2.70, 96.11.251.149, 192.168.1.3.
74 09:45:07.943 10/01/13 Sev=Info/5 CM/0x63100001
Did not find the Smartcard to watch for removal
75 09:45:07.943 10/01/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
76 09:45:07.943 10/01/13 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
77 09:45:07.943 10/01/13 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x1c4cafaa into key list
78 09:45:07.943 10/01/13 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
79 09:45:07.943 10/01/13 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0xc5bfbe3e into key list
80 09:45:07.943 10/01/13 Sev=Info/4 IPSEC/0x6370002F
Assigned VA private interface addr 192.168.2.70
81 09:45:07.943 10/01/13 Sev=Info/4 IPSEC/0x63700037
Configure public interface: 96.11.251.149. SG: **.**.***.***
82 09:45:07.943 10/01/13 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 1.
83 09:45:13.459 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to **.**.***.***
84 09:45:13.459 10/01/13 Sev=Info/6 IKE/0x6300003D
Sending DPD request to **.**.***.***, our seq# = 107205276
85 09:45:13.474 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
86 09:45:13.474 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from **.**.***.***
87 09:45:13.474 10/01/13 Sev=Info/5 IKE/0x63000040
Received DPD ACK from **.**.***.***, seq# received = 107205276, seq# expected = 107205276
88 09:45:15.959 10/01/13 Sev=Info/4 IPSEC/0x63700019
Activate outbound key with SPI=0x1c4cafaa for inbound key with SPI=0xc5bfbe3e
89 09:46:00.947 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to **.**.***.***
90 09:46:00.947 10/01/13 Sev=Info/6 IKE/0x6300003D
Sending DPD request to **.**.***.***, our seq# = 107205277
91 09:46:01.529 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
92 09:46:01.529 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from **.**.***.***
93 09:46:01.529 10/01/13 Sev=Info/5 IKE/0x63000040
Received DPD ACK from **.**.***.***, seq# received = 107205277, seq# expected = 107205277
94 09:46:11.952 10/01/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to **.**.***.***
95 09:46:11.952 10/01/13 Sev=Info/6 IKE/0x6300003D
Sending DPD request to **.**.***.***, our seq# = 107205278
96 09:46:11.979 10/01/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
97 09:46:11.979 10/01/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from **.**.***.***
98 09:46:11.979 10/01/13 Sev=Info/5 IKE/0x63000040
Received DPD ACK from **.**.***.***, seq# received = 107205278, seq# expected = 107205278
Any help would be appreciated, thanks!I made the change that you requested by moving the VPN pool to the 192.168.3.0 network. Unfortunately, now traffic isn't flowing to the inside network at all. I was going to make a specific route as you suggested, but as far as I can see the routes are already being created correctly on the VPN client's end.
Here is the route print off of the computer behind the (test) client:
===========================================================================
Interface List
21...00 05 9a 3c 78 00 ......Cisco Systems VPN Adapter for 64-bit Windows
10...00 15 5d 01 02 01 ......Microsoft Hyper-V Network Adapter
15...00 15 5d 01 02 02 ......Microsoft Hyper-V Network Adapter #2
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 96.11.251.1 96.11.251.149 261
69.61.228.178 255.255.255.255 96.11.251.1 96.11.251.149 100
96.11.251.0 255.255.255.0 On-link 96.11.251.149 261
96.11.251.149 255.255.255.255 On-link 96.11.251.149 261
96.11.251.255 255.255.255.255 On-link 96.11.251.149 261
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 261
192.168.1.3 255.255.255.255 On-link 192.168.1.3 261
192.168.1.255 255.255.255.255 On-link 192.168.1.3 261
192.168.2.0 255.255.255.0 192.168.3.1 192.168.3.70 100
192.168.3.0 255.255.255.0 On-link 192.168.3.70 261
192.168.3.70 255.255.255.255 On-link 192.168.3.70 261
192.168.3.255 255.255.255.255 On-link 192.168.3.70 261
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 261
224.0.0.0 240.0.0.0 On-link 96.11.251.149 261
224.0.0.0 240.0.0.0 On-link 192.168.3.70 261
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 261
255.255.255.255 255.255.255.255 On-link 96.11.251.149 261
255.255.255.255 255.255.255.255 On-link 192.168.3.70 261
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 96.11.251.1 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 1020 ::/0 2002:c058:6301::c058:6301
14 1020 ::/0 2002:c058:6301::1
1 306 ::1/128 On-link
14 1005 2002::/16 On-link
14 261 2002:600b:fb95::600b:fb95/128
On-link
15 261 fe80::/64 On-link
10 261 fe80::/64 On-link
21 261 fe80::/64 On-link
10 261 fe80::64ae:bae7:3dc0:c8c4/128
On-link
21 261 fe80::e9f7:e24:3147:bd/128
On-link
15 261 fe80::f116:2dfd:1771:125a/128
On-link
1 306 ff00::/8 On-link
15 261 ff00::/8 On-link
10 261 ff00::/8 On-link
21 261 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
And here is the updated running config in case you need it:
: Saved
ASA Version 8.4(1)
hostname NCHCO
enable password hTjwXz/V8EuTw9p9 encrypted
passwd hTjwXz/V8EuTw9p9 encrypted
names
name 192.168.2.0 NCHCO description City Offices
name 192.168.2.80 VPN_End
name 192.168.2.70 VPN_Start
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 69.61.228.178 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
boot system disk0:/asa841-k8.bin
ftp mode passive
object network NCHCO
subnet 192.168.2.0 255.255.255.0
object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
object network obj-192.168.2.64
subnet 192.168.2.64 255.255.255.224
object network obj-0.0.0.0
subnet 0.0.0.0 255.255.255.0
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Webserver
object network FINX
host 192.168.2.11
object service rdp
service tcp source range 1 65535 destination eq 3389
description rdp
object network obj-192.168.3.0
subnet 192.168.3.0 255.255.255.0
object network obj-192.168.2.0
subnet 192.168.2.0 255.255.255.0
access-list outside_nat0_outbound extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list outside_nat0_outbound extended permit ip object NCHCO 192.168.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.2.64 255.255.255.224
access-list inside_nat0_outbound extended permit ip 0.0.0.0 255.255.255.0 192.168.2.64 255.255.255.224
access-list outside_1_cryptomap extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list outside_1_cryptomap_1 extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list LAN_Access standard permit 192.168.2.0 255.255.255.0
access-list LAN_Access standard permit 0.0.0.0 255.255.255.0
access-list NCHCO_splitTunnelAcl_1 standard permit 192.168.2.0 255.255.255.0
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
access-list AnyConnect_Client_Local_Print extended deny ip any any
access-list outside_access_in extended permit tcp any object FINX eq 3389
access-list outside_access_in_1 extended permit object rdp any object FINX
access-list outside_specific_blocks extended deny ip host 121.168.66.35 any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPN_Pool VPN_Start-VPN_End mask 255.255.255.0
ip local pool VPN_Split_Pool 192.168.3.70-192.168.3.80 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-649.bin
no asdm history enable
arp timeout 14400
nat (inside,any) source static NCHCO NCHCO destination static obj-192.168.1.0 obj-192.168.1.0
nat (inside,any) source static any any destination static obj-192.168.2.64 obj-192.168.2.64
nat (inside,any) source static obj-0.0.0.0 obj-0.0.0.0 destination static obj-192.168.2.64 obj-192.168.2.64
object network obj_any
nat (inside,outside) dynamic interface
object network FINX
nat (inside,outside) static interface service tcp 3389 3389
access-group outside_access_in_1 in interface outside
route outside 0.0.0.0 0.0.0.0 69.61.228.177 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
network-acl outside_nat0_outbound
webvpn
svc ask enable default svc
http server enable
http 192.168.1.0 255.255.255.0 inside
http 69.61.228.178 255.255.255.255 outside
http 74.218.158.238 255.255.255.255 outside
http NCHCO 255.255.255.0 inside
http 96.11.251.186 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set l2tp-transform esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set l2tp-transform mode transport
crypto ipsec ikev1 transform-set vpn-transform esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_MD5 mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map dyn-map 10 set pfs group1
crypto dynamic-map dyn-map 10 set ikev1 transform-set l2tp-transform vpn-transform
crypto dynamic-map dyn-map 10 set reverse-route
crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer 74.219.208.50
crypto map outside_map 1 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto map vpn-map 1 match address outside_1_cryptomap_1
crypto map vpn-map 1 set pfs group1
crypto map vpn-map 1 set peer 74.219.208.50
crypto map vpn-map 1 set ikev1 transform-set ESP-3DES-SHA
crypto map vpn-map 10 ipsec-isakmp dynamic dyn-map
crypto isakmp identity address
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 ipsec-over-tcp port 10000
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto ikev1 policy 15
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 35
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
client-update enable
telnet 192.168.1.0 255.255.255.0 inside
telnet NCHCO 255.255.255.0 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh NCHCO 255.255.255.0 inside
ssh 96.11.251.186 255.255.255.255 outside
ssh timeout 5
console timeout 0
dhcpd address 192.168.2.150-192.168.2.225 inside
dhcpd dns 216.68.4.10 216.68.5.10 interface inside
dhcpd lease 64000 interface inside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.2.1
vpn-tunnel-protocol ikev1 l2tp-ipsec
default-domain value nchco.local
group-policy DfltGrpPolicy attributes
dns-server value 192.168.2.1
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
password-storage enable
ipsec-udp enable
intercept-dhcp 255.255.255.0 enable
address-pools value VPN_Split_Pool
group-policy NCHCO internal
group-policy NCHCO attributes
dns-server value 192.168.2.1 8.8.8.8
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value NCHCO_splitTunnelAcl_1
default-domain value NCHCO.local
username admin password LbMiJuAJjDaFb2uw encrypted privilege 15
username 8njferg password yB1lHEVmHZGj5C2Z encrypted privilege 15
username NCHvpn99 password dhn.JzttvRmMbHsP encrypted
tunnel-group DefaultRAGroup general-attributes
address-pool (inside) VPN_Pool
address-pool VPN_Split_Pool
authentication-server-group (inside) LOCAL
authentication-server-group (outside) LOCAL
authorization-server-group LOCAL
authorization-server-group (inside) LOCAL
authorization-server-group (outside) LOCAL
default-group-policy DefaultRAGroup
strip-realm
strip-group
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate nocheck
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
no authentication ms-chap-v1
authentication ms-chap-v2
tunnel-group DefaultWEBVPNGroup ppp-attributes
authentication pap
authentication ms-chap-v2
tunnel-group 74.219.208.50 type ipsec-l2l
tunnel-group 74.219.208.50 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group NCHCO type remote-access
tunnel-group NCHCO general-attributes
address-pool VPN_Split_Pool
default-group-policy NCHCO
tunnel-group NCHCO ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:9e8466cd318c0bd35bc660fa65ba7a03
: end
asdm image disk0:/asdm-649.bin
asdm location VPN_Start 255.255.255.255 inside
asdm location VPN_End 255.255.255.255 inside
no asdm history enable
Thanks again for your help,
Matthew
Maybe you are looking for
-
J2EE Engine cannot start after applying SP11 on WAS 6.40
Hi SAP I am upgrading my WAS 6.40 SR1 java instance from SP9 to SP11. At the last stages of the installation the Java instance is stopped & started,at the step where Java instance is started, the 'server' process of the Java instance is not coming up
-
How to Install XSQL On Apache 1.3.12 Tomcat 3.1 ?
We are trying to install the XSQL 1.0.0 Servlet to the Apache 1.3.12 With Tomcat 3.1 (production verion) on Solaris 2.6 platform. We followed the instructions on the XSQL Release Note. However, it does not work. More specifically, we modified the tom
-
How do you display file type in PS Elements 10?
How do you display file type in PS Elements 10 in the Organizer for each photo? I know you can right click and look at meta data. In PSE 7 it was displayed under each photo.
-
HELP - My Songs Are there but iTunes can't find them!!!
I just moved my iTunes library to a different drive and iTunes just gives me "!" next to the song files and tells me the song file isn't there. Help!!
-
After Automatic Software Update I Can't Attach Photos in Hotmail via Safari
Suddenly after my iMac update the software on my computer, I suddenly can't attach any photos in Hotmail when I launch Safari. I have been a Hotmail user for 10 years now and never have had this problem before. This has been my primary account for th