IPSEC SA Lifetime
If one end of an IPSEC vpn has a lifetime set to 28800 secs and the other end 3600 secs, what effect will this have on the connection? And why?
The Vpn establishes and runs okay but periodically drops out. I presume this SA Lifetime mis-match is the cause, but was just curious as to why? As my understanding was that even though the lifetimes are different they agree on the lower value anyway?
Any thoughts?
Your understanding of the IPSEC SA Lifetime is correct. If you have 3600 and 28800 has the IPSEC Lifetime between two peers, the smaller value will be considered for the SA and in your case 3600. And a new SA is negotiated 30 seconds before the lifetime (3600) expires. This should keep your traffic flowing across the tunnel without any issues.
I hope it helps.
Regards,
Arul
Similar Messages
-
WRV200: IPSec Key Lifetime Stuck on 3600 (VPN)
Hi. I have a WRV200 router (version 1). I can successfully setup VPN tunnels to other VPN routers. However, I have a minor issue. Although the IPSec Key Lifetime is listed as being any number between 1200 and 86400, it will only let me select 3600.
I have verified this with the following firmware versions:
1.0.29 (2/14/07)
1.0.32.2 (5/2/07)
Using the web interface, it will let me change the number, but when I click "Save Settings", it goes back to 3600.
Has anyone else been able to set this field to any other value?
Is there a CLI interface that I can access to tweak the VPN settings?
Thanks,
VanGet the beta firmware 1.0.38 from Linksys Tech Support. Firmware 1.0.38 is in my opinio the best firmware so far for WRV200.
Message Edited by VPN_user on 04-07-2008 12:27 AM -
Changing the IPSEC sa lifetime
Hi,
If I use the
crypto IPSEC security-association lifetime command, doesn't that hold for all clients? I'm trying to change it only for one IPSEC sa and i don't want to interrupt any other already existing VPN clients.
is there a way to set it for just one client?
Thanks!
Lisa Gyou can change it under the crypto map configuration for each individual connection. since you didn't state what device your vpn's are terminated on though, i can't give you a specific example.
the command you gave is global, for which there exists a default lifetime already. 'local' lifetimes for individual crypto maps override this value.
also, if two peers differ in their lifetimes during negotiation, they are 'supposed' to choose the smallest value, but still connect. -
Ipsec security association (SA) lifetime mismatch
Can somebody tell me wht happens when the IPSEC SA lifetime mismatch happens in a VPN tunnel ? i tried creating a mismatch on two cisco routers but it worked without any problem. just wanted to confirm tht if theoritically it inflicts the IPSEC traffic in anyway ?
negotation happen when the lower lifetime expires , is it the case ?
i read tht the tunnel wont come up at all when there is a IPSEC mismatch but tht wasn't the case..
thanksHi,
This is how it goes, when there are 2 routers with different IPSEC SA lifetimes, then the tunnel would only come up if it is initiated from the end with higher lifetime configured. If you initiate the tunnel from the lower lifetime end, it should not come up. When the end with higher lifetime initiates the tunnel it is capable of setting its own lifetime to what is configured on the other end but not vice versa.
Once the tunnel is up as per the lower lifetime, when it renegotites, ideally it should not be successful. The reason is the IPSEC SA would still exist on the end with higer lifetime whereas the SAs are expired on the other end so you should see errors in the debugs.
This is the reason having the same lifetime is recommended.
HTH,
Please rate if it helps.
Regards,
Kamal -
hello guys ,
i have started managing a asa 5510 firewall which is already having 10 ipsec tunnels , the problem i am facing is they are configured as "ipsec vpn map"
i have attached sample config . , i am finding it difficult to understand the parameters used in each tunnel as the configration seems bit complex to me , if possible can anyone advice how it works .
regards
amit1. ikev1 - IKEv1 transform sets for IPSec not for isakmp.
Understanding IKEv1 Transform Sets and IKEv2 Proposals
An IKEv1 transform set or an IKEv2 proposal is a combination of security protocols and algorithms that define how the ASA protects data. During IPsec SA negotiations, the peers must identify a transform set or proposal that is the same at both peers. The ASA then applies the matching transform set or proposal to create an SA that protects data flows in the access list for that crypto map.
With IKEv1 transform sets, you set one value for each parameter. For IKEv2 proposals, you can configure multiple encryption and authentication types and multiple integrity algorithms for a single proposal. The ASA orders the settings from the most secure to the least secure and negotiates with the peer using that order. This allows you to potentially send a single proposal to convey all the allowed combinations instead of the need to send each allowed combination individually as with IKEv1.
The ASA tears down the tunnel if you change the definition of the transform set or proposal used to create its SA. See "Clearing Security Associations" for further information.
2. both for ipsec data encription
" Changing IPsec SA Lifetimes
You can change the global lifetime values that the ASA uses when negotiating new IPsec SAs. You can override these global lifetime values for a particular crypto map.
IPsec SAs use a derived, shared, secret key. The key is an integral part of the SA; the keys time out together to require the key to refresh. Each SA has two lifetimes: timed and traffic-volume. An SA expires after the respective lifetime and negotiations begin for a new one. The default lifetimes are 28,800 seconds (eight hours) and 4,608,000 kilobytes (10 megabytes per second for one hour).
If you change a global lifetime, the ASA drops the tunnel. It uses the new value in the negotiation of subsequently established SAs.
When a crypto map does not have configured lifetime values and the ASA requests a new SA, it inserts the global lifetime values used in the existing SA into the request sent to the peer. When a peer receives a negotiation request, it uses the smaller of either the lifetime value the peer proposes or the locally configured lifetime value as the lifetime of the new SA.
The peers negotiate a new SA before crossing the lifetime threshold of the existing SA to ensure that a new SA is ready when the existing one expires. The peers negotiate a new SA when about 5 to 15 percent of the lifetime of the existing SA remains.
3. for selecting between tranform-sets when negotiation ipsec parameters. first matched for both peers is elected for encription.
Thanks for grade answer -
Hi,
By default SA lifetime is 24 hours.
Occassionally i receive the message such as
MM_REKEY_DONE_H2
During that time i need to clear the tunnel using the command.
clear crypto isakmp sa peer x.x.x.x inorder to rebuilt the seeion.
MY question is
1 why does it happens occassionally
2 if i donot clear that how much time will be taken to build the session automatically.Your understanding of the IPSEC SA Lifetime is correct. If you have 3600 and 28800 has the IPSEC Lifetime between two peers, the smaller value will be considered for the SA and in your case 3600. And a new SA is negotiated 30 seconds before the lifetime (3600) expires. This should keep your traffic flowing across the tunnel without any issues.
I hope it helps.
Regards,
Arul -
Disappearing IPsec routes with RRI
Hi all,
I am trying to set up a pair of 1941 routers in a HA configuration to act as L2L VPN gateways. The active router of the pair should distribute routes to the remote destinations using OSPF to internal routers. The VPN part is working fine and the routers are correctly advertising routes to internal hosts, however my problem is that when an IPsec sessions disconnect, the routes disappear and therefore internal hosts cannot reestablish a connection. If the remote end establishes a connection, the routes appear again and connectivity is restored.
My setup is as follows:
(ASA) --> (pvpn01 & pvpn02 HA pair) --> (internet) --> (remote peer)
Relevant sections from my config:
ipc zone default
association 1
no shutdown
protocol sctp
local-port 5000
local-ip 10.26.100.246
retransmit-timeout 300 10000
path-retransmit 10
assoc-retransmit 10
remote-port 5000
remote-ip 10.26.100.247
track 1 interface GigabitEthernet0/1 line-protocol
track 2 interface GigabitEthernet0/0 line-protocol
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
lifetime 600
crypto isakmp key xxxxxx address 79.171.99.80
crypto ipsec transform-set aes-sha esp-aes esp-sha-hmac
crypto map outsidemap 10000 ipsec-isakmp
set peer 79.171.99.80
set security-association lifetime seconds 600
set transform-set aes-sha
match address vpn_ospftest_acl
reverse-route static
interface GigabitEthernet0/0
ip address 10.26.100.246 255.255.255.0
no ip proxy-arp
ip verify unicast reverse-path
ip ospf message-digest-key 1 md5 xxxxxxx
duplex auto
speed auto
interface GigabitEthernet0/1
description outside
ip address 91.216.255.246 255.255.255.240
no ip proxy-arp
ip verify unicast reverse-path
standby delay minimum 120 reload 120
standby 1 ip 91.216.255.248
standby 1 preempt
standby 1 authentication md5 key-string xxxxxxx
standby 1 name pvpn_external
standby 1 track 2 decrement 10
ip ospf message-digest-key 1 md5 xxxxxxx
duplex auto
speed auto
crypto map outsidemap redundancy pvpn_external stateful
router ospf 1
router-id 91.216.255.246
no compatible rfc1583
log-adjacency-changes detail
area 0 authentication message-digest
redistribute static subnets route-map rmap_ospf_redistribute
network 10.26.100.0 0.0.0.255 area 0
network 91.216.255.240 0.0.0.15 area 0
ip route 0.0.0.0 0.0.0.0 91.216.255.241
ip route 10.26.0.0 255.255.0.0 10.26.100.1
ip access-list standard acl_osfp_redistribute
permit 192.168.66.0 0.0.0.255
ip access-list extended vpn_ospftest_acl
permit ip 10.26.0.0 0.0.255.255 192.168.66.0 0.0.0.255
route-map rmap_ospf_redistribute permit 10000
match ip address acl_ospf_redistribute
The other router in the pair has exactly the same config except with different interface IPs. The remote end is configured to talk to the HA address
91.216.255.248.
The VPN routers are both running IOS version 15.0(1r)M9.
When I initially boot the routers, the route for 192.168.66.0/24 appears in 'show crypto route', and is advertised to neighboring routers. If I ping an address on that network an SA is established and stays active as long as there is traffic flowing.
pvpn02#show crypto route
VPN Routing Table: Shows RRI and VTI created routes
Codes: RRI - Reverse-Route, VTI- Virtual Tunnel Interface
S - Static Map ACLs
Routes created in table GLOBAL DEFAULT
192.168.66.0/255.255.255.0 [1/0] via 79.171.99.80 tag 0
on GigabitEthernet0/1 RRI S
If I then stop traffic flowing over the tunnel and wait until the IPsec SA lifetime is expired, the route is deleted from the system routing table and therefore not distributed by OSPF. The result is that internal hosts cannot reestablish the tunnel as the other routers have no route to the 192.168.66.0/24 network.
Is this a bug, or is there another way to get the RRI routes to persist on the active router? My understanding of the docs suggests that this should work.
I've attached a log from the active router. It is taken with 'debug crypto ipsec' enabled.
Thanks in advance,
DavidHi David,
it sounds like you are hitting a bug, possibly this one:
CSCtr87413 RRI static Route disappear after receiving delete notify and DPD failure
Note that 15.0(1r)M9 is not your IOS version, the "r" means this is the bootstrap version.
Also notet that the bug mentioned above affects 15.0 as well as 15.1 but is only fixed in 15.1(4)M3 and later (and supposedly, 15.2 is not affected).
hth
Herbert -
Hi We have a problem with an IPSec tunnel between our Cisco 1812 and a partners Cisco router. 3 times in the last 2 months the tunnel has stopped responding, in that we can no longer access the server at the partners site or ping it. When we check our router it states the VPN connection is up and tests ok. We have found that cycling the power on our router fixes this issue. Unfortunatly the link is business critical and have little time to diagnose the problem. I can't see anything in the cisco logs relating to the VPN. Was wondering if this could be a problem at our partners end and any advise on how to diagnose this problem next time it happens would be greatly appreciated.
Stephen WeightmanHi Stephen,
What we are expericing could be related to the lifetime not matching. If the tunnel on our router shows up but it does not work then there is a possibility that it is not up on their end. So this is how we should proceed in this :
1. When the problem occurs, you need to first check the tunnel status by issuing the command :
sh cry isak sa
What we are looking for is the source ip, dest ip, and status.
2. If it shows up on both the routers then we need to look into the ipsec SAs:
sh cry ipsec sa peer
We are looking for the status of the tunnel. The specific informatio to look for is the pkts encaps and decaps, inbound ESP sa and outbound ESP sa. Please be onformed that it has to be done on both the routers.
3. Another thing to check is when this problem occurs, do we see the pkts encaps increasing on our router.
4. If we see the tunnel up on our end but down on their end, does the problem go away if we just clear the SAs instead of rebooting the router.
5. Another thing to look for is the IPSEC SA lifetime in the show run. It should match.
HTH,
Please rate if it helps,
Regards,
Kamal -
VPN License question on 5505 ASA Firewall
Inherited a firewall project, it's getting a VPN running on a ASA 5505 Firewall for remote workers. Firewall was configured by someone else who isn't available.
Basic question on the License: The current license is good for 2 SSL VPN Peers, and 20 "Total VPN Peers". Can anyone elaborate on "Total VPN Peers"? Can I configure Clientless SSL VPN connections, or do I need to go IPSec to get the 20 VPN sessions?
Thank you in advance,
JeffHi Linda,
The default IKE SA lifetime is 86,400 seconds and the default IPSEC SA lifetime is 28,800 seconds. However, these values are configurable so you'll need to check your 5505 configuration to answer these questions. You can look at the output of 'show run crypto' to see the configured values.
-Mike -
PIX 501 and Linksys VPN Router (WRV200)
I have inherited a job where we have a Cisco PIX 501 firewall at one site, and Linksys WRV200 VPN Router on two other
sites. I have been asked to connect these Linksys routers to the PIX firewall via VPN.
I believe the Linksys vpn routers can only connect via IPSec VPN, so i am looking for help on configuring the PIX 501 to allow the linksys to connect with the following parameters, if possible.
Key Exchange Method: Auto (IKE)
Encryption: Auto, 3DES, AES128, AES192, AES256
Authentication: MD5
Pre-Shared Key: xxx
PFS: Enabled/Disabled
ISAKMP Key Lifetime: 28800
IPSec Key Lifetime: 3600
On the PIX i have the PDM installed and i have tried using the VPN Wizard to no avail.
I chose the following settings when doing the VPN Wizard:
Type of VPN: Remote Access VPN
Interface: Outside
Type of VPN Client Device used: Cisco VPN Client
(can choose Cisco VPN 3000 Client, MS Windows Client using PPTP, MS Windows client using L2TP)
VPN Client Group
Group Name: RabyEstates
Pre Shared Key: rabytest
Extended Client Authentication: Disabled
Address Pool
Pool Name: VPN-LAN
Range Start: 192.168.2.200
Range End: 192.168.2.250
DNS/WINS/Default Domain: None
IKE Policy
Encryption: 3DES
Authentication: MD5
DH Group: Group 2 (1024-bit)
Transform Set
Encryption: 3DES
Authentication: MD5
I have attached the VPN log from the Linksys VPN Router.
This is the first time i've ever worked with PIX so i'm still trying to figure the thing out, but i'm confident with CCNA level networking.
Thanks for your help!Hi again,
I believe the pix has a 3des license because of the following parts of the "show version"
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
This PIX has a Restricted (R) license.
I've tried reconnecting the VPN tunnel with debugging on the PIX and get the output as shown in the attached file "vpndebug.txt"
As for the other show commands they give:
pixfirewall# show crypto isakmp sa
Total : 0
Embryonic : 0
dst src state pending created
pixfirewall# show crypto ipsec sa
interface: outside
Crypto map tag: transam, local addr. 10.0.0.1
local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.101.0/255.255.255.0/0/0)
current_peer: 10.0.0.2:0
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 10.0.0.1, remote crypto endpt.: 10.0.0.2
path mtu 1500, ipsec overhead 0, media mtu 1500
current outbound spi: 0
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
pixfirewall#
Thanks again Daniel, i really appreciate your help on this matter. -
Dear friends,
I have the following scenario:
2 site-to-site VPNs. The first one is established between a 2801 and a 1841, both using Advanced IP Services (versions right below). The second one is established between the same previous 2801 and a PIX 515E.
The VPN between the two routers is ok, but that one between the 2801 and the PIX is frequently hanging up. To put it up, I have to remove the crypto map from the router's outside interface and put it again.
What could be the cause of this??? These are the versions of softwares running on my boxes:
. 1841 -> Advanced IP Services - 12.4(9)T1
. 2801 -> Advanced IP Services - 12.4(9)T
. PIX 515E -> 7.0(2)
Regards!Hi,
The problem that you are facing could be caused by the IPSEC SA lifetimes. The default SA lifetime on the router is 3600 seconds (1 hour) and the default IPSEC SA lifetime on the PIX is 28800 seconds (8 hours). So please make sure that they are the same on othe the boxes. To confirm you can use the following command on the router:
show crypto ipsec security-association lifetime
When you type 'sh run cry map' on the PIX and don't see any specific lifetime configured then it is indicative that we are using the default lifetime. You can either configure 28800 on the router for the specific tunnel under the crypto map or 3600 on the PIX for the specific tunnel under the crypto map.
HTH,
Please rate if it helps,
Regards,
Kamal -
Configure WRV200 to connect BEFVP41 via VPN
I'm currently having problem connecting WRV200 to BEFVP41 via VPN, wonder if someone can help, thanks!
(Key Not recognized)
BEFVP41:
Local Security Group: 192.168.2.0 / 255.255.255.0
Remote Security Group: 192.168.1.0 / 255.255.255.0
Remote Security Gateway: WAN IP address of WRV200
Encryption: 3DES
Authentication: SHA
Key Management: Auto (IKE)
PFS (Perfect Forward Secrecy) - checked
Pre-shared Key: XXXXXXX
Key Lifetime: 3600 seconds
WRV200:
Local Security Group: 192.168.1.0 / 255.255.255.0
Remote Security Group: 192.168.2.0 / 255.255.255.0
Remote Security Gateway: WAN IP address of BEFVP41
Key Exchange Method: Auto (IKE)
Operation Mode: Main
ISAKMP Encryption Method: 3DES
ISAKMP Authentication Method: SHA1
ISAKMP Key Lifetime (s): 3600
PFS: Enable
IPSec Encryption Method: 3DES
IPSec Authentication Method: SHA1
IPSec Key Lifetime(s): 3600
Pre-Shared Key: XXXXXXX
Dead Peer Detection - checked
Detection Delay(s): 30
Detection Timeout(s): 120
DPD Action: Recover Connection
Checked If IKE failed more than 5 times block this unauthorized IP for 60 seconds
Checked Anti-replayDisable the firewall & try to ping the Remote secure address .... let me know the results....
-
Hello,
I have a Cisco 2911 with ios (C2900-UNIVERSALK9-M), Version 15.1(4)M1
I have set up a Dynamic cryto map to wich I have set reverse rute injection. But I have a weird issue.
First time a tunnel is stablished the reverse route is injected properly. When the lifetime of the fisrt SA negotiated is reaching it's end a new SA is stablished (I can see two spi) and now the weird thing, When the first SA reaches it's end of life, it's deleted but it also deletes de route injected, so there will be no route to the destination until the second SA is reaching it's lifetime, then a new SA is stablished that injects the route but again the route only lasts until the previous SA is deleted wich again deletes the route.
Is this a known caveat or am I doing something wrong?
Thank you.Difficult to say without looking at crypto logs and configs. But you might be hitting this defect
CSCtr87413 (which is related to CSCtz74471)
CSCtz74471
ipsec profile : RRI routes get deleted after IPSec SA lifetime expiry
Symptom: Routes injected via RRI (based on IPSec crypto ACL) get deleted after corresponding IPSec SA gets timed out. Conditions: IPSec SA deletion due to timeout . Workaround: Enabling DPD and Invalid-SPI-recovery would recover the routes once the traffic starts again, but this does not always work.
This is fixed in 15.1(4)M3.
You can view more details here:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtr87413 -
Hi,
I am really confused. The Key Server is configured to rekey every 12 hours (43200 Seconds). This is the part of configuraiton :
crypto ipsec profile gdoi-profile-getvpn
set security-association lifetime seconds 43200
set transform-set mygdoi-trans
However, after almost 24 hours, we notice that rekeying is hapenning every 2 hours :
GETVPN-KS1#show crypto gdoi ks members
Group Member Information :
Number of rekeys sent for group getvpn : 404
Group Member ID : 10.0.50.25
Group ID : 1234
Group Name : getvpn
Key Server ID : 10.0.50.27
Rekeys sent : 12
Rekeys retries : 0
Rekey Acks Rcvd : 12
Rekey Acks missed : 0
Sent seq num : 11 12 13 0
Rcvd seq num : 11 12 13 0
and this is capture of the GM log:
*Apr 5 08:40:43: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 2
*Apr 5 10:40:42: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 3
*Apr 5 12:40:42: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 4
*Apr 5 14:40:42: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 5
*Apr 5 16:40:42: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 6
*Apr 5 18:24:16: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 7
*Apr 5 20:24:16: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 8
*Apr 5 22:24:16: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 9
*Apr 6 00:24:16: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 10
*Apr 6 02:24:16: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 11
*Apr 6 04:24:16: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 12
*Apr 6 05:10:51: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 13
It doesn't make sence. Why ??IPSEC SA Lifetime is in second or in kiloBytes, first of the two. You might check with show crypto ipsec sa
example:
inbound esp sas:
spi: 0xFDC7B87B(4257724539)
transform: esp-256-aes ,
in use settings ={Tunnel, }
conn id: 2004, flow_id: SW:4, crypto map: MyMap
sa timing: remaining key lifetime (k/sec): (4565647/146)
The data lifetime is as well configurable:
crypto ipsec security-association lifetime ?
kilobytes Volume-based key duration
seconds Time-based key duration
you may check as well GDOI rekey lifetime
R1#sh crypto gdoi group gd
Group Name : gd (Multicast)
Group Identity : unknown id type
Group Members : 0
IPSec SA Direction : Both
Group Rekey Lifetime : 86400 secs
Rekey Retransmit Period : 10 secs
configurable under
crypto gdoi group XXX
server local
rekey lifetime xxx -
IPSec Security Association Lifetime
I just recently updated to 8.4(3). I noticed that our any connect users are being dropped after 8hours of being connected. I have the Max Connect time and Idle Timeout set to unlimited for the group policy they are using. Could the IPSec Security Association Lifetime be causing connections to drop after 8 hours(It is currently set to 8 hours)? I don't recall seeing this setting in earlier versions of ASA. Can these settings be removed?
Thanks in advance.Hello,
No, as Anyconect is SSL based, none of the settings for the IP SA will affect the Anyconect tunnel.
Regards,
Julio
Do rate all the helpful posts!
Maybe you are looking for
-
I need to be able to print boarding passes the night before a flight and an occasional form sent through email. Trying to see if I can stop carrying my laptop. I can usually find a printer with USB connection so I am guessing I just buy the camera c
-
RSA Web Agent & SGD 4.71
I'm trying to configure SGD 4.71 for web authentication using the RSA Web Agent 7.1. In the SGD documentation it refers to an environment variable that is set by the SA agent but I don't see any mwntion of it in the RSA documentation. Can anyone poin
-
Only Remaining var. in version 0 - no target cost for order
Hi, I am getting the error message "Only remaining var. in version 0 - no target costs for 000060003328" while performing the Variance Calculation in KKS2 transaaction. The order is having status DLV and TECO. Kidny give your suggestions Thanks and r
-
Problem in Service manager ( VISTA)
hi all i tried to install B1 in a laptop ( OS - VISTA),every thing get installed but the service manager get freezes,i m not able to open the Backup or license manager.Please anyone give me a solution.
-
Place panoramic window in Acrobat but it doesn't show if converted to a page flip brochure
Hi there I am using Acrobat to insert a swf file of a 360 degree window so a user can view a room all around. This can be added to a PDF document no problems but I would like to convert the document to a page turning brochure. I have tried converti