OSX can't connect, but Parallels XP guest can connect to VPN on home net
1. Can't connect to VPN via OSX on home net
2. CAN connect via Parallels XP guest on same machine!
3. Can connect via OSX from other public wireless net
My home router is a Linksys B.
Here is connection log from home router (unsuccessful):
Wed May 16 20:28:46 2007 : PPTP connecting to server 'msaccess.choicestream.com' (66.228.82.174)...
Wed May 16 20:28:46 2007 : PPTP connection established.
Wed May 16 20:28:46 2007 : using link 0
Wed May 16 20:28:46 2007 : Using interface ppp0
Wed May 16 20:28:46 2007 : Connect: ppp0 <--> socket[34:17]
Wed May 16 20:28:46 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7d579bda> <pcomp> <accomp>]
Wed May 16 20:28:49 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7d579bda> <pcomp> <accomp>]
Wed May 16 20:28:52 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7d579bda> <pcomp> <accomp>]
Wed May 16 20:28:55 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7d579bda> <pcomp> <accomp>]
Wed May 16 20:28:58 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7d579bda> <pcomp> <accomp>]
Wed May 16 20:29:01 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7d579bda> <pcomp> <accomp>]
Wed May 16 20:29:04 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7d579bda> <pcomp> <accomp>]
Wed May 16 20:29:07 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7d579bda> <pcomp> <accomp>]
Wed May 16 20:29:10 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7d579bda> <pcomp> <accomp>]
Wed May 16 20:29:13 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7d579bda> <pcomp> <accomp>]
Wed May 16 20:29:16 2007 : LCP: timeout sending Config-Requests
Wed May 16 20:29:16 2007 : Connection terminated.
Wed May 16 20:29:16 2007 : PPTP disconnecting...
Wed May 16 20:29:16 2007 : PPTP disconnected
Wed May 16 20:29:16 2007 : PPTP disconnected
Here is connection log from other public wireless net (successful):
Thu May 17 10:22:41 2007 : PPTP connecting to server 'msaccess.choicestream.com' (66.228.82.174)...
Thu May 17 10:22:41 2007 : PPTP connection established.
Thu May 17 10:22:41 2007 : using link 0
Thu May 17 10:22:41 2007 : Using interface ppp0
Thu May 17 10:22:41 2007 : Connect: ppp0 <--> socket[34:17]
Thu May 17 10:22:41 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xb3a8030c> <pcomp> <accomp>]
Thu May 17 10:22:41 2007 : rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x36e8150c> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint 13 17 01 33 b3 14 b0 89 d6 47 22 8f a7 8a 13 c0 b3 92 43 00 00 00 00> < 17 04 01 99>]
Thu May 17 10:22:41 2007 : lcp_reqci: rcvd unknown option 13
Thu May 17 10:22:41 2007 : lcp_reqci: rcvd unknown option 23
Thu May 17 10:22:41 2007 : lcp_reqci: returning CONFREJ.
Thu May 17 10:22:41 2007 : sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 01 99>]
Thu May 17 10:22:41 2007 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xb3a8030c> <pcomp> <accomp>]
Thu May 17 10:22:41 2007 : rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x36e8150c> <pcomp> <accomp> <endpoint 13 17 01 33 b3 14 b0 89 d6 47 22 8f a7 8a 13 c0 b3 92 43 00 00 00 00>]
Thu May 17 10:22:41 2007 : lcp_reqci: returning CONFNAK.
Thu May 17 10:22:41 2007 : sent [LCP ConfNak id=0x1 <auth chap MS-v2>]
Thu May 17 10:22:41 2007 : rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x36e8150c> <pcomp> <accomp> <endpoint 13 17 01 33 b3 14 b0 89 d6 47 22 8f a7 8a 13 c0 b3 92 43 00 00 00 00>]
Thu May 17 10:22:41 2007 : lcp_reqci: returning CONFACK.
Thu May 17 10:22:41 2007 : sent [LCP ConfAck id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x36e8150c> <pcomp> <accomp> <endpoint 13 17 01 33 b3 14 b0 89 d6 47 22 8f a7 8a 13 c0 b3 92 43 00 00 00 00>]
Thu May 17 10:22:41 2007 : sent [LCP EchoReq id=0x0 magic=0xb3a8030c]
Thu May 17 10:22:41 2007 : rcvd [CHAP Challenge id=0x0 <08c977a66f5ef661ebdcdf44d0d57755>, name = "MSACCESS"]
Thu May 17 10:22:41 2007 : sent [CHAP Response id=0x0 <83e8d441b2409553ec61f18beeb992c9000000000000000088d5673f52f4a4822869f97d5bbe43 bbcb4b9f1bd043872a00>, name = "cweikart"]
Thu May 17 10:22:41 2007 : rcvd [LCP EchoRep id=0x0 magic=0x36e8150c]
Thu May 17 10:22:41 2007 : rcvd [CHAP Success id=0x0 "S=B80BB69E19C53E75F262C4C45DFD664E5AE58714"]
Thu May 17 10:22:41 2007 : sent [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
Thu May 17 10:22:41 2007 : rcvd [CCP ConfReq id=0x4 <mppe +H +M +S +L -D +C>]
Thu May 17 10:22:41 2007 : sent [CCP ConfNak id=0x4 <mppe +H -M +S -L -D -C>]
Thu May 17 10:22:41 2007 : rcvd [IPCP ConfReq id=0x5 <addr 192.168.5.221>]
Thu May 17 10:22:41 2007 : sent [IPCP TermAck id=0x5]
Thu May 17 10:22:41 2007 : rcvd [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
Thu May 17 10:22:41 2007 : sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]
Thu May 17 10:22:41 2007 : rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D -C>]
Thu May 17 10:22:41 2007 : sent [CCP ConfAck id=0x6 <mppe +H -M +S -L -D -C>]
Thu May 17 10:22:41 2007 : rcvd [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]
Thu May 17 10:22:41 2007 : MPPE 128-bit stateless compression enabled
Thu May 17 10:22:41 2007 : sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Thu May 17 10:22:41 2007 : sent [IPV6CP ConfReq id=0x1 <addr fe80::0217:f2ff:fed7:d138>]
Thu May 17 10:22:41 2007 : sent [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Thu May 17 10:22:41 2007 : rcvd [IPCP ConfNak id=0x1 <addr 192.168.5.248> <ms-dns1 192.168.4.7> <ms-dns3 192.168.4.8>]
Thu May 17 10:22:41 2007 : sent [IPCP ConfReq id=0x2 <addr 192.168.5.248> <ms-dns1 192.168.4.7> <ms-dns3 192.168.4.8>]
Thu May 17 10:22:41 2007 : rcvd [LCP ProtRej id=0x7 80 57 01 01 00 0e 01 0a 02 17 f2 ff fe d7 d1 38]
Thu May 17 10:22:41 2007 : rcvd [LCP ProtRej id=0x8 82 35 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01]
Thu May 17 10:22:41 2007 : rcvd [IPCP ConfAck id=0x2 <addr 192.168.5.248> <ms-dns1 192.168.4.7> <ms-dns3 192.168.4.8>]
Thu May 17 10:22:43 2007 : rcvd [IPCP ConfReq id=0x9 <addr 192.168.5.221>]
Thu May 17 10:22:43 2007 : ipcp: returning Configure-ACK
Thu May 17 10:22:43 2007 : sent [IPCP ConfAck id=0x9 <addr 192.168.5.221>]
Thu May 17 10:22:43 2007 : ipcp: up
Thu May 17 10:22:43 2007 : local IP address 192.168.5.248
Thu May 17 10:22:43 2007 : remote IP address 192.168.5.221
Thu May 17 10:22:43 2007 : primary DNS address 192.168.4.7
Thu May 17 10:22:43 2007 : secondary DNS address 192.168.4.8
Any ideas?
-Chris
I fixed the situation by replacing my Linksys B with an Airport Extreme.
The Linksys was probably the culprit for some flakiness that had started several months back - dropped connections, etc.
So the question is now moot.
Similar Messages
-
Can't see folders/files but connected to VPN
I'm trying to connect to my office VPN. Unfortunately, I'm the only person in the office who uses a Mac and our remotely-based IT guy doesn't have a lot of Max experience, so I haven't been able to get much assistance recently.
After a lot of trying, I finally was able to connect to the VPN tonight. However, now that I'm connected, I don't see any folders/drivers/whatever in my finder. It's as if I'm not even connect. I did search around and see that apparently Macs need a little boost to find and populate those items in the Finder by going to "Connect to Server" in Finder. However, even that doesn't work.
I've tried "Connect to Server" using the IP address I used to connect to the VPN with –– didn't work. Error comes back as "Check the server name of IP address, and then try again."
I've also tried connecting via another IP address my IT guy gave me –– that didn't work either. Same error message.
I have a username and password to access the shared drive on our network. Is there some place I can enter that in the command line or something? Any help? This is so frsutrating. I feel like I've wasted 2 complete nights (hours at a time) trying to get this to work so I can actually do work from home...
FYI, I'm connected over Cisco VPN IPSec using the Mac OSX internal VPN client.Hi
I have the same issue, I have a Vodafone branded Huawei HG556a with an external drive connected. I have found that it isn't possible to connect via Finder and that SMB doesn't work either. The only way I could connect to it was via FTP using Cyberduck (or Filezilla), but no use as I can't add my media files from the drive to iTunes, so unfortunately disappointing. I'm still looking, but here's the document I was referred too from another forum.
broadband.vodafone.ie/download/files/storage_mac.pdf
Although not an answer to your question, hopefully this will give you an idea why you are getting the password and username errors when you know they are correct. In the end when I entered the FTP details into Cyberduck I was able to connect.
I know this doesn't help solve the problem (as I'm still looking too), but at leas you know why (ish).
Cheers
Topes -
Connect to VPN but can't ping past inside interface
Hello,
I've been working on this issue for a few days with no success. We're setting up a new Cisco ASA 5515 in our environment and are trying to get a simple IPSec VPN setup on it for remote access. After some initial problems, we've gotten it to where the VPN tunnel authenticates the user and connects as it should, however we cannot ping into our LAN. We are able to ping as far as the firewall's inside interface. I've tried other types of traffic too and nothing gets through. I've checked the routes listed on the VPN client while we're connected and they look correct - the client also shows both sent and received bytes when we connect using TCP port 10000, but no Received bytes when we connect using UDP 4500. We are trying to do split tunneling, and that seems to be setup correctly because I can still surf while the VPN is connected.
Below is our running config. Please excuse any messyness in the config as there are a couple of us working on it and we've been trying a whole bunch of different settings throughout the troubleshooting process. I will also note that we're using ASDM as our primary method of configuring the unit, so any suggestions that could be made with that in mind would be most helpful. Thanks!
ASA-01# sh run
: Saved
ASA Version 8.6(1)2
hostname ASA-01
domain-name domain.org
enable password **** encrypted
passwd **** encrypted
names
interface GigabitEthernet0/0
speed 100
duplex full
nameif inside
security-level 100
ip address 10.2.0.1 255.255.0.0
interface GigabitEthernet0/1
description Primary WAN Interface
nameif outside
security-level 0
ip address 76.232.211.169 255.255.255.192
interface GigabitEthernet0/2
shutdown
<--- More --->
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
speed 100
<--- More --->
duplex full
shutdown
nameif management
security-level 100
ip address 10.4.0.1 255.255.0.0
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.2.11.6
domain-name domain.org
dns server-group sub
name-server 10.2.11.121
name-server 10.2.11.138
domain-name sub.domain.net
same-security-traffic permit intra-interface
object network 76.232.211.132
host 76.232.211.132
object network 10.2.11.138
host 10.2.11.138
object network 10.2.11.11
host 10.2.11.11
<--- More --->
object service DB91955443
service tcp destination eq 55443
object service 113309
service tcp destination range 3309 8088
object service 11443
service tcp destination eq https
object service 1160001
service tcp destination range 60001 60008
object network LAN
subnet 10.2.0.0 255.255.0.0
object network WAN_PAT
host 76.232.211.170
object network Test
host 76.232.211.169
description test
object network NETWORK_OBJ_10.2.0.0_16
subnet 10.2.0.0 255.255.0.0
object network NETWORK_OBJ_10.2.250.0_24
subnet 10.2.250.0 255.255.255.0
object network VPN_In
subnet 10.3.0.0 255.255.0.0
description VPN User Network
object-group service 11
service-object object 113309
<--- More --->
service-object object 11443
service-object object 1160001
object-group service IPSEC_VPN udp
port-object eq 4500
port-object eq isakmp
access-list outside_access_in extended permit icmp object VPN_In 10.2.0.0 255.255.0.0 traceroute log disable
access-list outside_access_in extended permit object-group 11 object 76.232.211.132 interface outside
access-list outside_access_in extended permit object DB91955443 any interface outside
access-list outside_access_in extended permit udp any object Test object-group IPSEC_VPN inactive
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended deny ip any any
access-list inside_access_in extended permit ip any any log disable
access-list inside_access_in extended permit icmp any any echo-reply log disable
access-list inside_access_in extended permit ip object VPN_In 10.2.0.0 255.255.0.0 log disable
access-list domain_splitTunnelAcl standard permit 10.2.0.0 255.255.0.0
access-list domain_splitTunnelAcl standard permit 10.3.0.0 255.255.0.0
access-list vpn_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu management 1500
mtu inside 1500
mtu outside 1500
ip local pool VPNUsers 10.3.0.1-10.3.0.254 mask 255.255.0.0
<--- More --->
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any management
icmp permit any inside
icmp permit any outside
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic any interface
nat (inside,outside) source dynamic any WAN_PAT inactive
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 113309 113309
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 11443 11443
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 1160001 1160001
nat (outside,outside) source static any any destination static interface 10.2.11.138 service DB91955443 DB91955443
nat (inside,outside) source static NETWORK_OBJ_10.2.0.0_16 NETWORK_OBJ_10.2.0.0_16 destination static NETWORK_OBJ_10.2.250.0_24 NETWORK_OBJ_10.2.250.0_24 no-proxy-arp route-lookup
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 76.232.211.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
<--- More --->
dynamic-access-policy-record DfltAccessPolicy
aaa-server ActiveDirectory protocol nt
aaa-server ActiveDirectory (inside) host 10.2.11.121
nt-auth-domain-controller sub.domain.net
aaa-server ActiveDirectory (inside) host 10.2.11.138
nt-auth-domain-controller sub.domain.net
user-identity default-domain LOCAL
eou allow none
http server enable
http 10.4.0.0 255.255.255.0 management
http 10.2.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
no sysopt connection permit-vpn
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
<--- More --->
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
<--- More --->
subject-name CN=ASA-01
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate a6c98751
308201f1 3082015a a0030201 020204a6 c9875130 0d06092a 864886f7 0d010105
0500303d 31153013 06035504 03130c43 5248442d 4d432d46 57303131 24302206
092a8648 86f70d01 09021615 43524844 2d4d432d 46573031 2e637268 642e6f72
67301e17 0d313330 35303730 32353232 325a170d 32333035 30353032 35323232
5a303d31 15301306 03550403 130c4352 48442d4d 432d4657 30313124 30220609
2a864886 f70d0109 02161543 5248442d 4d432d46 5730312e 63726864 2e6f7267
30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00c23d5f
acbf2b3f 9fe6e3c9 1866c344 07b6ee49 f6f31798 0b87a38b 890f70e2 c28cc1d5
fd1b4e80 7fa25483 09e79459 6bf92155 c55240b4 93eeb4eb af3f8aec 8906ef48
140c57bb 5ca4471f 275c1932 7e90976f f0dfe8a3 04a7861f cce7a320 7267df2e
61f9b6b8 22bb70ac d9cedb73 3cf9747b c2636892 48b35385 a94bfae5 fd020301
0001300d 06092a86 4886f70d 01010505 00038181 003c7e16 be4aff40 8fe69a31
acf31808 680e44eb 8ede9094 f9a4a147 0ae18cdc 000dc07f c1da1af4 a2d964ed
288689ee 95179ad0 90728324 9803248d b9d10641 01897453 fe7fafcd 34dee13a
92798615 4acb1f27 14fdb346 ab3eb825 04f23791 81d08fa2 b54c6a47 aedd9694
1c9fbcb4 455fd5ce 420298aa 9333737c 19f0e715 50
quit
crypto isakmp identity address
crypto isakmp nat-traversal 30
crypto ikev2 policy 1
<--- More --->
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
<--- More --->
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 ipsec-over-tcp port 10000
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
<--- More --->
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
<--- More --->
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
<--- More --->
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
<--- More --->
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd dns 10.2.11.121 10.2.11.138
dhcpd lease 36000
dhcpd ping_timeout 30
dhcpd domain sub.domain.net
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
webvpn
<--- More --->
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect profiles VPN_client_profile disk0:/VPN_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy domain internal
group-policy domain attributes
banner value You are attempting to access secured systems at thsi facility. All activity is monitored and recorded. Disconnect now if you are not authorized to access these systems or do not possess valid logon credentials.
wins-server value 10.2.11.121 10.2.11.138
dns-server value 10.2.11.121 10.2.11.138
vpn-idle-timeout none
vpn-filter value vpn_access_in
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value domain_splitTunnelAcl
default-domain value sub.domain.net
split-dns value sub.domain.net
group-policy DfltGrpPolicy attributes
dns-server value 10.2.11.121 10.2.11.138
vpn-filter value outside_access_in
vpn-tunnel-protocol l2tp-ipsec
default-domain value sub.domain.net
split-dns value sub.domain.net
address-pools value VPNUsers
username **** password **** encrypted privilege 15
<--- More --->
username **** password **** encrypted privilege 15
username **** attributes
webvpn
anyconnect keep-installer installed
anyconnect dtls compression lzs
anyconnect ssl dtls enable
anyconnect profiles value VPN_client_profile type user
tunnel-group DefaultL2LGroup general-attributes
default-group-policy domain
tunnel-group DefaultRAGroup general-attributes
address-pool VPNUsers
authentication-server-group ActiveDirectory
default-group-policy domain
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
ikev1 trust-point ASDM_TrustPoint0
tunnel-group DefaultWEBVPNGroup general-attributes
default-group-policy domain
tunnel-group domain type remote-access
tunnel-group domain general-attributes
address-pool (inside) VPNUsers
address-pool VPNUsers
authentication-server-group ActiveDirectory LOCAL
authentication-server-group (inside) ActiveDirectory LOCAL
<--- More --->
default-group-policy domain
dhcp-server link-selection 10.2.11.121
tunnel-group domain ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
<--- More --->
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 21
subscribe-to-alert-group configuration periodic monthly 21
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:2578e19418cb5c61eaf15e9e2e5338a0
: endHello,
I've been working on this issue for a few days with no success. We're setting up a new Cisco ASA 5515 in our environment and are trying to get a simple IPSec VPN setup on it for remote access. After some initial problems, we've gotten it to where the VPN tunnel authenticates the user and connects as it should, however we cannot ping into our LAN. We are able to ping as far as the firewall's inside interface. I've tried other types of traffic too and nothing gets through. I've checked the routes listed on the VPN client while we're connected and they look correct - the client also shows both sent and received bytes when we connect using TCP port 10000, but no Received bytes when we connect using UDP 4500. We are trying to do split tunneling, and that seems to be setup correctly because I can still surf while the VPN is connected.
Below is our running config. Please excuse any messyness in the config as there are a couple of us working on it and we've been trying a whole bunch of different settings throughout the troubleshooting process. I will also note that we're using ASDM as our primary method of configuring the unit, so any suggestions that could be made with that in mind would be most helpful. Thanks!
ASA-01# sh run
: Saved
ASA Version 8.6(1)2
hostname ASA-01
domain-name domain.org
enable password **** encrypted
passwd **** encrypted
names
interface GigabitEthernet0/0
speed 100
duplex full
nameif inside
security-level 100
ip address 10.2.0.1 255.255.0.0
interface GigabitEthernet0/1
description Primary WAN Interface
nameif outside
security-level 0
ip address 76.232.211.169 255.255.255.192
interface GigabitEthernet0/2
shutdown
<--- More --->
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
speed 100
<--- More --->
duplex full
shutdown
nameif management
security-level 100
ip address 10.4.0.1 255.255.0.0
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.2.11.6
domain-name domain.org
dns server-group sub
name-server 10.2.11.121
name-server 10.2.11.138
domain-name sub.domain.net
same-security-traffic permit intra-interface
object network 76.232.211.132
host 76.232.211.132
object network 10.2.11.138
host 10.2.11.138
object network 10.2.11.11
host 10.2.11.11
<--- More --->
object service DB91955443
service tcp destination eq 55443
object service 113309
service tcp destination range 3309 8088
object service 11443
service tcp destination eq https
object service 1160001
service tcp destination range 60001 60008
object network LAN
subnet 10.2.0.0 255.255.0.0
object network WAN_PAT
host 76.232.211.170
object network Test
host 76.232.211.169
description test
object network NETWORK_OBJ_10.2.0.0_16
subnet 10.2.0.0 255.255.0.0
object network NETWORK_OBJ_10.2.250.0_24
subnet 10.2.250.0 255.255.255.0
object network VPN_In
subnet 10.3.0.0 255.255.0.0
description VPN User Network
object-group service 11
service-object object 113309
<--- More --->
service-object object 11443
service-object object 1160001
object-group service IPSEC_VPN udp
port-object eq 4500
port-object eq isakmp
access-list outside_access_in extended permit icmp object VPN_In 10.2.0.0 255.255.0.0 traceroute log disable
access-list outside_access_in extended permit object-group 11 object 76.232.211.132 interface outside
access-list outside_access_in extended permit object DB91955443 any interface outside
access-list outside_access_in extended permit udp any object Test object-group IPSEC_VPN inactive
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended deny ip any any
access-list inside_access_in extended permit ip any any log disable
access-list inside_access_in extended permit icmp any any echo-reply log disable
access-list inside_access_in extended permit ip object VPN_In 10.2.0.0 255.255.0.0 log disable
access-list domain_splitTunnelAcl standard permit 10.2.0.0 255.255.0.0
access-list domain_splitTunnelAcl standard permit 10.3.0.0 255.255.0.0
access-list vpn_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu management 1500
mtu inside 1500
mtu outside 1500
ip local pool VPNUsers 10.3.0.1-10.3.0.254 mask 255.255.0.0
<--- More --->
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any management
icmp permit any inside
icmp permit any outside
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic any interface
nat (inside,outside) source dynamic any WAN_PAT inactive
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 113309 113309
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 11443 11443
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 1160001 1160001
nat (outside,outside) source static any any destination static interface 10.2.11.138 service DB91955443 DB91955443
nat (inside,outside) source static NETWORK_OBJ_10.2.0.0_16 NETWORK_OBJ_10.2.0.0_16 destination static NETWORK_OBJ_10.2.250.0_24 NETWORK_OBJ_10.2.250.0_24 no-proxy-arp route-lookup
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 76.232.211.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
<--- More --->
dynamic-access-policy-record DfltAccessPolicy
aaa-server ActiveDirectory protocol nt
aaa-server ActiveDirectory (inside) host 10.2.11.121
nt-auth-domain-controller sub.domain.net
aaa-server ActiveDirectory (inside) host 10.2.11.138
nt-auth-domain-controller sub.domain.net
user-identity default-domain LOCAL
eou allow none
http server enable
http 10.4.0.0 255.255.255.0 management
http 10.2.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
no sysopt connection permit-vpn
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
<--- More --->
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
<--- More --->
subject-name CN=ASA-01
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate a6c98751
308201f1 3082015a a0030201 020204a6 c9875130 0d06092a 864886f7 0d010105
0500303d 31153013 06035504 03130c43 5248442d 4d432d46 57303131 24302206
092a8648 86f70d01 09021615 43524844 2d4d432d 46573031 2e637268 642e6f72
67301e17 0d313330 35303730 32353232 325a170d 32333035 30353032 35323232
5a303d31 15301306 03550403 130c4352 48442d4d 432d4657 30313124 30220609
2a864886 f70d0109 02161543 5248442d 4d432d46 5730312e 63726864 2e6f7267
30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00c23d5f
acbf2b3f 9fe6e3c9 1866c344 07b6ee49 f6f31798 0b87a38b 890f70e2 c28cc1d5
fd1b4e80 7fa25483 09e79459 6bf92155 c55240b4 93eeb4eb af3f8aec 8906ef48
140c57bb 5ca4471f 275c1932 7e90976f f0dfe8a3 04a7861f cce7a320 7267df2e
61f9b6b8 22bb70ac d9cedb73 3cf9747b c2636892 48b35385 a94bfae5 fd020301
0001300d 06092a86 4886f70d 01010505 00038181 003c7e16 be4aff40 8fe69a31
acf31808 680e44eb 8ede9094 f9a4a147 0ae18cdc 000dc07f c1da1af4 a2d964ed
288689ee 95179ad0 90728324 9803248d b9d10641 01897453 fe7fafcd 34dee13a
92798615 4acb1f27 14fdb346 ab3eb825 04f23791 81d08fa2 b54c6a47 aedd9694
1c9fbcb4 455fd5ce 420298aa 9333737c 19f0e715 50
quit
crypto isakmp identity address
crypto isakmp nat-traversal 30
crypto ikev2 policy 1
<--- More --->
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
<--- More --->
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 ipsec-over-tcp port 10000
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
<--- More --->
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
<--- More --->
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
<--- More --->
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
<--- More --->
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd dns 10.2.11.121 10.2.11.138
dhcpd lease 36000
dhcpd ping_timeout 30
dhcpd domain sub.domain.net
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
webvpn
<--- More --->
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect profiles VPN_client_profile disk0:/VPN_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy domain internal
group-policy domain attributes
banner value You are attempting to access secured systems at thsi facility. All activity is monitored and recorded. Disconnect now if you are not authorized to access these systems or do not possess valid logon credentials.
wins-server value 10.2.11.121 10.2.11.138
dns-server value 10.2.11.121 10.2.11.138
vpn-idle-timeout none
vpn-filter value vpn_access_in
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value domain_splitTunnelAcl
default-domain value sub.domain.net
split-dns value sub.domain.net
group-policy DfltGrpPolicy attributes
dns-server value 10.2.11.121 10.2.11.138
vpn-filter value outside_access_in
vpn-tunnel-protocol l2tp-ipsec
default-domain value sub.domain.net
split-dns value sub.domain.net
address-pools value VPNUsers
username **** password **** encrypted privilege 15
<--- More --->
username **** password **** encrypted privilege 15
username **** attributes
webvpn
anyconnect keep-installer installed
anyconnect dtls compression lzs
anyconnect ssl dtls enable
anyconnect profiles value VPN_client_profile type user
tunnel-group DefaultL2LGroup general-attributes
default-group-policy domain
tunnel-group DefaultRAGroup general-attributes
address-pool VPNUsers
authentication-server-group ActiveDirectory
default-group-policy domain
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
ikev1 trust-point ASDM_TrustPoint0
tunnel-group DefaultWEBVPNGroup general-attributes
default-group-policy domain
tunnel-group domain type remote-access
tunnel-group domain general-attributes
address-pool (inside) VPNUsers
address-pool VPNUsers
authentication-server-group ActiveDirectory LOCAL
authentication-server-group (inside) ActiveDirectory LOCAL
<--- More --->
default-group-policy domain
dhcp-server link-selection 10.2.11.121
tunnel-group domain ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
<--- More --->
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 21
subscribe-to-alert-group configuration periodic monthly 21
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:2578e19418cb5c61eaf15e9e2e5338a0
: end -
VPN client connected to VPN but can't ping or access to server
HI ,
i need help urgently, had been troubleshooting for a day, but have no ideal what wrong with the config.
Basically there is 2 set of VPN configured, one is site to site IPSEC VPN and another one is connect via VPN client software coexist in same router.
This recently we having problem on client can't access or ping to internal server which is 192.168.6.3 from VPN client software.
VPN client will connect to VPN ip pool as10.20.1.0 to 10.20.1.100
Software itself shown connected but request time out when ping.
Below is the config. Some of the command might be extra as when i did some test, but end up didn't work.
aaa new-model
aaa authentication login userauthen local
aaa authorization network adminmap group VPNClient
aaa authorization network groupauthor local
aaa authorization network map-singapore local
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key emptyspace address 203.142.83.218 no-xauth
crypto isakmp keepalive 15 periodic
crypto isakmp client configuration address-pool local ippool
crypto isakmp client configuration group map-singapore
key cisco123
dns 192.168.6.3
domain cisco.com
pool ippool
acl 102
crypto isakmp profile VPNclient
match identity address 27.54.43.210 255.255.255.255
match identity group vpnclient
client authentication list userauthen
client configuration address respond
crypto ipsec security-association idle-time 86400
crypto ipsec transform-set REMSET esp-3des esp-md5-hmac
crypto ipsec transform-set DYNSET esp-aes esp-md5-hmac
crypto ipsec transform-set esp-3des-sha esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10
set transform-set DYNSET
set isakmp-profile VPNclient
reverse-route
crypto map VPNMAP client authentication list userauthen
crypto map VPNMAP isakmp authorization list map-singapore
crypto map VPNMAP client configuration address respond
crypto map VPNMAP 10 ipsec-isakmp dynamic dynmap
crypto map VPNMAP 11 ipsec-isakmp
description VPN to ASA5520
set peer 203.142.83.218
set security-association lifetime kilobytes 14608000
set security-association lifetime seconds 86400
set transform-set REMSET
match address 100
interface GigabitEthernet0/0
ip address 27.54.43.210 255.255.255.240
ip nat outside
no ip virtual-reassembly
duplex full
speed 100
crypto map VPNMAP
interface GigabitEthernet0/1
ip address 192.168.6.1 255.255.255.0
ip nat inside
no ip virtual-reassembly
duplex full
speed 100
interface GigabitEthernet0/2
description $ES_LAN$
no ip address
shutdown
duplex auto
speed auto
ip local pool ippool 10.20.1.0 10.20.1.100
ip forward-protocol nd
ip pim bidir-enable
no ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip nat inside source route-map nonat interface GigabitEthernet0/0 overload
ip nat inside source static 192.168.6.3 27.54.43.212
ip route 0.0.0.0 0.0.0.0 27.54.43.209
ip route 192.168.1.0 255.255.255.0 27.54.43.209
ip route 192.168.151.0 255.255.255.0 192.168.6.151
ip route 192.168.208.0 255.255.255.0 27.54.43.209
ip access-list extended RA_SING
permit ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip 10.0.0.0 0.255.255.255 192.168.6.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 192.168.208.0 0.0.0.255
permit ip 10.20.1.1 0.0.0.100 192.168.6.0 0.0.0.255
permit ip 10.20.1.0 0.0.0.255 10.0.0.0 0.255.255.255
deny ip any any log
access-list 1 remark Local Network
access-list 1 permit 192.168.6.0 0.0.0.255
access-list 1 permit 192.168.102.0 0.0.0.255
access-list 1 permit 192.168.151.0 0.0.0.255
access-list 2 remark VPNClient-range
access-list 2 permit 10.0.0.0 0.255.255.255
access-list 10 permit 192.168.6.0 0.0.0.255
access-list 10 permit 192.168.102.0 0.0.0.255
access-list 10 permit 192.168.151.0 0.0.0.255
access-list 10 permit 10.0.0.0 0.255.255.255
access-list 100 permit ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.102.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.6.0 0.0.0.255 192.168.208.0 0.0.0.255
access-list 100 permit ip host 192.168.6.7 host 192.168.208.48
access-list 101 deny ip 192.168.6.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
access-list 101 permit ip 192.168.6.0 0.0.0.255 any
access-list 102 permit ip 10.0.0.0 0.255.255.255 any
access-list 120 deny ip any any log
access-list 120 deny ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255 log
access-list 120 deny ip 192.168.6.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 120 deny ip 192.168.6.0 0.0.0.255 192.168.208.0 0.0.0.255
no cdp run
route-map nonat permit 10
match ip address 120
control-plane
alias isakmp-profile sh crypto isakmp sa
alias exec ipsec sh crypto ipsec sa
banner motd ^CC^CI did not try to ping 4.2.2.2. I just know I can not ping comcasts dns servers. I have updated the firmware on the router and it did not work. The computer was able to access the internet until about a week ago, I don't understand what could have changed that I would now need a static DNS.
-
I am running Facetime version 1.0.3 (167) on MacBook Pro OSx 10.6.8 but Facetime fails to other Mac devices. What version of Facetime can I upgrade to in order to rectify this ?.
Unable to make or receive FaceTime calls after April 16, 2014
-
I am trying make a flash drive bootable so i can install OSX Mountain lion it BUT it has MBR partition on it how can i remove this partition
Regards
WarrenDrive Preparation
1. Open Disk Utility in your Utilities folder.
2. After DU loads select your hard drive (this is the entry with the mfgr.'s ID and size) from the left side list. Click on the Partition tab in the DU main window.
3. Under the Volume Scheme heading set the number of partitions from the drop down menu to one. Click on the Options button, set the partition scheme to GUID then click on the OK button. Set the format type to Mac OS Extended (Journaled.) Click on the Partition button and wait until the process has completed.
4. Select the volume you just created (this is the sub-entry under the drive entry) from the left side list. Click on the Erase tab in the DU main window.
5. Set the format type to Mac OS Extended (Journaled.) Click on the Security button, check the button for Zero Data and click on OK to return to the Erase window.
6. Click on the Erase button. The format process can take up to several hours depending upon the drive size. -
Macbook pro late 2008 update to osx mountain lion already but can't open safari
macbook pro late 2008 update to osx mountain lion already but can't open safari
Where did you buy this "open box" MacBook Pro?
Here are the specifics on the upgrade program:
http://www.apple.com/osx/uptodate/ -
i am having trouble with exchange account connection .the vpn connects fine but the exchange account is still showing the yellow light .can anyone help?
I had a similar problem. Here is how I resolved the issue.
1. Remove Network Connect
2. Run Terminal and remove /usr/local/juniper and everything within the juniper directory.
3. Reboot the machine and reinstall Network Connect
4. Test if you can now connect.
During removal, you may encounter permission denied error, you will need to change the permission to 777. For example "sudo chmod 777 nc". -
ok my iphone 3g touch screen is not responding, i can recieve calls and it can charge and connect to itunes, but i cannot go any further than using the home button or the power button, it is only the slide feature and touch feature that has become non existent. Also, i have a f'ew cracks in my screen for a while now and it was running smoothly up until saturday when i sat on it applying large amounts of pressure to the phone screen. Is there a way i can fix this myself without having to recover my phone to factory settings or wasting 50 bucks to get it fixed??
Hi Dire Dawa,
If the screen on your iPhone isn't responding, you may find the following article helpful:
iOS: Not responding or does not turn on
http://support.apple.com/kb/ts3281
Regards,
- Brenden -
Since upgrading, both our wireless printers are still visible, but OSX will not connect with them. Both work via connecting from other sources via the same wireless router (airport). What do I need to do to get my printing/scanning working again?
First thing to try is reset Printing System:
OS X Mavericks: Reset the printing system
Next would be reset the router (power off 15 secs then back on). And, 2 minutes later, reset the printers 1 by 1. -
Hi!
I just bought a MBP OSX 10.7.2 but i can't find the Macintosh HD folder. It's neither on my desktop, or in the general section in finder's preferences. Can you help me please? thanksHoly Shhh,
Thank you so much!, i just realized i kept looking in the system preferencs > general
What a retard!
thanks again -
I recently upgraded my Mackbook Pro ma operating system from OSX lion to Maverick, but in the process I can not access my iphoto 9.1.5. How do I access it?
Download the Mavericks version from the App Store.
The iWork apps are free with a new iOS device since 1 SEP 2013. They are free with a new Mac since 1 OCT 2013. They are also free with the upgrade to OS X Mavericks 10.9 if you had the previous version installed when you upgraded.
iWork and iLife for Mac come free with every new Mac purchase. Existing users running Mavericks can update their apps for free from the Mac App Store℠. iWork and iLife for iOS are available for free from the App Store℠ for any new device running iOS 7, and are also available as free updates for existing users. GarageBand for Mac and iOS are free for all OS X Mavericks and iOS 7 users. Additional GarageBand instruments and sounds are available for a one-time in-app purchase of $4.99 for each platform. -
Untrusted Connection error message on home computer, but can connect fine from work
I have been connecting to this site for a while without problems (an online gradebook for son's school), but yesterday when I tried to log in from home machine, I got the "This connection is Untrusted" error message. However, I was able to log in without a problem from work today, but having the same problem at home again. Is it an indication that my home connection is somehow compromised? How do I check? Other sites seem to working fine.
It is usually better to install missing certificates by visiting another website that sends them then by making an exception.<br />
You can check the certificate chain on the working computer by clicking the Site Identity Button (favicon) on the location bar > More Information > View Certificate > Details and export missing intermediate certificates and import them on the other computer.
You can remove exceptions on the Servers tab in the Certificate Manager.
*Tools > Options > Advanced : Encryption: Certificates - View Certificates -
I recently purchased an iMac and found out that I can download OSX LIon for free, but have been unable to redeem on the Canadian site. According to their info Canadian systems should be eligible. How do I redeem this on the Canadian site?
Please read and follow the instructions at the Lion - Get up to date site. If you continue to have problems you can contact AppleCare (the number is in your owners manual or you can use the AppleCare Contact Info site.
-
I have connected via VPN but can't see lion server .private
when I am in my local network at home I simply go to finder and click on my server and connect to it. When I VPN form the net into my servers local network I dont see it in my finder? I know I am in the next work being I did a IP Check but am I am missing something how am I to get to the server to get to my files? it is set up as a .private.
Spoke to an apple rep today. when accessing via VPN go to finder then go to the top menu click GO at the bottom of the drop down will be connect to server simply add the IP address to access.
Maybe you are looking for
-
Datefield not working in Coldfusion 11
I have just installed CF11 on our dev and QA servers and am getting a strange issue on only one of them. On our QA server, instead of the calandar control showing up when <cfinput type="datefield"> is used, I get the text "Date Picker". I can't find
-
Error calling[Standalone proxy]uFF1Aexternal web service(SSL + anonymous)
hi SDNer I use Standalone proxy to call external web service(SSL + anonymous) web service Endpoint is : https://localhost:8443/HelloWorldService/services/HelloWorld NWDS VERSION: NWDS-IDE-700SP12 Standalone SEI is : HelloWorld HelloWorldHttpBin
-
When is apple going to fix imessage and FaceTime problems?
Hello, I am having the same problem as a lot of other users seem to have: my imessage and facetime applications are not accepting my password. I found a way to (temporarily) fix this via deletion of the host file. Since then facetime works, my imessa
-
Free app won't open on iPhone since restore
Hello, I had to restore my iPhone 5S after the latest iOS update 7.0.5 I used to have an app called CityMapper (free app) on my phone before it crashed but since the restore it doesn't show on my phone. If I search for it in the app store on my phone
-
Time machine starts well, and then slow as cold molasses
Hi All, I've scoured the net for clues, but no love. I've set up a new external drive for TimeMachine. I created a single partition with Disk Utility, formatted as HFS+ and told TM to use it for backups. Clicked go. Yay! Lots of data cruising along a