Not able to connecct SSH

Similar Messages

• Not able to configure SSH

  Hi,
  I'm using 1841 router.My question is I'm not able to configure SSH in this router ,Any IOS problem?
  Sh version
  Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.4(1c), RELEASE SO
  FTWARE (fc1)

  Hi Karthick
  You are currently running IP BASE Feature Set ios on your router you need to upgrade the same to Advanced Security Services or SP Services Feature set to have SSH support in your router..
  http://www.cisco.com/en/US/products/sw/iosswrel/ps5460/index.html
  regds

• Not able to enable SSH user equivalency for RAC on RHEL 4

  Hi All,
  I am trying to install oracle RAC 11g on RHEL4 (on VMware), I am using below document for reference.
  http://www.oracle-base.com/articles/11g/OracleDB11gR1RACInstallationOnOEL5UsingVMware.php
  Every thing went fine till "SSH user equivalency", but I am not able to SSH and SCP between servers without entering passwords.
  I have tried removing .ssh folder & recreating pub file twice but it did not helped.
  am i missing something?
  Please advice.
  Thanks,
  Abhay.

  Configure SSH on each node in the cluster. Log in as the "oracle" user and perform the following tasks on each node.
  su - oracle
  mkdir ~/.ssh
  chmod 700 ~/.ssh
  /usr/bin/ssh-keygen -t rsa # Accept the default settings.
  The RSA public key is written to the ~/.ssh/id_rsa.pub file and the private key to the ~/.ssh/id_rsa file.
  Log in as the "*oracle*" user on RAC1, generate an "authorized_keys" file on RAC1 and copy it to RAC2 using the following commands.
  su - oracle
  cd ~/.ssh
  cat id_rsa.pub >> authorized_keys
  scp authorized_keys rac2:/home/oracle/.ssh/
  Next, log in as the "oracle" user on RAC2 and perform the following commands.
  su - oracle
  cd ~/.ssh
  cat id_rsa.pub >> authorized_keys
  scp authorized_keys rac1:/home/oracle/.ssh/
  The "authorized_keys" file on both servers now contains the public keys generated on all RAC nodes.
  To enable SSH user equivalency on the cluster member nodes issue the following commands on each node.
  ssh rac1 date
  ssh rac2 date
  ssh rac1.localdomain date
  ssh rac2.localdomain date
  exec /usr/bin/ssh-agent $SHELL
  /usr/bin/ssh-add
  You should now be able to SSH and SCP between servers without entering passwords.
  hope, this may helps you.
  enjoy.
  if you are unable to resolve it, please refer:-
  http://download.oracle.com/docs/cd/B28359_01/rac.111/b28252/preparing.htm#BGBBDHIB
  http://dsstos. blogspot.com/2009/03/linux-oracle-rac-and-bonding-conundrum.html

• WHEN I USED TO CONNECT INTERNET FROM MY IPHONE 4S PERSONAL HOTSPOT VIA USB, AN ICON IN THE NETWORK PREFERENCE NAMED "IPHONE" GETS OPENED.... BUT NOW THIS IS NOT HAPPENING AND I AM NOT ABLE TO CONNECCT PERSONAL HOTSPOT VIA USB CABLE. PLEASE HELP ME OUT

  WHEN I USED TO CONNECT INTERNET FROM MY IPHONE 4S PERSONAL HOTSPOT VIA USB, AN ICON IN THE NETWORK PREFERENCE NAMED "IPHONE" APPEARS.... BUT NOW THIS IS NOT HAPPENING AND I AM NOT ABLE TO CONNECT PERSONAL HOTSPOT VIA USB CABLE. PLEASE HELP ME OUT???

  Please don't shout!   Using all uppercase means shouting on the internet.  If your keyboard is stuck please say so, otherwise people will think you are being obnoxious.
  Now the first question is, when you are saying connecting to personal hotspot, have you always been using the iPhone to connect to the internet?   Are you someplace where the only place to connect is available via tethering to the iPhone's celluar network?  Or do you have other options?

• I could not able to connect  with INTERNAL, says ORA-1017 invalid username/password,

  Hellow Everybody,
  PLZ Help...
  I could not able to connecct as INTERNAL.
  Some days ago I got connected gracefully.
  But now what has happedned it is no more connecting as INTERNAL.
  But can connect as SYS and SYSTEM gracefully in one attemt.
  Thankyou,
  Sumeet

  check the listener status in server end,
  lsnrctl status
  lsnrctl servicesif not start
  lsnrctl startThanks

• Not able to login after configuring SSH.Please reply

  i have configured AAA on Cisco aeronet 1400 series wireless bridge (AIR-BR1410A-A-K9).After configuring i am not able to login to the device via telnet and via putty.Soon after enabling SSH i am not able to login even through SSH.The below are the commands i have configured on the device.I used to configure the same commands on my Cisco Switches also.
  Layer -2
  ip domain-name NETS
  crypto key generate rsa general-keys modulus 1024
  ip ssh version 2
  aaa new-model
  aaa authentication login Login-LAN group tacacs+ line
  aaa authentication enable default group tacacs+ enable
  aaa accounting exec EXEC-LAN-L2 start-stop group tacacs+
  aaa accounting commands 1 Level-1-LAN-L2 start-stop group tacacs+
  aaa accounting commands 15 Level-15-LAN-L2 start-stop group tacacs+
  tacacs-server host 10.254.0.140 key !n01#zh3r3@|2
  line vty 0 4
  accounting commands 1 Level-1-LAN-L2
  accounting commands 15 Level-15-LAN-L2
  accounting exec EXEC-LAN-L2
  login authentication Login-LAN
  transport input ssh

  Hi,
  Check out the connectivity between cisco aeronet and TACAS server and what is the failed logs says in tacas server.
  If possible try to change the configuration to aaa authentication login Login-LAN(default) group tacacs+ line and then try what exactly happens.
  Hope that helps
  Regards
  Ganesh.H

• Not Able to Telnet or SSH Cisco ASA

  Hi,
  I am not able to do the following to Cisco ASA with one IP address 172.19.1.11, below is the configuration in ASA. Earlier it was working, all of a sudden it stopped working.
  Please help.
  1. Not Able to SSH
  2. Solarwinds not able to take information from ASA.
  http 172.19.1.11 255.255.255.255 inside
  snmp-server host inside 172.19.1.11 community srnemapd
  telnet 172.19.1.11 255.255.255.255 inside
  ssh 172.19.1.11 255.255.255.255 inside
  ntp server 172.19.1.11 source inside prefer

  Hi there,
  Just add a new IP address for ssh to ASA, this will kick start the demon.
  This new IP does not have to be a real one.
  Hope this helps.
  Thanks
  Rizwan Rafeek

• Not able to ssh to standby GSS

  Hi Experts,
  I am not able to ssh to standby GSS. It is configured for tacacs... I am able to ssh to primary without any issues.
  skdc-gss-int#gss status
  TACACS error. Attempting local authorization ...
  Cisco GSS - 3.1(0) GSSM - standby [Tue May 26 12:37:25 UTC 2009]
  Registered to primary GSSM: 10.71.250.130
  Normal Operation [runmode = 5]
  START SERVER
  May02 Boomerang
  May02 Config Agent (crdirector)
  May02 Config Server (crm)
  May02 DNS Server
  May02 Database
  May02 GUI Server (tomcat)
  May02 Keepalive Engine
  May02 Node Manager
  May02 Proximity
  May02 Sticky
  May02 Web Server (apache)
  May02 drp
  skdc-gss-int#
  skdc-gss-int#sh tacacs
  TACACS error. Attempting local authorization ...
  Current tacacs server configuration
  tacacs-server timeout 60
  tacacs-server keepalive-enable
  tacacs-server host x.x.x.x port 49 key j1b0ia
  tacacs-server host y.y.y.y port 49 key j1b0ia
  aaa authentication ssh local
  aaa authentication gui local
  aaa authorization commands
  aaa accounting commands
  skdc-gss-int#
  skdc-gss-int#sh users
  TACACS error. Attempting local authorization ...
  Username permission
  admin admin
  skdc-gss-int#

  I'm facing the same issue...
  How did you solve the problem?

• Sun Solaris 5.10 - SSH 1.1.3-Not able to connect to server with ssh -Urgent

  Hi,
  I am not able to coonect to a server using the using the below code.
  If i try the same code on the server to connect it self, it is working fine. But when i try to connect from other server it give the below error. And i am using the IBM Jdk while getting this error. Is there some setting to avoid this error.
  Error:
  INFO: Adding /usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar to the extension classpath
  ConfigurationLoader
  Nov 30, 2010 4:33:12 PM com.sshtools.j2ssh.transport.publickey.SshKeyPairFactory <clinit>
  INFO: Loading public key algorithms
  Error While SFTP
  java.util.NoSuchElementException
  at java.util.StringTokenizer.nextToken(StringTokenizer.java:332)
  at java.util.StringTokenizer.nextElement(StringTokenizer.java:390)
  at com.sshtools.j2ssh.transport.AbstractKnownHostsKeyVerification.<init>(Unknown Source)
  at com.sshtools.j2ssh.transport.ConsoleKnownHostsKeyVerification.<init>(Unknown Source)
  at com.sshtools.j2ssh.SshClient.connect(Unknown Source)
  at fileTransfer.connectToServer(fileTransfer.java:18)
  at fileTransfer.main(fileTransfer.java:56)
  Code:
  public static boolean connectToServer(String serverIp, int serverPort, String userId, String password)
  SshClient sfc = null;
  try {
  System.out.println("inside Try of as its SFTP");
  ConfigurationLoader.initialize(false);
  System.out.println("ConfigurationLoader");
  sfc = new SshClient();
  sfc.connect(serverIp, serverPort);
  System.out.println("sfc.connect");
  PasswordAuthenticationClient pwd = new PasswordAuthenticationClient();
  pwd.setUsername(userId);
  pwd.setPassword(password);
  int checkAuth = sfc.authenticate(pwd);
  System.out.println("checkAuth " + checkAuth);
  if (checkAuth == 4) {
  System.out.println("AuthenticationProtocolState.COMPLETE");
  SftpClient sftp = sfc.openSftpClient();
  sftp.quit();
  sfc.disconnect();
  else
  throw new Exception("Invalid User Name or Password for user");
  catch (Exception e)
  System.out.println("Error While SFTP ");
  sfc.disconnect();
  e.getStackTrace();
  return false;
  return true;
  }

  Could it be that you are missing the SSH certificate on the computer where you're experience the problem?
  From what I understand, you need to copy the valid certificate from our server to the other computer. Perhaps the following example will be useful:
  http://www.sun.com/bigadmin/content/submitted/ssh_setting.jsp
  http://www.lifelinux.com/setting-up-an-ssh-certificate/
  Edited by: Dude on Nov 30, 2010 12:12 PM

• VPN clients not able to ping Remote PCs & Servers : ASA 5520

  VPN is connected successfully. But not able to ping any remote ip or fqdn from client pc. But able to ping ASA 5520 firewalls inside interface. Also some clients able to access, some clients not able to access. I new to these firewalls. I tried most of ways from internet, please any one can help asap.
  Remote ip section : 192.168.1.0/24
  VPN IP Pool : 192.168.5.0/24
  Running Config :
   ip address 192.168.1.2 255.255.255.0
  interface GigabitEthernet0/2
   shutdown
   no nameif
   no security-level
   no ip address
  interface GigabitEthernet0/3
   shutdown
   no nameif
   no security-level
   no ip address
  interface Management0/0
   shutdown
   no nameif
   no security-level
   no ip address
   management-only
  passwd z40TgSyhcLKQc3n1 encrypted
  boot system disk0:/asa722-k8.bin
  ftp mode passive
  clock timezone GST 4
  dns domain-lookup outside
  dns domain-lookup inside
  dns server-group DefaultDNS
   name-server 213.42.20.20
   domain-name default.domain.invalid
  access-list outtoin extended permit tcp any host 83.111.113.114 eq 3389
  access-list outtoin extended permit tcp any host 83.111.113.113 eq https
  access-list outtoin extended permit tcp any host 83.111.113.114 eq smtp
  access-list outtoin extended permit tcp any host 83.111.113.114 eq https
  access-list outtoin extended permit tcp any host 83.111.113.114 eq www
  access-list outtoin extended permit tcp any host 83.111.113.115 eq https
  access-list outtoin extended permit tcp any host 94.56.148.98 eq 3389
  access-list outtoin extended permit tcp any host 83.111.113.117 eq ssh
  access-list fualavpn_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
  access-list outside_nat0_outbound extended permit ip 192.168.5.0 255.255.255.0
  92.168.1.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 1
  2.168.5.0 255.255.255.0
  access-list inet_in extended permit icmp any any time-exceeded
  access-list inet_in extended permit icmp any any unreachable
  access-list inet_in extended permit icmp any any echo-reply
  access-list inet_in extended permit icmp any any echo
  pager lines 24
  logging enable
  logging asdm informational
  logging from-address [email protected]
  logging recipient-address [email protected] level errors
  logging recipient-address [email protected] level emergencies
  logging recipient-address [email protected] level errors
  mtu outside 1500
  mtu inside 1500
  ip local pool fualapool 192.168.5.10-192.168.5.50 mask 255.255.255.0
  ip local pool VPNPool 192.168.5.51-192.168.5.150 mask 255.255.255.0
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-522.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound outside
  nat (inside) 1 192.168.1.0 255.255.255.0
  static (inside,outside) 94.56.148.98 192.168.1.11 netmask 255.255.255.255
  static (inside,outside) 83.111.113.114 192.168.1.111 netmask 255.255.255.255
  access-group inet_in in interface outside
  route outside 0.0.0.0 0.0.0.0 83.111.113.116 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout uauth 0:05:00 absolute
  group-policy DfltGrpPolicy attributes
   banner none
   wins-server none
   dns-server none
   dhcp-network-scope none
   vpn-access-hours none
   vpn-simultaneous-logins 10
   vpn-idle-timeout 30
   vpn-session-timeout none
   vpn-filter none
   vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
   password-storage disable
   ip-comp disable
   re-xauth disable
   group-lock none
   pfs disable
   ipsec-udp disable
   ipsec-udp-port 10000
   split-tunnel-policy tunnelall
   split-tunnel-network-list none
   default-domain none
   split-dns none
   intercept-dhcp 255.255.255.255 disable
   secure-unit-authentication disable
   user-authentication disable
   user-authentication-idle-timeout 30
   ip-phone-bypass disable
   leap-bypass disable
   nem disable
   backup-servers keep-client-config
   msie-proxy server none
   msie-proxy method no-modify
   msie-proxy except-list none
   msie-proxy local-bypass disable
   nac disable
   nac-sq-period 300
   nac-reval-period 36000
   nac-default-acl none
   address-pools none
   client-firewall none
   client-access-rule none
   webvpn
    functions url-entry
    html-content-filter none
    homepage none
    keep-alive-ignore 4
    http-comp gzip
    filter none
    url-list none
    customization value DfltCustomization
    port-forward none
    port-forward-name value Application Access
    sso-server none
    deny-message value Login was successful, but because certain criteria have no
   been met or due to some specific group policy, you do not have permission to u
  e any of the VPN features. Contact your IT administrator for more information
    svc none
    svc keep-installer installed
    svc keepalive none
    svc rekey time none
    svc rekey method none
    svc dpd-interval client none
    svc dpd-interval gateway none
    svc compression deflate
  group-policy fualavpn internal
  group-policy fualavpn attributes
   dns-server value 192.168.1.111 192.168.1.100
   vpn-tunnel-protocol IPSec
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value fualavpn_splitTunnelAcl
  username test password I7ZgrgChfw4FV2AW encrypted privilege 0
  username Mohamed password Vqmmt8cR/.Qu7LhU encrypted privilege 0
  username Moghazi password GMr7xgdqmGEQ2SVR encrypted privilege 0
  username Moghazi attributes
   password-storage enable
  username fualauaq password E6CgvoOpTKphiM2U encrypted privilege 0
  username fualauaq attributes
   password-storage enable
  username fuala password IFtijSYb7LAOV/IW encrypted privilege 15
  username Basher password Djf15nXIJXmayfjY encrypted privilege 0
  username Basher attributes
   password-storage enable
  username fualafac password VGC/7cKXW1A6eyXS encrypted privilege 0
  username fualafac attributes
   password-storage enable
  username fualaab password ONTH8opuP4RKgRXD encrypted privilege 0
  username fualaab attributes
   password-storage enable
  username fualaadh2 password mNEgLxzPBeF4SyDb encrypted privilege 0
  username fualaadh2 attributes
   password-storage enable
  username fualaain2 password LSKk6slwsVn4pxqr encrypted privilege 0
  username fualaain2 attributes
   password-storage enable
  username fualafj2 password lE4Wu7.5s7VXwCqv encrypted privilege 0
  username fualafj2 attributes
   password-storage enable
  username fualakf2 password 38oMUuwKyShs4Iid encrypted privilege 0
  username fualakf2 attributes
   password-storage enable
  username fualaklb password .3AMGUZ1NWU1zzIp encrypted privilege 0
  username fualaklb attributes
   password-storage enable
  username fualastr password RDXSdBgMaJxNLnaH encrypted privilege 0
  username fualastr attributes
   password-storage enable
  username fualauaq2 password HnjodvZocYhDKrED encrypted privilege 0
  username fualauaq2 attributes
   password-storage enable
  username fualastore password wWDVHfUu9pdM9jGj encrypted privilege 0
  username fualastore attributes
   password-storage enable
  username fualadhd password GK8k1MkMlIDluqF4 encrypted privilege 0
  username fualadhd attributes
   password-storage enable
  username fualaabi password eYL0j16kscNhhci4 encrypted privilege 0
  username fualaabi attributes
   password-storage enable
  username fualaadh password GTs/9BVCAU0TRUQE encrypted privilege 0
  username fualaadh attributes
   password-storage enable
  username fualajuh password b9QGJ1GHhR88reM1 encrypted privilege 0
  username fualajuh attributes
   password-storage enable
  username fualadah password JwVlqQNIellNgxnZ encrypted privilege 0
  username fualadah attributes
   password-storage enable
  username fualarak password UE41e9hpvcMeChqx encrypted privilege 0
  username fualarak attributes
   password-storage enable
  username fualasnk password ZwZ7fVglexrCWFUH encrypted privilege 0
  username fualasnk attributes
   password-storage enable
  username rais password HrvvrIw5tEuam/M8 encrypted privilege 0
  username rais attributes
   password-storage enable
  username fualafuj password yY2jRMPqmNGS.3zb encrypted privilege 0
  username fualafuj attributes
   password-storage enable
  username fualamaz password U1YUfQzFYrsatEzC encrypted privilege 0
  username fualamaz attributes
   password-storage enable
  username fualashj password gN4AXk/oGBTEkelQ encrypted privilege 0
  username fualashj attributes
   password-storage enable
  username fualabdz password tg.pB7RXJx2CWKWi encrypted privilege 0
  username fualabdz attributes
   password-storage enable
  username fualamam password uwLjc0cV7LENI17Y encrypted privilege 0
  username fualamam attributes
   password-storage enable
  username fualaajm password u3yLk0Pz0U1n.Q0c encrypted privilege 0
  username fualaajm attributes
   password-storage enable
  username fualagrm password mUt3A60gLJ8N5HVr encrypted privilege 0
  username fualagrm attributes
   password-storage enable
  username fualakfn password ceTa6jmvnzOFNSgF encrypted privilege 0
  username fualakfn attributes
   password-storage enable
  username Fualaain password Yyhr.dlc6/J7WvF0 encrypted privilege 0
  username Fualaain attributes
   password-storage enable
  username fualaban password RCJKLGTrh7VM2EBW encrypted privilege 0
  username John password D9xGV1o/ONPM9YNW encrypted privilege 15
  username John attributes
   password-storage disable
  username wrkshopuaq password cFKpS5e6Whp0A7TZ encrypted privilege 0
  username wrkshopuaq attributes
   password-storage enable
  username Talha password 3VoAABwXxVonLmWi encrypted privilege 0
  username Houssam password Cj/uHUqsj36xUv/R encrypted privilege 0
  username Faraj password w2qYfE3DkYvS/oPq encrypted privilege 0
  username Faraj attributes
   password-storage enable
  username gowth password HQhALLeiQXuIzptCnTv1rA== nt-encrypted privilege 15
  username Hameed password 0Kr0N1VRmLuWdoDE encrypted privilege 0
  username Hameed attributes
   password-storage enable
  username Hassan password Uy4ASuiNyEd70LCw encrypted privilege 0
  username cisco password IPVBkPI1GLlHurPD encrypted privilege 15
  username Karim password 5iOtm58EKMyvruZA encrypted privilege 0
  username Shakir password BESX2bAvlbqbDha/ encrypted privilege 0
  username Riad password iB.miiOF7qMESlCL encrypted privilege 0
  username Azeem password 0zAqiCG8dmLyRQ8f encrypted privilege 15
  username Azeem attributes
   password-storage disable
  username Osama password xu66er.7duIVaP79 encrypted privilege 0
  username Osama attributes
   password-storage enable
  username Mahmoud password bonjr0B19aOQSpud encrypted privilege 0
  username alpha password x8WO0aiHL3pVFy2E encrypted privilege 15
  username Wissam password SctmeK/qKVNLh/Vv encrypted privilege 0
  username Wissam attributes
   password-storage enable
  username Nabil password m4fMvkTgVwK/O3Ms encrypted privilege 0
  aaa authentication telnet console LOCAL
  aaa authentication ssh console LOCAL
  aaa authentication enable console LOCAL
  http server enable
  http 0.0.0.0 0.0.0.0 outside
  http 192.168.1.4 255.255.255.255 inside
  http 192.168.1.100 255.255.255.255 inside
  http 192.168.1.111 255.255.255.255 inside
  http 192.168.1.200 255.255.255.255 inside
  http 83.111.113.117 255.255.255.255 outside
  http 192.168.1.17 255.255.255.255 inside
  http 192.168.1.16 255.255.255.255 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map outside_dyn_map 20 set pfs
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  tunnel-group fualavpn type ipsec-ra
  tunnel-group fualavpn type ipsec-ra
  tunnel-group fualavpn general-attributes
   address-pool fualapool
   address-pool VPNPool
   default-group-policy fualavpn
  tunnel-group fualavpn ipsec-attributes
   pre-shared-key *
  tunnel-group fualavpn ppp-attributes
   authentication pap
   authentication ms-chap-v2
   authentication eap-proxy
  telnet 0.0.0.0 0.0.0.0 outside
  telnet 0.0.0.0 0.0.0.0 inside
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 outside
  ssh 192.168.1.0 255.255.255.0 inside
  ssh timeout 5
  console timeout 0
  management-access inside
  class-map inspection_default
   match default-inspection-traffic
  policy-map type inspect dns migrated_dns_map_1
   parameters
    message-length maximum 512
  policy-map global_policy
   class inspection_default
    inspect dns migrated_dns_map_1
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect icmp
    inspect icmp error
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:38e41e83465d37f69542355df734db35
  : end

  Hi,
  What about translating the traffic on the local ASA (Active unit) for traffic received from the VPN tunnel to the internal interface IP address? You can try something like nat (outside,inside) source dynamic obj-VpnRemoteTraffic interface destination static StandbyIP StandbyIP
  Regards,

• Not Able to use telnet and Rlogin

  Hi, since two of my system had unclean shutdown i am not been able to use Telnet and Rlogin or even SSh from my both of my system. the file in "/etc/default/login" is commented and there are system's entry in /etc/hosts file also. but still am not able to login i can ping both the system with each other. i am not even able to telnet localhost..!
  "sunshine# telnet localhost
  Trying 127.0.0.1...
  telnet: Unable to connect to remote host: Connection refused"
  Thanks
  atif

  are you sure your services are UP ?
  you can try :
  netstat -an | grep 23
  in order to see if port 23 is in LISTEN.
  or ps -ef | grep inetd
  to see if (x)inetd is running (inetd is the daemon who launches telnet/rlogin)
  and if you're under solaris 10, just do something like :
  svcs -a | grep telnet
  to see if the daemon is online (if he's in maintenance, do a svcs -l telnet, and check the logfile associated to the service to see what happened)

• S2S between Cisco ASA 5505 and Sonicwall TZ-170 but not able to ping across

  Hi,
  I am helping out a friend of mine with his Site-to-Site VPN between his companies Cisco ASA another company's SonicWall TZ-170.  I have checked the screenshots proivded by the other end and tried to match with ours.  The Tunnel shows but we are not able to Ping resources on the other end.  The other side insists that the problem is on our end but I am not sure where the issue resides.  Please take a look at our config and let me know if there is anything that I have missed.  I am pretty sure I didn't but extra eyes may be of need here.
  Our LAN is 10.200.x.x /16 and theirs is 192.168.9.0 /24
  ASA Version 8.2(2)
  terminal width 300
  hostname company-asa
  domain-name Company.com
  no names
  name 10.1.0.0 sacramento-network
  name 10.3.0.0 irvine-network
  name 10.2.0.0 portland-network
  name x.x.x.x MailLive
  name 192.168.9.0 revit-vpn-remote-subnet
  dns-guard
  interface Ethernet0/0
  nameif outside
  security-level 0
  ip address x.x.x.x 255.255.255.128
  interface Ethernet0/1
  nameif inside
  security-level 100
  ip address 10.200.200.1 255.255.0.0
  interface Ethernet0/2
  nameif dmz
  security-level 50
  ip address 172.22.22.1 255.255.255.0
  interface Ethernet0/3
  description Internal Wireless
  shutdown
  nameif Wireless
  security-level 100
  ip address 10.201.201.1 255.255.255.0
  interface Management0/0
  shutdown
  nameif management
  security-level 100
  no ip address
  management-only
  boot system disk0:/asa822-k8.bin
  ftp mode passive
  clock timezone PST -8
  clock summer-time PDT recurring
  dns domain-lookup outside
  dns server-group DefaultDNS
  domain-name company.com
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object-group network local_net_group
  network-object 10.1.0.0 255.255.0.0
  network-object 10.2.0.0 255.255.0.0
  network-object 10.200.0.0 255.255.0.0
  network-object 10.3.0.0 255.255.0.0
  network-object 10.4.0.0 255.255.0.0
  network-object 10.5.0.0 255.255.0.0
  network-object 10.6.0.0 255.255.0.0
  network-object 10.7.0.0 255.255.0.0
  network-object 192.168.200.0 255.255.255.0
  object-group network NACIO123
  network-object 1.1.1.1 255.255.255.224
  object-group service MAIL_HTTPS_BORDERWARE tcp
  port-object eq smtp
  port-object eq https
  port-object eq 10101
  object-group service SYSLOG_SNMP_NETFLOW udp
  port-object eq syslog
  port-object eq snmp
  port-object eq 2055
  object-group service HTTP_HTTPS tcp
  port-object eq www
  port-object eq https
  object-group network OUTSIDECO_SERVERS
  network-object host x.x.x.34
  network-object host x.x.x.201
  network-object host x.x.x.63
  object-group network NO-LOG
  network-object host 10.200.200.13
  network-object host 10.200.200.25
  network-object host 10.200.200.32
  object-group service iPhoneSync-Services-TCP tcp
  port-object eq 993
  port-object eq 990
  port-object eq 998
  port-object eq 5678
  port-object eq 5721
  port-object eq 26675
  object-group service termserv tcp
  description terminal services
  port-object eq 3389
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group service DTI tcp
  description DCS CONTROL PROTOCOL
  port-object eq 3333
  object-group service H.245 tcp
  description h.245 signaling
  port-object range 1024 4999
  object-group service RAS udp
  port-object eq 1719
  port-object range 1718 1720
  object-group service XML tcp
  port-object range 3336 3341
  object-group service mpi tcp
  port-object eq 2010
  object-group service mvp_control tcp
  port-object eq 2946
  object-group service rpc tcp-udp
  port-object eq 1809
  object-group service tcp8080 tcp
  port-object eq 8080
  object-group service tcp8011 tcp
  port-object eq 8011
  object-group service rtp_rtcp_udp udp
  port-object range 1024 65535
  object-group service ecs_xml tcp-udp
  port-object eq 3271
  object-group service rtp20000 udp
  description 10000-65535
  port-object range 20000 25000
  port-object range 10000 65535
  object-group service tcp5222 tcp
  port-object range 5222 5269
  object-group service tcp7070 tcp
  port-object eq 7070
  object-group network videoco
  network-object host x.x.x.144
  network-object host x.x.x.145
  object-group service video tcp
  port-object range 1718 h323
  object-group service XML2 tcp-udp
  port-object range 3336 3345
  object-group service tcp_tls tcp
  port-object eq 5061
  object-group service Autodesk tcp
  port-object eq 2080
  port-object range 27000 27009
  access-list outside_policy remark ====== Begin Mail From Postini Network ======
  access-list outside_policy extended permit tcp x.x.x.x 255.255.240.0 host x.x.x.x eq smtp
  access-list outside_policy extended permit tcp x.x.x.x 255.255.255.240 host x.x.x.x eq smtp
  access-list outside_policy extended permit tcp x.x.x.0 255.255.240.0 host x.x.x.x eq smtp
  access-list outside_policy remark ****** End Mail From Postini Network ******
  access-list outside_policy remark ====== Begin Inbound Web Mail Access ======
  access-list outside_policy extended permit tcp any host x.x.x.x object-group HTTP_HTTPS
  access-list outside_policy remark ****** End Inbound Web Mail Access ******
  access-list outside_policy remark ====== Begin iPhone Sync Rules to Mail Server ======
  access-list outside_policy extended permit tcp any host x.x.x.x object-group iPhoneSync-Services-TCP
  access-list outside_policy remark ****** End iPhone Sync Rules to Mail Server ******
  access-list outside_policy remark ====== Begin MARS Monitoring ======
  access-list outside_policy extended permit udp x.x.x.x 255.255.255.128 host x.x.x.x object-group SYSLOG_SNMP_NETFLOW
  access-list outside_policy extended permit icmp x.x.x.x 255.255.255.128 host x.x.x.x
  access-list outside_policy remark ****** End MARS Monitoring ******
  access-list outside_policy extended permit tcp object-group NACIO123 host x.x.x.141 eq ssh
  access-list outside_policy extended permit tcp any host x.x.x.x eq www
  access-list outside_policy extended permit tcp any host x.x.x.x eq https
  access-list outside_policy extended permit tcp any host x.x.x.x eq h323
  access-list outside_policy extended permit tcp any host x.x.x.x range 60000 60001
  access-list outside_policy extended permit udp any host x.x.x.x range 60000 60007
  access-list outside_policy remark radvision 5110   port 80 both
  access-list outside_policy extended permit object-group TCPUDP any object-group videoco eq www
  access-list outside_policy remark radvision
  access-list outside_policy extended permit tcp any object-group videoco object-group termserv
  access-list outside_policy remark radvision 5110  port21 out
  access-list outside_policy extended permit tcp any object-group videoco eq ftp
  access-list outside_policy remark rad5110   port22 both
  access-list outside_policy extended permit tcp any object-group videoco eq ssh
  access-list outside_policy remark rad 5110  port161 udp both
  access-list outside_policy extended permit udp any object-group videoco eq snmp
  access-list outside_policy remark rad5110 port443 both
  access-list outside_policy extended permit tcp any object-group videoco eq https
  access-list outside_policy remark rad5110 port 1024-4999  both
  access-list outside_policy extended permit tcp any object-group videoco object-group H.245
  access-list outside_policy remark rad5110 port 1719 udp both
  access-list outside_policy extended permit udp any object-group videoco object-group RAS
  access-list outside_policy remark rad5110 port 1720 both
  access-list outside_policy extended permit tcp any any eq h323
  access-list outside_policy remark RAD 5110 port 3333 tcp both
  access-list outside_policy extended permit tcp any object-group videoco object-group DTI
  access-list outside_policy remark rad5110 port 3336-3341 both
  access-list outside_policy extended permit object-group TCPUDP any object-group videoco object-group XML2
  access-list outside_policy remark port 5060 tcp/udp
  access-list outside_policy extended permit object-group TCPUDP any object-group videoco eq sip
  access-list outside_policy remark rad 5110port 1809 rpc both
  access-list outside_policy extended permit object-group TCPUDP any object-group videoco object-group rpc
  access-list outside_policy remark rad 5110 port 2010 both
  access-list outside_policy extended permit tcp any object-group videoco object-group mpi
  access-list outside_policy remark rad 5110 port 2946 both
  access-list outside_policy extended permit tcp any object-group videoco object-group mvp_control
  access-list outside_policy extended permit tcp any object-group videoco object-group tcp8080
  access-list outside_policy extended permit tcp any object-group videoco object-group tcp8011
  access-list outside_policy remark 1024-65535
  access-list outside_policy extended permit udp any object-group videoco object-group rtp_rtcp_udp
  access-list outside_policy extended permit object-group TCPUDP any object-group videoco object-group ecs_xml
  access-list outside_policy extended permit udp any object-group videoco object-group rtp20000
  access-list outside_policy extended permit tcp any object-group videoco eq telnet
  access-list outside_policy remark port 53 dns
  access-list outside_policy extended permit object-group TCPUDP any object-group videoco eq domain
  access-list outside_policy remark 7070
  access-list outside_policy extended permit tcp any object-group videoco object-group tcp7070
  access-list outside_policy remark 5222-5269 tcp
  access-list outside_policy extended permit tcp any object-group videoco range 5222 5269
  access-list outside_policy extended permit tcp any object-group videoco object-group video
  access-list outside_policy extended permit tcp any object-group videoco object-group tcp_tls
  access-list outside_policy remark ====== Begin Autodesk Activation access ======
  access-list outside_policy extended permit tcp any any object-group Autodesk
  access-list outside_policy remark ****** End Autodesk Activation access ******
  access-list outside_policy extended permit tcp x.x.x.x 255.255.255.248 host x.x.x.x eq smtp
  access-list outside_policy remark ****** End Autodesk Activation access ******
  access-list inside_policy extended deny tcp host 10.200.200.25 10.1.0.0 255.255.0.0 eq 2967 log disable
  access-list inside_policy extended deny tcp host 10.200.200.25 10.3.0.0 255.255.0.0 eq 2967 log disable
  access-list inside_policy extended deny tcp host 10.200.200.25 10.2.0.0 255.255.0.0 eq 2967 log disable
  access-list inside_policy extended deny tcp host 10.200.200.25 10.4.0.0 255.255.0.0 eq 2967 log disable
  access-list inside_policy extended deny tcp host 10.200.200.25 10.5.0.0 255.255.0.0 eq 2967 log disable
  access-list inside_policy extended deny udp object-group NO-LOG any eq 2967 log disable
  access-list inside_policy extended deny tcp object-group NO-LOG any eq 2967 log disable
  access-list inside_policy remark ====== Begin Outbound Mail Server Rules ======
  access-list inside_policy extended permit udp host 10.200.200.222 any eq 5679
  access-list inside_policy extended permit tcp host 10.200.200.222 any eq smtp
  access-list inside_policy remark ****** End Outbound Mail Server Rules ******
  access-list inside_policy extended permit ip object-group local_net_group any
  access-list inside_policy extended permit icmp object-group local_net_group any
  access-list OUTSIDECO_VPN extended permit ip host x.x.x.x object-group OUTSIDECO_SERVERS
  access-list company-split-tunnel standard permit 10.1.0.0 255.255.0.0
  access-list company-split-tunnel standard permit 10.2.0.0 255.255.0.0
  access-list company-split-tunnel standard permit 10.3.0.0 255.255.0.0
  access-list company-split-tunnel standard permit 10.4.0.0 255.255.0.0
  access-list company-split-tunnel standard permit 10.200.0.0 255.255.0.0
  access-list company-split-tunnel standard permit 10.5.0.0 255.255.0.0
  access-list company-split-tunnel standard permit 10.6.0.0 255.255.0.0
  access-list company-split-tunnel standard permit 10.7.0.0 255.255.0.0
  access-list company-split-tunnel standard permit 172.22.22.0 255.255.255.0
  access-list company-split-tunnel remark Video
  access-list company-split-tunnel standard permit 192.168.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 10.1.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 10.2.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 10.3.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 10.200.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 10.4.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 10.5.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 10.6.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 10.7.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 172.22.22.0 255.255.255.0
  access-list SSL_SPLIT remark Video
  access-list SSL_SPLIT standard permit 192.168.0.0 255.255.0.0
  access-list NONAT_SSL extended permit ip object-group local_net_group 172.20.20.0 255.255.255.0
  access-list NONAT_SSL extended permit ip 10.200.0.0 255.255.0.0 192.168.9.0 255.255.255.0
  access-list tom extended permit tcp host x.x.x.x any eq smtp
  access-list tom extended permit tcp host 10.200.200.222 any eq smtp
  access-list tom extended permit tcp any host x.x.x.x
  access-list aaron extended permit tcp any any eq 2967
  access-list capauth extended permit ip host 10.200.200.1 host 10.200.200.220
  access-list capauth extended permit ip host 10.200.200.220 host 10.200.200.1
  access-list DMZ extended permit icmp any any
  access-list dmz_access_in extended permit tcp any eq 51024 any eq 3336
  access-list dmz_access_in extended permit icmp any any
  access-list dmz_access_in extended permit tcp any any eq ftp
  access-list dmz_access_in extended permit tcp any any eq https
  access-list dmz_access_in remark rad5110 port 162 out
  access-list dmz_access_in extended permit udp any any eq snmptrap
  access-list dmz_access_in remark port 23 out
  access-list dmz_access_in extended permit tcp any any eq telnet
  access-list dmz_access_in remark port 53 dns out
  access-list dmz_access_in extended permit object-group TCPUDP any any eq domain
  access-list dmz_access_in extended permit object-group TCPUDP any any eq www
  access-list dmz_access_in extended permit tcp any any eq h323
  access-list dmz_access_in extended permit tcp any any object-group XML
  access-list dmz_access_in extended permit udp any any object-group RAS
  access-list dmz_access_in extended permit tcp any any range 1718 h323
  access-list dmz_access_in extended permit tcp any any object-group H.245
  access-list dmz_access_in extended permit object-group TCPUDP any any eq sip
  access-list dmz_access_in extended permit udp any any object-group rtp_rtcp_udp
  access-list dmz_access_in extended permit object-group TCPUDP any any object-group XML2
  access-list dmz_access_in extended permit ip object-group local_net_group any
  access-list dmz_access_in remark port 5061
  access-list dmz_access_in extended permit tcp any any object-group tcp_tls
  access-list outside_cryptomap extended permit ip 10.200.0.0 255.255.0.0 192.168.9.0 255.255.255.0
  pager lines 24
  logging enable
  logging buffered warnings
  logging trap informational
  logging history informational
  logging asdm warnings
  logging host outside x.x.x.x
  mtu outside 1500
  mtu inside 1500
  mtu dmz 1500
  mtu Wireless 1500
  mtu management 1500
  ip local pool SSL_VPN_POOL 172.20.20.1-172.20.20.75 mask 255.255.255.0
  ip verify reverse-path interface outside
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-631.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list NONAT_SSL
  nat (inside) 1 0.0.0.0 0.0.0.0
  static (inside,outside) x.x.x.12 10.200.200.15 netmask 255.255.255.255
  static (inside,outside) x.x.x.15 10.5.0.11 netmask 255.255.255.255
  static (inside,outside) x.x.x.13 10.200.200.240 netmask 255.255.255.255
  static (inside,outside) x.x.x.16 10.200.200.222 netmask 255.255.255.255
  static (inside,outside) x.x.x.14 10.200.200.155 netmask 255.255.255.255
  static (inside,dmz) 10.200.200.0 10.200.200.0 netmask 255.255.255.0
  static (inside,dmz) 10.4.0.0 10.4.0.0 netmask 255.255.0.0
  static (dmz,outside) x.x.x.18 172.22.22.15 netmask 255.255.255.255
  static (dmz,outside) x.x.x.19 172.22.22.16 netmask 255.255.255.255
  static (inside,dmz) 10.3.0.0 10.3.0.0 netmask 255.255.0.0
  static (inside,dmz) 10.2.0.0 10.2.0.0 netmask 255.255.0.0
  static (inside,dmz) 10.1.0.0 10.1.0.0 netmask 255.255.0.0
  static (inside,dmz) 10.6.0.0 10.6.0.0 netmask 255.255.0.0
  static (inside,dmz) 10.7.0.0 10.7.0.0 netmask 255.255.0.0
  static (inside,dmz) 10.5.0.0 10.5.0.0 netmask 255.255.0.0
  access-group outside_policy in interface outside
  access-group inside_policy in interface inside
  access-group dmz_access_in in interface dmz
  route outside 0.0.0.0 0.0.0.0 x.x.x.12 1
  route inside 10.1.0.0 255.255.0.0 10.200.200.254 1
  route inside 10.2.0.0 255.255.0.0 10.200.200.254 1
  route inside 10.3.0.0 255.255.0.0 10.200.200.254 1
  route inside 10.4.0.0 255.255.0.0 10.200.200.254 1
  route inside 10.5.0.0 255.255.0.0 10.200.200.254 1
  route inside 10.6.0.0 255.255.0.0 10.200.200.254 1
  route inside 10.7.0.0 255.255.0.0 10.200.200.150 1
  route inside x.x.x.0 255.255.255.0 10.200.200.2 1
  route inside x.x.x.0 255.255.255.0 10.200.200.2 1
  route inside 192.168.1.0 255.255.255.0 10.200.200.254 1
  route inside 192.168.2.0 255.255.255.0 10.200.200.254 1
  route inside 192.168.3.0 255.255.255.0 10.200.200.254 1
  route inside 192.168.4.0 255.255.255.0 10.200.200.254 1
  route inside 192.168.5.0 255.255.255.0 10.200.200.254 1
  route inside 192.168.6.0 255.255.255.0 10.200.200.254 1
  route inside 192.168.7.0 255.255.255.0 10.200.200.254 1
  route inside 192.168.200.0 255.255.255.0 10.200.200.254 1
  route inside 192.168.201.0 255.255.255.0 10.200.200.254 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 2:00:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server COMPANY-NT-AUTH protocol nt
  aaa-server COMPANY-NT-AUTH (inside) host 10.200.200.220
  nt-auth-domain-controller DC
  aaa authentication ssh console LOCAL
  aaa authorization command LOCAL
  http server enable
  http 10.200.200.0 255.255.255.0 inside
  http 10.200.0.0 255.255.0.0 inside
  http 10.3.0.0 255.255.0.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server community *****
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set AES256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set asa2transform esp-3des esp-sha-hmac
  crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map outside_dyn_map 20 set transform-set 3DES-SHA
  crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
  crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
  crypto map OUTSIDE_MAP 5 match address outside_cryptomap
  crypto map OUTSIDE_MAP 5 set pfs
  crypto map OUTSIDE_MAP 5 set peer x.x.x.53
  crypto map OUTSIDE_MAP 5 set transform-set 3DES-SHA
  crypto map OUTSIDE_MAP 5 set security-association lifetime seconds 28800
  crypto map OUTSIDE_MAP 10 match address OUTSIDECO_VPN
  crypto map OUTSIDE_MAP 10 set peer x.x.x.25
  crypto map OUTSIDE_MAP 10 set transform-set AES256-SHA
  crypto map OUTSIDE_MAP 10 set security-association lifetime seconds 28800
  crypto map OUTSIDE_MAP 10 set security-association lifetime kilobytes 4608000
  crypto map OUTSIDE_MAP 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map OUTSIDE_MAP interface outside
  crypto isakmp identity address
  crypto isakmp enable outside
  crypto isakmp policy 5
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 28800
  crypto isakmp policy 10
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 outside
  ssh 0.0.0.0 0.0.0.0 inside
  ssh timeout 20
  console timeout 0
  dhcpd dns 10.200.200.220 10.200.200.225
  dhcpd wins 10.200.200.220 10.200.200.225
  dhcpd lease 18000
  dhcpd domain company.com
  dhcpd dns 10.200.200.220 10.200.200.225 interface Wireless
  dhcpd wins 10.200.200.220 10.200.200.225 interface Wireless
  dhcpd lease 18000 interface Wireless
  dhcpd domain company.com interface Wireless
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ntp server 192.5.41.40 source outside prefer
  ssl trust-point vpn.company.com outside
  webvpn
  enable outside
  anyconnect-essentials
  svc image disk0:/anyconnect-win-2.5.0217-k9.pkg 1
  svc image disk0:/anyconnect-macosx-i386-2.5.2017-k9.pkg 2
  svc enable
  tunnel-group-list enable
  group-policy SSL_Client_Policy internal
  group-policy SSL_Client_Policy attributes
  wins-server value 10.200.200.220
  dns-server value 10.200.200.220
  vpn-tunnel-protocol IPSec svc webvpn
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value SSL_SPLIT
  default-domain value company.com
  webvpn
    sso-server none
    auto-signon allow uri * auth-type all
  group-policy no-split-test internal
  group-policy no-split-test attributes
  banner value Welcome to company and Associates
  banner value Welcome to company and Associates
  dns-server value 10.200.200.220
  vpn-tunnel-protocol IPSec
  ipsec-udp enable
  split-tunnel-policy tunnelall
  default-domain value company.com
  group-policy DfltGrpPolicy attributes
  dns-server value 10.200.200.220
  default-domain value company.com
  group-policy company internal
  group-policy company attributes
  banner value Welcome to company and Associates
  banner value Welcome to company and Associates
  dns-server value 10.200.200.220
  vpn-tunnel-protocol IPSec
  ipsec-udp enable
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value SSL_SPLIT
  default-domain value company.com
  username ciscoadmin password xxxxxxxxxxx encrypted privilege 15
  tunnel-group DefaultWEBVPNGroup general-attributes
  address-pool SSL_VPN_POOL
  authentication-server-group COMPANY-NT-AUTH
  default-group-policy SSL_Client_Policy
  tunnel-group DefaultWEBVPNGroup webvpn-attributes
  group-alias company_SSL_VPN enable
  tunnel-group company_group type remote-access
  tunnel-group company_group general-attributes
  address-pool SSL_VPN_POOL
  authentication-server-group COMPANY-NT-AUTH LOCAL
  default-group-policy company
  tunnel-group company_group ipsec-attributes
  pre-shared-key *****
  tunnel-group x.x.x.53 type ipsec-l2l
  tunnel-group x.x.x.53 ipsec-attributes
  pre-shared-key *****
  class-map inspection_default
  match default-inspection-traffic
  policy-map global_policy
  class inspection_default
    inspect tftp
    inspect esmtp
    inspect ftp
    inspect icmp
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect skinny
    inspect sqlnet
    inspect sunrpc
    inspect xdmcp
    inspect mgcp
    inspect h323 h225
    inspect h323 ras
    inspect sip
  service-policy global_policy global
  privilege cmd level 5 mode exec command ping
  privilege cmd level 6 mode exec command write
  privilege show level 5 mode exec command running-config
  privilege show level 5 mode exec command version
  privilege show level 5 mode exec command conn
  privilege show level 5 mode exec command memory
  privilege show level 5 mode exec command cpu
  privilege show level 5 mode exec command xlate
  privilege show level 5 mode exec command traffic
  privilege show level 5 mode exec command interface
  privilege show level 5 mode exec command clock
  privilege show level 5 mode exec command ip
  privilege show level 5 mode exec command failover
  privilege show level 5 mode exec command arp
  privilege show level 5 mode exec command route
  privilege show level 5 mode exec command blocks
  prompt hostname context
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:a0689b4c837c79a51e7a0cfed591dec9
  : end
  COMPANY-asa#

  Hi Sian,
  Yes on their end the PFS is enabled for DH Group 2.
  Here is the information that you requested:
  company-asa# sh crypto isakmp sa
     Active SA: 3
      Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
  Total IKE SA: 3
  1   IKE Peer: x.x.x.87
      Type    : user            Role    : responder
      Rekey   : no              State   : AM_ACTIVE
  2   IKE Peer: x.x.x.53
      Type    : L2L             Role    : initiator
      Rekey   : no              State   : MM_ACTIVE
  3   IKE Peer: x.x.x.25
      Type    : user            Role    : initiator
      Rekey   : no              State   : MM_WAIT_MSG4
  company-asa# sh crypto ipsec sa
  interface: outside
      Crypto map tag: OUTSIDE_MAP, seq num: 5, local addr: x.x.x.13
        access-list outside_cryptomap extended permit ip 10.200.0.0 255.255.0.0 192.168.9.0 255.255.255.0
        local ident (addr/mask/prot/port): (10.200.0.0/255.255.0.0/0/0)
        remote ident (addr/mask/prot/port): (192.168.9.0/255.255.255.0/0/0)
        current_peer: x.x.x.53
        #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
        #pkts decaps: 10744, #pkts decrypt: 10744, #pkts verify: 10744
        #pkts compressed: 0, #pkts decompressed: 0
        #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
        #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
        #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
        #send errors: 0, #recv errors: 0
        local crypto endpt.: x.x.x.13, remote crypto endpt.: x.x.x.53
        path mtu 1500, ipsec overhead 58, media mtu 1500
        current outbound spi: 500EC8BF
        current inbound spi : 8DAE3436
      inbound esp sas:
        spi: 0x8DAE3436 (2377004086)
           transform: esp-3des esp-sha-hmac no compression
           in use settings ={L2L, Tunnel, PFS Group 2, }
           slot: 0, conn_id: 32768, crypto-map: OUTSIDE_MAP
           sa timing: remaining key lifetime (kB/sec): (3914946/24388)
           IV size: 8 bytes
           replay detection support: Y
           Anti replay bitmap:
            0xFFFFFFFF 0xFFFFFFFF
      outbound esp sas:
        spi: 0x500EC8BF (1343146175)
           transform: esp-3des esp-sha-hmac no compression
           in use settings ={L2L, Tunnel, PFS Group 2, }
           slot: 0, conn_id: 32768, crypto-map: OUTSIDE_MAP
           sa timing: remaining key lifetime (kB/sec): (3915000/24388)
           IV size: 8 bytes
           replay detection support: Y
           Anti replay bitmap:
            0x00000000 0x00000001
      Crypto map tag: outside_dyn_map, seq num: 20, local addr: x.x.x.13
        local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
        remote ident (addr/mask/prot/port): (172.20.20.8/255.255.255.255/0/0)
        current_peer: x.x.x.87, username: ewebb
        dynamic allocated peer ip: 172.20.20.8
        #pkts encaps: 16434, #pkts encrypt: 16464, #pkts digest: 16464
        #pkts decaps: 19889, #pkts decrypt: 19889, #pkts verify: 19889
        #pkts compressed: 0, #pkts decompressed: 0
        #pkts not compressed: 16434, #pkts comp failed: 0, #pkts decomp failed: 0
        #pre-frag successes: 30, #pre-frag failures: 0, #fragments created: 60
        #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 60
        #send errors: 0, #recv errors: 0
        local crypto endpt.: x.x.x.13/4500, remote crypto endpt.: x.x.x.87/2252
        path mtu 1500, ipsec overhead 66, media mtu 1500
        current outbound spi: 2D712C9F
        current inbound spi : 0EDB79C8
      inbound esp sas:
        spi: 0x0EDB79C8 (249264584)
           transform: esp-3des esp-sha-hmac no compression
           in use settings ={RA, Tunnel,  NAT-T-Encaps, }
           slot: 0, conn_id: 65536, crypto-map: outside_dyn_map
           sa timing: remaining key lifetime (sec): 18262
           IV size: 8 bytes
           replay detection support: Y
           Anti replay bitmap:
            0xFFFFFFFF 0xFFFFFFFF
      outbound esp sas:
        spi: 0x2D712C9F (762391711)
           transform: esp-3des esp-sha-hmac no compression
           in use settings ={RA, Tunnel,  NAT-T-Encaps, }
           slot: 0, conn_id: 65536, crypto-map: outside_dyn_map
           sa timing: remaining key lifetime (sec): 18261
           IV size: 8 bytes
           replay detection support: Y
           Anti replay bitmap:
            0x00000000 0x00000001

• Not able to access ACS 5.1.0.44

                     Hi
  I have two ACS appliance ver 5.1.0.44. I configured with replication and it was working fine. Last month my primary was down and not able to access but able to ping. I tried and Google it in Internet I couldn't find any answer to resolve the issue after reimage the appliance its starts work fine. Again now I am facing the same issue. Please advice without reimage how to resolve the issue.
  Thanks and Regards,
  Hameed

  Please ssh into the appliance and issue a show application status acs:
  ACS role: PRIMARY
  Process 'database'                  running
  Process 'management'                running
  Process 'runtime'                   running
  Process 'adclient'                  running
  Process 'view-database'             running
  Process 'view-jobmanager'           running
  Process 'view-alertmanager'         running
  Process 'view-collector'            running
  Process 'view-logprocessor'         running
  if you need to start any of these services manually for example the management service:
  admin# acs start management
  Thanks,
  Tarik Admani

• Not able to Start the oracle db error "ORA-01031: insufficient privileges"

  Hi experts,
  I have oracle 11g setup on so solaris. i changed the db_cache_size
  & processes values and stopped the DB services after that i am not able to start the oracle DB. Listener is running.
  when i start the db server its giving the below error(startup.log)
  ./dbstart: Starting up database "orcl"
  Mon Sep 27 04:31:08 MDT 2010
  SQL*Plus: Release 11.1.0.7.0 - Production on Mon Sep 27 04:31:08 2010
  Copyright (c) 1982, 2008, Oracle. All rights reserved.
  SQL> ERROR:
  ORA-01031: insufficient privileges
  SQL> ORA-01031: insufficient privileges
  SQL>
  ./dbstart: Database instance "orcl" warm started.
  Please help me to ressolve this issue.
  Thanks
  Krishna

  yes, password file is there in /etc/passwd
  here are the contents:
  root:x:0:0:Super-User:/:/sbin/sh
  lroot:x:0:0:Super-User:/:/sbin/sh
  daemon:x:1:1::/:
  bin:x:2:2::/usr/bin:/bin/false
  sys:x:3:3::/:
  adm:x:4:4:Admin:/var/adm:/bin/false
  lp:x:71:8:Line Printer Admin:/usr/spool/lp:/bin/false
  uucp:x:5:5:uucp Admin:/usr/lib/uucp:/bin/false
  nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
  listen:x:37:4:Network Admin:/usr/net/nls:/bin/false
  nobody:x:60001:60001:Nobody:/:/bin/false
  noaccess:x:60002:60002:No Access User:/:/bin/false
  nobody4:x:65534:65534:SunOS 4.x Nobody:/:/bin/false
  itunix:x:50000:14:IT Unix Account:/export/home/itunix:/bin/csh
  hharika:x:765:38:Harpal Harika:/export/home/hharika:/bin/csh
  prsingh:x:795:38:Pradeep Singh:/export/home/prsingh:/bin/csh
  mmir:x:1229:21:Mir Monis Ali:/export/home/mmir:/bin/csh
  bogunnai:x:1207:21:Bose Ogunnaike:/export/home/bogunnai:/bin/ksh
  mpokala:x:2117:21:Mahesh Pokala:/export/home/mpokala:/bin/ksh
  apopov:x:2385:38:Anton Popov:/export/home/apopov:/bin/csh
  kkeith:x:2629:227:Kevin Keith:/home/kkeith:/usr/bin/ksh
  sshd:x:22:22:SSH Privsep:/var/empty:/bin/false
  patrol:x:2784:10:Patrol User:/opt/bmc:/usr/bin/ksh
  smmsp:x:25:25:Sendmail Submission user:/none:/bin/false
  ldap:x:50001:1002::/export/home/ldap:/bin/sh
  perfuser:x:884:268::/export/home/perfuser:/bin/csh
  webservd:x:80:80::/home/webservd:/bin/pfsh
  oracle:x:156:40:Oracle Software Owner:/export/home/oracle:/bin/bash
  perfuser_idc:x:64383:1::/home/perfuser_idc:/bin/sh
  idc_perf:x:64384:292::/home/idc_perf:/bin/sh

• Seeburger SFTP is not able connect to remote host

  Hi,
  I have configured seeburger adapter (STPF) on XI 3.0 SP19 as per the seeburger installation document,
  but when we are trying to send the data to a file server using SFTP, we are getting below error in
  reciver communication channel, please help me
  "Unable to forward message to JCA adapter. Reason: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: >> Description: putFile: Could not connect to remote host; Reason: com.maverick.ssh.SshException>> Details: putFile: Could not connect to remote host; Reason: com.maverick.ssh.SshException>>SendingStatus: NOT_TRANSMITTED>>FaultCategory: COMMUNICATION_ERROR>>Retryable: true>>Fatal: true, >> Description: putFile: Could not connect to remote host; Reason: com.maverick.ssh.SshException>> Details: putFile: Could not connect to remote host; Reason: com.maverick.ssh.SshException>>SendingStatus: NOT_TRANSMITTED>>FaultCategory: COMMUNICATIO "
  Thanking you in advance.
  Sonali

  Hi,
  In similar condition , we also getting below errors:
  Message processing failed. Cause: javax.resource.ResourceException: Fatal exception:
  com.sap.aii.af.ra.cci.XIDeliveryException: >> Description: putFile: Could not connect
  to remote host; Reason: SFTP client was not able to connect: com.seeburger.sftp.exception.
  ConfigurationException: Could not initialize SSH transport layer, reason : Connection timed out:
  could be due to invalid address>> Details: putFile: Could not connect to remote host;
  Reason: SFTP client was not able to connect: com.seeburger.sftp.exception.ConfigurationException:
  Could not initialize SSH transport layer, reason : Connection timed out:could be due to invalid
  address>>SendingStatus: NOT_TRANSMITTED>>FaultCategory: COMMUNICATION_ERROR>>
  Retryable: false>>Fatal: false, >> Description: putFile: Could not connect to remote host;
  Reason: SFTP client was not able to connect: com.seeburger.sftp.exception.ConfigurationException:
  Could not initialize SSH transport layer, reason : Connection timed out:could be due to invalid
  address>> Details: putFile: Could not connect to remote host; Reason: SFTP client was not able
  to connect: com.seeburger.sftp.exception.ConfigurationException: Could not initialize SSH
  transport layer, reason : Connection timed out:could be due to invalid address>>SendingStatus:
  NOT_TRANSMITTED>>FaultCategory: COMMUNICATION_ERROR>>Retryable: false>>Fatal: false
  Can you share , how you have resolved the errors?
  You mentioned to change the owner to seeburger , please give details , where to do this.?
  Thanks,
  Anit