IOS 4.2.1 Broke VPN
Any reason 4.2.1 would break our VPN connection?
Currently connecting to a SonicWall VPN using L2TP. Everything worked great on 3.2.2, but broke on 4.2.1. I have even downgraded and it works fine, but no go on 4.2.1
Yes it does get to the firewall:
IKE Responder: ESP encryption algorithm does not match
RECEIVED<<< ISAKMP OAK QM (InitCookie:0x259ef61e052e2f4d RespCookie:0x141170aedc8317ca, MsgID: 0xFDB1207D) *(HASH, SA, NON, ID, ID, NAT_OA, NAT_OA)
IKE Responder: ESP encryption algorithm does not match
IKE Responder: IPSec proposal does not match (Phase 2)
Similar Messages
-
Really Need Some Help with CME 8.6 using IOS as Firewall and Anyconnect VPN on Phones
Hello,
I have a 2911 Router with IOS Security and Voice enabled and we are using CME 8.6. I am using a built-in Anyconnect VPN on 3 phones that are for remote users and thus I needed to enable security zones on the router which works because the remote phones will boot up, get their phone configs and I am able to call those remote phones from an outside line.
The issue I am having is that when I try to dial a remote phone connected via the VPN through port g0/0 from and internal office phone, i.e., NOT involving the PSTN then there is no audio. It's as if no audio is going back and forth. When I take off the security zones from the virtual-template interface and the g0/0 interface then the audio works great and I can reach the phone from internal as I am supposed to.
Could someone take a peek at my security config and see why audio would not be traveling through the VPN when I have my security zones turned on?
clock timezone PST -8 0
clock summer-time PST recurring
network-clock-participate wic 0
network-clock-select 1 T1 0/0/0
no ipv6 cef
ip source-route
ip cef
ip dhcp excluded-address 192.168.8.1 192.168.8.19
ip dhcp pool owhvoip
network 192.168.8.0 255.255.248.0
default-router 192.168.8.1
option 150 ip 192.168.8.1
lease 30
multilink bundle-name authenticated
isdn switch-type primary-ni
crypto pki server cme_root
database level complete
grant auto
lifetime certificate 7305
lifetime ca-certificate 7305
crypto pki token default removal timeout 0
crypto pki trustpoint cme_root
enrollment url http://192.168.8.1:80
revocation-check none
rsakeypair cme_root
crypto pki trustpoint cme_cert
enrollment url http://192.168.8.1:80
revocation-check none
crypto pki trustpoint TP-self-signed-2736782807
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2736782807
revocation-check none
rsakeypair TP-self-signed-2736782807
voice-card 0
dspfarm
dsp services dspfarm
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
vpn-group 1
vpn-gateway 1 https://66.111.111.111/SSLVPNphone
vpn-trustpoint 1 trustpoint cme_cert leaf
vpn-profile 1
host-id-check disable
voice class codec 1
codec preference 1 g711ulaw
voice class custom-cptone jointone
dualtone conference
frequency 600 900
cadence 300 150 300 100 300 50
voice class custom-cptone leavetone
dualtone conference
frequency 400 800
cadence 400 50 200 50 200 50
voice translation-rule 1
rule 1 /9400/ /502/
rule 2 /9405/ /215/
rule 3 /9410/ /500/
voice translation-rule 2
rule 1 /.*/ /541999999/
voice translation-rule 100
rule 1 /^9/ // type any unknown plan any isdn
voice translation-profile Inbound_Calls_To_CUE
translate called 1
voice translation-profile InternationalType
translate called 100
voice translation-profile Local-CLID
translate calling 2
license udi pid CISCO2911/K9 sn FTX1641AHX3
hw-module pvdm 0/0
hw-module pvdm 0/1
hw-module sm 1
username routeradmin password 7 091649040910450B41
username cmeadmin privilege 15 password 7 03104803040E375F5E4D5D51
redundancy
controller T1 0/0/0
cablelength long 0db
pri-group timeslots 1-12,24
class-map type inspect match-any sslvpn
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-all router-access
match access-group name router-access
policy-map type inspect firewall-policy
class type inspect sslvpn
inspect
class class-default
drop
policy-map type inspect outside-to-router-policy
class type inspect router-access
inspect
class class-default
drop
zone security trusted
zone security internet
zone-pair security trusted-to-internet source trusted destination internet
service-policy type inspect firewall-policy
zone-pair security untrusted-to-trusted source internet destination trusted
service-policy type inspect outside-to-router-policy
interface Loopback0
ip address 192.168.17.1 255.255.248.0
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description Internet
ip address dhcp
no ip redirects
no ip proxy-arp
zone-member security internet
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 192.168.8.1 255.255.248.0
duplex auto
speed auto
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
interface Serial0/0/0:23
no ip address
encapsulation hdlc
isdn switch-type primary-ni
isdn incoming-voice voice
no cdp enable
interface Integrated-Service-Engine1/0
ip unnumbered Loopback0
service-module ip address 192.168.17.2 255.255.248.0
!Application: CUE Running on NME
service-module ip default-gateway 192.168.17.1
no keepalive
interface Virtual-Template1
ip unnumbered GigabitEthernet0/0
zone-member security trusted
ip local pool SSLVPNPhone_pool 192.168.9.1 192.168.9.5
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip http path flash:/cme-gui-8.6.0
ip route 192.168.17.2 255.255.255.255 Integrated-Service-Engine1/0
ip access-list extended router-access
permit tcp any host 66.111.111.111 eq 443
tftp-server flash:apps31.9-3-1ES26.sbn
control-plane
voice-port 0/0/0:23
voice-port 0/3/0
voice-port 0/3/1
mgcp profile default
sccp local GigabitEthernet0/1
sccp ccm 192.168.8.1 identifier 1 priority 1 version 7.0
sccp
sccp ccm group 1
bind interface GigabitEthernet0/1
associate ccm 1 priority 1
associate profile 1 register CME-CONF
dspfarm profile 1 conference
codec g729br8
codec g729r8
codec g729abr8
codec g729ar8
codec g711alaw
codec g711ulaw
maximum sessions 4
associate application SCCP
dial-peer voice 500 voip
destination-pattern 5..
session protocol sipv2
session target ipv4:192.168.17.2
dtmf-relay sip-notify
codec g711ulaw
no vad
dial-peer voice 10 pots
description Incoming Calls To AA
translation-profile incoming Inbound_Calls_To_CUE
incoming called-number .
port 0/0/0:23
dial-peer voice 20 pots
description local 10 digit dialing
translation-profile outgoing Local-CLID
destination-pattern 9[2-9].........
incoming called-number .
port 0/0/0:23
forward-digits 10
dial-peer voice 30 pots
description long distance dialing
translation-profile outgoing Local-CLID
destination-pattern 91..........
incoming called-number .
port 0/0/0:23
forward-digits 11
dial-peer voice 40 pots
description 911
destination-pattern 911
port 0/0/0:23
forward-digits all
dial-peer voice 45 pots
description 9911
destination-pattern 9911
port 0/0/0:23
forward-digits 3
dial-peer voice 50 pots
description international dialing
translation-profile outgoing InternationalType
destination-pattern 9T
incoming called-number .
port 0/0/0:23
dial-peer voice 650 pots
huntstop
destination-pattern 650
fax rate disable
port 0/3/0
gatekeeper
shutdown
telephony-service
protocol mode ipv4
sdspfarm units 5
sdspfarm tag 1 CME-CONF
conference hardware
moh-file-buffer 90
no auto-reg-ephone
authentication credential cmeadmin tshbavsp$$4
max-ephones 50
max-dn 200
ip source-address 192.168.8.1 port 2000
service dnis dir-lookup
timeouts transfer-recall 30
system message Oregon's Wild Harvest
url services http://192.168.17.2/voiceview/common/login.do
url authentication http://192.168.8.1/CCMCIP/authenticate.asp
cnf-file location flash:
cnf-file perphone
load 7931 SCCP31.9-3-1SR4-1S.loads
load 7936 cmterm_7936.3-3-21-0.bin
load 7942 SCCP42.9-3-1SR4-1S.loads
load 7962 SCCP42.9-4-2-1S.loads
time-zone 5
time-format 24
voicemail 500
max-conferences 8 gain -6
call-park system application
call-forward pattern .T
moh moh.wav
web admin system name cmeadmin secret 5 $1$60ro$u.0r/cno/OD2JmtvPq4w9.
dn-webedit
transfer-digit-collect orig-call
transfer-system full-consult
transfer-pattern .T
fac standard
create cnf-files version-stamp Jan 01 2002 00:00:00
ephone-template 1
softkeys connected Hold Park Confrn Trnsfer Endcall ConfList TrnsfVM
button-layout 7931 2
ephone-template 2
softkeys idle Dnd Gpickup Pickup Mobility
softkeys connected Hold Park Confrn Mobility Trnsfer TrnsfVM
button-layout 7931 2
ephone-dn 1 dual-line
number 200
label Lisa
name Lisa Ziomkowsky
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 2 dual-line
number 201
label Dylan
name Dylan Elmer
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 3 dual-line
number 202
label Kimberly
name Kimberly Krueger
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 4 dual-line
number 203
label Randy
name Randy Buresh
mobility
snr calling-number local
snr 915035042317 delay 5 timeout 15 cfwd-noan 500
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 5 dual-line
number 204
label Mark
name Mark McBride
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 6 dual-line
number 205
label Susan
name Susan Sundin
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 7 dual-line
number 206
label Rebecca
name Rebecca Vaught
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 8 dual-line
number 207
label Ronnda
name Ronnda Daniels
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 9 dual-line
number 208
label Matthew
name Matthew Creswell
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 10 dual-line
number 209
label Nate
name Nate Couture
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 11 dual-line
number 210
label Sarah
name Sarah Smith
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 12 dual-line
number 211
label Janis
name Janis McFerren
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 13 dual-line
number 212
label Val
name Val McBride
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 14 dual-line
number 213
label Shorty
name Arlene Haugen
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 15 dual-line
number 214
label Ruta
name Ruta Wells
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 16 dual-line
number 215
label 5415489405
name OWH Sales
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 17 dual-line
number 216
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 18 dual-line
number 217
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 19 dual-line
number 218
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 20 dual-line
number 219
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 21 dual-line
number 220
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 22 dual-line
number 221
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 23 dual-line
number 222
label Pam
name Pam Buresh
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 24 dual-line
number 223
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 25 dual-line
number 224
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 26 dual-line
number 225
label Elaine
name Elaine Mahan
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 27 octo-line
number 250
label Shipping
name Shipping
ephone-dn 28 dual-line
number 251
label Eli
name Eli Nourse
call-forward busy 500
call-forward noan 500 timeout 10
ephone-dn 29 dual-line
number 252
ephone-dn 30 dual-line
number 253
ephone-dn 31 octo-line
number 100
label Customer Service
name Customer Service
call-forward busy 500
call-forward noan 500 timeout 12
ephone-dn 32 octo-line
number 101
label Sales
name Sales
call-forward busy 214
call-forward noan 214 timeout 12
ephone-dn 33 dual-line
number 260
label Conference Room
name Conference Room
call-forward busy 100
call-forward noan 100 timeout 12
ephone-dn 100
number 300
park-slot timeout 20 limit 2 recall
description Park Slot For All Company
ephone-dn 101
number 301
park-slot timeout 20 limit 2 recall
description Park Slot for All Company
ephone-dn 102
number 302
park-slot timeout 20 limit 2 recall
description Park Slot for All Company
ephone-dn 103
number 700
name All Company Paging
paging ip 239.1.1.10 port 2000
ephone-dn 104
number 8000...
mwi on
ephone-dn 105
number 8001...
mwi off
ephone-dn 106 octo-line
number A00
description ad-hoc conferencing
conference ad-hoc
ephone-dn 107 octo-line
number A01
description ad-hoc conferencing
conference ad-hoc
ephone-dn 108 octo-line
number A02
description ad-hoc conferencing
conference ad-hoc
ephone 1
device-security-mode none
mac-address 001F.CA34.88AE
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:2 2:31
ephone 2
device-security-mode none
mac-address 001F.CA34.8A03
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:12
ephone 3
device-security-mode none
mac-address 001F.CA34.898B
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
ephone 4
device-security-mode none
mac-address 001F.CA34.893F
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
ephone 5
device-security-mode none
mac-address 001F.CA34.8A71
ephone-template 1
max-calls-per-button 2
username "susan"
paging-dn 103
type 7931
button 1:6
ephone 6
device-security-mode none
mac-address 001F.CA34.8871
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:7 2:31 3:32
ephone 7
device-security-mode none
mac-address 001F.CA34.8998
ephone-template 1
max-calls-per-button 2
username "matthew"
paging-dn 103
type 7931
button 1:9
ephone 8
device-security-mode none
mac-address 001F.CA36.8787
ephone-template 1
max-calls-per-button 2
username "nate"
paging-dn 103
type 7931
button 1:10
ephone 9
device-security-mode none
mac-address 001F.CA34.8805
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:5
ephone 10
device-security-mode none
mac-address 001F.CA34.880C
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:14
ephone 11
device-security-mode none
mac-address 001F.CA34.8935
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:3
ephone 12
device-security-mode none
mac-address 001F.CA34.8995
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:8 2:31
ephone 13
device-security-mode none
mac-address 0021.5504.1796
ephone-template 2
max-calls-per-button 2
paging-dn 103
type 7931
button 1:4
ephone 14
device-security-mode none
mac-address 001F.CA34.88F7
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:23
ephone 15
device-security-mode none
mac-address 001F.CA34.8894
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:26
ephone 16
device-security-mode none
mac-address 001F.CA34.8869
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:28 2:27
ephone 17
device-security-mode none
mac-address 001F.CA34.885F
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:11
ephone 18
device-security-mode none
mac-address 001F.CA34.893C
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:27
ephone 19
device-security-mode none
mac-address 001F.CA34.8873
ephone-template 1
max-calls-per-button 2
paging-dn 103
type 7931
button 1:27
ephone 20
device-security-mode none
mac-address A456.3040.B7DD
paging-dn 103
type 7942
vpn-group 1
vpn-profile 1
button 1:13
ephone 21
device-security-mode none
mac-address A456.30BA.5474
paging-dn 103
type 7942
vpn-group 1
vpn-profile 1
button 1:15 2:16 3:32
ephone 22
device-security-mode none
mac-address A456.3040.B72E
paging-dn 103
type 7942
vpn-group 1
vpn-profile 1
button 1:1
ephone 23
device-security-mode none
mac-address 00E0.75F3.D1D9
paging-dn 103
type 7936
button 1:33
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
transport input all
scheduler allocate 20000 1000
ntp master
ntp update-calendar
ntp server 216.228.192.69
webvpn gateway sslvpn_gw
ip address 66.111.111.111 port 443
ssl encryption 3des-sha1 aes-sha1
ssl trustpoint cme_cert
inservice
webvpn context sslvpn_context
ssl encryption 3des-sha1 aes-sha1
ssl authenticate verify all
policy group SSLVPNphone
functions svc-enabled
hide-url-bar
svc address-pool "SSLVPNPhone_pool" netmask 255.255.248.0
svc default-domain "bendbroadband.com"
virtual-template 1
default-group-policy SSLVPNphone
gateway sslvpn_gw domain SSLVPNphone
authentication certificate
ca trustpoint cme_root
inservice
endI think your ACL could be the culprit.
ip access-list extended router-access
permit tcp any host 66.111.111.111 eq 443
Would you be able to change the entry to permit ip any any (just for testing purpose) and then test to see if the calls function properly. If they work fine then we know that we need to open som ports there.
Please remember to select a correct answer and rate helpful posts -
When I sync my photos to iPhone 5s and iPad Mini retina, iOS 7.0.4 its broke my photos. What's is happening? When Apple is going to solve this serious problem? I made a facory reset and the problem persist. Affortunatelly photos are OK and safe in my Mac but this issue scares, because photos and videos belong to unforgettable memories. I'm user of Apple for more than 12 years, I have had all versions of iPhone and iPad, and never had this kind of problems.\
I were in an Apple store, they told me that I've to restore as a new iPhone and iPad but the problem persist.
1. Has anyone any solution?
2. Apple Support people or Customer Management, please, could you give some answer about that?
Thanks in advance for your answers and comments.This means that when I try to see synced photos in my IPhone or iPad the photos appears with lines of shadows, with some parts in green, with some pixels in black and white, some lines in white, etc. I never had this kind of problems, my photos are ok in my Mac and it's happening with old photos and photos that I took a week ago (so, this is not a problem with photos taken with my new iPhone, this a problem with all my photos when I sync it to those devices).
On the other hand, when I play my videos, the videos stop and play, freezing images and not reproducing images and voice simultaneously.
Please, let me know if you need further information. -
Cisco IOS supporting both voice and vpn
Hi Friends
i have one 2821 router.Can any one suggesting which ios will support both voice and vpn?Questions like this are better/faster answered by checking feature navigator.
http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
My suggestion is to run an MD release.
Also a big dated document:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_tech_note09186a00800fb9d9.shtml
For old software and hardware you can also check out Figure 1 here:
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_bulletin_c25_506007.html
M. -
When will the 4.3.x iOS be fixed to allow VPN connections?
Hello there,
Our company has recently purchased two new Ipad 2's and can not get VPN connections working.
We can connect through VPN on our Ipad 1's (4.2.1) But not on our second generation Ipad 2's (4.3.3). After a quick search I have found similar problems reported when using OS 4.3.1 and later, with no current fixes being available.
See thread: https://discussions.apple.com/thread/2778039?start=0&tstart=0 (22,000 views)
My questions are, will there be a fix anytime soon or is it advisable to wait until iOS 5 is released?
Is there any option to downgrade iOS versions?
Why hasn't this been posted on the official Apple website as this clearly is false advertising?
Regards,
Kai.I am talking about APPLE'S in-built VPN option. Not anyone else's VPN solution. read: apple....
Working fine for me with PPTP to a Cisco RV042, L2TP to a Windows 2003 server, and IPSec to a Cisco ASA5505. All using iOS4.3.3 built-in VPN client.
After a quick search I have found similar problems reported when using OS 4.3.1 and later, with no current fixes being available.
Read through that thread you gave as an example very slowly, deliberately, and carefully. I was very active in that thread and based in part on the info from that specific thread, IMHO the specific make and model of VPN endpoint you're connecting seems to be significant. Once you filter out the numerous "me too" posts, it seems to me that many of the failures are connecting to Linux based VPN endpoints, particularly DD-WRT. And as I've said in that thread and other threads, since it appears to be fine on Cisco and Windows "enterprise grade" equipment, everyone that is experiencing problems needs to call Apple with detailed info of their VPN endpoints so that it can get passed on to the engineering folks. Just more "me too" calls doesn't help resolve the issue since if you take a setup like mine "everything is fine" so what more is there to "fix"? -
Controling iOS Ports and URLs Via VPN and UTM
I'm new to actual Network Security. My dad's worked network security, I've taken Security and programing classes. But in short, I have no real money and I'm too busy living the college life (Homework tell you're hired 3 years from now.) My goal this winter is to set up a UTM in the house. I'll probably go with Astaro. If not, WS2008 is my next choice. It's a bit harder on resources, to my experience, but I'm still new, so studying is required.
my ultimate goal is to lock down my network. No uncleared Ports or URLs. I've learned with ZoneAlarm how much I love manual control of my network and thus the applications within it. I'm not a pirate, but I don't like programs validating. It seems insulting for my computer not to trust it's creater. so I block that. My goal is to lock down my more portable systems and reroute them back into the LAN via VPN and block outgoing and incoming ports and URLs from the UTM here.
I realized that I can apply this technique to the iOSs as well, in theory. I'm here to ask for help with this.
My questions:
1. Can you forward ALL networked data to and through the VPNed Network without a single leek?
2. Has anyone tried this and what problems have you had? (Exp: some apps might not like this. I can't imagine them wasting the processor power to check for his, but it's happened with countless PC programs)
3. In regards to question number two's tangent, I'm making a special goal to block the new iAd Urls. I'm assuming they use the commonly open port 80. they don't want people to be without ads at school.
Has anyone seen a problem with this?
thank you in advance. I want to publish my findings in an easy How To Manual later. Sharing is caring. haha.Smith Comma John wrote:
I was asking if anyone had actually tested the IOS for leaks. either Apple making a backdoor for their sake, or one of the apps exploiting a fault somewhere.
Given the intense scrutiny that Apple is under, I doubt either scenario is a possibility.
What I really ment to ask was "has anyone had problems with the apps not liking URL/Port limitations forced upon them". With ZoneAlarm, you can do exactly this and all of the programs I've used cannot access the internet without concent from the user. If blocked, the end up thinking that they're off line, but Crysis, for example will not intstall unless it get's an authentication check from crytec's server. You cannot install it without internet access (Assuming no workarounds/spoofing is used). Has anyone had problems with the applications after firewalling their ipad with in a similar fashion.
On a Mac, people use Little Snitch for this. It is very handy to make sure SPAM in your inbox doesn't phone home if you accidentally open it.
Because all such tools are system-level, you aren't going to run the on iOS. What you can do is run DD-WRT on your router. You could control and log all inbound and outbound traffic. It is essentially a port of Linux for your router. I used it for many years until I got a Time Capsule. As far as routers go, my ancient Buffalo router with DD-WRT was significantly better than the Apple Time Capsule. My iPad works great with it. I expect DD-WRT would be able to keep you suitably entertained.
Frankly I'm not too happy with apple right now. Tryrony comes to mind.
Don't believe what you read on the internet, especially if Apple is the subject. -
IOS 5.0.1 broke one of my Apps
I'm trying to use an app called Podcast Box and it works fine on iPhone 4 and 4s running IOS 5.0
However, when I try to use it on my iPhone 4 with 5.0.1 to download podcasts (which is what this app is supposed to do) I get an error message telling me it can't reach the App Store because of a network problem. However, in every other way my iPhone 4 seems to be working fine, including downloading new apps from the app store.
I've tried rebooting the iPhone and also deleting and redownloading the Podcast Box app.
Any ideas for a fix?According to Apple (http://support.apple.com/kb/ht1937) all UK carriers sell their iPhones locked, even though they also all offer unlocking. So, as mentioned, contact your friend and ask them did they get it unlocked? If not, which carrier did they get it from so you can contact that carrier and request an unlock.
-
IOS 8.0.2 broke the personal hotspot feature
I have an unlocked iPhone 5S purchased from Apple direct at full price. The hotspot feature always worked on iOS 7.x. I recently "upgraded" (read downgraded) to iOS 8.0.2 and my personal hotspot feature has simply disappeared. It does not appear where it is supposed to be. It is not there at -> Settings "Perosnal Hotspot" and it is also not there under -> Settings -> Cellular or -> Settings -> Cellular -> Cellular Network
(As shown here it simply does NOT appear at all: http://www.gottabemobile.com/2014/09/23/how-to-use-the-ios-8-hotspot/)
Some have suggested that "maybe a carrier update did this". It's alarming to think that a "carrier" could "update" my phone to remove vital features when I have an unlocked phone purchased outright at full price from Apple and I am using it with a no contract SIM. How this carrier could be allowed to damage my phone by disabling features is beyond me but even so I know this isn't the case because:
1) Others with the same carrier still have the feature.
2) By screwing around with network settings reset, and Settings -> Cellular -> Cellular Network -> Reset Settings sometimes I get it to reappear especially after i enter some garbage data at Settings -> Cellular -> Cellular Network: PERSONAL HOTSPOT "APN" "Username" and "Password" and then doing another Settings -> Cellular -> Cellular Network -> Reset Settings. It appears on the screen Settings -> Cellular -> Personal Hotspot and it's disabled. But when I turn it on it disappears again.
Another horrific iOS 8.0.x bug...I have also Iphone 5 , also also updated on IOS 8.0.2 few days ago but yesterday i also have this same problem of broken personal hotspot when i was needed, so i seached and seen you post but for me it is benificial that i tried and now fixed the problem, i know this is a bug of IOS 8 but what to do now let's see in future when apple fix it.i did same process like you ....settings....cellular,,,,,cellular data network and in the personal hotspot APN username and password submitted any thing then i return to main then i did reset settings in the cellular data network. i think it is not neccessary to do this reset.
i found personal hotspot in the...... cellular ...and then i switch off and on it was working and then i return back to.... settings....and hotspot was there like before and its functioning like in IOS 7.
Thanks a lot -
IPhoto 11… OS X 10.7.1 … iOS 4.3.5… broke!
I'm trying to sync photos into an iphone 4 with ios 4.3.5 from an iphoto 11 library loaded on os 10.7.1. Now, not only does the previous problem of it not importing any videos other than those taken from my iphon 4 continue, but also, it has stopped importing all photos from a certain recent event i made after os x was upgraded to Lion. It tends to import only 13 photos (including videos) from that event and doesn't import some 200+ other from the same event. I have tried unchecking-syncing-checking again-syncing again the option to sync iphoto library in itunes. i have the latest itunes as well.
i event rebuilt the iphoto library but it didnt help. infact, iphoto tends to randmly garble images into different events and also can sometimes not produce thumbnails for some. this has happened ever since after iphoto 09. i dont know how many photos i've lost in the process of rebuilding the library!
HELP!
NeeravGo to your Pictures Folder and find the iPhoto Library there. Right (or Control-) Click on the icon and select 'Show Package Contents'. A finder window will open with the Library exposed.
Look there for the iPod Photo Cache.
Trash it. Start iPhoto and try sync again.
Regards
TD -
IOS 8.1.2 broke Yahoo Mail
After updating to 8.1.2, Yahoo mail no longer works. I have tried the usual delete then readd the account. My gmail and work microsoft exchange account works fine. It will download my sent and emails from other folders, but when I do to inbox, I see the "Downloading 1 of 250" briefly at the bottom, but nothing ever downloads. I am very tech savvy and have done all the usual fixes. Please send this up the ladder so it gets fixed.
enosmac wrote:
After updating to 8.1.2, Yahoo mail no longer works. I have tried the usual delete then readd the account. My gmail and work microsoft exchange account works fine. It will download my sent and emails from other folders, but when I do to inbox, I see the "Downloading 1 of 250" briefly at the bottom, but nothing ever downloads. I am very tech savvy and have done all the usual fixes. Please send this up the ladder so it gets fixed.
Send up to what ladder? There is no Apple here in this user to user technical forum.
Yahoo mail has always been unstable, try using the yahoo app. -
Does AirPlay still work for anyone else?
It still works from iTunes on the mac, so I know the AirPort express isn't broken.
AirPort express (802.11g) firmware 6.3 (latest)
iPhone - no audio
iPad - no audio
iTunes - works fine
Also, the iPod functionality on the iPhone seems to randomly cut out and "pause" tracks now.
Nice update ^^ lolNothing personal (or maybe just a little personal), but simply copying my post from a day earlier as your own is not helpful to the Apple communities or people that coming here looking for support.
It does nothing more than add a duplicate post and decrease the chances that someone might actually include a reference to my original post, which came from MY OWN HARD WORK in troubleshooting my issues.
If you are having a similar issue, post the issue after doing your own leg work and describe in your own words. Don't simple steal someone else's hard work to troubleshoot the problem as your own effort. -
Native iOS L2TP VPN not working on Lion Server
Hi Folks,
I have a very strange issue concerning making VPN work on two iOS devices I have. I have recently setup Lion Server on a MacMini here in the office with L2TP VPN using a shared secrert phrase and a password authentication.
I have Lion running on an a MacBook Air (which I setup VPN using the provisioning profile "VPN.mobileprovision") and Snow Leopard running on an iMac. (VPN was set up manually). Both systems have been tested to work both inside and outsideof my internal network as I have tested with an air card.
I also have an iPhone running 4.3.4/4.3.5 that I setup by emailing the provisioning profile and and iPad 1 running iOS 5 beta 4 setup with the vpn provisioning profile. Neither the iPad nor iPhone seem to work at all either internally nor externally. In fact I never see any activity in the vpnd.log when I attempt to connect to with these devices. All I get is the standard "The L2TP-VPN server did not respond. Try reconnecting. ..."
Based on my success with the OSX Clients both inside and outside my local network I feel it is safe to say that I do not think the issue resides on the Lion Server nor the network/firewall configuration. I am running a Time Capsule with FW 7.5.2/7.4.2. There was no change in behavior with either version of the Time capsule firmware for the clients whether they were OSX or iOS. I must be clearly missing something here and I don't know what. Any help any of you could provide would be greatly appreciated. Thanks!
Please see the below settings for my VPN Settings on the host and iOS client
root# serveradmin settings vpn
vpn:vpnHost = ""
vpn:Servers:com.apple.ppp.pptp:Server:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.pptp:Server:VerboseLogging = 1
vpn:Servers:com.apple.ppp.pptp:Server:MaximumSessions = 128
vpn:Servers:com.apple.ppp.pptp:DNS:OfferedSearchDomains:_array_index:0 = "ri.cox.net"
vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.15.1"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:SharedSecret = "1"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:SharedSecret = "2"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
vpn:Servers:com.apple.ppp.pptp:enabled = no
vpn:Servers:com.apple.ppp.pptp:Interface:SubType = "PPTP"
vpn:Servers:com.apple.ppp.pptp:Interface:Type = "PPP"
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoFailure = 5
vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdle = 1
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-RSA"
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
vpn:Servers:com.apple.ppp.pptp:PPP:CCPEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:IPCPCompressionVJ = 0
vpn:Servers:com.apple.ppp.pptp:PPP:ACSPEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoInterval = 60
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize128 = 1
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize40 = 0
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
vpn:Servers:com.apple.ppp.pptp:PPP:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.pptp:PPP:VerboseLogging = 1
vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdleTimer = 7200
vpn:Servers:com.apple.ppp.pptp:PPP:CCPProtocols:_array_index:0 = "MPPE"
vpn:Servers:com.apple.ppp.pptp:IPv4:ConfigMethod = "Manual"
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:0 = "192.168.15.224"
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:1 = "192.168.15.254"
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteAddresses = _empty_array
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteTypes = _empty_array
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteMasks = _empty_array
vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingAddress = "1.2.3.4"
vpn:Servers:com.apple.ppp.l2tp:Server:MaximumSessions = 128
vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingEnabled = 0
vpn:Servers:com.apple.ppp.l2tp:Server:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.l2tp:Server:VerboseLogging = 1
vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedSearchDomains:_array_index:0 = "ri.cox.net"
vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.15.1"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:SharedSecret = "1"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:SharedSecret = "2"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
vpn:Servers:com.apple.ppp.l2tp:enabled = yes
vpn:Servers:com.apple.ppp.l2tp:Interface:SubType = "L2TP"
vpn:Servers:com.apple.ppp.l2tp:Interface:Type = "PPP"
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoFailure = 5
vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdle = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-KRB"
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
vpn:Servers:com.apple.ppp.l2tp:PPP:VerboseLogging = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:IPCPCompressionVJ = 0
vpn:Servers:com.apple.ppp.l2tp:PPP:ACSPEnabled = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoInterval = 60
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoEnabled = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
vpn:Servers:com.apple.ppp.l2tp:PPP:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdleTimer = 7200
vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecretEncryption = "Keychain"
vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalIdentifier = ""
vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecret = "com.apple.ppp.l2tp"
vpn:Servers:com.apple.ppp.l2tp:IPSec:AuthenticationMethod = "SharedSecret"
vpn:Servers:com.apple.ppp.l2tp:IPSec:RemoteIdentifier = ""
vpn:Servers:com.apple.ppp.l2tp:IPSec:IdentifierVerification = "None"
vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalCertificate = <>
vpn:Servers:com.apple.ppp.l2tp:IPv4:ConfigMethod = "Manual"
vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:0 = "192.168.15.241"
vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:1 = "192.168.15.249"
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteAddresses = _empty_array
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteTypes = _empty_array
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteMasks = _empty_array
vpn:Servers:com.apple.ppp.l2tp:L2TP:Transport = "IPSec"Issue is resolved. I used the initial random generated shared secret that was generated by Lion Server. The shared secret has special characters. IOS did not like the special characters. See iPhone Console Log below:
Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] INFO: @(#)This product linked OpenSSL 0.9.7l 28 Sep 2006 (http://www.openssl.org/)
Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] INFO: Reading configuration from "/etc/racoon/racoon.conf"
Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] ERROR: /var/run/racoon/68.9.232.78.conf:6: "?gLA" syntax error
Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] ERROR: fatal parse failure (1 errors)
That is why I never saw any attempt to connect. The actual process would bomb out before attempting to make a connection to the server.
The shared secret key was:
Y|WNwvM_O"?gLA$F@adT
Looks like it was the " or the ? symbols.
Once I changed the shared secret key the issue went away and the iPhone and iPad could connect to vpn without issue.
Figured I'd let you all know -
My VPN keeps disconnecting after downloaded iOS 8. How do I fix this?
my VPN keeps disconnecting after I have downloaded iOS 8 on my iPad. Why is this happening? How can I fix it?
I am having similar issues. IPad mini ios 8.0.2. VPN connection will drop unexpectedly. Actually, it drops coincide with an active application that uses a lot of memory. Such as a web browser. I can 100% replicate behavior by connecting VPN, going to Safari, and opening Facebook. If I don't use an app that is memory-intensive, VPN stays connected indefinitely.
-
I have a cisco 1841 router and i want to use web vpn on it i mean ssl vpn which ios is needed for ssl vpn as well as plz tell me the ssl vpn licence cost . I have heard that 2 SSL VPN Client Licence are free on but SDM doesnt allow me to do that
12.3.14T6 with Advanced Security should be the smallest ...
-
Does ios vpn ondemand conflict with manual vpn?
I have an ios 7.1.2 device with a vpn configuration profile applied to force a IPSEC vpn on for all internet access. This works great - when ever I access a web page etc, the vpn springs into life.
However, if I go to Settings, VPN and manually switch the VPN OFF; and then manually switch the VPN back on again - the VPN no longer works properly:
-The VPN logo still appears at the top leftside, when the VPN is manually switched back on again
-However, when I go to a web page I get the message unable to connect to the internet.
-Specifically, I know that traffic is going to the vpn server, and the vpn server is returning traffic - but it appears the device is unable to handle it.
Has anyone else come across this use case?
I know that if having had the problem, I manually switch the vpn back OFF; and then go to a web page to trigger the vpn on demand - all is well.
So its as if there is a conflict between ondemand and manual vpn setting?
Has anyone else experienced this?
Is it a bug or a feature? Is there anything I can do to avoid it, or having used on demand - do I always have to trigger on demand and never manually?I have this same question for IPSec on both iOS and MAC OS X. Does the built in iOS and MAC OS X VPN client's support IPSec VPN connections where the VPN server's public IPv6 address is used ? I am getting a server not found error when I try to get this working.
Maybe you are looking for
-
Converting text to varchar in a variable
hi all, i am getting CUSTMER_ID like ('1234','23456','23445','9845'.....) almost 3k Customers in single row, i am selecting this from a table a running through execute SQL task and capturing the result in a variable , but when i try execute the
-
Takes long time to drpo tables with large numbers of partitions
11.2.0.3 This is for a build. We are still in development. No risk of data loss. As part of the build, I drop the user,re-create it, re-create the objects. Allows us to test the build all the way through. Its our process. This user has some tables wi
-
Monitor resolution for OS 8.6
I have a Sony Trinitron multiscan 200 ES and I can not change the resolution will not change from 640 x 480. HELP
-
Synced my iPad to my new iMac. how do i get my apps from iTunes to launchpad?
I got a new iMac and synched my iPad to iTunes on the mac. how do i get my apps from iTunes to launchpad?
-
Is it possible to reset my whole account?
Hi, We have been using skype at work for a while, however they changed their policy and it's supposed to be exclusively for work now. Since I don't want to lose my username, is there a way to reset my account "to factory settings" meaning it looks li