MAC: Uml290 & vzw access manager, IPSec VPN connections don't work
So, my vpn connections work if I use my UML290 on windows using verizon access manager
I am now using the new verizon access manager on my mac, and my VPN connections do NOT work. It tries to connect then immediately stops the attempt at connecting and fails (i can access other websites etc OK, I have connectivity!)
This is a huge problem for me
Hello,
I have been having the same problems. When not connected to VPN, things work fine. When VPN connects, all traffic stops passing, even though there is a successful connection. When I disconnect VPN, all traffic resumes.
I have gone through this with technical support even to the point of doing a trace during the problem and they confirm that the traffic drops, but do not feel it is a network issue. This problem does not happen with any other network adapter I use (Wi-Fi, T-mobile 4G laptop stick).
I've put together links of articles I have found online describing this problem and probable cause - which I think is an IP address conflict in the 10.x.x.x space. No resolution has been offered to me. I hope these articles help others or if they are having the same experience they might post here.
http://delicious.com/stacks/view/SL8rGb - "Verizon LTE problems with VPN using Pantech UML 290" - Link Stack
If anyone comes across a resolution or knows if there will be an update of any kind to fix this, I would appreciate it, thank you.
Similar Messages
-
VZW Access manager freezing MacBook Pro
I use VZW Access Manager to connect to the internet via bluetooth through my BlackBerry. I am using the latest version of the software. Sometimes VZW Access Mananger will freeze up after I have disconnected my phone. I've tried to force quit the application but it still displays the pinball when I try to reconnect via VZW Access Manager. The only way that I can completely force quit the program is to do a hard shut down. I've tried simply restarting the computer and shutting it down, but it freezes up when it tries to shut down/restart. Has anyone else experienced this?? Any suggestions?? Please help, it's starting to become really annoying! I purchased the MacBook Pro in November so it is relatively new....
Uninstall Virus Barrier don't use it again. ClamXav is free and won't bugger up your machine.
Uninstall your RIM software, check for updates/compatability with iTunes 11.
Run through this list of fixes 1-15.
Step by Step to fix your Mac
And make sure of your machines performance
Why is my computer slow?
Backup backup backup
Most commonly used backup methods -
I have create a ipsec vpn connection between asa router 500 and netgear vpn prosafe 318, the problwm I'm running into is , I have my separate from the above connection, Im only trying to give access to one sever, the other side can ping my ip, but I can not ping the other side at all, and when I do a tracert , it is not utilizing the vpn , it is using the internet. What is that Im missing or did wrong ?
This topic first appeared in the Spiceworks CommunityOn Spiceworks there's an article titled 10 signs SysAdmins are really superheroes - Yes, we mean you!http://community.spiceworks.com/topic/1099346-10-signs-sysadmins-are-really-superheroes-yes-we-mean-...and has a picture of an IT guy with the Superman S under his shirt. So I responded with Based on Man of Steel , I believe you have an anarachrinistic impression of Clark Kent.As we all know now... Pa Kent's paranoia regarding the alien-nature of Clark's being means that maintaining the secret of Clark's origins is the primary mission no matter what is happening in the environment. Thus Pa Kent's noble death saving a stupid dog from the path of a tornado.. making it clear to Clark to do nothing. Who wouldn't want a husband and father like that?
-
ASA 5505 IPSEC VPN connected but can't access to LAN
ASA : 8.2.5
ASDM: 6.4.5
LAN: 10.1.0.0/22
VPN Pool: 172.16.10.0/24
Hi, we purcahsed a new ASA 5505 and try to setup IPSEC VPN via ASDM; i just simply run the Wizards, setup vpnpool, split tunnelling,etc.
I can connect to the ASA by using cisco VPN client and internet works fine on the local PC, but it cannot access to the LAN (can't ping. can't remote desktop). I tried the same thing on our Production ASA(those have both Remote VPN and Site-to-site VPN working), the new profile i created worked fine.
Below is my configure, do I mis-configure anything?
ASA Version 8.2(5)
hostname asatest
domain-name XXX.com
enable password 8Fw1QFqthX2n4uD3 encrypted
passwd g9NiG6oUPjkYrHNt encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.1.1.253 255.255.252.0
interface Vlan2
nameif outside
security-level 0
ip address XXX.XXX.XXX.XXX 255.255.255.240
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns server-group DefaultDNS
domain-name vff.com
access-list vpntest_splitTunnelAcl standard permit 10.1.0.0 255.255.252.0
access-list inside_nat0_outbound extended permit ip 10.1.0.0 255.255.252.0 172.16.10.0 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging trap warnings
logging asdm informational
logging device-id hostname
logging host inside 10.1.1.230
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 172.16.10.1-172.16.10.254 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server AD protocol nt
aaa-server AD (inside) host 10.1.1.108
nt-auth-domain-controller 10.1.1.108
http server enable
http 10.1.0.0 255.255.252.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 10.1.0.0 255.255.252.0 inside
ssh timeout 20
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy vpntest internal
group-policy vpntest attributes
wins-server value 10.1.1.108
dns-server value 10.1.1.108
vpn-tunnel-protocol IPSec l2tp-ipsec
password-storage disable
ip-comp disable
re-xauth disable
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpntest_splitTunnelAcl
default-domain value XXX.com
split-tunnel-all-dns disable
backup-servers keep-client-config
address-pools value vpnpool
username admin password WeiepwREwT66BhE9 encrypted privilege 15
username user5 password yIWniWfceAUz1sUb encrypted privilege 5
username user3 password umNHhJnO7McrLxNQ encrypted privilege 3
tunnel-group vpntest type remote-access
tunnel-group vpntest general-attributes
address-pool vpnpool
authentication-server-group AD
authentication-server-group (inside) AD
default-group-policy vpntest
strip-realm
tunnel-group vpntest ipsec-attributes
pre-shared-key BEKey123456
peer-id-validate nocheck
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:447bbbc60fc01e9f83b32b1e0304c6b4
: endI change a Machine's gateway to this ASA and capture again, now we can see some reply.
All ohter PCs and switches gateway are point to another ASA, maybe that's the reason why i didn't work?
what's the recommanded way to make our LAN to have two 2 gateways(for load balance or backup router, etc)?
add two gateways to all PCs and swtichwes?
1: 18:15:48.307875 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
2: 18:15:49.777685 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
3: 18:15:51.377147 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
4: 18:15:57.445777 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
5: 18:15:58.856324 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
6: 18:16:00.395090 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
7: 18:16:06.483464 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
8: 18:16:08.082805 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
9: 18:16:09.542406 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 68
10: 18:16:20.640424 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.230: icmp: echo request
11: 18:16:20.642193 802.1Q vlan#1 P0 10.1.1.230 > 172.16.10.1: icmp: echo reply
12: 18:16:21.169607 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.230: icmp: echo request
13: 18:16:21.171210 802.1Q vlan#1 P0 10.1.1.230 > 172.16.10.1: icmp: echo reply
14: 18:16:22.179556 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.230: icmp: echo request
15: 18:16:22.181142 802.1Q vlan#1 P0 10.1.1.230 > 172.16.10.1: icmp: echo reply
16: 18:16:23.237673 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.230: icmp: echo request
17: 18:16:23.239291 802.1Q vlan#1 P0 10.1.1.230 > 172.16.10.1: icmp: echo reply
18: 18:16:27.676402 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 50
19: 18:16:29.246935 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 50
20: 18:16:30.676921 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137: udp 50
21: 18:16:49.539660 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.233: icmp: echo request
22: 18:16:54.952602 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.233: icmp: echo request
23: 18:17:04.511463 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.233: icmp: echo request -
Cisco ASA 5505 Remote Access IP/Sec VPN Connectivity Issues
We have a Cisco ASA that we use just for Remote Access VPN. It uses UDP and was working fine for about 2 months. Recently clients have had intermittent issues when connecting from home. The following message is display by the Cisco VPN Client :
"Secure VPN connection terminated locally by the Client. Reason 412: The remote peer is no longer responding"
Upon looking at a client side packet capture, I notice that no response is being given back to the client for the udp packets sent to the ASA on udp 500. If I login to the ASA from the LAN and send a single ping FROM the ASA, then the client can connect without issue. I don't understand the significance of the needed outbound ping since ping is not used by the client to test if the ASA is alive.
Once again this is a remote access udp ip/sec VPN. I set most of it up with the VPN wizard and then backed up the config. The issue started happening at least a month after setup (maybe two) and I restored to the saved config just in-case, but the issue remains.
Any insight would be greatly appreciated.
I'm using IOS 831 and have tried 821 and 823 as one thread that I found recommended downgraded to 821.
Thanks much,
JustinJavier,
I logged into the ASA last time the VPN went down. I issued the following commands:
debug crypto isakmp 190
debug crypto ipsec 190
capture outside-cap interface outside match udp any any
I then used a remote access tool to access the client and tried to connect. I got absolutely nothing from debugging. So I issued the following command:
show capture outside | include 500
and also got nothing. So I issued the following command:
ping 4.2.2.2
Upon which my normal deug messaged began to showup, so I issued the show capture outside command again and recieved the expected output below:
1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 868
2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 444
3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 172
4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 76
5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 92
6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 76
7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 60
8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 204
9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 92
10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 252
11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 868
12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 444
13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 172
14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 76
15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 92
16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 76
17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 60
18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 204
19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 252
20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 1036
21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 92
22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 188
23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 60
34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 92
35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 92
70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000: udp 100
174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000: udp 500
377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000: udp 100 1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 868
2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 444
3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 172
4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 76
5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 92
6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 76
7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 60
8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 204
9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 92
10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 252
11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 868
12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 444
13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 172
14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 76
15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 92
16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 76
17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 60
18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 204
19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 252
20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 1036
21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 92
22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 188
23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 60
34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 92
35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 92
70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000: udp 100
174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000: udp 500
377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000: udp 100
It would seem as if no traffic reached the ASA until some outbound traffic to an arbitrary public IP. In this case I sent an echo request to a public DNS server. It seems almost like a state-table issue although I don't know how ICMP ties in.
Once again, any insight would be greatly appreciated.
Thanks,
Justin -
Mac Pro refuses to establish a vpn connection
Hello out there...
I have a 6 month old Mac Pro. Unfortunately this computer refuses to establish a reliable vpn connection to my office. All the other gear I have (powerBook, iPad and iPhone) does it.
The Mac Pro is erratic. Sometimes he connects but then all of a sudden after two or three minutes the vpn connection is beeing closed. The other day it works for hours....
He did so before the system upgrade and does it now after the upgrade to 10.6.8
I am realy desperate to get a solution for that....
All the best
PeterHi Kris,
The ASA supports different kinds of VPN, i.e. SSL (aka SVC for Ssl Vpn Client), IPsec or L2TP/IPsec.
For IPsec it suports both IKEv1 and IKEv2 (as of version 8.4).
On the client side,
the legacy Cisco VPN client uses IPsec with IKEv1.
Anyconnect 2.x uses SSL.
Anyconnect 3.x can use either SSL or IPsec/IKEv2.
So the Cisco clients do not use L2TP, but L2TP functionality is built-in in some OS's, like Windows and Android.
Personally I have not had the opportunity yet to lay my hands on an Android device to try this out, so I hope Michael or the people in the other thread can help you out if you need more details.
As to what's different, that's a short question with a long answer
One important difference between SSL and IPsec is that at some places IPsec may not work because the network provider blocks UDP500, while SSL uses TCP443 which is usually not blocked because it's the standard port for HTTPS.
Another one is that for Anyconnect, you need a license on the ASA (it does include a free license for 2 concurrent users).
Just a few pointers:
And probably Wikipedia is a good place to start reading as well if you want the full picture
hth
Herbert -
IPSec VPN brings up login box but will not connect after entering password. Have tried this on both IPAD and IPhone 4. Can anyone help?
Uggh, it's so frustrating! I've googled every search phrase I can think of and this seems to be the only thread describing this exact issue. I'm always automatically logged into Facebook on my MBP but just to be sure I logged out and back in and it worked fine.
I gotta say, I wasn't a fan of the Droid I had preceding this iPhone, and from what I hear the iPhone app for FB is a thousand times better - not that I'd know personally because I can't log in!! - but I could always access my FB account on the droid. Just sayin... -
Is there a limit to the number of concurrent L2TP/IPSec VPN connections in Snow Leopard
Hi,
I'm currently running an L2TP/IPSec service from a Snow Leopard server VM running on the latest version of Lion Server ( Had loads of issues with Lion VPN connectivity from outside our network when I first upgraded the physical server to Lion. quickest way to get the service back was to run an S/L VM. I know that there have been some changes to Lion in the VPN area, but this works... sort of;;;)
I've got an IP address pool of 20 addresses confgured as this is only for ICT staff members. Each user has a local userid/password on the S/L server. For me, things just work.
iPhone, iPad, OS X lion client they all work and I've had about 3 simultaneous connections up and running.However, the majority of staff users use Windows 7 client machines and they're been reporting sporadic connection failures where one moment they can get connected and the next they can't. I'm currently wondring if there is some concurrent limit setting they are hitting and are getting slung off because I've got other users using the service. It would be a bit strange if S/L can only support 2 or 3 connections out of the box.
Then again it might be VMWare Fusion (Vsn 4.1.1) thats the problem.
Any help apppreciated
Rgds
AlexYou have to count to have about 30GB at least free on the startup disk, after you have the library loaded.
On the external you have space enough.
As far as I know there is no limit for iPhoto, but I suggest to not let it grow too much, because everything will become sluggish, also making backups. It should be possible to split up in more libraries, one that is really actual and one that is the past. Physical splitting up I mean, not smart collections. You can switch libraries by holding the Alt(option) at startup of iPhoto. -
Text Spam to VZW Access Manager - @ $.20 a pop
I was surprised when I booted up Access Manager today to find a "..Great Deal for Home Mortages.." and I just found out it cost me 20 cents to receive it. How that happened I don't know because I don't even know my Verizon USB modem number, much less given it out to anybody else.
Now this brings up several points:
1. Why isn't/can't a technically savvy company like Verizon screening out these obvious spams?
2. Why isn't blocking Text Messaging a do-it-yourself option in Access Manager itself?
3. Why aren't they answering their <BLANK> 'ing 800 922 0202 phone number! -the only way I've found on these forums to block text messaging. (maybe because everybody is now trying to do exactly what I'm trying to do?)
Note: re-posted from another topic.This website is amazingly frustrating trying to find the details of my own plan. To answer a few of my own points I must conclude it's deliberate on Verizon's part to keep us in the dark regarding one of the their income generators.
boilerplate: http://support.vzw.com/terms/products/messaging.html
OK; When I receive messages from Verizon they're listed as "A Free Message from Verizon". Not the case with spam. My account balance is keeping a count of my non-free messages -(haven't been billed yet)
Another "feature" offered is "Unlimited texting from mobile to mobile" - in other words from one Verizon number ONLY to another Verizon number. If we were truely unlimited this "feature" would be redundant.
Lastly we (broadband users) are offered paid upgrades for additional texting loads. Look over these plans:
https://ebillpay.verizonwireless.com/vzw/accountholder/services/viewFeatures.action
And a variety of complaints found with a simple search:
http://community.vzw.com/t5/Messaging-Text-Picture-IM-etc/20-cents-per-text-It-was-unlimited-texting-when-I-was-with/m-p/69409#M3474
http://community.vzw.com/t5/DROID-X-by-Motorola/Junk-SPAM-Text-Messages/m-p/401004#M19293
And most appropriatly where I got the "wrong" number:
http://community.vzw.com/t5/Broadband-Netbook-Devices/Charged-for-spam-text-message-to-broadband-modem/m-p/293896#M4520 -
Access Manager Failed to Connect to Directory Server
Dear All,
I have problem with Directory Server connection in Access Manager. This happened in Production site, all application that integrated with Oracle Access Manager (OAM) for Single Sign On are not accessible after the Directory Server connection problem occur in OAM. The problem has only started occurring suddenly, before it the all service including the OAM and Directory Server is running well. Below are the error messages that appear in WebGate log file (ohs1.log) and OAM log file (oblog.log) :
>> OHS/WebGate (ohs1.log) :
[2014-01-21T09:25:12.0053+07:00] https://community.oracle.com/OHS https://community.oracle.com/OHS-9999 https://community.oracle.com/apache2entry_web_gate.cpp host_id: <WEBGATE_HOSTNAME> [host_addr:10.10.254.178] [ecid: 004w76rlRYt0NuapxKL6iW0000sE001oGY] The host and port from the requested URL could not be found in the Policy database. Check if the corresponding directory service is up.
>> OAM (Oblog.log):
2014/01/15@03:12:23.833746 [30573 30606 | tel:30573%20%20%2030606] DB_RUNTIME ERROR 0x000008C1 ../ldap_connection_mngr.cpp:443 "Failed to connect to directory server" lpszHost<LDAP_HOSTNAME_VIA_LOADBALANCER> port<LDAP_PORT_VIA_LOAD_BALANCER>
The OAM using the Load Balancer between the LDAP Directory Server to OAM's component. When the error appears, there are no problem with the Load Balancer and all of Directory Sever services is up. There are two Directory Server servers in Multi Master Replication and 14 WebGate servers that integrated with OAM. Is there a limitation number of WebGate for integrated to the OAM?
I have tried to set some parameters in OAM configuration to solve this problem. I set the Maximum Connection of Directory Server parameter to 10 value (in OAM Console), the LDAPOperationTimeout paramater to 1 hour value and the LDAPMaxNoOfRetries parameter to 2 value (in the globalparams.xml). After set these parameters, the error is not appear in some days, but suddenly appear again in the same error message. May be set these parameters is not appropriate solution for the problem or the value that I set is not correct. Any experience with this?
I still don't know what the root cause of this problem. Restart all of OAM services (including the WebGate) is temporary solution when the error appear.
Any idea for this problem?
Thanks in advice.Hi Jun-Y,
Thank you for your answer.
What do you means with the Directory Server's idle timeout is the "Idle Timeout" parameter in LDAP Client Control Settings?
I use Oracle Directory Server Enterprise 11.1.1.5.0. Now, the Directory Server's idle timeout parameter is "unlimited" value.
If the idle timeout of the load balancer set 1 hour, it means that I must change the directory server's idle timeout to be less than 1 hour. Isn't right? -
How to reduce the IPSec VPN connection establishment time
Hi,
I set up an IPSec VPN with NAT-T between two cisco router 871. In particular one router acts as a SERVER and the other one as a CLIENT. All the traffic coming from the hosts connected to the CLIENT-router is sent over the VPN (no split tunnel). Everything works perfectly.
The only problem is the amount of time the VPN takes to establish the first connection between the two routers. In particular it takes about two minutes.
Could anybody tell me if this amount of time can be reduced (with a partcular configuration instruction)?
Or this is the minimum amount of time required for the first connection establishment?
Thank you for your help.Sara,
Two minutes sound like a lot of time even with a super slow Internet connection. Could you share your configs to see if there is anything on the VPN config that is adding such a huge delay? The connection stablishment shouldnt take more than a few seconds.
Thanks,
Raga -
Hyper v manager: "virtual machine connection has stopped working", when connect to VM
Hello,
cannot find any info on web and View problem details in VIRTUAL MACHINE CONNECTION error box:
"virtual machine connection has stopped working".
I get this error when click Connect in HV Manager. The machines are on and are accessible through RDP.
This is a lab host after restart it randomly works. I have this problem during last week.
Just interesting to know what could cause the problem and if other were seeing something like that...
Also, can connect to machine from SCVMM.
Thx.
"When you hit a wrong note it's the next note that makes it good or bad". Miles DavisI have the same problem.. Running hyper-v manager from win7 x64 client...
Problem details:
Description:
Stopped working
Problem signature:
Problem Event Name: CLR20r3
Problem Signature 01: vmconnect.exe
Problem Signature 02: 6.1.0.0
Problem Signature 03: 4ce75fbd
Problem Signature 04: vmconnect
Problem Signature 05: 6.1.0.0
Problem Signature 06: 4ce75fbd
Problem Signature 07: 107
Problem Signature 08: 29
Problem Signature 09: System.ArgumentException
OS Version: 6.1.7601.2.1.0.256.4
Locale ID: 1033
I have the exact same issue (running windows 2008 R2 Enterprise). I can RDP to any of the VM but simply cannot connect using console. This is causing me grief since I have to create few more VMs and work with the existing VMs. Without console
access, I cannot create and do any config changes for new VMs. Can someone help. Things that I have tried so far.
1. Exported VMs
2 uninstalled .NET 4 & 3.5.
3. Hyper-v role removed.
4. Reinstalled Hyper-v, reinstalled .NET 4 & 3.5, patch current as of today.
5. Imported the VMs back and still cannot connect. Exactly same error. No errors in any logs in event viewer or Hyper-v logs.
6. Navigated to c:\Program Files\Hyper-v and manually run the VMCONNECT.EXE app (choosing the localhost/server and appropriate VM from the list) but no dice. The app just sits there for ever without any connection.
7. I am baffled and surprised no one has a solution. Tried multiple search engines.
8. The host machine is patch current as of today and there are no patches available to try. Reading through some forums, I have also installed some hotfixes with no luck.
9. Finally, I can see the little graphic for each VM changing as windows is loading or stopping in server manager for hyper-v.
Hoping someone has a solution. The error that pops up is exactly similar and no clues of the faulting module.
Appreciate your time and help. -
Zone Base Forewall for VPN connections does not work after IOS upgrade
Hi all,
We use cisco router 2911 as corporate gateway - there is Zone Based Firewall implemented - I upgraded IOS to last version (15.2(2)T1) - originaly version 15.1(4)M1 - to solve issue with Anyconnect connections (bug CSCtx38806) but I found that after upgrade the VPN users are not able to communicate with sources in other zones.
More specific
WebVPN use this virtual template interface
interface Virtual-Template100
description Template for SSLVPN
ip unnumbered GigabitEthernet0/1.100
zone-member security INSIDE
There are other zones VOICE, LAB, ...
In the policy any connection is allowed (used inspection of icmp, tcp and udp) from INSIDE zone to VOICE or LAB zone
After VPN connection I am able to reach resources in INSIDE zone (which is the most important), but not in other zones. Before upgrade it worked.
Once I changed zone in Virtual-Template interface to VOICE, I was able to reach sources in VOICE zone but not in any other. I searched more and found the stateful firewall is not working for connections from VPN as ping is blocked by policy on returning way - it means by policy VOICE->INSIDE, once I allowed communication from "destination" zone to INSIDE zone - the connections started to work, but of cause it is not something I want to setup.
Does anybody has the same experiance?
Regards
PavelIt seems to me I should add one importatant note - if client is connected directly in INSIDE zone, he can reach resources in other zones without any issue - so the problem is only when the client is connected by VPN - not in ZBF policy setup.
Pavel -
Sun Access Manager 2005Q1 session failover is not working
Hi All
I m using Sun access manager 2005Q1,message queue 2005Q1, Sun Directory server 5.2 ,BerkelyDb 4.2.52 and radware hardware load balancer with sticky session.
I m have configured message queue and BerkeleyDB and both are running with any error.
I m using http://docs.sun.com/source/817-7644/ch5_scenarios.html#wp41008 doc for session failover.
Simple failover is working fine but the Session failover is not working.
Any body has done session failover with Sun Access manager 2005 Q1 I m trying to resolve this issue last two month.
Please it is urgent.It works fine in 2005Q4, after applying a patch 120954 if I am not mistaken. But 2005Q4 and 2005Q1 are probably different in terms of session failover (site configuration etc.)
1. Stop both AM servers
2. Set logging to debug mode in AMConfig.properties.
3. Delete / move everything in /var/opt/SUNWam/debug
4. tail -f /var/opt/SUNWam/debug/amSession
5. Post that file here... you should be able to see if session failover is enabled etc....
hope this helps. -
Microsoft Access report to pdf-hyperlinks don't work
Hi,
Does anyone have a solution to hyperlinks not working when a Microsoft Access report is converted to a pdf? The hyperlinks work when I am in the Access report, but once I convert to a pdf (Acrobat 9), the links don' t work.
Thanks,
JamieHow did you convert? In looking at the PDF Maker options for AA8 in ACCESS 2007, there does not seem to be a link button in the preferences. That may the issue and I do not have a solution for that.
Maybe you are looking for
-
Oracle Entitlement Server Installation Error
As per tutorial I am installed the oracle10g data base and downloaded OES10.1.4.3.0_DBConfigTool_win32.zip file and executed the batch see the below steps I am getting the below error Any solution for this error ** Unable to create ALES Database Acco
-
Error: PL/SQL ORA-00932 inconsistent datatype when using LONG value
Good morning: I am using a work PL/SQL script where I am using a LONG value in a cursor. When I execute it, I am receiving: PL/SQL ORA-00932 inconsistent datatype: expected NUMBER got LONG set serveroutput ON SIZE 1000000 set heading off
-
SAP is printing extra blank page
When i print from windows server/print server/host printer the print is normal but when i print from SAP application an extra blank page is created. Please share solution if anyone have come across similar/same issue. Thank you, Narendra.
-
Restrict the Preventive Maintenance Order creation through IW31 for few users.
Dear Guru's, Good Day. My client requirement is he wants to restrict the Preventive Maintenance Orders through Transaction IW31 for few users. Is it possible through authorization? Please do the needful. Regards, Bhanu.
-
We are in the process of having our rep force login to the CRM UI and then click a button to launch ISA using SSO versus the current method of them logging into ISA. The issue is we have some custom code in our application that doesn't appear to wor