PIX-515E - Reason 412: the remote peer is no longer responding...

Hi,
I am unable to VPN to my network from outside using cisco VPN client to PIX-515E.
When I try it say:
Reason 412: the remote peer is no longer responding...
From inside everything work ok, I can connect... (same computer, same settings...)
Maybe the problem is not in PIX??
Few days ago I upgrade FWSM from 3.1.x to
FWSM Firewall Version 4.1(9)
Device Manager Version 6.2(2)F
Can this upgrade cause problem???
I compare running conf: and I notice this new commands:
service reset no-connection
no service reset connection marked-for-deletion
I try with opposite:
no service reset no-connection
service reset connection marked-for-deletion
but still I cannot VPN....
Any advice?
THX,
Ivan

Problem solved...
as usual I cause the problem instead of 8 i wrote 3... i was checking that IP address several time but didn't see
now when I was preparing to put running config online and replacing ip address ... something jump into my eye....
So thnx Jennifer :-)

Similar Messages

  • Routing Issue in PIX 515E

    Hi all,
    I have a routing problem here with routing in PIX515E version 6.35. I have some Client PCs located in the DMZ interface of the PIX515E, they connect to PIX using Cisco VPN Client (IPSEC VPN), after that these PCs can be routed to access Servers (static route) located behind Internal interfaces of PIX. I have some Servers located remotely having Internet Access, the gateway router remotely connect to PIX Outside Interface (Internet) using IPSEC VPN then routed to inside Interface (static route).
    After establishing IPSEC VPN, the Client PCs behind the DMZ interfaces can access Servers located behind Internal Interface of PIX. So do the remote servers. However, the Client PCs cannot access the remote servers.
    Just wondering if there is any restriction for the routing in PIX?
    Thanks for the answer.

    Hi Jorge,
    Please see the config below;
    Servers behind inside interface 172.16.0.0/16
    Remote Server 172.16.0.199/32
    RA_Client:172.16.45.129-172.16.45.254
    dmz: 192.168.0.0/16
    PIX Version 6.3(5)
    interface ethernet0 auto
    interface ethernet1 auto
    interface ethernet2 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    nameif ethernet2 dmz security50
    access-list from-outside remark
    access-list from-outside permit icmp any any echo-reply
    access-list from-outside remark
    access-list nonat permit ip 172.16.0.0 255.255.0.0 host 172.16.0.199
    access-list 101 permit ip 172.16.0.0 255.255.0.0 172.16.45.128 255.255.255.128
    access-list Remote_Server permit ip 172.16.0.0 255.255.0.0 host 172.16.0.199
    ip address outside x.x.x.70 255.255.255.248
    ip address inside 172.16.58.20 255.255.255.0
    ip address dmz 192.168.68.20 255.255.255.0
    ip verify reverse-path interface outside
    ip local pool RA_Client_pool 172.16.45.129-172.16.45.254
    global (outside) 1 x.x.x.67 netmask 255.255.255.248
    global (dmz) 1 192.168.68.129-192.168.68.254 netmask 255.255.255.128
    nat (inside) 0 access-list nonat
    nat (inside) 1 172.16.0.0 255.255.0.0 0 0
    access-group from-outside in interface outside
    route outside 0.0.0.0 0.0.0.0 x.x.x.65 1
    route outside 172.16.0.199 255.255.255.255 x.x.x.65 1
    route inside 172.16.0.0 255.255.0.0 172.16.58.1 1
    route dmz 172.16.45.128 255.255.255.128 192.168.68.1 1
    route dmz 192.168.0.0 255.255.0.0 192.168.68.1 1
    crypto ipsec transform-set 3des-sha esp-3des esp-sha-hmac
    crypto dynamic-map map2 40 set transform-set 3des-sha
    crypto map IPSEC 40 ipsec-isakmp dynamic map2
    crypto map IPSEC 50 ipsec-isakmp
    crypto map IPSEC 50 match address Remote_Server
    crypto map IPSEC 50 set peer y.y.y.y
    crypto map IPSEC 50 set transform-set 3des-sha
    crypto map IPSEC 50 set security-association lifetime seconds 900 kilobytes 4608000
    crypto map IPSEC client authentication AuthInbound
    crypto map IPSEC interface outside
    crypto map IPSEC interface dmz
    isakmp enable outside
    isakmp enable dmz
    vpngroup RA_Client address-pool RA_Client_pool
    vpngroup RA_Client dns-server 172.16.9.5
    vpngroup RA_Client wins-server 172.16.9.5
    vpngroup RA_Client split-tunnel 101
    vpngroup RA_Client idle-time 1800
    vpngroup RA_Client password ********

  • How to build 2 L2L vpn tunnels pointing to the same peer.

    I have a Cisco ASA 5505 on one side and a VMware device on the remote.  I have a vpn tunnel currently.  I need to establish a second tunnel to the same peer.  Because VMware is used on the remote side they can't have the more than one subnet on the tunnel.  I need two internal subnets to communicate to the remote peer.  Please help.
    Thanks,
    Ken

    Hi Tzy,
    Two tunnels for same traffic on a same device is not possible but you can configure a redundancy for the 2 cellular links for the same traffic.
    But if the traffic are different for both the ACLs, the the tunnels should come up but you need to define routes as to which traffic would use what interface.
    if there is a def route pointing to interface cell0/0/1 then all traffic will be taken using that interface, and you would then need to define either a static route for access-list 102 or a route-map to direct the traffic to the cell0/0/2 interface.
    On the ASA, you just need to configure the settings for a dynamic VPN tunnel.
    Hope that helps.
    Cheers,
    Abhi

  • About 7/16 of an inch of my screen for my Iphone 4 no longer responds ever since the new update

    Ever since the iOS 7 update about 7/16 of an inch on my screen no longer works meaning if i where typing in safari an hit the globe button that changes the keyboard to what ever you have on your list (for example Emoji) i would end up having to back out of certain apps or have to turn my phone sideways to type key board style in order to even change the keyboard back to english that as well as all my buttons with in the 7/16 range no longer respond so if i wanted to delete an app i would need to drag it into an app folder and then move away from the 7/16 zone in order to delete it i have never had this problem until the update and although minor it is annoying. If anyone has any ideas on what is causing this to happen or a solution other then upgrading due my 2yr contract with At&t is still on going until next year.

    I think the problem is that the iPod got set to Manually manage music and videos.  It needs to be set up for automatic syncing again.  Just unchecking that Manually manage music and videos setting does not do it.
    In iTunes 12, select the iPod in iTunes (using the device button), so that you see the iPod's "management" screen.  In the sidebar (along left side of screen), there are two headings (Settings and On My Device).  Under Settings, click on Music.  To the right, you see the iPod's Music screen, where you tell iTunes how to sync songs to the iPod.
    Check the box at the top for Sync Music.  That turns ON automatic syncing for music.  Below that, choose the option to sync Entire music library (assuming your music library fits completely on your iPod).  Otherwise, you can choose the option to sync Selected playlists, artists, albums, and genres and make your selections below.  Then click Apply.

  • Help needed to connect to remote PPTP VPN via PIX 515e

    Hello,
    A user in our office needs to connect to a client's remote PPTP VPN but can't connect.  The user is running Windows 7.  We have a Cisco PIX 515e firewall that is running PIX Version 6.3(3) - this is what our user is having to go through to try and make the connection to the client's remote VPN.
    The client's network guys have come back and said the issue is at our side.  They say that they can see some of our traffic but not all of it. The standard error is shown below, and they say it's symptomatic of the client-side firewall not allowing PPTP traffic:
    "A connection between the VPN server and the VPN client XXX.XXX.XXX.XXX has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets."
    I have very little firewall experience and absolutely no Cisco experience I'm afraid.  From looking at the PIX config I can see the following line:
    fixup protocol pptp 1723.
    Does this mean that the PPTP protcol is enabled on our firewall?  Is this for both incoming and outgoing traffic?
    I can see no reference to GRE 47 in the PIX config.  Can anyone advise me what I should look for to see if this has been enabled or not?
    I apologise again for my lack of knowledge.  Any help or advice would be very gratefully received.
    Ros

    Hi Eugene,
    Thank you for taking the time to reply to me.  Please see our full PIX config below.  I've XX'd out names and IP addresses as I'm never comfortable posting those type of details in a public forum.  I hope that the information below is still sufficient for you.
    Thanks again for your help,
    Ros
    PIX(config)# en
    Not enough arguments.
    Usage:  enable password [] [level ] [encrypted]
            no enable password level
            show enable
    PIX(config)# show config
    : Saved
    : Written by enable_15 at 10:30:31.976 GMT/BDT Mon Apr 4 2011
    PIX Version 6.3(3)
    interface ethernet0 auto
    interface ethernet1 auto
    interface ethernet2 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    nameif ethernet2 DMZ security10
    enable password XXX encrypted
    passwd XXX encrypted
    hostname PIX
    domain-name XXX.com
    clock timezone GMT/BST 0
    clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol pptp 1723
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    name XX.XX.XX.XX Secondary
    access-list outside_access_in permit tcp XX.XX.XX.XX 255.255.255.240 host XX.XX.XX.XX eq smtp
    access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq https
    access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 993
    access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 587
    access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 82
    access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq www
    access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
    access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
    access-list outside_access_in permit tcp any host XX.XX.XX.XX eq https
    access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 993
    access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 587
    access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 82
    access-list outside_access_in permit tcp host XX.XX.XX.XX host XX.XX.XX.XX eq 82
    access-list outside_access_in permit tcp host XX.XX.XX.XX host XX.XX.XX.XX eq 82
    access-list outside_access_in permit tcp any host XX.XX.XX.XX eq smtp
    access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 8082
    access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
    access-list outside_access_in permit tcp any host XX.XX.XX.XX eq https
    access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 993
    access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 587
    access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 82
    access-list outside_access_in permit tcp any host XX.XX.XX.XX eq smtp
    access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq www
    access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
    access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
    access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
    access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
    access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
    access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
    access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.0.0
    access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
    access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
    access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
    access-list inside_outbound_nat0_acl deny udp any any eq 135
    access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
    access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
    access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
    access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
    access-list outside_cryptomap_40 permit ip any XX.XX.XX.XX 255.255.255.0
    access-list outside_cryptomap_60 permit ip any XX.XX.XX.XX 255.255.255.0
    access-list USER1 permit ip any XX.XX.XX.XX 255.255.255.0
    access-list outside_cryptomap_10 permit ip any XX.XX.XX.XX 255.255.255.0
    access-list outside_cryptomap_20 permit ip any XX.XX.XX.XX 255.255.255.0
    access-list outside_cryptomap_30 permit ip any XX.XX.XX.XX 255.255.255.0
    access-list outside_cryptomap_50 permit ip any XX.XX.XX.XX 255.255.255.0
    access-list outside_cryptomap_70 permit ip any XX.XX.XX.XX 255.255.0.0
    access-list USER2 permit ip any XX.XX.XX.XX 255.255.255.0
    access-list USER3 permit ip any XX.XX.XX.XX 255.255.255.0
    access-list USER4 permit ip any XX.XX.XX.XX 255.255.0.0
    pager lines 24
    logging on
    logging host inside XX.XX.XX.XX
    icmp permit any outside
    icmp permit any inside
    mtu outside 1500
    mtu inside 1500
    mtu DMZ 1500
    ip address outside XX.XX.XX.XX 255.255.255.248
    ip address inside XX.XX.XX.XX 255.255.255.0
    no ip address DMZ
    ip audit info action alarm
    ip audit attack action alarm
    pdm location XX.XX.XX.XX 255.255.255.255 inside
    pdm location XX.XX.XX.XX 255.255.0.0 outside
    pdm location XX.XX.XX.XX 255.255.255.0 outside
    pdm logging debugging 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list inside_outbound_nat0_acl
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) XX.XX.XX.XX XX.XX.XX.XX netmask 255.255.255.255 0 0
    static (inside,outside) XX.XX.XX.XX. XX.XX.XX.XX netmask 255.255.255.255 0 0
    static (inside,outside) XX.XX.XX.XX. XX.XX.XX.XX netmask 255.255.255.255 0 0
    static (inside,outside) XX.XX.XX.XX XX.XX.XX.XX netmask 255.255.255.255 0 0
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 XX.XX.XX.XX 1
    route inside XX.XX.XX.XX 255.255.0.0 XX.XX.XX.XX 1
    timeout xlate 3:00:00
    timeout conn 2:00:00 half-closed 0:30:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    ntp authenticate
    ntp server XX.XX.XX.XX source outside prefer
    http server enable
    http XX.XX.XX.XX 255.255.0.0 outside
    http XX.XX.XX.XX 255.255.255.0 outside
    http XX.XX.XX.XX 255.255.255.255 inside
    snmp-server host inside XX.XX.XX.XX
    no snmp-server location
    no snmp-server contact
    snmp-server community XXX
    snmp-server enable traps
    floodguard enable
    sysopt connection permit-ipsec
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto dynamic-map cola 20 set transform-set ESP-3DES-MD5
    crypto dynamic-map dod 10 set transform-set ESP-3DES-MD5
    crypto map outside_map 10 ipsec-isakmp dynamic cola
    crypto map outside_map 20 ipsec-isakmp
    crypto map outside_map 20 match address outside_cryptomap_20
    crypto map outside_map 20 set peer XX.XX.XX.XX
    crypto map outside_map 20 set transform-set ESP-3DES-MD5
    crypto map outside_map 25 ipsec-isakmp
    crypto map outside_map 25 match address USER1
    crypto map outside_map 25 set peer XX.XX.XX.XX
    crypto map outside_map 25 set transform-set ESP-3DES-MD5
    crypto map outside_map 30 ipsec-isakmp
    crypto map outside_map 30 match address outside_cryptomap_30
    crypto map outside_map 30 set peer XX.XX.XX.XX
    crypto map outside_map 30 set transform-set ESP-3DES-MD5
    crypto map outside_map 40 ipsec-isakmp
    crypto map outside_map 40 match address outside_cryptomap_40
    crypto map outside_map 40 set peer XX.XX.XX.XX
    crypto map outside_map 40 set transform-set ESP-3DES-MD5
    crypto map outside_map 50 ipsec-isakmp
    crypto map outside_map 50 match address outside_cryptomap_50
    crypto map outside_map 50 set peer XX.XX.XX.XX
    crypto map outside_map 50 set transform-set ESP-3DES-MD5
    crypto map outside_map 60 ipsec-isakmp
    crypto map outside_map 60 match address outside_cryptomap_60
    crypto map outside_map 60 set peer XX.XX.XX.XX
    crypto map outside_map 60 set transform-set ESP-3DES-MD5
    crypto map outside_map 70 ipsec-isakmp
    crypto map outside_map 70 match address outside_cryptomap_70
    crypto map outside_map 70 set peer XX.XX.XX.XX
    crypto map outside_map 70 set transform-set ESP-3DES-MD5
    crypto map outside_map 75 ipsec-isakmp
    crypto map outside_map 75 match address USER4
    crypto map outside_map 75 set peer XX.XX.XX.XX
    crypto map outside_map 75 set transform-set ESP-3DES-MD5
    crypto map outside_map 80 ipsec-isakmp
    crypto map outside_map 80 match address USER2
    crypto map outside_map 80 set peer XX.XX.XX.XX
    crypto map outside_map 80 set transform-set ESP-3DES-MD5
    crypto map outside_map 90 ipsec-isakmp
    crypto map outside_map 90 match address USER3
    crypto map outside_map 90 set peer XX.XX.XX.XX
    crypto map outside_map 90 set transform-set ESP-3DES-MD5
    crypto map outside_map interface outside
    isakmp enable outside
    isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
    isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
    isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
    isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
    isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
    isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
    isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
    isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption 3des
    isakmp policy 20 hash md5
    isakmp policy 20 group 2
    isakmp policy 20 lifetime 86400
    telnet XX.XX.XX.XX 255.255.0.0 outside
    telnet XX.XX.XX.XX 255.255.255.255 inside
    telnet XX.XX.XX.XX 255.255.255.255 inside
    telnet XX.XX.XX.XX 255.255.255.255 inside
    telnet timeout 30
    ssh XX.XX.XX.XX 255.255.255.248 outside
    ssh XX.XX.XX.XX 255.255.255.248 outside
    ssh timeout 30
    management-access inside
    console timeout 0
    terminal width 80
    Cryptochecksum:XXX
    PIX(config)#

  • HT1555 i just got a new apple tv but for some reason the remote only worked for about a min. and than it wount work at all. i tried to pair and unpair but nathing works but when i press a button the light on the apple tv turns off. what should i do?

    i just got a new apple tv but for some reason the remote only worked for about a min. and than it wount work at all. i tried to pair and unpair but nathing works but when i press a button the light on the apple tv turns off. what should i do?

    Have you held the menu and left arrow together for 6 secs ?  (I think you have from what you say).
    Also try unpowering and restarting AppleTV.
    AC

  • Webserver on DMZ cannot send email via php script using SMTP (cisco firewall pix 515e)

    Hello,
    I have two web servers that are sitting in a DMZ behind a Cisco Firewall PIX 515e. The webservers appear to be configured correctly as our website and FTP website are up. On two of our main website, we have two contact forms that use a simple html for to call a php script that uses smtp as its mailing protocol. Since, I am not the network administrator, I don't quite understand how to  read the current configurations on the firewall, but I suspect that port 25 is blocked, which prevents the script from actually working or sending out emails.  What I've done to narrow the problem done is the following: I used a wamp server to test our scripts with our smtp servers settings, was able to successfully send an email out to both my gmail and work place accounts. Currently, we have backupexec loaded on both of these servers, and when I try to send out an alert I never receive it. I think because port 25 is closed on both of those servers.  I will be posting our configuration. if anyone can take a look and perhaps explain to me how I can change our webservers to communicate and successfully deliver mail via that script, I would gladly appreciate it. our IP range is 172.x.x.x, but it looks like our webservers are using 192.x.x.x with NAT in place. Please someone help.
    Thanks,
    Jeff Mateo
    PIX Version 6.3(4)
    interface ethernet0 100full
    interface ethernet1 100full
    interface ethernet2 100full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    nameif ethernet2 DMZ security50
    enable password GFO9OSBnaXE.n8af encrypted
    passwd GFO9OSBnaXE.n8af encrypted
    hostname morrow-pix-ct
    domain-name morrowco.com
    clock timezone EST -5
    clock summer-time EDT recurring
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    no fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    name 12.42.47.27 LI-PIX
    name 172.20.0.0 CT-NET
    name 172.23.0.0 LI-NET
    name 172.22.0.0 TX-NET
    name 172.25.0.0 NY-NET
    name 192.168.10.0 CT-DMZ-NET
    name 1.1.1.1 DHEC_339849.ATI__LEC_HCS722567SN
    name 1.1.1.2 DHEC_339946.ATI__LEC_HCS722632SN
    name 199.191.128.105 web-dns-1
    name 12.127.16.69 web-dns-2
    name 12.3.125.178 NY-PIX
    name 64.208.123.130 TX-PIX
    name 24.38.31.80 CT-PIX
    object-group network morrow-net
    network-object 12.42.47.24 255.255.255.248
    network-object NY-PIX 255.255.255.255
    network-object 64.208.123.128 255.255.255.224
    network-object 24.38.31.64 255.255.255.224
    network-object 24.38.35.192 255.255.255.248
    object-group service morrow-mgmt tcp
    port-object eq 3389
    port-object eq telnet
    port-object eq ssh
    object-group network web-dns
    network-object web-dns-1 255.255.255.255
    network-object web-dns-2 255.255.255.255
    access-list out1 permit icmp any any echo-reply
    access-list out1 permit icmp object-group morrow-net any
    access-list out1 permit tcp any host 12.193.192.132 eq ssh
    access-list out1 permit tcp any host CT-PIX eq ssh
    access-list out1 permit tcp any host 24.38.31.72 eq smtp
    access-list out1 permit tcp any host 24.38.31.72 eq https
    access-list out1 permit tcp any host 24.38.31.72 eq www
    access-list out1 permit tcp any host 24.38.31.70 eq www
    access-list out1 permit tcp any host 24.38.31.93 eq www
    access-list out1 permit tcp any host 24.38.31.93 eq https
    access-list out1 permit tcp any host 24.38.31.93 eq smtp
    access-list out1 permit tcp any host 24.38.31.93 eq ftp
    access-list out1 permit tcp any host 24.38.31.93 eq domain
    access-list out1 permit tcp any host 24.38.31.94 eq www
    access-list out1 permit tcp any host 24.38.31.94 eq https
    access-list out1 permit tcp any host 24.38.31.71 eq www
    access-list out1 permit tcp any host 24.38.31.71 eq 8080
    access-list out1 permit tcp any host 24.38.31.71 eq 8081
    access-list out1 permit tcp any host 24.38.31.71 eq 8090
    access-list out1 permit tcp any host 24.38.31.69 eq ssh
    access-list out1 permit tcp any host 24.38.31.94 eq ftp
    access-list out1 permit tcp any host 24.38.31.92 eq 8080
    access-list out1 permit tcp any host 24.38.31.92 eq www
    access-list out1 permit tcp any host 24.38.31.92 eq 8081
    access-list out1 permit tcp any host 24.38.31.92 eq 8090
    access-list out1 permit tcp any host 24.38.31.93 eq 3389
    access-list out1 permit tcp any host 24.38.31.92 eq https
    access-list out1 permit tcp any host 24.38.31.70 eq https
    access-list out1 permit tcp any host 24.38.31.74 eq www
    access-list out1 permit tcp any host 24.38.31.74 eq https
    access-list out1 permit tcp any host 24.38.31.74 eq smtp
    access-list out1 permit tcp any host 24.38.31.75 eq https
    access-list out1 permit tcp any host 24.38.31.75 eq www
    access-list out1 permit tcp any host 24.38.31.75 eq smtp
    access-list out1 permit tcp any host 24.38.31.70 eq smtp
    access-list out1 permit tcp any host 24.38.31.94 eq smtp
    access-list dmz1 permit icmp any any echo-reply
    access-list dmz1 deny ip any 10.0.0.0 255.0.0.0
    access-list dmz1 deny ip any 172.16.0.0 255.240.0.0
    access-list dmz1 deny ip any 192.168.0.0 255.255.0.0
    access-list dmz1 permit ip any any
    access-list dmz1 deny ip any any
    access-list nat0 permit ip CT-NET 255.255.0.0 192.168.220.0 255.255.255.0
    access-list nat0 permit ip host 172.20.8.2 host 172.23.0.2
    access-list nat0 permit ip CT-NET 255.255.0.0 LI-NET 255.255.0.0
    access-list nat0 permit ip CT-NET 255.255.0.0 NY-NET 255.255.0.0
    access-list nat0 permit ip CT-NET 255.255.0.0 TX-NET 255.255.0.0
    access-list vpn-split-tun permit ip CT-NET 255.255.0.0 192.168.220.0 255.255.255
    .0
    access-list vpn-split-tun permit ip CT-DMZ-NET 255.255.255.0 192.168.220.0 255.2
    55.255.0
    access-list vpn-dyn-match permit ip any 192.168.220.0 255.255.255.0
    access-list vpn-ct-li-gre permit gre host 172.20.8.2 host 172.23.0.2
    access-list vpn-ct-ny permit ip CT-NET 255.255.0.0 NY-NET 255.255.0.0
    access-list vpn-ct-ny permit ip CT-DMZ-NET 255.255.255.0 NY-NET 255.255.0.0
    access-list vpn-ct-tx permit ip CT-NET 255.255.0.0 TX-NET 255.255.0.0
    access-list vpn-ct-tx permit ip CT-DMZ-NET 255.255.255.0 TX-NET 255.255.0.0
    access-list static-dmz-to-ct-2 permit ip host 192.168.10.141 CT-NET 255.255.248.
    0
    access-list nat0-dmz permit ip CT-DMZ-NET 255.255.255.0 192.168.220.0 255.255.25
    5.0
    access-list nat0-dmz permit ip CT-DMZ-NET 255.255.255.0 LI-NET 255.255.0.0
    access-list nat0-dmz permit ip CT-DMZ-NET 255.255.255.0 NY-NET 255.255.0.0
    access-list nat0-dmz permit ip CT-DMZ-NET 255.255.255.0 TX-NET 255.255.0.0
    access-list static-dmz-to-ct-1 permit ip host 192.168.10.140 CT-NET 255.255.248.
    0
    access-list static-dmz-to-li-1 permit ip CT-DMZ-NET 255.255.255.0 CT-NET 255.255
    .248.0
    access-list vpn-ct-li permit ip CT-NET 255.255.0.0 LI-NET 255.255.0.0
    access-list vpn-ct-li permit ip CT-DMZ-NET 255.255.255.0 LI-NET 255.255.0.0
    access-list vpn-ct-li permit ip host 10.10.2.2 host 10.10.1.1
    access-list in1 permit tcp host 172.20.1.21 any eq smtp
    access-list in1 permit tcp host 172.20.1.20 any eq smtp
    access-list in1 deny tcp any any eq smtp
    access-list in1 permit ip any any
    access-list in1 permit tcp any any eq smtp
    access-list cap4 permit ip host 172.20.1.82 host 192.168.220.201
    access-list cap2 permit ip host 172.20.1.82 192.168.220.0 255.255.255.0
    access-list in2 deny ip host 172.20.1.82 any
    access-list in2 deny ip host 172.20.1.83 any
    access-list in2 permit ip any any
    pager lines 43
    logging on
    logging timestamp
    logging buffered notifications
    logging trap notifications
    logging device-id hostname
    logging host inside 172.20.1.22
    mtu outside 1500
    mtu inside 1500
    mtu DMZ 1500
    ip address outside CT-PIX 255.255.255.224
    ip address inside 172.20.8.1 255.255.255.0
    ip address DMZ 192.168.10.1 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    ip local pool ctpool 192.168.220.100-192.168.220.200
    ip local pool ct-thomson-pool-201 192.168.220.201 mask 255.255.255.255
    pdm history enable
    arp timeout 14400
    global (outside) 1 24.38.31.81
    nat (inside) 0 access-list nat0
    nat (inside) 1 CT-NET 255.255.0.0 2000 10
    nat (DMZ) 0 access-list nat0-dmz
    static (inside,DMZ) CT-NET CT-NET netmask 255.255.0.0 0 0
    static (inside,outside) 24.38.31.69 172.20.8.2 netmask 255.255.255.255 0 0
    static (DMZ,outside) 24.38.31.94 192.168.10.141 netmask 255.255.255.255 0 0
    static (inside,outside) 24.38.31.71 172.20.1.11 dns netmask 255.255.255.255 0 0
    static (DMZ,outside) 24.38.31.93 192.168.10.140 netmask 255.255.255.255 0 0
    static (DMZ,inside) 24.38.31.93 access-list static-dmz-to-ct-1 0 0
    static (DMZ,inside) 24.38.31.94 access-list static-dmz-to-ct-2 0 0
    static (inside,outside) 24.38.31.92 172.20.1.56 netmask 255.255.255.255 0 0
    static (DMZ,outside) 24.38.31.91 192.168.10.138 netmask 255.255.255.255 0 0
    static (DMZ,outside) 24.38.31.90 192.168.10.139 netmask 255.255.255.255 0 0
    static (inside,outside) 24.38.31.72 172.20.1.20 netmask 255.255.255.255 0 0
    static (inside,outside) 24.38.31.73 172.20.1.21 netmask 255.255.255.255 0 0
    static (inside,outside) 24.38.31.70 172.20.1.91 netmask 255.255.255.255 0 0
    static (DMZ,outside) 24.38.31.88 192.168.10.136 netmask 255.255.255.255 0 0
    static (DMZ,outside) 24.38.31.89 192.168.10.137 netmask 255.255.255.255 0 0
    static (inside,outside) 24.38.31.74 172.20.1.18 netmask 255.255.255.255 0 0
    static (inside,outside) 24.38.31.75 172.20.1.92 netmask 255.255.255.255 0 0
    access-group out1 in interface outside
    access-group dmz1 in interface DMZ
    route outside 0.0.0.0 0.0.0.0 24.38.31.65 1
    route inside 10.10.2.2 255.255.255.255 172.20.8.2 1
    route inside CT-NET 255.255.248.0 172.20.8.2 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    aaa-server ct-rad protocol radius
    aaa-server ct-rad max-failed-attempts 2
    aaa-server ct-rad deadtime 10
    aaa-server ct-rad (inside) host 172.20.1.22 morrow123 timeout 7
    aaa authentication ssh console LOCAL
    aaa authentication http console LOCAL
    aaa authentication serial console LOCAL
    aaa authentication telnet console LOCAL
    http server enable
    http 173.220.252.56 255.255.255.248 outside
    http 65.51.181.80 255.255.255.248 outside
    http 208.65.108.176 255.255.255.240 outside
    http CT-NET 255.255.0.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community m0rroW(0
    no snmp-server enable traps
    floodguard enable
    sysopt connection permit-ipsec
    sysopt connection permit-pptp
    crypto ipsec transform-set 3des-sha esp-3des esp-sha-hmac
    crypto ipsec transform-set 3des-md5 esp-3des esp-md5-hmac
    crypto dynamic-map dyn_map 20 match address vpn-dyn-match
    crypto dynamic-map dyn_map 20 set transform-set 3des-sha
    crypto map ct-crypto 10 ipsec-isakmp
    crypto map ct-crypto 10 match address vpn-ct-li-gre
    crypto map ct-crypto 10 set peer LI-PIX
    crypto map ct-crypto 10 set transform-set 3des-sha
    crypto map ct-crypto 15 ipsec-isakmp
    crypto map ct-crypto 15 match address vpn-ct-li
    crypto map ct-crypto 15 set peer LI-PIX
    crypto map ct-crypto 15 set transform-set 3des-sha
    crypto map ct-crypto 20 ipsec-isakmp
    crypto map ct-crypto 20 match address vpn-ct-ny
    crypto map ct-crypto 20 set peer NY-PIX
    crypto map ct-crypto 20 set transform-set 3des-sha
    crypto map ct-crypto 30 ipsec-isakmp
    crypto map ct-crypto 30 match address vpn-ct-tx
    crypto map ct-crypto 30 set peer TX-PIX
    crypto map ct-crypto 30 set transform-set 3des-sha
    crypto map ct-crypto 65535 ipsec-isakmp dynamic dyn_map
    crypto map ct-crypto client authentication ct-rad
    crypto map ct-crypto interface outside
    isakmp enable outside
    isakmp key ******** address LI-PIX netmask 255.255.255.255 no-xauth no-config-mo
    de
    isakmp key ******** address 216.138.83.138 netmask 255.255.255.255 no-xauth no-c
    onfig-mode
    isakmp key ******** address NY-PIX netmask 255.255.255.255 no-xauth no-config-mo
    de
    isakmp key ******** address TX-PIX netmask 255.255.255.255 no-xauth no-config-mo
    de
    isakmp identity address
    isakmp nat-traversal 20
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption 3des
    isakmp policy 10 hash sha
    isakmp policy 10 group 2
    isakmp policy 10 lifetime 86400
    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption 3des
    isakmp policy 20 hash md5
    isakmp policy 20 group 2
    isakmp policy 20 lifetime 86400
    isakmp policy 30 authentication pre-share
    isakmp policy 30 encryption 3des
    isakmp policy 30 hash md5
    isakmp policy 30 group 1
    isakmp policy 30 lifetime 86400
    vpngroup remotectusers address-pool ctpool
    vpngroup remotectusers dns-server 172.20.1.5
    vpngroup remotectusers wins-server 172.20.1.5
    vpngroup remotectusers default-domain morrowny.com

    Amit,
    I applaud your creativity in seeking to solve your problem, however, this sounds like a real mess in the making. There are two things I don't like about your approach. One, cron -> calling Java -> calling PHP -> accessing database, it's just too many layers, in my opinion, where things can go wrong. Two it seems to me that you are exposing data one your website (with the PHP) that you may not want expose and this is an important consideration when you are dealing with emails and privacy and so on.
    I think the path of least resistance would be to get a new user account added to the MySQL database that you can access remotely with your Java program. This account can be locked down for read only access and be locked down to the specific IP or IP range that your Java program will be connecting from.
    Again I applaud your creativity but truly this seems like a hack because of the complexity and security concerns you are introducing and I think is a path to the land of trouble. Hopefully you will be able to get a remote account set up.

  • Download Speed on PIX 515E is Pretty Slow

    Hello, I have a PIX 515E set up between our office switch and our Comcast Business Router and the download speeds are not as fast as they should be. We are paying for 30 down 30 up but it's more like 10 down 30 up. I plugged in a computer directly into the router and got 30/30 so I know its not a comcast issue. I think it might be the low amount of memory on the PIX because its running at 109 out of a total 128mb. The PIX has a site-to-site VPN tunnel with a remote ASA 5520 firewall. The inside/outside ports are both auto/auto. The running config is only 161 lines.
    Here's some information about the PIX 515E...
    Version 8.0(4)
    ASDM 6.1(3)
    Memory 128MB
    Here is the running config..
    Result of the command: "show running-config"
    : Saved
    PIX Version 8.0(4)
    hostname --------------------
    domain-name -----------------
    enable password -------------------------
    passwd --------------- encrypted
    names
    name 1.1.1.1 Data-Center-Firewall    #### Outside Address Changed
    name 10.0.0.0 Data-Center-Subnet
    dns-guard
    interface Ethernet0
    nameif inside
    security-level 100
    ip address 10.10.1.1 255.255.255.0 standby 10.10.1.254
    interface Ethernet1
    nameif outside
    security-level 0
    ip address 2.2.2.1 255.255.255.252   #### Outside Address Changed
    interface Ethernet2
    description LAN/STATE Failover Interface
    ftp mode passive
    clock timezone EST -5
    clock summer-time EDT recurring
    dns server-group DefaultDNS
    domain-name -------------
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object-group protocol TCPUDP
    protocol-object udp
    protocol-object tcp
    object-group service http8080 tcp
    description http8080
    port-object eq 8080
    object-group service DM_INLINE_TCP_1 tcp
    port-object range 50000 50100
    port-object eq 990
    access-list outside_access_in remark ip, tcp/990
    access-list outside_access_in extended permit tcp host 1.1.1.1 host 2.2.2.5 object-group DM_INLINE_TCP_1
    access-list outside_access_in extended permit icmp any any
    access-list ACL-VPN extended permit ip 10.10.1.0 255.255.255.0 Data-Center-Subnet 255.255.255.0
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    failover
    failover lan unit primary
    failover lan interface failover Ethernet2
    failover lan enable
    failover key *****
    failover replication http
    failover mac address Ethernet0 001e.f732.008f 000d.28f9.628f
    failover mac address Ethernet1 001e.f732.0090 000d.28f9.6290
    failover link failover Ethernet2
    failover interface ip failover 10.10.10.10 255.255.255.252 standby 10.10.10.20
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any inside
    icmp permit any outside
    asdm image flash:/asdm-613.bin
    no asdm history enable
    arp timeout 14400
    nat-control
    global (outside) 1 interface
    nat (inside) 0 access-list ACL-VPN
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) 2.2.2.5 10.10.1.102 netmask 255.255.255.255
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 2.2.2.2 1
    route inside 10.10.0.0 255.255.255.0 10.10.1.2 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http 10.10.0.0 255.255.255.0 inside
    http 10.10.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    service resetoutside
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set AES128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto map MAP-VPN 1 match address ACL-VPN
    crypto map MAP-VPN 1 set pfs
    crypto map MAP-VPN 1 set peer Data-Center-Firewall
    crypto map MAP-VPN 1 set transform-set ESP-3DES-SHA
    crypto map MAP-VPN 1 set security-association lifetime seconds 28800
    crypto map MAP-VPN 1 set security-association lifetime kilobytes 4608000
    crypto map MAP-VPN interface outside
    crypto isakmp enable inside
    crypto isakmp enable outside
    crypto isakmp policy 5
    authentication pre-share
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet 10.10.1.0 255.255.255.0 inside
    telnet 10.10.0.0 255.255.255.0 inside
    telnet timeout 5
    ssh 10.10.0.0 255.255.255.0 inside
    ssh 10.10.1.0 255.255.255.0 inside
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics host
    threat-detection statistics port
    threat-detection statistics protocol
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    tunnel-group 1.1.1.1 type ipsec-l2l
    tunnel-group 1.1.1.1 ipsec-attributes
    pre-shared-key *
    class-map class_ftp
    match port tcp eq ftp-data
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
    class class_ftp
      inspect ftp
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:b795d4f5f5da3d8283d452ba857d5534
    : end

    Please check on the speed and duplex settings whether the downstream and upstream links are fine and healthy.
    Inside/outside are both set to auto/auto at
    Check for the processes usage of the cpu of the pix.
    CPU is running at 2%
    Process:      tmatch compile thread, PROC_PC_TOTAL: 2, MAXHOG: 8, LASTHOG: 8
    LASTHOG At:   19:01:15 EST Dec 31 1992
    PC:           26b616 (suspend)
    Process:      tmatch compile thread, NUMHOG: 2, MAXHOG: 8, LASTHOG: 8
    LASTHOG At:   19:01:15 EST Dec 31 1992
    PC:           26b616 (suspend)
    Traceback:    26b616  26bdb9  26ec89  1182b3
    Process:      Dispatch Unit, NUMHOG: 1, MAXHOG: 5, LASTHOG: 5
    LASTHOG At:   09:25:12 EDT Jul 18 2012
    PC:           130114b (interrupt)
    Traceback:    100178  12edd0c  9771e5  8c0e66  927164  928996  8ec3f5
                  8ec7ed  79d35e  2780c3  1182b3
    Process:      Unicorn Admin Handler, NUMHOG: 1, MAXHOG: 5, LASTHOG: 5
    LASTHOG At:   12:27:25 EDT Jul 18 2012
    PC:           130114b (interrupt)
    Traceback:    100178  d870cb  13016b3  15cf68  e91a6f  e9118b  abfcea
                  a7cb2e  a7daeb  18d800  5ae9a9  5a6aa0  5a7272  5a75e5
    Process:      Unicorn Admin Handler, PROC_PC_TOTAL: 4, MAXHOG: 7, LASTHOG: 7
    LASTHOG At:   12:34:10 EDT Jul 18 2012
    PC:           5ae903 (suspend)
    Process:      Unicorn Admin Handler, NUMHOG: 4, MAXHOG: 7, LASTHOG: 7
    LASTHOG At:   12:34:10 EDT Jul 18 2012
    PC:           5ae903 (suspend)
    Traceback:    5ae903  5a6aa0  5a7272  5a75e5  5ad3d5  1182b3
    Process:      Unicorn Admin Handler, PROC_PC_TOTAL: 4, MAXHOG: 5, LASTHOG: 5
    LASTHOG At:   12:37:47 EDT Jul 18 2012
    PC:           f4078b (suspend)
    Process:      Unicorn Admin Handler, NUMHOG: 4, MAXHOG: 5, LASTHOG: 5
    LASTHOG At:   12:37:47 EDT Jul 18 2012
    PC:           f4078b (suspend)
    Traceback:    f40be2  130f41e  aab54d  aac3b0  5a6c2e  5a7272  5a75e5
                  5ad3d5  1182b3
    Process:      IKE Daemon, NUMHOG: 1, MAXHOG: 5, LASTHOG: 5
    LASTHOG At:   23:07:40 EDT Jul 19 2012
    PC:           1b6dd0 (interrupt)
    Traceback:    100178  1b8a31  1baaeb  6438d7  12efc6f  64250b  653fe9
                  654b78  1182b3
    Process:      IKE Daemon, PROC_PC_TOTAL: 347, MAXHOG: 31, LASTHOG: 30
    LASTHOG At:   16:01:55 EDT Jul 23 2012
    PC:           654bab (suspend)
    Process:      CTM message handler, PROC_PC_TOTAL: 346, MAXHOG: 27, LASTHOG: 27
    LASTHOG At:   16:01:55 EDT Jul 23 2012
    PC:           2087ec (suspend)
    Process:      IKE Daemon, NUMHOG: 693, MAXHOG: 31, LASTHOG: 27
    LASTHOG At:   16:01:55 EDT Jul 23 2012
    PC:           654bab (suspend)
    Traceback:    1182b3
    Process:      Unicorn Admin Handler, NUMHOG: 1, MAXHOG: 5, LASTHOG: 5
    LASTHOG At:   17:23:30 EDT Jul 23 2012
    PC:           130003b (interrupt)
    Traceback:    100178  13008b8  f5a0cd  f5ac32  f5ae40  f60828  f617c1
                  d38a0d  aab50b  aac14a  5a6c2e  5a7272  5a75e5  5ad3d5
    Process:      Dispatch Unit, PROC_PC_TOTAL: 227, MAXHOG: 432, LASTHOG: 35
    LASTHOG At:   17:37:03 EDT Jul 23 2012
    PC:           278207 (suspend)
    Process:      Dispatch Unit, NUMHOG: 227, MAXHOG: 432, LASTHOG: 35
    LASTHOG At:   17:37:03 EDT Jul 23 2012
    PC:           278207 (suspend)
    Traceback:    278207  1182b3
    Process:      Unicorn Admin Handler, PROC_PC_TOTAL: 1901, MAXHOG: 8, LASTHOG: 7
    LASTHOG At:   17:44:20 EDT Jul 23 2012
    PC:           118ed5 (suspend)
    Process:      Unicorn Admin Handler, NUMHOG: 1901, MAXHOG: 8, LASTHOG: 7
    LASTHOG At:   17:44:20 EDT Jul 23 2012
    PC:           118ed5 (suspend)
    Traceback:    118ed5  b2d032  f5a80d  f5ac0a  f5ae40  f607e5  f617c1
                  d38a0d  aab50b  aac14a  5a6c2e  5a7272  5a75e5  5ad3d5
    CPU hog threshold (msec):  5.120
    Last cleared: None
    Check on the inetrface whetehr u get any crc/input/overrun errors. Please check with the physical connectivity.
    Interface Ethernet0 "inside", is up, line protocol is up
      Hardware is i82559, BW 100 Mbps, DLY 100 usec
        Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
        MAC address __________, MTU 1500
        IP address 10.10.1.1, subnet mask 255.255.255.0
        60862937 packets input, 29025667892 bytes, 0 no buffer
        Received 1371 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 L2 decode drops
        68515603 packets output, 44084404472 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max packets): hardware (0/1) software (0/47)
        output queue (curr/max packets): hardware (0/67) software (0/1)
      Traffic Statistics for "inside":
        60997029 packets input, 28080179952 bytes
        68553614 packets output, 43104566708 bytes
        29544 packets dropped
          1 minute input rate 63 pkts/sec,  30371 bytes/sec
          1 minute output rate 64 pkts/sec,  16557 bytes/sec
          1 minute drop rate, 0 pkts/sec
          5 minute input rate 91 pkts/sec,  45254 bytes/sec
          5 minute output rate 93 pkts/sec,  56181 bytes/sec
          5 minute drop rate, 0 pkts/sec
    Interface Ethernet1 "outside", is up, line protocol is up
      Hardware is i82559, BW 100 Mbps, DLY 100 usec
        Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
        MAC address ___________, MTU 1500
        IP address ___________, subnet mask 255.255.255.252
        67730933 packets input, 44248541375 bytes, 0 no buffer
        Received 4493 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 L2 decode drops
        60418640 packets output, 29310509840 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max packets): hardware (0/1) software (0/39)
        output queue (curr/max packets): hardware (0/42) software (0/1)
      Traffic Statistics for "outside":
        67782987 packets input, 43276611710 bytes
        60562287 packets output, 28342787997 bytes
        206651 packets dropped
          1 minute input rate 57 pkts/sec,  14273 bytes/sec
          1 minute output rate 61 pkts/sec,  30258 bytes/sec
          1 minute drop rate, 0 pkts/sec
          5 minute input rate 89 pkts/sec,  54426 bytes/sec
          5 minute output rate 87 pkts/sec,  45115 bytes/sec
          5 minute drop rate, 0 pkts/sec
    enable flowcontrol recieve on on the firewall interfaces and switch/router interfaces connected to the firewall.
    Not sure how to do that.

  • Cisco PIX 515E multiple ISP support in a VPN scenario

    Iam currently running a cisco 7.2 ios in a Cisco PIX 515E appliance. I have terminated two ISP links in the two ports, and I also have a inside network (LAN). I want to establish 2 Site-Site VPN tunnels using each one of these ISP links respectively (Site 1 in ISP link 1 && Site 2 in ISP link 2).
    Is this possible to achieve??

    Hello,
    This should work. Route the remote endpoint for site 1 out link 1 (using a static route) and for site 2 out link 2 (using a static route) and that should do it.
    Return traffic should work, assuming both ISPs aren't advertising the networks your interfaces are on via BGP (ie, you don't want return traffic from site one coming down the link to site 2 because that ISP is advertising that AS as well.)
    --Jason

  • RV0xx connecting to PIX (515e) via ipsec

    We have fielded aproximatly 40 previous revisoin rv042/rv082 routers running 1.3.12.19-tm firmware.
    We have recently begun reciveing v3 hardware running firmware 4.0.0.7.
    The previous routers connected with out complication to our existing PIX 515e 8.0(3) Router using ipsec vpn connections.
    The new version routers congiured with seemingly identical settings fail to connect ant throw the following errors in syslog on the rv042:
    protocol/port in Phase 1 ID Payload must be 0/0 or 17/500 but are 17/0
    The PIX syslog throws:
    Received an un-encrypted INVALID_ID_INFO notify message, dropping
    The two configurations never connect.
    Any suggestions would be appreciated.

    Hi !
    The reason this does not work is that you loose connection with the terminal server the second the VPN client is operativ. The VPN client is denied local access and therefore the connection between the internet user and the terminal server is disconnected.. When this happens you should not be able to do any work on the terminal server until the client is dosconnected.
    I use the same solution in my work (great for testing when installing VPN for customers). What I have done is this:
    1. On the Terminal server install VMWare or Microsoft Virtual PC.
    2. Install windows xp on as a virtual pc
    3. Start the virtual windows xp and install the VPN client
    4. Use the virtual windows xp and client when doing connections...
    This works great !!
    The reason this works, is that you no longer connect to the pc doing the actual VPN connection, but to a terminal showing the monitor of the client.
    Best of luck !!
    Jorgen Lanesskog
    Ementor, Norway

  • IPS 4240 Blocking Questions with Pix 515E

    I have enabled Blocking on the 4240 and have set the Blocking Device as our Pix 515E. When I look at the Signature Configurations quite a few Signature Actions are set to Produce Alert only. If blocking is enabled do you have to also go and set the Signature Actions to Deny or TCP Reset? So far my IPS dosen't show any Denied Attackers and it has detected High level Traffic which I would assume should now be blocked. Thanks John

    Yes, you have to go under the signatures you want and enable blocking for them as an action. Configuring blocking globally (defining the blocking device, the interface,, the login details for the device, etc), doesn't actually enable any blocking on the sensor per se, you still have to go and enable blocking for that particular signature. when that particular sig fires in future, the sensor will block it on the device you have configured.
    Be very careful with blocking, the reason we don't simply block all signatures is that it would be very dangerous to blindly add access-lists to a device that will stop traffic. You first need to make sure you're not getting any false-positives on the signatures and end up blocking valid traffic. Also, on a busy sensor you could easily overrun both the sensor and the blocking device with writing and removing 1000's of access-lists onto it. And finally, although not likely, blocking can even be used as a denial of service attack, where an attacker, if they know what signatures you are blocking on, can spoof packets past your sensor so that it will deny traffic to legitimate hosts.
    You need to look at what signatures you really want to block on, then enable blocking on them individually.

  • The remote controls stopped working

    I bought with an official Apple dealer the new i Pod Shuffle (generation 3) to use during my bike rides. After the first ride the remote controls stopped working and the voice over feature spontaneously started repeating the songs title. As well the volume control stopped working altogether. I didn't have time to return the Shuffle after only a week so I disable the voice over feature and keep on using my Shuffle with no volume adjustment, fast forward etc ….
    After a visit to the Apple website I saw that several owners complained about this problem and assumed Apple would know about it and be ready to offer a fast solution. So picked an official Service Center as close as possible from my location.
    First shock the Service Center was dirty, the paint obviously several decades old and faded, the light kept to the minimum.
    Second shock not Tech on duty to check something as simple as a headsets. I realized there was no way to have a fast resolution to my problem. The Shuffle will be send to a regional repair center, I could have save the trip and just go to an Apple dealer. What the use to have Service Centers if they don't provide service?
    Now when a product is returned, after 25 days of ownership (can't say use), a product designed by a company with the reputation of Apple you expect some kind of sign that the company is sorry, stands behind it's product and will do all possible to solve the problem. WRONG.
    Third shock. The person who took my Shuffle obviously never saw a Shuffle generation 3 before or even knew it existed. She explained over and over that I may (but it sounded more like I will) be charge for the repair. Even asked me to pay upfront a basic fee to cover the time of a Tech checking on the product. And that the Tech will give me a quote if I am to be charged. Furthermore She found tons of reasons why eventually I would be charged to repair the product, however no technical person ever checked on the product. Well I guess only users read messages on Apple website not employees of Apple.
    So what now? I am suppose to receive an E-mail in 24 hours to 5 working days, in which I'll be explained the result of the Tech investigation.
    I guess most owners of Apple products have a better experience with the Customer Service or where the reputation of Apple being a “cool” company comes from? But based on my experience it looks like Apple's products and Apple's Customer Service may not meet Apple's reputation or customer's expectations. Or am I asking for too much?

    I seriously doubt you were at an Apple Store and you were not dealing with Apple employees. You were dealing with a 3rd party shop that does work on Apple products.
    Don't know where you are located but you could contact Customer Service at Apple and complain but they are somewhat limited it dealing with a 3rd party company. But they will at least have you complaint on file. Or you could attempt to find an actual Apple Store and take your Shuffle there. Or you could try one of the workarounds listed on the threads here.

  • The call was cancelled by the caller before the remote party answered

    Hi,
    We have a Lync 2010 Enterprise deployment in a single site with 2 FE and Mediation Server collocated.
    When dialling a number from a PSTN phone the call gets routed via our PBX/PBX Gateway/Mediation Server/FE Server to the desktop Lync client successfully.
    As soon as the user answers the call with the Lync client the call 'hangs' and terminates without hearing anything on either side.
    The snooper logs show:
    Error:
    SIP/2.0 487 Request Terminated
    Partial Content:
    User-Agent: UCCAPI/4.0.7577.4398 OC/4.0.7577.4398 (Microsoft Lync 2010)
    Ms-client-diagnostics: 52092;reason="The call was cancelled by the caller before the remote party answered"
    Content-Length: 0
    Please help?
    Vinkie

    What kind of gateway are you using to connect to your PBX and how?  What is your media set to?  G.711 μ-law or a-law?  I'd check media settings there as a starting point. 
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".

  • Can I access two different libraries on the same computer with the remote app?

    I am in the process of upgrading our home network. There is going to be an airport express in each of the main rooms of our house all running to a switch connected to our AirPort Extreme. The reason for this is so we can stream our music in any or all of the rooms we choose.  I'm going to have a Windows 7 PC running iTunes constantly also connected so that we will have access to the entire library on any of our devices.  My entire library will be housed on an external hard drive that will be connected to the Extreme. Here is where it gets tricky. My wife has a separate library that we want to have access to as well. It is going to be housed on a separate external hard drive connected to the Extreme via a USB hub. I don't want to combine our libraries because hers is absolute chaos and mine is very well organized. Without having to have a second  computer running iTunes constantly, is there a way we can access both libraries simultaneously with the remote app? Either by running two instances of iTunes on one computer or some other way I'm not realizing. As it works right now, if we're both running iTunes on our laptops, then I can go onto my iPad and see both full libraries on the remote app. I want to do that, but with just one computer.

    I doubt it is possible to run two instances of iTunes on the computer at the same time.  To do so would require two users to be signed in and running iTunes under each user.
    The better solution would be to either clean up and merge the two libraries or have iTunes running on a second computer.

  • The remote server returned an error: (503) Server Unavailable in search service

    Hi
    I got this error message: when applying toplogy to search service
    I am applying admin component : SPINDEX Server
    crawl component-0 to : same index server spindex server
    in sharepoint farm has
    1 applicationserver
    1 index server
    1 wfe server
    1 db server
    I prepared like this try to configure search service on index server
    Microsoft.Office.Server.Search.Administration.SearchConfigWizard+SearchConfigWizardException: Topology provisioning failed due to an error.Object reference not set to an instance of an object. at Microsoft.Office.Server.Search.Administration.SearchConfigWizard.WaitForTopologyTimerJobToFinish()
    at Microsoft.Office.Server.Search.Administration.SearchConfigWizard.UpdateSearchApp() at Microsoft.Office.Server.Search.Administration.SearchConfigWizard.ProvisionSearchServiceApplication() at Microsoft.Office.Server.Search.Administration.SearchConfigurationJobDefinition.ExecuteTimerJob()
    in the event viewer I get this error
    Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (e8ab042b-f884-4957-b328-631ba8bcb4a1).
    Reason: The remote server returned an error: (503) Server Unavailable.
    Technical Support Details:
    System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
       at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
       at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)
    adil

    Hi
    when  i set  crawl component,administration component to local computer  search service working properly
    but when i scale out search service application
    change above components  to diffrent server i get following error
    Errors were encountered during the
    configuration of the Search Service Application.
    Microsoft.Office.Server.Search.Administration.SearchConfigWizard+SearchConfigWizardException:
    Topology provisioning failed due to an error.Object reference not set to an
    instance of an object. at
    Microsoft.Office.Server.Search.Administration.SearchConfigWizard.WaitForTopologyTimerJobToFinish()
    at
    Microsoft.Office.Server.Search.Administration.SearchConfigWizard.UpdateSearchApp()
    at
    Microsoft.Office.Server.Search.Administration.SearchConfigWizard.ProvisionSearchServiceApplication()
    at
    Microsoft.Office.Server.Search.Administration.SearchConfigurationJobDefinition.ExecuteTimerJob()
    3/23/2014
    10:32:20 AM
    and in event viewer
    Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (e8ab042b-f884-4957-b328-631ba8bcb4a1).
    Reason: The remote server returned an error: (503) Server Unavailable.
    Technical Support Details:
    System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
       at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
       at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)
    adil

Maybe you are looking for

  • Need help with query that can look data back please help.

    hi guys i have a table like such CREATE TABLE "FGL"     "FGL_GRNT_CODE" VARCHAR2(60),     "FGL_FUND_CODE" VARCHAR2(60),     "FGL_ACCT_CODE" VARCHAR2(60),     "FGL_ORGN_CODE" VARCHAR2(60),     "FGL_PROG_CODE" VARCHAR2(60),     "FGL_GRNT_YEAR" VARCHAR2

  • ORA-00604: error at recursive sql level 1ORA-01882: timezone region not fou

    hello eveyone i have installed SQL developer and try to create a connexion but it shows the following error: " : ORA-00604: error at recursive sql level 1ORA-01882: timezone region not found" (i choosed TNS as connexion type , default as rol ) plz he

  • How to assign version in sales order and transfer to PP module

    Hi all Users say that customer will require to produce/deliver old goods (we active revision level. The newest material version is D. But customer want version B). How to assign version in sales order and let PP user know the version customer want (M

  • Saving fillable PDF file in Android Adobe Reader Mobile Application

    I'll do my best to explain my situation. 1. I open the fill-able PDF file from Google Drive with Android Adobe Reader Mobile Application. 2. I fill out the pdf form using the Android Adobe Reader Mobile Application. 3. Once I'm done filling-in the PD

  • Bionic lte signal booster

    I was wondering is there a signal enhancer or booster that i can use to help push a lte signal from outside to inside. Im in a building where when i step outside i get good lte signal when inside it swicths to 3g. Is there any good device that will h