LV2011sp1 - 64 bits - clear Histogram
Hi,
i have a big problem that I need to solve today
I'm using the function General Histogram VI(NI_AALPro.lvlib:General Histogram.vi
In my program, I need the clear the histogram during the process.
For this, I can do right click and then 'Clear Graph*. then Labview Crash
Exception : Access violation (0xC0000005) à EIP=0x000000000283E531
Version : 11.0.1
The report has been sent to Ni, but I need to solved it now.
So is it possible to clear the histogram by software.
The function General Histogram VI(NI_AALPro.lvlib:General Histogram.vi has no input to clear the histogram.
SO, please, help me quick....
Thanks
Edti, I only have the problem on Labview 64 bits, not on the 32 bits version
Similar Messages
-
CVS files checked out have execute bit cleared?
Greetings,
I just checked out my build tree, which includes some scripts.
Those scripts have their execute bit cleared.
If I remove those files and do a cvs update in that dir manually, the scripts are checked out with execute bit set.
Anyone else run into this?
How can this be fixed?checkout via cvs on command line works fine.
Our cvs doesn't recognize the PreservePermissions keyword when put in the config file.
Which version of cvs are you using? 1.11.x or 1.12.x? -
Do I need 'crypto ipsec df-bit clear'?
I have a VPN tunnel between an 871 and 877, the tunnel seems to be fine, but checking the tunnel using SDM shows an error.
Checking the tunnel status... Up
Encapsulation :330231
Decapsulation :393226
Send Error :7939
Received Error :0
A ping with data size of this VPN interface MTU size and 'Do not Fragment' bit set to the other end VPN device is failing. This may happen if there is a lesser MTU network which drops the 'Do not Fragmet' packets.
1)Contact your ISP/Administrator to resolve this issue. 2)Issue the command 'crypto ipsec df-bit clear' under the VPN interface to avoid packets drop due to fragmentation.
Are the send errors anything to worry about?
Do I need to issue the 'crypto ipsec df-bit clear' on the routers?
Any info would be much appreciated.
Thanks
GarethHi Rick
I've got a list of icmp types from typing 'permit icmp any any ?' in IOS... theres quite a list, 57!!
How should I decide which ones to allow and which ones to block, I don't even know what they mean :-) Do Cisco publish any recommendations?
bim7dsl(config-ext-nacl)#permit icmp any any ?
<0-255> ICMP message type
administratively-prohibited Administratively prohibited
alternate-address Alternate address
conversion-error Datagram conversion
dod-host-prohibited Host prohibited
dod-net-prohibited Net prohibited
echo Echo (ping)
echo-reply Echo reply
fragments Check non-initial fragments
general-parameter-problem Parameter problem
host-isolated Host isolated
host-precedence-unreachable Host unreachable for precedence
host-redirect Host redirect
host-tos-redirect Host redirect for TOS
host-tos-unreachable Host unreachable for TOS
host-unknown Host unknown
host-unreachable Host unreachable
information-reply Information replies
information-request Information requests
log Log matches against this entry
log-input Log matches against this entry, including input
interface
mask-reply Mask replies
mask-request Mask requests
mobile-redirect Mobile host redirect
net-redirect Network redirect
net-tos-redirect Net redirect for TOS
net-tos-unreachable Network unreachable for TOS
net-unreachable Net unreachable
network-unknown Network unknown
no-room-for-option Parameter required but no room
option Match packets with given IP Options value
option-missing Parameter required but not present
packet-too-big Fragmentation needed and DF set
parameter-problem All parameter problems
port-unreachable Port unreachable
precedence Match packets with given precedence value
precedence-unreachable Precedence cutoff
protocol-unreachable Protocol unreachable
reassembly-timeout Reassembly timeout
redirect All redirects
reflect Create reflexive access list entry
router-advertisement Router discovery advertisements
router-solicitation Router discovery solicitations
source-quench Source quenches
source-route-failed Source route failed
time-exceeded All time exceededs
time-range Specify a time-range
timestamp-reply Timestamp replies
timestamp-request Timestamp requests
tos Match packets with given TOS value
traceroute Traceroute
ttl-exceeded TTL exceeded
unreachable All unreachables
Would it be better to permit all icmp where the source is the other end of my VPN, a known fixed IP? And then deny icmp from elsewhere?
Thanks for all your help on this.
Gareth -
Help with GR/IR, can't clear on MR11
Please help with this case:
We had a purchase with delivery cost included. We create MIGO with no problem. (Credit to GR/IR account = $60)
We cancel the delivery cost in MR11. (Debit to GR/IR Account = $60)
After a few months, we restore Delivery Cost in MR11SHOW (Credit to GR/IR account = $50)
Create MIRO to freight vendor in MIRO (Debit to GR/IR account = $60)
As you may see, now can't clear GR/IR account because there's a difference (60 vs 50) and can't use MR11 neither, I get this error:
No data selected. Check selection parameters!!
Message no. CKMLGRIR009
I have tried with so many post, but can't find anything that works....
Thanks in advance!Hi Mohsin.
After we cancel the delivery cost with MR11 (let's say, in January) the freight vendor asked us for his payment (in April) and then we realised that we need to restore the delivery cost...
What we did is cancel the MR11 document that we had created before... and there's when the difference in GR/IR was generated.....
I hope that this comments makes a little bit clearer my explanation.
Thanks -
Clearing the History Folder on the Set Datasource Location dialog
I am using Crystal Reports for .NET 2.0 and am using VS 2005 Pro. Does anyone know if there is any way of clearing out the items in the history folder in the SetDataSource Location dialog? I have been told there is no way to do this, but I figure VS is storing this information somewhere, right? Is it stored in the registry? If so, where is it? Thank you in advance!
Ed CohenHi
I have had a lot of failures with CR so I ended up with several datasource connections for CR. I wish to be able to clear them too. your answers that you can right-click them and select remove doesnt work for me. there is no option to remove them when you right click. also the path given for the key; i have tried searching my computer for a crystal decisions folder but couldnt find it. I use CR that comes with VS2005. could you be a little bit clearer on where that registry file would be found in my case: HKCU/?
Thanks.
Mambo -
MTU MSS DF Bit and Fragmentation
I am running an encrypted link and want to check for and if necessary, remedy fragmentation.
I'm using two connected 6500's with VPN modules.
Using the NAM I sniffed the outbound physical interface and I see packets of various sizes but the biggest is 128bytes even during a massive file transfer. I'm assuming fragmentation but need to be sure.
Using ping I see the biggest packet allowed without fragmentation is 1472.
My primary intent is to first determine if there is a fragmentation issue. If there is I'll probably follow up with questions on which command to use and where to put it. I assume that I would use either the physical outgoing interface(currently MTU=1500) or the inside crypto interface(current MTU=4500)
1. How do I determine if there is a fragmentation issue
2. Which command to use and where?
Any help would be appreciated.Issue with large packets that have the don't fragment bit set that become too large with the additional overhead of ipsec.
use command "ip tcp adjust-mss ",TCP MSS (Maximum segment size) sufficiently low enough that the packet isn't fragmented.
you may need to clear the df-bit entirely (it's a less efficient method, but it works). For the router, you can do so via "crypto ipsec df-bit clear".
Try these links for more info:
http://cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00804247fc.html
http://www.cisco.com/warp/public/105/pmtud_ipfrag.html
http://www.cisco.com/warp/public/105/38.shtml -
FUZZY BIT에 대해서 (DATAFILE의 FUZZY 상태)
제품 : ORACLE SERVER
작성날짜 : 2000-05-22
fuzzy bit에 대해서 (datafile의 fuzzy 상태)
==========================================
[1] 개요
~~~~~~~~
datafile이 fuzzy라는 것은 해당 file에 대한 checkpoint이후 그 file에
변경사항이 있을 수 있음을 나타낸다. 즉 그 file에는 반영되지 않은 변경
사항이 redo log file과 buffer cache에만 존재하는 경우를 나타낸다.
이렇게 datafile이 fuzzy 상태인 경우를 setting하여 그러한 상태의
datafile이 존재하는 경우에는 database가 open되는 것을 막는다.
[2] datafile status (fuzzy bit)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
datafile의 fuzzy bit라고 하는 것은 실제 별도의 structure로 관리되는 것은
아니고 datafile header에 datafile의 status를 나타낸다.
datafile에는 10가지 status가 있으며, 그 중 아래 4개의 status가 datafile이
fuzzy 임을 나타내며, 각 status를 bit로 나타내면 특정 하나의 bit가 setting
된 형태이므로 fuzzy bit라고 부른다.
0x01 (0000 0001) : hot backup-in-progress on file (fuzzy file)
0x04 (0000 0100) : online fuzzy because it was online and db open
0x10 (0001 0000) : media recovery fuzzy - file in media recovery
0x40 (0100 0000) : absolute fuzzy - fuzzyness from fule scan
[3] clear marker
~~~~~~~~~~~~~~~~
위에서 설명한 fuzzy 상태에 대해서 online fuzzy, hot backup fuzzy, media
recovery fuzzy, absolute fuzzy라고 부르는데, 앞의 세개에 대해서 fuzzy
상태가 clear되면 관계되는 marker를 redo log file에 기록한다.
online fuzzy의 경우는 end crash recovery marker, hot backup fuzzy의
경우에는 end hot backup marker, media recovery fuzzy에 대해서는 clear
media recovery fuzzy를 redo log 에 기록하고 datafile header에도 반영한다.
이렇게 fuzzy 상태가 종료됨을 나타내는 marker를 redo log file에 기록해
둠으로써, 이후에 redo log file내용을 이용하여 recovery시 datafile의 fuzzy
상태를 이 marker만을 적용함으로써 clear하도록 할 수 있다.
[4] 각 fuzzy 종류 설명
~~~~~~~~~~~~~~~~~~~~~~
(1) hot backup fuzzy
hot backup 시작시에 setting되어 end backup을 만나면 clear된다.
이것은 hot backup 을 통해 backup 받은 file을 이용하여 recover하는 경우
end backup이전 상태까지만 recover하는 것을 막기 위한 것이다.
begin backup end backup recovery 시도
---------|-------------------------|-------------------|---------
1시 5시 10시
예를 들어 오전 1시에 hot backup을 시작하여 5시에 end backup이 된 경우
이후에(예를 들어 10시) 이 file을 이용하여 recover하는 경우 time based로
3시까지만 recover하고자 시도하면 hot backup fuzzy bit가 setting되어
있어서 오류가 난다.
즉, 반드시 end backup이 수행된 5시 이후시점까지 recover가 되어야 하는
것이다. 이것은 hot backup과 end backup 도중 계속해서 그 datafile에
transaction이 반영되기 때문에 resotre한 file이 이미 3시 이후의 4시,5시
까지의 변경사항을 일부 포함할 수 있기 때문이다.
end backup marker는 hot backup시에 end backup 명령이 수행되면 hot backup
fuzzy bit가 clear되면서 redo log file내에 기록된다. 이후에 이 hot backup된
datafile을 이용하여 recover하는 경우 그 backup된 datafile의 status는
hot backup fuzzy bit가 setting된 상태이며, 이 bit는 redo log file
(혹은 archive file)내에 기록된 end backup marker를 만나면 clear된다.
(2) online fuzzy
database가 open되고 datafile이 online상태가 되면 이 bit가 설정된다.
그리고 database가 정상적으로 shutdown 되거나 recovery시 media recovery가
성공적으로 끝나면 clear된다. 또한 tablespace를 offline normal하거나
read only로 변경시키는 명령에 의해 clear된다
online fuzzy가 필요한 경우를 다음 예를 통해 살펴본다.
- 1시 : db crash
- 1시 10분: 사용자가 crash된 datafile을 os image backup
- 1시 20분: db startup (crash recovery자동 수행으로 정상 open)
- 2시 : disk failure
1시 10분에 crash된 채로 받은 backup만이 존재
archive log mode
이때 만약 사용자가 1시 10분에 받은 비정상적인 backup을 이용하여 recovery
를 수행하는 경우를 가정해보자. 이 datafile의 backup은 online fuzzy bit이
setting상태 그대로이다. 실제 여기에서 datafile은 1시 20분의 crash
recovery에 의해 online fuzzy가 clear되었기 때문이다.
이때 만약 recovery시에 until time 으로 1시 15분을 지정한다면 이
datafile은 여전히 online fuzzy bit가 설정된 상태이기 때문에 database가
open이 될 수 없다.
만약 until time을 1시 20분 이후로 지정하게 되면 1시 20분에 생성된
end-crash recovery marker가 datafile에 적용되어 online fuzzy bit는 clear
되게 되어 이 부분으로 인해 db가 open되지 않는 일은 없게 된다.
(3) media recovery fuzzy
file에 media recovery가 진행중임을 나타낸다. 각 file마다 media recovery가
시작될 때 설정되었다가, file의 stop SCN을 만나거나 recovery가 정상적으로
끝나게 되면 clear된다.
media recovery시 archive file에 기록된 변경사항이 바로 disk에 반영되는 것이
아니고 일단 archive file의 내용을 buffer 에 읽은 후 반영하는 것이기 때문에,
변경사항의 일부는 buffer에만 존재할 수 있게 된다. 그래서 media recovery가
끝날 때까지는 fuzzy상태가 되는 것이다.
이렇게 recovery fuzzy bit를 설정함으로써, 이미 한 session에서 recovery를
진행하는 동안 다른 session에서 database를 open하려고 시도하면, recovery
중임을 알고 open하지 못하도록 하는 것이 가능하다.
(4) absolute fuzzy
이 fizzy 상태는 RMAN사용시에만 이용된다. absolute fuzzy SCN은 datafile의
checkpoint이후 그 datafile의 모든 block들의 모든 SCN중 가장 큰 값이다.
이 absolute fuzzy flag는 file의 checkpoint로 인해 checkpoint SCN이
이 absolute fuzzy SCN이상의 값으로 되면 clear된다. -
ASA5510 VPN not working after upgrade from 8.2 to 8.3
Hi,
I have recently upgraded a customer ASA5510 to version 8.3.
After upgrade web access etc is working fine however VPN is down.
The config looks very different after the upgrade plus what looks to be duplicate entries.
I suspect its an access list issue but I'm not sure.
If anyone has any ideas based on the config below it would be greatly appreciated as I'm at a loss....?!
hostname ciscoasa
domain-name default.domain.invalid
enable password NvZgxFP5WhDo0hQl encrypted
passwd FNeDAwBbhVaOtVAu encrypted
names
dns-guard
interface Ethernet0/0
nameif Outside
security-level 0
ip address 217.75.8.203 255.255.255.248
interface Ethernet0/1
nameif Inside
security-level 100
ip address 192.168.1.254 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 10.1.1.1 255.255.255.0
management-only
boot system disk0:/asa832-k8.bin
ftp mode passive
clock timezone GMT/IST 0
clock summer-time GMT/IDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup Inside
dns server-group DefaultDNS
domain-name default.domain.invalid
object network obj-192.168.1.2-04
host 192.168.1.2
object network obj-192.168.1.7-04
host 192.168.1.7
object network obj-192.168.1.0-02
subnet 192.168.1.0 255.255.255.0
object network obj-192.168.2.0-02
subnet 192.168.2.0 255.255.255.0
object network obj-10.1.2.0-02
subnet 10.1.2.0 255.255.255.0
object network obj-192.168.1.224-02
subnet 192.168.1.224 255.255.255.240
object network obj-192.168.1.9-02
host 192.168.1.9
object network obj-192.168.1.2-05
host 192.168.1.2
object network obj-192.168.1.103-02
host 192.168.1.103
object network obj-192.168.1.7-05
host 192.168.1.7
object network NETWORK_OBJ_10.1.2.0_24
subnet 10.1.2.0 255.255.255.0
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object-group network obj-192.168.1.2-02
object-group network obj-192.168.1.7-02
object-group network obj-192.168.1.0-01
object-group network obj-192.168.2.0-01
object-group network obj-10.1.2.0-01
object-group network obj-192.168.1.224-01
object-group network obj-192.168.1.9-01
object-group network obj-192.168.1.2-03
object-group network obj-192.168.1.103-01
object-group network obj-192.168.1.7-03
object-group network obj-192.168.1.2
object-group network obj-192.168.1.7
object-group network obj-192.168.1.0
object-group network obj-192.168.2.0
object-group network obj-10.1.2.0
object-group network obj-192.168.1.224
object-group network obj-192.168.1.9
object-group network obj-192.168.1.2-01
object-group network obj-192.168.1.103
object-group network obj-192.168.1.7-01
object-group network obj_any
object-group network obj-0.0.0.0
object-group network obj_any-01
object-group service MonitcomUDP udp
port-object range 3924 3924
access-list Inside_nat0_inbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Inside_nat0_inbound extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.1.224 255.255.255.240
access-list Outside_cryptomap_60 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Outside_cryptomap_60 extended permit icmp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq smtp
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq pop3
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq 2000 inactive
access-list Outside_access_in extended permit icmp any any
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in extended permit tcp any host 217.75.8.204 eq 1200
access-list Outside_access_in remark Monitcom
access-list Outside_access_in extended permit tcp host 87.232.117.66 host 217.75.8.205 eq 5900
access-list Outside_access_in extended permit udp any host 217.75.8.205 eq 3924
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 220
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 230
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 240
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 250
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 260
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 1433
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in extended permit tcp any host 217.75.8.206 eq www
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq https
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq www
access-list Outside_access_in extended permit udp any any eq 4500 inactive
access-list Outside_access_in extended permit udp any any eq isakmp inactive
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Inside_access_in extended permit ip any any
access-list Inside_access_in extended permit icmp any any
access-list RemoteVPN_splitTunnelAcl standard permit any
access-list Outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Outside_cryptomap_dyn_20 extended permit ip any 192.168.1.224 255.255.255.240
pager lines 24
logging enable
logging asdm warnings
mtu Outside 1500
mtu Inside 1500
mtu management 1500
ip local pool VPNPool 192.168.1.230-192.168.1.240 mask 255.255.255.0
ip verify reverse-path interface Outside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Outside
icmp permit any Inside
asdm location 192.168.1.208 255.255.255.252 Inside
asdm location 192.168.1.103 255.255.255.255 Inside
asdm location 192.168.1.6 255.255.255.255 Inside
asdm location 192.168.1.7 255.255.255.255 Inside
asdm location 192.168.1.9 255.255.255.255 Inside
no asdm history enable
arp timeout 14400
nat (Inside,any) source static obj-192.168.1.0-02 obj-192.168.1.0-02 destination static obj-192.168.2.0-02 obj-192.168.2.0-02 unidirectional
nat (Inside,any) source static obj-192.168.1.0-02 obj-192.168.1.0-02 destination static obj-10.1.2.0-02 obj-10.1.2.0-02 unidirectional
nat (Inside,any) source static any any destination static obj-192.168.1.224-02 obj-192.168.1.224-02 unidirectional
nat (Inside,Outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_10.1.2.0_24 NETWORK_OBJ_10.1.2.0_24
object network obj-192.168.1.2-04
nat (Outside,Inside) static 217.75.8.204
object network obj-192.168.1.7-04
nat (Outside,Inside) static 217.75.8.206
object network obj-192.168.1.0-02
nat (Inside,Outside) dynamic interface
object network obj-192.168.1.9-02
nat (Inside,Outside) static 217.75.8.201
object network obj-192.168.1.2-05
nat (Inside,Outside) static 217.75.8.204
object network obj-192.168.1.103-02
nat (Inside,Outside) static 217.75.8.205
object network obj-192.168.1.7-05
nat (Inside,Outside) static 217.75.8.206
access-group Outside_access_in in interface Outside
access-group Inside_access_in in interface Inside
route Outside 0.0.0.0 0.0.0.0 217.75.8.198 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server DellServerAAA protocol radius
aaa-server DellServerAAA (Inside) host 192.168.1.4
key test
http server enable
http 62.17.29.2 255.255.255.255 Outside
http 82.141.224.155 255.255.255.255 Outside
http 63.218.54.8 255.255.255.252 Outside
http 213.79.44.213 255.255.255.255 Outside
http 192.168.1.0 255.255.255.0 Inside
http 10.1.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection timewait
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec df-bit clear-df Outside
crypto ipsec df-bit clear-df Inside
crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20
crypto map Outside_map 1 match address Outside_1_cryptomap
crypto map Outside_map 1 set peer 89.127.172.29
crypto map Outside_map 1 set transform-set ESP-3DES-SHA
crypto map Outside_map 60 match address Outside_cryptomap_60
crypto map Outside_map 60 set peer 89.105.114.98
crypto map Outside_map 60 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
crypto isakmp identity key-id nattingreallymatters
crypto isakmp enable Outside
crypto isakmp enable Inside
crypto isakmp policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet 192.168.1.0 255.255.255.0 Inside
telnet timeout 5
ssh 82.141.224.155 255.255.255.255 Outside
ssh 62.17.29.2 255.255.255.255 Outside
ssh 213.79.44.213 255.255.255.255 Outside
ssh 192.168.1.0 255.255.255.0 Inside
ssh timeout 5
console timeout 0
management-access Inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy RemoteVPN internal
group-policy RemoteVPN attributes
wins-server value 192.168.1.31
dns-server value 192.168.1.31
default-domain value freefoam.ie
username freefoam password JLYaVf7FqRM2LH0e encrypted
username cork password qbK2Hqt1H5ttJzPD encrypted
tunnel-group 193.114.70.130 type ipsec-l2l
tunnel-group 193.114.70.130 ipsec-attributes
pre-shared-key ******
tunnel-group 89.127.172.29 type ipsec-l2l
tunnel-group 89.127.172.29 ipsec-attributes
pre-shared-key ******
tunnel-group 89.105.114.98 type ipsec-l2l
tunnel-group 89.105.114.98 ipsec-attributes
pre-shared-key *****
tunnel-group RemoteVPN type remote-access
tunnel-group RemoteVPN general-attributes
address-pool VPNPool
authentication-server-group DellServerAAA
default-group-policy RemoteVPN
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect h323 h225
inspect h323 ras
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:0dc16fe893bd4bba6fdf6b7eed93e553Hi,
Many thanks for your reply.
Finally got access to implement your suggestions.
Initially none of the VPN's were up.
After making the change the two VPN's came up.
However only data via the first VPN is possible.
Accessing resources on the 10.1.2.0 network is still not possible.
Attached is the latest config, any input is greatly appreciated;
hostname ciscoasa
domain-name default.domain.invalid
enable password NvZgxFP5WhDo0hQl encrypted
passwd FNeDAwBbhVaOtVAu encrypted
names
dns-guard
interface Ethernet0/0
nameif Outside
security-level 0
ip address 217.75.8.203 255.255.255.248
interface Ethernet0/1
nameif Inside
security-level 100
ip address 192.168.1.254 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 10.1.1.1 255.255.255.0
management-only
boot system disk0:/asa832-k8.bin
ftp mode passive
clock timezone GMT/IST 0
clock summer-time GMT/IDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup Inside
dns server-group DefaultDNS
domain-name default.domain.invalid
object network obj-192.168.1.2-04
host 192.168.1.2
object network obj-192.168.1.7-04
host 192.168.1.7
object network obj-192.168.1.0-02
subnet 192.168.1.0 255.255.255.0
object network obj-192.168.2.0-02
subnet 192.168.2.0 255.255.255.0
object network obj-10.1.2.0-02
subnet 10.1.2.0 255.255.255.0
object network obj-192.168.1.224-02
subnet 192.168.1.224 255.255.255.240
object network obj-192.168.1.9-02
host 192.168.1.9
object network obj-192.168.1.2-05
host 192.168.1.2
object network obj-192.168.1.103-02
host 192.168.1.103
object network obj-192.168.1.7-05
host 192.168.1.7
object network NETWORK_OBJ_10.1.2.0_24
subnet 10.1.2.0 255.255.255.0
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object-group network obj-192.168.1.2-02
object-group network obj-192.168.1.7-02
object-group network obj-192.168.1.0-01
object-group network obj-192.168.2.0-01
object-group network obj-10.1.2.0-01
object-group network obj-192.168.1.224-01
object-group network obj-192.168.1.9-01
object-group network obj-192.168.1.2-03
object-group network obj-192.168.1.103-01
object-group network obj-192.168.1.7-03
object-group network obj-192.168.1.2
object-group network obj-192.168.1.7
object-group network obj-192.168.1.0
object-group network obj-192.168.2.0
object-group network obj-10.1.2.0
object-group network obj-192.168.1.224
object-group network obj-192.168.1.9
object-group network obj-192.168.1.2-01
object-group network obj-192.168.1.103
object-group network obj-192.168.1.7-01
object-group network obj_any
object-group network obj-0.0.0.0
object-group network obj_any-01
object-group service MonitcomUDP udp
port-object range 3924 3924
access-list Inside_nat0_inbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Inside_nat0_inbound extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.1.224 255.255.255.240
access-list Outside_cryptomap_60 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Outside_cryptomap_60 extended permit icmp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq smtp
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq pop3
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq 2000 inactive
access-list Outside_access_in extended permit icmp any any
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in extended permit tcp any host 217.75.8.204 eq 1200
access-list Outside_access_in remark Monitcom
access-list Outside_access_in extended permit tcp host 87.232.117.66 host 217.75.8.205 eq 5900
access-list Outside_access_in extended permit udp any host 217.75.8.205 eq 3924
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 220
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 230
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 240
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 250
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 260
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 1433
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in extended permit tcp any host 217.75.8.206 eq www
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq https
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq www
access-list Outside_access_in extended permit udp any any eq 4500 inactive
access-list Outside_access_in extended permit udp any any eq isakmp inactive
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Inside_access_in extended permit ip any any
access-list Inside_access_in extended permit icmp any any
access-list RemoteVPN_splitTunnelAcl standard permit any
access-list Outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Outside_cryptomap_dyn_20 extended permit ip any 192.168.1.224 255.255.255.240
access-list global_access extended permit ip any any
access-list Outside_cryptomap_80_3 extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Split-tunnel standard permit 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm warnings
mtu Outside 1500
mtu Inside 1500
mtu management 1500
ip local pool VPNPool 192.168.1.230-192.168.1.240 mask 255.255.255.0
ip verify reverse-path interface Outside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Outside
icmp permit any Inside
asdm image disk0:/asdm-647.bin
asdm location 192.168.1.208 255.255.255.252 Inside
asdm location 192.168.1.103 255.255.255.255 Inside
asdm location 192.168.1.6 255.255.255.255 Inside
asdm location 192.168.1.7 255.255.255.255 Inside
asdm location 192.168.1.9 255.255.255.255 Inside
no asdm history enable
arp timeout 14400
nat (Inside,any) source static obj-192.168.1.0-02 obj-192.168.1.0-02 destination static obj-192.168.2.0-02 obj-192.168.2.0-02
nat (Inside,any) source static obj-192.168.1.0-02 obj-192.168.1.0-02 destination static obj-10.1.2.0-02 obj-10.1.2.0-02
nat (Inside,any) source static any any destination static obj-192.168.1.224-02 obj-192.168.1.224-02 unidirectional
nat (Inside,Outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_10.1.2.0_24 NETWORK_OBJ_10.1.2.0_24
object network obj-192.168.1.2-04
nat (Outside,Inside) static 217.75.8.204
object network obj-192.168.1.7-04
nat (Outside,Inside) static 217.75.8.206
object network obj-192.168.1.0-02
nat (Inside,Outside) dynamic interface
object network obj-192.168.1.9-02
nat (Inside,Outside) static 217.75.8.201
object network obj-192.168.1.2-05
nat (Inside,Outside) static 217.75.8.204
object network obj-192.168.1.103-02
nat (Inside,Outside) static 217.75.8.205
object network obj-192.168.1.7-05
nat (Inside,Outside) static 217.75.8.206
nat (Inside,Outside) after-auto source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24
access-group Outside_access_in in interface Outside
access-group Inside_access_in in interface Inside
access-group global_access global
route Outside 0.0.0.0 0.0.0.0 217.75.8.198 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server DellServerAAA protocol radius
aaa-server DellServerAAA (Inside) host 192.168.1.4
key test
http server enable
http 62.17.29.2 255.255.255.255 Outside
http 82.141.224.155 255.255.255.255 Outside
http 63.218.54.8 255.255.255.252 Outside
http 213.79.44.213 255.255.255.255 Outside
http 192.168.1.0 255.255.255.0 Inside
http 10.1.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection timewait
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec df-bit clear-df Outside
crypto ipsec df-bit clear-df Inside
crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map Outside_map 1 match address Outside_1_cryptomap
crypto map Outside_map 1 set peer 89.127.172.29
crypto map Outside_map 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-DES-SHA ESP-3DES-MD5 ESP-AES-256-MD5 ESP-3DES-SHA ESP-DES-MD5
crypto map Outside_map 60 match address Outside_cryptomap_60
crypto map Outside_map 60 set peer 89.105.114.98
crypto map Outside_map 60 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
crypto isakmp identity key-id nattingreallymatters
crypto isakmp enable Outside
crypto isakmp enable Inside
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash md5
group 5
lifetime 86400
crypto isakmp policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet 192.168.1.0 255.255.255.0 Inside
telnet timeout 5
ssh 82.141.224.155 255.255.255.255 Outside
ssh 62.17.29.2 255.255.255.255 Outside
ssh 213.79.44.213 255.255.255.255 Outside
ssh 192.168.1.0 255.255.255.0 Inside
ssh timeout 5
console timeout 0
management-access Inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable Outside
anyconnect-essentials
svc image disk0:/anyconnect-dart-win-2.5.3055-k9.pkg 1
svc image disk0:/anyconnect-macosx-powerpc-2.5.3055-k9.pkg 2
svc enable
tunnel-group-list enable
group-policy RemoteVPN internal
group-policy RemoteVPN attributes
wins-server value 192.168.1.31
dns-server value 192.168.1.31
vpn-tunnel-protocol IPSec svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split-tunnel
default-domain value freefoam.ie
username freefoam password JLYaVf7FqRM2LH0e encrypted
username cisco password DfO7NBd5PZ1b0kZ1 encrypted privilege 15
username cork password qbK2Hqt1H5ttJzPD encrypted
tunnel-group 193.114.70.130 type ipsec-l2l
tunnel-group 193.114.70.130 ipsec-attributes
pre-shared-key ************
tunnel-group 89.127.172.29 type ipsec-l2l
tunnel-group 89.127.172.29 ipsec-attributes
pre-shared-key ************
tunnel-group 89.105.114.98 type ipsec-l2l
tunnel-group 89.105.114.98 ipsec-attributes
pre-shared-key ************
tunnel-group RemoteVPN type remote-access
tunnel-group RemoteVPN general-attributes
address-pool VPNPool
authentication-server-group DellServerAAA
default-group-policy RemoteVPN
tunnel-group RemoteVPN webvpn-attributes
group-alias Anyconnect enable
tunnel-group RemoteVPN ipsec-attributes
pre-shared-key c0nnect10nParameter$
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect h323 h225
inspect h323 ras
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:fae6b7bc25fcf39daffbcdc6b91c9d8e -
Is there a way to create text that 'writes and scrolls' ?
Little tricky to explain but we have all seen the sort of thing I mean....
Ive attached an image to try and make it a bit clearer. Its basically data thats
spilling out across a computer display...the sort of thing we have seen in loads of movies.
I have done a hand animated version but wondered if there was a way to do it with the
type animation tools....?See this thread from yesterday in which we discuss this kind of text animation:
http://forums.adobe.com/thread/793425
The only element that's different in your example is the the text layer would be animated to move up, probably with Hold keyframes. -
What is up with the Help and Support Section for Business Catalyst?
It has been very difficult for my customers and myself to access the help and support section of the site for Business Catalyst issues as we are constantly diverted to non-related Abode issues. The portal for support on Business Catalyst issue needs to be ISOLATED from ADOBE's main support section. It is bad enough that there are so many issues to deal with, but to add all the issues for all the applications is simply impossible to decipher and discover a solution.
Before the Adobe integration on the Cloud services it was much more simpler, wiith a much more efficient and cleaner layout, now every page looks like its generated by a bot that doesn't understand what I am looking for. Even the actual URL of the page is hidden so I can't even book mark it without opening the frame in a new window. My clients will not know how to do that.
Simplify plesase!
TeejayTeejay,
Yes we are looking into this very thing and hope to improve this very soon. Not only making things a bit clearer but also a central location for all your BC support needs.
Kind regards,
-Sidney -
Dear All,
I installed SAP Business One 8.81 PL04 (on Server) and SQL server 2005.
My questions are
1) i install B1 integration component, when i am opening the integration framework i am getting a windows security dialog box in which it is mentioned that "The server 127.0.0.0 at B1iP_dummy requires a user name and password.
Warning: The server is requesting that your user name and password be sent in the insecure mannar(basic authentication without a secure connection.
User Name :B1iadmin
Password:xxxxxx
Here my question is that if i provide username and password, Integration Solution for SAP Business One is opened but is not reflecting any data when i am clicking on SLD, Scnarios, Maintaining, Control Centre.......etc.
2) I want to connect to the server through the ipad.
I put the user as mobile user, i have given UDID number of Ipad, phone no of mobile user in SAP Business One.
I have given the server details like IP add: 000.000.000.000:8080 and kept SSL On and given DB Name as SBODemoIN and username as 'ABC'.
When i am entering the password it is reflecting me an error "an ssl error has occurred and a secure connection to the server cannot be made. [-1200]'.
I want to know where i have done the mistake.
Note: i tried by giving ip with B1 port number like : 000.000.000.000:30000 again its reflecting same error.
Can any body help me out.Lets try to keep it together ...
1.) in SAP Business One you have to set the following settings for the user you want to connect with
a.) checkbox "mobile user" is checked
b.) mobile-number (must be digit by digit the same as you set it in the settings of the App)
c.) UDID of the iPad/iPhone (this is a 40 (!!!) digit alphanumerical number of the device)
ATTENTION - since SBO App. v.1.6.0, the UDID is no longer in use, now yo have to set the W-LAN MAC Adress here
d.) the User has a limited or a professional user license
e.) the user has a B1i licence
2.) settings in the iPad/iPhone App
a.) Server: IP Adress of the Bi1 Integration Server followed by :8443 (e.g.: 91.55.110.15:8443)
8080 is the http port (unsecure), while 8443 is the https port (secure)
b.) SSL: is on
c.) Company DB: the database Name of the company you wanted to connect to (and where you have made the user setting above) (e.g.: SBODemoIN)
d.) Usercocode: the log in name of the user you made the above settings for (e.g.: manager)
e.) Phonenumber: digit by digit the same as above 1.).b.)
f.) Demosystem: needless to say, this is Off
3.) network settings
a.) certainly the port 8443 must be available from outside the network
b.) VPN connection to the network must be possible
c.) the VPN connection setting has to be set in the iPad(iPhone
If this all is set and done,
1.) you first have to establish a VPN connection with your iPad/iPhone
2.) and now/than you should be able to connect to the company with the iPad/iPhone App
Hope this helps and make it e little bit clearer how this all works.
The SBO App is "nothing else" as an WebService-Call-Interface from the iPad/iPhone to the B1i Server. Every form/view you are filling in the App, is a WebService call/request to SAP Business One. To Send this WebService Request to the B1i Server, you first have to connect into the company network (via VPN) otherwise you call cannot reach the B1i Server ...
regards from Hamburg,
Heiko -
I have a mid-2010 iMac and just purchased a 2TB TC, I just found out that it can't join existing wireless network with new AC standard so attached to iMac via ethernet with TC's wifi turned off. How do i access TC now? not showing up in disk utility or on desktop. It is working fine with TM. My cheeper seagate drives etc kept crashing, so i didnt trust cheeper back up options anymore. Connected those drives to TM via firewire and could see the drives and access them.
Also, I didn't want to bridge TC with my new fios router that I paid 100 dollars for, to get N speed and also paying 10 dollars more a month for fast speed. I heard that bridging slows down everything and then there can be port issues with mail etc. I connect to the internet via airport only and it is pretty fast. Getting over 50mbs downloads and over 30mbs uploads. Plus everything in my home it connected to my fios router, airport express for music streaming, two apple tvs, vuezone camer system. I really didn't want to monkey around too much with my system. But are there other options to connect the new TC. Can't find info anywhere for this and called apple who gave me the info above. after hanging up, i see that i cant access my TC and I am wondering if i would have to reset it to turn wifi on again to make changes to the drive, turn off blinking light or repair it in disk utility if it should become corrupted.
For other with similar issues i did solve some other problems: when i connected it to my ethernet port on my iMac wifi stopped working. Found that I had to turn off the ethernet in the system>network screen, but then TM didn't see the TC so i restarted after changes and then it saw it.
Now a rant. I can't believe in this wireless age that Apple would make a product that cant join a wireless net work. The apple rep said i could return it and look for the previous TC that would join an existing wireless network. Are we going backwards?
Thanks!
lennydasOk... it is getting a bit clearer but there are still some questions.
I connect to the internet via airport only and it is pretty fast.
I was assuming airport in this statement in your first post meant the TC or the Express.. but I now realise we are still in the mass confusion stage where apple calls everything wireless an airport. So what you mean is the airport internal card of the computer??
Also, I didn't want to bridge TC with my new fios router that I paid 100 dollars for, to get N speed and also paying 10 dollars more a month for fast speed. I heard that bridging slows down everything and then there can be port issues with mail etc.
I think this is mistaken.
Putting the TC in bridge mode plugged into your FIOS will not slow the network.. nor will it cause mail or port issues.. in bridge the TC is just a fancy WAP and switch plus the network hard drive.
If the computer is close it will be faster than the FIOS.
You can run both wireless networks with different names.. so it is clear which is which. But you can also setup roaming so the computers themselves pick which is the best wireless.
I tried extending the wireless net work and tried joining wireless network, but the TC kept crashing and I had to keep resetting the TC. the Apple support person said these, extend wireless network and joint wireless network, are no longer a connection option with the new TC because of the new AC protocol.
Thanks again!
You cannot extend to a non-apple wireless router.
You cannot use join a wireless network because when you do the ethernet ports will be cut off.
But that has not changed.. I don't think Apple support is correct.. there has been no change with the AC model.. it is simply a fact that apple routers do not work in join wireless mode other than as a dumb client. The same applies to AC as to the earlier version.. but I have asked another person to check this.
Join in the express is the only apple router that still allows an ethernet connection.
For now you best use of the TC is bridged to the FIOS. Wireless you can sort out between several options. -
Hi there.
I'm created topics currently that have drop down text effects in them.
Basically, I have a title which has got a little image next to it (a plus expand sign image).
When you click either the image of the title text, the drop down text appears as intended.
Is there anyway I can get it, so that when you click either the text or the image, the image changes to be a minimise image?
The screenshots below demonstrate what I mean a bit clearer.
Thanks very much,
CraigHi Craig
All I can say is that the script or whatever simply isn't finding the image if you are viewing from the compiled CHM. When you compile, you need to ensure that everything is in the place it needs to be. For example, maybe you have a folder in your project and you added the image to the folder. But in reality, it's looking for the image in the project root. Because the image is in the folder, it cannot be found.
I'd suggest a double-check of things just to be certain.
Cheers... Rick
Helpful and Handy Links
RoboHelp Wish Form/Bug Reporting Form
Begin learning RoboHelp HTML 7 or 8 moments from now - $24.95!
Adobe Certified RoboHelp HTML Training
SorcererStone Blog
RoboHelp eBooks -
Cisco ASA 5505 Blocking LAN Domain Queries
Hi guys,
Okay my scenario, datacentre hosted system with 4 servers connected to a CISCO ASA5505, everything was working fine with 4x windows server 2003 machines but since pulling 2 out and replacing them with windows server 2008 machines i get a flood of the error below and it blocks communications back to the IP listed which is the domain controller so naturally this makes the 2 new servers unusable.
1: they are all connected to the inside VLAN directly via the ASA's switch ports.
2: the are all in the same 255.255.255.0 subnet including the ASA inside interface
3: removing the gateway on the affected machines makes no difference the ASA continues to block it which indicates whether or not the machines use the asa as a gateway its inspecting the traffic and blocking
I have posted the error below and my config, its strange its only affecting the new server 2008 machines and im hoping you can offer suggestions.
Errors:
2 Dec 08 2012 12:02:41 106007 10.50.15.117 55068 DNS Deny inbound UDP from 10.50.15.117/55068 to 10.50.15.5/53 due to DNS Query
Result of the command: "show run"
: Saved
ASA Version 8.2(1)
hostname xxxxx-ASA5505
domain-name xxx.local
enable password
passwd
names
name 10.50.17.0 Hobart description Hobart
name 10.50.16.0 Launceston description Launceston
name 10.50.18.0 Burnie description Burnie
name 10.50.24.0 Devonport description Devonport
name 10.50.23.0 burniewilmot description burniewilmot
name 10.50.35.0 Warrnamboolmain description warrnamboolmain
name 10.50.30.0 hamilton description hamilton
name 10.50.20.0 Portland description Portland
name 10.50.31.0 Camperdown description Camperdown
name 10.50.32.0 wboolsh description wboolsh
name 10.50.33.0 wblthy description wblthy
dns-guard
interface Vlan1
nameif inside
security-level 100
ip address 10.50.15.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 111.223.228.154 255.255.255.248
interface Vlan5
no forward interface Vlan1
nameif dmz
security-level 50
ip address dhcp
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone EST 10
clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00
dns server-group DefaultDNS
domain-name xxx.local
object-group service IpPrinting tcp
port-object eq 9100
object-group icmp-type icmp
icmp-object alternate-address
icmp-object conversion-error
icmp-object echo
icmp-object echo-reply
icmp-object information-reply
icmp-object information-request
icmp-object mask-reply
icmp-object mask-request
icmp-object mobile-redirect
icmp-object parameter-problem
icmp-object redirect
icmp-object router-advertisement
icmp-object router-solicitation
icmp-object source-quench
icmp-object time-exceeded
icmp-object timestamp-reply
icmp-object timestamp-request
icmp-object traceroute
icmp-object unreachable
object-group network dns_servers
network-object host 10.50.15.5
object-group service domain udp
port-object eq domain
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object udp
protocol-object tcp
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit tcp any any eq domain
access-list inside_access_in extended permit udp any any object-group domain
access-list outside_access_in extended permit ip any any inactive
access-list outside_access_in extended permit tcp any 111.223.228.152 255.255.255.248 eq smtp
access-list outside_access_in extended permit tcp any 111.223.228.152 255.255.255.248 eq www
access-list vpnusers_splitTunnelAcl standard permit 111.223.231.120 255.255.255.248
access-list inside_nat0_outbound extended permit ip 111.223.231.120 255.255.255.248 14.0.0.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip 111.223.231.120 255.255.255.248 111.223.228.152 255.255.255.248
access-list inside_nat0_outbound extended permit ip 10.50.15.0 255.255.255.0 111.223.228.152 255.255.255.248
access-list inside_nat0_outbound extended permit ip 10.50.15.0 255.255.255.0 Hobart 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.50.15.0 255.255.255.0 Warrnamboolmain 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.50.15.0 255.255.255.0 Launceston 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 14.0.0.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip 10.50.15.0 255.255.255.0 Burnie 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.50.15.0 255.255.255.0 Devonport 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.50.15.0 255.255.255.0 burniewilmot 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.50.15.0 255.255.255.0 hamilton 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.50.15.0 255.255.255.0 Portland 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.50.15.0 255.255.255.0 Camperdown 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.50.15.0 255.255.255.0 wboolsh 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.50.15.0 255.255.255.0 wblthy 255.255.255.0
access-list outside_1_cryptomap extended permit ip 10.50.15.0 255.255.255.0 Hobart 255.255.255.0
access-list outside_1_cryptomap_1 extended permit ip 10.50.15.0 255.255.255.0 Launceston 255.255.255.0
access-list outside_2_cryptomap extended permit ip 10.50.15.0 255.255.255.0 Burnie 255.255.255.0
access-list outside_3_cryptomap extended permit ip 10.50.15.0 255.255.255.0 Hobart 255.255.255.0
access-list outside_4_cryptomap extended permit ip 10.50.15.0 255.255.255.0 burniewilmot 255.255.255.0
access-list outside_5_cryptomap extended permit ip 10.50.15.0 255.255.255.0 Warrnamboolmain 255.255.255.0
access-list outside_6_cryptomap extended permit ip 10.50.15.0 255.255.255.0 hamilton 255.255.255.0
access-list outside_7_cryptomap extended permit ip 10.50.15.0 255.255.255.0 Portland 255.255.255.0
access-list outside_8_cryptomap extended permit ip 10.50.15.0 255.255.255.0 Camperdown 255.255.255.0
access-list outside_9_cryptomap extended permit ip 10.50.15.0 255.255.255.0 wboolsh 255.255.255.0
access-list outside_10_cryptomap extended permit ip 10.50.15.0 255.255.255.0 wblthy 255.255.255.0
access-list dmz_access_in extended permit tcp any interface outside eq www inactive
access-list dmz_access_in extended permit tcp any 111.223.228.152 255.255.255.248 eq smtp
pager lines 24
logging enable
logging asdm warnings
mtu inside 1300
mtu outside 1300
mtu dmz 1500
ip local pool vpnclient 14.0.0.1-14.0.0.15 mask 255.0.0.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 10.50.15.0 255.255.255.0
static (outside,inside) tcp 10.50.15.5 www 0.0.0.0 www netmask 255.255.255.255
static (inside,outside) tcp interface www 10.50.15.5 www netmask 255.255.255.255 dns
static (inside,outside) tcp interface smtp 10.50.15.5 smtp netmask 255.255.255.255 dns
static (inside,inside) 10.50.15.0 255.255.255.0 netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
access-group dmz_access_in in interface dmz
route outside 0.0.0.0 0.0.0.0 111.223.228.153 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-reco
rd DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 outside
http 10.50.15.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set esp-des-sha esp-des esp-sha-hmac
crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec df-bit clear-df outside
crypto dynamic-map outside_dyn_map 1 set transform-set ESP-3DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 58.96.86.56
crypto map outside_map 1 set transform-set esp-des-sha
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map0 1 match address outside_1_cryptomap_1
crypto map outside_map0 1 set peer 59.167.207.106
crypto map outside_map0 1 set transform-set ESP-3DES-SHA
crypto map outside_map0 2 match address outside_2_cryptomap
crypto map outside_map0 2 set peer 59.167.204.53
crypto map outside_map0 2 set transform-set ESP-3DES-SHA
crypto map outside_map0 3 match address outside_3_cryptomap
crypto map outside_map0 3 set pfs
crypto map outside_map0 3 set peer 203.45.159.34
crypto map outside_map0 3 set transform-set ESP-3DES-SHA
crypto map outside_map0 4 match address outside_4_cryptomap
crypto map outside_map0 4 set peer 203.45.134.39
crypto map outside_map0 4 set transform-set ESP-3DES-SHA
crypto map outside_map0 5 match address outside_5_cryptomap
crypto map outside_map0 5 set peer 58.96.75.47
crypto map outside_map0 5 set transform-set ESP-3DES-SHA
crypto map outside_map0 6 match address outside_6_cryptomap
crypto map outside_map0 6 set peer 58.96.85.151
crypto map outside_map0 6 set transform-set ESP-3DES-SHA
crypto map outside_map0 7 match address outside_7_cryptomap
crypto map outside_map0 7 set peer 58.96.78.238
crypto map outside_map0 7 set transform-set ESP-3DES-SHA
crypto map outside_map0 8 match address outside_8_cryptomap
crypto map outside_map0 8 set peer 58.96.69.82
crypto map outside_map0 8 set transform-set ESP-3DES-SHA
crypto map outside_map0 9 match address outside_9_cryptomap
crypto map outside_map0 9 set peer 58.96.83.244
crypto map outside_map0 9 set transform-set ESP-3DES-SHA
crypto map outside_map0 10 match address outside_10_cryptomap
crypto map outside_map0 10 set peer 58.96.80.122
crypto map outside_map0 10 set transform-set ESP-3DES-SHA
crypto map outside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map0 interface outside
crypto isakmp enable outside
crypto isakmp policy 2
authentication pre-share
encryption 3des
hash sha
group 1
lifetime 86400
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication pre-share
encryption des
hash sha
group 1
lifetime 86400
crypto isakmp policy 70
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 10.50.15.50-10.50.15.55 inside
dhcpd dns 10.50.15.5 interface inside
no threat-detection basic-threat
no threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 130.194.10.150
webvpn
group-policy xxx internal
group-policy xxx attributes
dns-server value 10.50.15.5
vpn-tunnel-protocol IPSec
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
dhcp-network-scope 14.0.0.0
vpn-tunnel-protocol IPSec webvpn
ipv6-address-pools none
group-policy vpnusers internal
group-policy vpnusers attributes
dns-server value 10.50.15.5 139.130.4.4
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpnusers_splitTunnelAcl
username aspireremote password
username aspireremote attributes
service-type remote-access
username richard.lawes password
username netscreen password
tunnel-group DefaultL2LGroup ipsec-attributes
isakmp keepalive threshold 15 retry 2
tunnel-group DefaultRAGroup ipsec-attributes
isakmp keepalive threshold 15 retry 2
tunnel-group DefaultWEBVPNGroup ipsec-attributes
isakmp keepalive threshold 15 retry 2
tunnel-group TunnelGroup1 type remote-access
tunnel-group TunnelGroup1 general-attributes
address-pool (outside) vpnclient
address-pool vpnclient
default-group-policy GroupPolicy1
dhcp-server 192.168.0.5
tunnel-group TunnelGroup1 ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 15 retry 2
tunnel-group vpnusers type remote-access
tunnel-group vpnusers general-attributes
address-pool vpnclient
default-group-policy vpnusers
tunnel-group vpnusers ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 15 retry 2
tunnel-group 59.167.207.106 type ipsec-l2l
tunnel-group 59.167.207.106 ipsec-attributes
pre-shared-key *
tunnel-group aspirevpn type remote-access
tunnel-group aspirevpn general-attributes
address-pool vpnclient
default-group-policy xxxvpn
tunnel-group xxxvpn ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 15 retry 2
tunnel-group 59.167.204.53 type ipsec-l2l
tunnel-group 59.167.204.53 ipsec-attributes
pre-shared-key *
tunnel-group 203.45.159.34 type ipsec-l2l
tunnel-group 203.45.159.34 ipsec-attributes
pre-shared-key *
tunnel-group 203.45.134.39 type ipsec-l2l
tunnel-group 203.45.134.39 ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 15 retry 2
tunnel-group 58.96.75.47 type ipsec-l2l
tunnel-group 58.96.75.47 ipsec-attributes
pre-shared-key *
tunnel-group 58.96.85.151 type ipsec-l2l
tunnel-group 58.96.85.151 ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 15 retry 2
tunnel-group 58.96.78.238 type ipsec-l2l
tunnel-group 58.96.78.238 ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 15 retry 2
tunnel-group 58.96.69.82 type ipsec-l2l
tunnel-group 58.96.69.82 ipsec-attributes
pre-shared-key *
tunnel-group 58.96.83.244 type ipsec-l2l
tunnel-group 58.96.83.244 ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 15 retry 2
tunnel-group 58.96.80.122 type ipsec-l2l
tunnel-group 58.96.80.122 ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 15 retry 2
prompt hostname contextHello Richard,
My first though is why is the ASA receiving this traffic is this is traffic that should not reach the default-gateway.
Anyway try the following
same-security-traffic permit intra-interface
Let me know how it goes
Julio -
How can I route internet traffic over IPSec point to point?
I have a remote site that connects by IPSEC with the end points on a router and ASA. The connection is working fine and the remote site can access my other networks at the main headquarters. The problem is, currently this remote site is accessing the internet via the same link that is supposed to VPN everything back to headquarters. I need to figure out how to VPN their internet traffic to my main headquarters. There's an IPrism behind the firewall to filter web access so it seems like I need to point the remote sites default gateway to my routing device that's behind my Iprism?
Also, currently the outside interface on the remote site's router does not have an ACL applied, can someone suggest what that ACl should look like? Thank you for your help! Here is a sample configuration of the remote site's router:
crypto isakmp policy 20
(encryption parameters here)
crypto isakmp key password address x.x.x.x (Public ASA IP) no-xauth
crypto ipsec transform-set remotesite (encryption parameters here)
crypto ipsec df-bit clear
crypto map Mainsite 1 ipsec-isakmp
set peer x.x.x.x (Public ASA IP)
set transform-set remotesite
match address 100
interface FastEthernet0/0
description $ETH-LAN$
ip address 10.1.1.1 255.255.0.0
ip nbar protocol-discovery
interface FastEthernet0/1
description ISP Interface
ip address x.x.x.x (public IP) 255.255.255.0
crypto map Mainsite
crypto ipsec df-bit clear
ip route 0.0.0.0 0.0.0.0 x.x.x.x (ISP's default gateway)
access-list 100 remark Access list Mainsite Access
access-list 100 permit ip 10.1.0.0 0.0.255.255 10.3.0.0 0.0.255.255
and other various headquarter networks...Hi Mark, you can modify your crypto acl to permit any any on your remote site which will make all traffic goes through the tunnel. Then on ASA you need to do hairpinning on the outside interface. This will make users on remote site to access internet via HQ. But if you do it this way the internet traffic goes straight to internet without having them filtered by your iPrism.
What I am not sure about is if there is a way to do it if you want those traffics to be filtered by the iPrism before going out to internet.
HTH
Maybe you are looking for
-
How to create a different browser session within the same profile
Internet Explorer 8 lets you create a new session within a new browser window but how can I do the same with Firefox? I know if you switch user profiles then you can have two browsers in different sessions but I would like to have two sessions using
-
Create quotation based on notification
Hello All, Can any one tell me hwo to create quotation based on notification. I know the BAPI's BAPI_QUOTATION_CREATEFROMDATA2 has to be used to create quotation i get diffrent errors like 1) in sufficient parameters 2) Sales document was not change
-
Hello , I have a serious problem. I am using Asha 201. Today I update my browser. But after updating, I couldn't open the browser. It shows the message "Conflicting Application". Please help me. Thank you.
-
I have just installed, uninstalled run CC cleaner tool etc but the message along the lines of "The procedure entry point crtCreateSymbolicLinkW could not be located in the dynamic link library MSVCR110.dll" Any thoughts about how to get this programm
-
Backup location during Duplicate db
hi, Is it possible to change the RMAN backup Location for the Auxillary db. ie., say on my Target the bakup location is /u03/rman/backup and on Auxillary host i copy the backup to /u01/rman backup How to tell RMAN to look at different destination dur