NSS 324 iSCSI ready status, cannot connect using MS iSCSI Initiator
I have an NSS 324 (firmware: 1.0.4) which has been running a Microsoft iSCSI target without any problems for months, until the last 7 days. I'm now to the point where I cannot access the iSCSI target at all when I try and connect using the iSCSI Initiator, the Quick Connect window comes up with "Target Error" in the bottom of the window.
Attached are screencaps of the three (3) tabs from the 'Disk Management, iSCSI' section on the NSS 324 management portal.
iSCSI, Portal Management:
iSCSI, Target Management:
iSCSI, Advanced ACL:
I've also attached screencaps of the six (6) tabs from the iSCSI Initiator Object.
1.
1a.
2.
3.
4.
5.
6.
Thank you for any help you may be able to offer. I have a ton of miscellaneous files on this iSCSI target and I'd hate to try and recreate all of it again.
Thank you very much for the reply.
The IP address of the NSS324 is still 192.168.0.133
clindoan wrote:Hi John, Is it possible that the NSS324 may have the new IP address ? The iSCSI initiator failed to communicate to 192.168.0.133 with target error. I would check following:- NSS326 IP address on each LAN port- If NSS is run single LAN port, make sure the default gateway set to that LAN port- If the RAID volume should not be full for iSCSI target to be functional While waiting for resolve the root cause of this issue, you can use the WinSCP to get data (google and download the open source version). With WinSCP, you can see all your data just like it is on the Windows PC. 1, Install WinSCP2. Login with "admin" account and password (The local account with username= admin) 3. Path to iSCSI image is /root/share/external/sdwa1/ (all you folders and files are resided in this path)4. Backup all data to your local drives.Regards,-Clint
When I launch WinSCP is the following connection information correct, or should I be using a different username, port number, etc.
Again, thank you very much for your help!
Similar Messages
-
when trying to set up my personal email account, following the on screen instructions, it comes back with CANNOT CONNECT USING SSL, do you want to try setting up the account without ssl? Yes or No
Since Thunderbird does not run on iPads, what does this have to do with Thunderbird?
-
When I try to set up my Optimum email account I get an error message saying Cannot Connect Using SSL.
What mail provider is it?
Have you Googled for: setup XXX email on iPhone
where xxx is the provider
You can try going to Mail>the accounts>Advanced and turn Use SSL on or off, the opposite of what it is now. -
Cannot connect using FaceTime on my IMAC with an iPhone 5
Cannot connect using FaceTime on my IMAC with an iPhone 5.
sry, but you posted this in the wrong forum
this is the PowerPC forum, which is for machines built before about 2001.
post it in the INTEL forum -
how do i set up email on my iphone??? it says "cannot connect using ssl" whats this mean, i cant recieve or send emails coz of this
Try just choosing yes when it says that. And yes if you get it a second time. Lots of mail providers don't use SSL.
-
HT201320 CANNOT CONNECT USING SLL
I have a new Ipad 3rd generation, and I cannot setup my verizon email account on ADD ACCOUNT, does anyone know how to proceed? I am receiving the message "cannot connect using SSL" - My ipad is connected to AT&T for wifi service.
Thanks,
It's just Ducky2UGmail accounts can be set up as either IMAP or POP. Each refers to the email protocol. POP is the older of the two and is typically a simple mail delivery with minimal interaction with the server. It pretty much sends the email to your client device and accepts outgoing for delivery processing. IMAP includes a synchronized folder structure and usually an email tagging/classification setup to allow for for flexible management of the the account through the client device. That's a bit of a simplistic description, but should give you an idea.
For anyone using the same account on multiple devices, IMAP is generally the preferred type. -
Cannot connect using webserviceclient+ssl.jar
Hello!
I installed Verisign test certificate on my server and I am able to connect
to the server using Web Service client with JSSE adapter class. Funnily
enough, I cannot connect using WebLogic SSL library, I get an exception.
Could someone help me understand, why I cannot connect using WebLogic SSL
implementation?
To connect using JSSE I use following system properties:
java^
-classpath
.;abcconnect-client.jar;webserviceclient.jar;..\lib\jcert.jar;..\lib\jnet.ja
r;..\lib\jsse.jar;^
-Dweblogic.webservice.client.ssl.adapterclass=com.xxx.yyy.webservice.ssl.AB
CJSSEAdapter^
-Djavax.net.ssl.trustStore=abc.keystore^
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
where abcconnect-client.jar is the client jar file, and abc.keystore
contains getcacert.cer root CA, which I downloaded from Verisign from this
page: https://digitalid.verisign.com/server/trial/trialStep4.htm,
ABCJSSEAdapter is the adapter class, implementing SSLAdapter. JSSE test
works fine.
To connect using WebLogic SSL implementation I use following system
properties:
java^
-classpath .;abcconnect-client.jar;webserviceclient+ssl.jar;^
-Dweblogic.webservice.client.ssl.trustedcertfile=getcacert.cer^
-Dweblogic.webservice.client.ssl.strictcertchecking=false^
-Dweblogic.webservice.security.verbose=true^
-Dweblogic.webservice.client.verbose=true^
-Dbea.home=.^
-Djava.protocol.handler.pkgs=com.certicom.net.ssl^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
I converted binary format of the certificate to PEM, but it did not help.
I am getting this exception:
[BaseWLSSLAdapter] : SSLAdapter verbose output enabled
[BaseWLSSLAdapter] : Strict cert checking disabled by default
[BaseWLSSLAdapter] : Trusted certificates will be loaded from getcacert.cer
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@73a7ab
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@4faf8
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@78c6df
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@57c2bd
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@323210
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@74f44a
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Got new socketfactory
javax.net.ssl.impl.SSLSocketFactoryImpl@18c56d
[WLSSLAdapter] :
openConnection(https://MyServer:7002/webservice/ABCConnectService?WSDL)
returning
weblogic.webservice.client.https.HttpsURLConnection:https://MyServer:7002/we
bservice/ABCConnectService?WSDL
[WLSSLAdapter] : -- using HostnameVerifier
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[WLSSLAdapter] : -- loaded certs from getcacert.cer
java.io.IOException: Write Channel Closed, possible SSL handshaking or trust
failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
known Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(U
nknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at
com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown
Source)
at
weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLC
onnection.java:216)
at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
nFactory.java:71)
at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:62)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
106)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
82)
at
weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:67)
at Client.main(Client.java:136)Michael,
I guess the getcacert.cer, which is on the client side, should have the
server's certificate followed by the root CA certificate in .pem format.
I have it working with this format.
Could you please try this out and let us know.
Regards,
Anurag
"Michael Jouravlev" <[email protected]> wrote in message
news:[email protected]...
Hello!
I installed Verisign test certificate on my server and I am able toconnect
to the server using Web Service client with JSSE adapter class. Funnily
enough, I cannot connect using WebLogic SSL library, I get an exception.
Could someone help me understand, why I cannot connect using WebLogic SSL
implementation?
To connect using JSSE I use following system properties:
java^
-classpath
.;abcconnect-client.jar;webserviceclient.jar;..\lib\jcert.jar;..\lib\jnet.ja
r;..\lib\jsse.jar;^
-Dweblogic.webservice.client.ssl.adapterclass=com.xxx.yyy.webservice.ssl.AB
CJSSEAdapter^
-Djavax.net.ssl.trustStore=abc.keystore^
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
where abcconnect-client.jar is the client jar file, and abc.keystore
contains getcacert.cer root CA, which I downloaded from Verisign from this
page: https://digitalid.verisign.com/server/trial/trialStep4.htm,
ABCJSSEAdapter is the adapter class, implementing SSLAdapter. JSSE test
works fine.
To connect using WebLogic SSL implementation I use following system
properties:
java^
-classpath .;abcconnect-client.jar;webserviceclient+ssl.jar;^
-Dweblogic.webservice.client.ssl.trustedcertfile=getcacert.cer^
-Dweblogic.webservice.client.ssl.strictcertchecking=false^
-Dweblogic.webservice.security.verbose=true^
-Dweblogic.webservice.client.verbose=true^
-Dbea.home=.^
-Djava.protocol.handler.pkgs=com.certicom.net.ssl^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
I converted binary format of the certificate to PEM, but it did not help.
I am getting this exception:
[BaseWLSSLAdapter] : SSLAdapter verbose output enabled
[BaseWLSSLAdapter] : Strict cert checking disabled by default
[BaseWLSSLAdapter] : Trusted certificates will be loaded fromgetcacert.cer
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@73a7ab
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@4faf8
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@78c6df
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@57c2bd
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@323210
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@74f44a
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Got new socketfactory
javax.net.ssl.impl.SSLSocketFactoryImpl@18c56d
[WLSSLAdapter] :
openConnection(https://MyServer:7002/webservice/ABCConnectService?WSDL)
returning
weblogic.webservice.client.https.HttpsURLConnection:https://MyServer:7002/we
bservice/ABCConnectService?WSDL
[WLSSLAdapter] : -- using HostnameVerifier
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[WLSSLAdapter] : -- loaded certs from getcacert.cer
java.io.IOException: Write Channel Closed, possible SSL handshaking ortrust
failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(UnknownSource)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
known Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(U
nknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at
com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown
Source)
at
weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLC
onnection.java:216)
at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
nFactory.java:71)
at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:62)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
106)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
82)
at
weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:67)
at Client.main(Client.java:136) -
I am running a macminiserver on ahome newtwork. Original running snow leopard and then upgraded to 10.7 lion on all machine and everything was working fine. Clients coul connected to shared drives on the server using afp. However, after upgrading to 10.7.1 on the server and client machines, they can no lnger connect to the drives using afp, however you can connect using smb.
I ahve tried stopping and starting the afp server, rebuilding permissions on the server - still cannot connect using afp.
Any ideas?Be sure the correct Lion afp port is open on your router, even if you are using an Airport (port 548 tcp). Just do a search on "Mac OS X Lion ports".
Also, if this is outside of the network, use the full server name in the Finder's Connect to Server, afp://server.com; when it prompts for a username, enter your first name and last name (not your short name) and then you also need to enter your password. If you don't have a fqdn, then you can use the static ip for "server.com"
It should work, working for me inside and outside of the network. Admittedly, I don't think you need the port on the router for internal use, but you can test both ways.
When working outside of the network a vpn is not required. -
New gmail account on iPhone cannot connect using SSL
Hi,
I was having problems accessing the gmail server on my iphone so i deleted the account settings on the iphone and am creating a new one. However, the iphone tells me that it cannot connect using SSL. Has anyone had a similar problem? I don't want to setup the account without this basic security.Hey milos321,
I'm not sure what caused the issue. I believe account may have been automatically locked because abnormal activity.
You can find more detailed information here:
http://mail.google.com/support/bin/answer.py?answer=61805
http://mail.google.com/support/
Jason -
I m trying to add my gmail acoount to mail app but when i click on next button it is showing following message, cannot connect using ssl, what to do???
Some of the following may help:
How to enable imap: https://support.google.com/mail/troubleshooter/1668960?rd=1
For your username, did you enter the full name including "@gmail.com"
Do you have gMail 2-step verification turned on? If so, you need to use an application-specifc password instead of your normal password if using a mail app: https://support.google.com/mail/answer/1173270?hl=en -
trying to set up my tiscali email address on an ipad mini, after trying to verify, message comes up stating "cannot connect using SSL"
Not sure what the shortcut is. I'm just going, Settings > Mail > Add Account > Gmail
That is the GMail shortcut. That should work. Just for testing, use the "Other" shortcut.
Settings / Mail / Add Account / Other
Name: <put your name>
Email [email protected]
Incoming server: pop.gmail.com
Login: [email protected]
Password: yourpassword
Outgoing server: smtp.gmail.com
Login: [email protected]
Password: yourpassword
Hit SAVE.
It should set itself up correctly without you having to specify anything else. Try that. -
When i try to set up my mail acct. and get6 to save/verifying - I get a notice saying Cannot connect to SSL.
What mail provider is it?
Have you Googled for: setup XXX email on iPhone
where xxx is the provider
You can try going to Mail>the accounts>Advanced and turn Use SSL on or off, the opposite of what it is now. -
Cannot connect using Wireless WRT54G
I use windows vista and I can connect using an ethernet cable. But whenever I try to connect using wireless, it says "the settings saved on this computer for the network do not match the requirements of the network" How can I fix this?
The wireless settings on your Vista computer must match the ones on your router.
Greetings from Northern Ontario, Canada -
Cannot connect using new modem
My sister spilled water on my modem so I dug up this older Westell Model 2200 modem which works fine with my desktop. However, when I plug the modem to the router, I don't get any internet signal anymore. I tried reconnecting all wires, rebooted everything.
Also when I try to hit up the router's web based setup, it leads me to the Modem's intead when I type in 192.168.1.1
When I try running ipconfig, the windows pops up for a split second and then disappears.
HELP PLEASE!
Message Edited by fobsternd on 08-27-2008 08:08 PMReset the router for few seconds ..... after reset .... try this settings .....
Access the setup page of the router by launching an
Browser and type on the address bar, 192.168.1.1 and press enter. When
it prompts for the username and password, leave the username field
empty and provide password as "admin" (Without quotes)
click on ok.
On the main setup page the ""Internet Connection Type"" should be
on ""Obtain IP Automatically - DHCP “. Click on the Save Settings
button.
Now click on the sub tab ""MAC address clone"".
- Click on enable
Click Clone & click save settings
Check WAN Ip on Status page of router ....
If getting Valid Ip .... try going online
If you are getting Ip - 192.168.1.X ...change the LAN Ip to 192.168.2.1 ....Power cycle for 3-4 minutes ...
Try going online
If still not working ...use Internet Connection type as PPPOE .... Use Username & Password provided by Service Provider ....
Click save settings....
Look for WAN IP address again under status page .... -
Cannot connect using VPN client
Hi, I have a problem configuring my CISCO ASA 5515-x for VPN client. I succesfully configure AnyConnect and SSL VPN but when client using VPN Client software, they cannot establish the VPN connection. This is my configuration and attached is the error occured when connecting to the firewall. Can anyone help me solve this problem?
: Saved
ASA Version 9.1(1)
hostname ciscoasa
domain-name g
ip local pool vpn_client 192.168.2.200-192.168.2.254 mask 255.255.255.0
ip local pool vpn_250 192.168.3.1-192.168.3.254 mask 255.255.255.0
interface GigabitEthernet0/0
nameif DIGI
security-level 0
ip address 210.48.*.* 255.255.255.0
interface GigabitEthernet0/1
nameif LAN
security-level 0
ip address 192.168.2.5 255.255.255.0
interface GigabitEthernet0/2
nameif Pone
security-level 0
ip address dhcp setroute
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ftp mode passive
clock timezone MYT 8
dns domain-lookup DIGI
dns server-group DefaultDNS
name-server 8.8.8.8
domain-name g
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network NETWORK_OBJ_113.20.*.*_24
subnet 113.20.*.* 255.255.255.0
object network NETWORK_OBJ_210.48.*.*_24
subnet 210.48.*.* 255.255.255.0
object network CsHiew
host 192.168.2.9
object network ERPServer
host 192.168.2.2
object network Giap
host 192.168.2.126
object network Jennifer
host 192.168.2.31
object network KCTan
host 192.168.2.130
object network KCTan-NB
host 192.168.2.77
object network MailServer
host 192.168.2.6
object network YHKhoo
host 192.168.2.172
object network Aslina
host 192.168.2.59
object network Law
host 192.168.2.38
object network Nurul
host 192.168.2.127
object network Laylee
host 192.168.2.17
object network Ms_Pan
host 192.168.2.188
object network Peck_Ling
host 192.168.2.248
object network Pok_Leng
host 192.168.2.36
object network UBS
host 192.168.2.21
object network Ainie
host 192.168.2.11
object network Angie
host 192.168.2.116
object network Carol
host 192.168.2.106
object network ChunKit
host 192.168.2.72
object network KKPoong
host 192.168.2.121
object network Ben
host 192.168.2.147
object network Eva
host 192.168.2.37
object network Jacklyn
host 192.168.2.135
object network Siew_Peng
host 192.168.2.149
object network Suki
host 192.168.2.61
object network Yeow
host 192.168.2.50
object network Danny
host 192.168.2.40
object network Frankie
host 192.168.2.101
object network Jamal
host 192.168.2.114
object network OcLim
host 192.168.2.177
object network Charles
host 192.168.2.210
object network Ho
host 192.168.2.81
object network YLChow
host 192.168.2.68
object network Low
host 192.168.2.58
object network Sfgan
host 192.168.2.15
object network Joey
host 192.168.2.75
object network Rizal
host 192.168.2.79
object network 190
host 192.168.2.190
object network 191
host 192.168.2.191
object network 192
host 192.168.2.192
object network 193
host 192.168.2.193
object network 194
host 192.168.2.194
object network 199
host 192.168.2.199
object network 201
host 192.168.2.201
object network 203
host 192.168.2.203
object network 204
host 192.168.2.204
object network 205
host 192.168.2.205
object network CNC214
host 192.168.2.214
object network Liyana
host 192.168.2.16
object network Aipin
host 192.168.2.22
object network Annie
host 192.168.2.140
object network Ikah
host 192.168.2.54
object network Sue
host 192.168.2.113
object network Zaidah
host 192.168.2.32
object network CKWong
host 192.168.2.33
object network KhooSC
host 192.168.2.47
object network Neexon-PC
host 192.168.2.179
object network Neexon_NB
host 192.168.2.102
object network kc
host 192.168.2.130
object network P1
subnet 192.168.2.0 255.255.255.0
object network NETWORK_OBJ_192.168.2.0_24
subnet 192.168.2.0 255.255.255.0
object network NETWORK_OBJ_192.168.2.192_26
subnet 192.168.2.192 255.255.255.192
object network NETWORK_OBJ_192.168.10.192_26
subnet 192.168.10.192 255.255.255.192
object network VPN
subnet 192.68.3.0 255.255.255.0
object network NETWORK_OBJ_192.168.3.0_24
subnet 192.168.3.0 255.255.255.0
object-group network HPTM_DIGI
network-object object CsHiew
network-object object ERPServer
network-object object Giap
network-object object Jennifer
network-object object KCTan
network-object object KCTan-NB
network-object object MailServer
network-object object YHKhoo
object-group network Inventory
network-object object Aslina
network-object object Law
network-object object Nurul
object-group network Account
network-object object Laylee
network-object object Ms_Pan
network-object object Peck_Ling
network-object object Pok_Leng
network-object object UBS
object-group network HR
network-object object Ainie
network-object object Angie
object-group network Heeroz
network-object object Carol
network-object object ChunKit
network-object object KKPoong
object-group network Sales
network-object object Ben
network-object object Eva
network-object object Jacklyn
network-object object Siew_Peng
network-object object Suki
network-object object Yeow
object-group network Production
network-object object Danny
network-object object Frankie
network-object object Jamal
network-object object OcLim
object-group network Engineering
network-object object Charles
network-object object Ho
network-object object YLChow
network-object object Joey
network-object object Rizal
object-group network Purchasing
network-object object Low
network-object object Sfgan
object-group network Wireless
network-object object 190
network-object object 191
network-object object 192
network-object object 193
network-object object 194
network-object object 199
network-object object 201
network-object object 203
network-object object 204
network-object object 205
object-group network IT
network-object object CNC214
network-object object Liyana
object-group network Skype
network-object object Aipin
network-object object Annie
network-object object Ikah
network-object object Sue
network-object object Zaidah
object-group network HPTM-P1
network-object object CKWong
network-object object KhooSC
network-object object Neexon-PC
network-object object Neexon_NB
object-group service DM_INLINE_SERVICE_1
service-object tcp-udp destination eq www
service-object tcp destination eq https
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_SERVICE_2
service-object tcp-udp destination eq www
service-object tcp destination eq https
access-list DIGI_access_in extended permit ip any any
access-list DIGI_access_in extended permit icmp any any echo
access-list LAN_access_in extended deny object-group DM_INLINE_SERVICE_2 object-group Skype any
access-list LAN_access_in extended deny object-group DM_INLINE_SERVICE_1 object 205 any
access-list LAN_access_in extended permit ip any any
access-list DIGI_cryptomap extended permit ip object VPN 113.20.*.* 255.255.255.0
access-list Pq_access_in extended permit ip any any
access-list splittun-vpngroup1 extended permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list nonat extended permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
logging recipient-address aaa@***.com level errors
mtu DIGI 1500
mtu LAN 1500
mtu Pone 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-711(1).bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (DIGI,LAN) source static any interface
nat (Pone,LAN) source static any interface
nat (DIGI,DIGI) source static NETWORK_OBJ_210.48.*.*_24 NETWORK_OBJ_210.48.*.*_24 destination static NETWORK_OBJ_113.20.*.*_24 NETWORK_OBJ_113.20.*.*_24 no-proxy-arp route-lookup
nat (LAN,DIGI) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 destination static NETWORK_OBJ_192.168.2.192_26 NETWORK_OBJ_192.168.2.192_26 no-proxy-arp route-lookup
nat (LAN,DIGI) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 destination static NETWORK_OBJ_192.168.10.192_26 NETWORK_OBJ_192.168.10.192_26 no-proxy-arp route-lookup
nat (LAN,any) source static any any destination static VPN VPN
nat (LAN,DIGI) source static any any destination static NETWORK_OBJ_192.168.3.0_24 NETWORK_OBJ_192.168.3.0_24 no-proxy-arp route-lookup
nat (LAN,DIGI) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 destination static NETWORK_OBJ_192.168.3.0_24 NETWORK_OBJ_192.168.3.0_24 no-proxy-arp route-lookup
object network VPN
nat (any,DIGI) dynamic interface
nat (LAN,Pone) after-auto source dynamic any interface dns
nat (LAN,DIGI) after-auto source dynamic any interface dns
access-group DIGI_access_in in interface DIGI
access-group LAN_access_in in interface LAN
access-group Pq_access_in in interface Pone
route Pone 0.0.0.0 0.0.0.0 10.1.*.* 2
route DIGI 0.0.0.0 0.0.0.0 210.48..*.* 3
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.2.0 255.255.255.0 LAN
http 0.0.0.0 0.0.0.0 DIGI
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto dynamic-map DIGI_access_in 20 set ikev1 transform-set ESP-3DES-SHA
crypto map DIGI_map 65535 ipsec-isakmp dynamic DIGI_access_in
crypto map DIGI_map interface DIGI
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn sslvpn.cisco.com
subject-name CN=sslvpn.cisco.com
keypair hpmtkeypair
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint0
certificate ed15c051
308201ef 30820158 a0030201 020204ed 15c05130 0d06092a 864886f7 0d010105
0500303c 31193017 06035504 03131073 736c7670 6e2e6369 73636f2e 636f6d31
1f301d06 092a8648 86f70d01 09021610 73736c76 706e2e63 6973636f 2e636f6d
301e170d 31333036 32313038 30343438 5a170d32 33303631 39303830 3434385a
303c3119 30170603 55040313 1073736c 76706e2e 63697363 6f2e636f 6d311f30
1d06092a 864886f7 0d010902 16107373 6c76706e 2e636973 636f2e63 6f6d3081
9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100a9 7715ca9e
4d63204e 66e6517b 9a560be8 188603cc 90bb39a7 c61ef0d8 cd74bf19 8ec33146
5176547f f43615a2 b8917a03 3a5a9dd6 e087a78a 74bf3a8e 6d7cfad2 0678253d
b03a677a 52e9ebc0 8e044353 e9fe2055 3cafafa3 3ec74ef9 45eaf8d6 8e554879
db9bf2fb ebcdb5c3 011bf61f 8c139ed1 a00d300a 8fe4784f 173c7702 03010001
300d0609 2a864886 f70d0101 05050003 81810046 d32b20a6 a1efb0b5 29c7ed00
11c0ce87 c58228c9 aae96197 eb275f9a f9da57a1 fc895faf 09a24c0c af43772b
2818ec29 0a56eb33 c0e56696 dd1fa3bb 151ee0e4 18d27366 92177a31 b2f7842b
4f5145b9 942fbc49 c785f925 3a909c17 2593efcc 2e410b5c d3026fe1 f48d93c1
744333e2 c377e5d3 62eebb63 abca4109 d57bb0
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable DIGI client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable DIGI
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
track 1 rtr 123 reachability
telnet 192.168.1.0 255.255.255.0 management
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 DIGI
ssh timeout 5
console timeout 0
vpn-sessiondb max-other-vpn-limit 250
vpn-sessiondb max-anyconnect-premium-or-essentials-limit 2
vpn load-balancing
interface lbpublic DIGI
interface lbprivate DIGI
dhcp-client client-id interface Pone
dhcpd address 192.168.2.10-192.168.2.150 LAN
dhcpd dns 210.48.*.* 210.48.*.* interface LAN
dhcpd enable LAN
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl trust-point ASDM_TrustPoint0 DIGI
webvpn
enable DIGI
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect profiles anyhpmt_client_profile disk0:/anyhpmt_client_profile.xml
anyconnect enable
tunnel-group-list enable
tunnel-group-preference group-url
group-policy sslpolicy internal
group-policy sslpolicy attributes
vpn-tunnel-protocol ssl-clientless
webvpn
url-list none
group-policy GroupPolicy_anyhpmt internal
group-policy GroupPolicy_anyhpmt attributes
wins-server none
dns-server value 8.8.8.8
vpn-tunnel-protocol ikev2 ssl-client ssl-clientless
default-domain value g
webvpn
anyconnect profiles value anyhpmt_client_profile type user
group-policy vpngroup1 internal
group-policy vpngroup1 attributes
dns-server value 8.8.8.8
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value splittun-vpngroup1
default-domain value g
address-pools value vpn_250
group-policy newvpn internal
group-policy newvpn attributes
dns-server value 8.8.8.8
vpn-tunnel-protocol ikev1 l2tp-ipsec
default-domain value g
username cshiew password KK1oQOhoxfwWvya4 encrypted
username cshiew attributes
webvpn
anyconnect keep-installer installed
anyconnect ask none default anyconnect
username newuser password GJrqM3H2KqQZv/MI encrypted privilege 1
tunnel-group vpngroup1 type remote-access
tunnel-group vpngroup1 general-attributes
address-pool vpn_250
default-group-policy vpngroup1
tunnel-group vpngroup1 webvpn-attributes
group-alias vpngroup1 enable
tunnel-group vpngroup1 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group sslhpmt type remote-access
tunnel-group sslhpmt general-attributes
default-group-policy sslpolicy
tunnel-group sslhpmt webvpn-attributes
group-alias sslhpmt enable
tunnel-group anyhpmt type remote-access
tunnel-group anyhpmt general-attributes
address-pool vpn_client
default-group-policy GroupPolicy_anyhpmt
tunnel-group anyhpmt webvpn-attributes
group-alias anyhpmt enable
tunnel-group-map default-group vpngroup1
class-map global-class
match any
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
class global-class
cxsc fail-open
class class-default
user-statistics accounting
policy-map global-policy
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
hpm topN enable
Cryptochecksum:7a5ee8ff016e63420802423269da864b
: endHi,
Safwan Hashan napisano:i dont know which output you referring but this is output from the VPN client.
We need more information.
I expect debug output from the ASA.
To enable debugging and syslog messages, perform the following CLI steps:
1.
ASA#configure terminal
ASA(config)# debug crypto ikev1 127
ASA(config)# debug crypto ipsec 127
Enable debuging messages for IKEv1 and IPSec.
2.
ASA(config)# logging monitor debug
Sets syslog messages to be sent to Telnet or SSH sessions.
Note: You can alternately use the logging buffer debug command to send log messages to a buffer, and then view them later using the show logging command.
3.
ASA(config)# terminal monitor
Sends the syslog messages to a Telnet or SSH session.
4.
ASA(config)# logging on
Enables syslog message generation.
NOTE: This you have enabled.
Cleanup CLI
ASA(config)# no debug crypto ikev1
ASA(config)# no debug crypto ipsec
ASA(config)# no logging monitor debug
ASA(config)# no terminal monitor
More information: Sensible Debugging and Logging
I have one suggestion. Change and try.
group-policy vpngroup1 internal
group-policy vpngroup1 attributes
no vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
vpn-tunnel-protocol ikev1
Best regards,
MB
Please rate all helpful posts. Thx
Maybe you are looking for
-
What's wrong with Generators..
He, I downloaded this Light Leak video, and using Motion to create a generator with this video so I can add them quickly to FCPX projects. The problem is that this video contains several light leaks and I can't cut genrator's in half with FCPX. It ca
-
Connecting an Apple 12/640 to my Imac.
I had my 12/640 connected to my iMac for some time prior to putting the printer in storage for about 9 months. When I brought it out again it wouldn't establish a connection. It would appear on my printer set up page and on my list of printers when I
-
TS1424 song did not download correctly to itunes library
We had purchased a song from the iTunes store, but tried to download it from our cloud to put it on the main iTunes library, but after it completed it would not play and could not be downloaded to our devices. Any solutions?
-
I'm new to this type of Forum so forgive me please..
I have what is described below. Some of my podcasts is only Audio and some are Video. Most of them don't have artwork. Is there anyway I can get artwork, thats related to the podcast from the Internet and paste it to the iTunes? I checked the help fi
-
My wife just got this BB and has been working great, when all of a sudden there isa circle with a line through it and a box in the center of it with a cirle, square, and a triangle inside the box. We have tried removing the battery to no avail. Tal