Pix6.3 can not initiate isakmp packet

Similar Messages

• "computer can not initiate a multi-person video chat" ?

  2 of us have MacBook Pros, third guy has new MacBook.
  Our MacBook's have OS X 10.5.8,
  The new MacBook has OS 10.6.1.
  Me and the other person can iChat with 3 other ppl,
  but when we added the new guy as a buddy, neither one of us could get him to come up.
  He said When the call came in, two (2) video screens popped up and if he hit accept on
  either one, it would decline on our end. (this happened no matter which MacBook Pro initiated the convo)
  We then had the MacBook try to initiate the 3 way and it came up with an error that said
  "computer can not initiate a multi-person video chat"
  I've never even heard of that.
  Is this a glitch, or a setting that needs to be changed?
  Seems weird that the older models do it fine, but the new one is not configured right, but maybe we're missing something.
  thx

  Hi,
  Welcome to the    Discussions
  You are saying that, no matter who Hosts, when they invite the 10.6.1 Buddy he gets two Invite windows ?
  This sounds like he is connected to the Internet twice.
  On Sending the Visible Invite iChat does not check the validity of the Return Message.
  You can be logged in twice for Text Chatting so it is not an uncommon state to exist.
  However in most cases this is either two apps or two computers.
  When iChat gets past the Visible Invite stage as only one reply get returned for the Acceptance it moves into sending a SIP invite separately on a different port and part of this Process is to confirm where the Visible Invite went to is where the SIP return data is coming from.
  If there are two connections to the Internet at his end (and there are several causes) you will get an Error 7 showing when the Video chat is ended by all parties.
  Error 7 = Remote IP Invalid
  The Message you are getting may point to another problem and that is he is not on an Internet connection fast enough to join a 3 or 4 way Video chat.
  He needs to have at least 384 kbps as an Upload and not capping the iChat Bandwidth below the 500kbps mark. (iChat Preferences > Video Section > Bandwidth Limit drop down)
  9:17 PM Friday; January 29, 2010
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

• I can not initiate a video ichat with Lion.

  I can not start a video iChat since I acquired my new iMac with Lion (10.7.2) in October 2011.  Audio Chat works fine, and incoming video iChat also works normally.  But on iChat there is no camera symbol, and no video available. 
  Connection Doctor advises me "Network Status:  Router Type: Port Restricted.  This computer's network setup includes one or more devises that are not fully compatible with audio and video chatting."  This message arises although I have no other devices on my network!
  My router was a HomeHub 2 (BT is my ISP) which worked well for iChat on my previous iMac (Snow Leopard) until I acquired my new iMac.  I got a new router (HomeHub 3) today to try to rectify the problem. It did not.
  Many discussions with my ISP (BT) and with Apple over the last two months have not solved the problem.  If someone can help I would be extremely grateful.

  Tell us more about the file.
  Is it on a CD?

• When opening FF I gert the message "Can not initiate the security component of this programm"When I continue I cannot open any website except my own homepage.

  Below you can find the complete message (in Dutch) that I receive "Kan de beveiligingscomponent van de toepassing niet initialiseren. De meest waarschijnlijke oorzaak is problemen met bestanden in de profielmap van uw toepassing. Controleer of deze map geen lees-/schrijfbeperkingen heeft en uw harde schijf niet vol of bijna vol is. Het wordt aangeraden de toepassing af te sluiten en het probleem op te lossen. Als u doorgaat met deze sessie, is het mogelijk dat u onjuist gedrag van de toepassing ziet bij het aanspreken van de beveiligingsfuncties."I cannot open any website except my homepage. There is ample space on my hard disk

  See also https://support.mozilla.org/kb/Could+not+initialize+the+browser+security+component
  Rename secmod.db (secmod.db.old) in the Firefox Profile Folder in case there is a problem with the file.<br />
  You may have to rename cert8.db (cert8.db.old) as well.
  Firefox will create new files.
  The "Application Data" folder in XP/Win2K and the "AppData" folder in Vista/Windows 7 are hidden folders.
  *http://kb.mozillazine.org/Show_hidden_files_and_folders

• Can not initiate internal GPS on Treo Pro (850 Australia)

  I am having trouble connecting GPS. Do you know why?  or How?
  I have tried with GOOGLE MAP and TOMTOM (ver. 6.030) and GPS signal doesn't seemed to be establish.
  Post relates to: Treo Pro T850U (Unlocked)

  Hi.. Welcome to the Palm forums..   The Treo Pro according to the spec list found at this link,  http://www.palm.com/us/support/handbooks/Pro_UL_Datasheet.pdf . (you may have to copy and paste it into your browser), shows Expansion MicroSDHC cards (up to 32GB supported).  Now I have not used a sdhc card in a pro nor do I know of anyone that has but according to palms specs on the treo pro show this as what is compatible.  

• "IPCSendMsg: could not initiate send" ,UDUMP trace can be ignored??(10g)

  Hi, all.
  The database is 2 node RAC database (10.2.0.2.0)
  on 32-bit windows 2003 EE SP1.
  I found "KJC: Wait for msg sends to complete" wait event in
  "Top 5 Timed Event" Section from AWR report.
  What is "KJC: Wait for msg sends to complete" wait event??
  The following is from UDUMP. I am not sure that "KJC : Wait .." has
  something to do with the following udump trace file.
  There is no error message in both alert log files and
  there is no bdump trace file.
  Currently, the database seems to be normal.
  Dump file d:\oracle\product\10.2.0\admin\rac\udump\rac2_ora_5656.trc
  Mon Sep 24 00:04:40 2007
  ORACLE V10.2.0.2.0 - Production vsnsta=0
  vsnsql=14 vsnxtr=3
  Oracle Database 10g Enterprise Edition Release 10.2.0.2.0 - Production
  With the Real Application Clusters, OLAP and Data Mining options
  Windows Server 2003 Version V5.2 Service Pack 1
  CPU : 4 - type 586, 2 Physical Cores
  Process Affinity : 0x00000000
  Memory (Avail/Total): Ph:5278M/8190M, Ph+PgF:6596M/10041M, VA:316M/2047M
  Instance name: rac2
  Redo thread mounted by this instance: 2
  Oracle process number: 64
  Windows thread id: 5656, image: ORACLE.EXE (SHAD)
  *** 2007-09-24 00:04:40.156
  *** ACTION NAME:() 2007-09-24 00:04:40.156
  *** MODULE NAME:(OEM.SystemPool) 2007-09-24 00:04:40.156
  *** SERVICE NAME:(RAC.world) 2007-09-24 00:04:40.156
  *** CLIENT ID:() 2007-09-24 00:04:40.156
  *** SESSION ID:(486.53) 2007-09-24 00:04:40.156
  IPCSendMsg: could not initiate send on conn 0x5b0d3e98 to node [rac1 : 696 : 3996 : 359937], err 10054
  IPCGetRequestInfo: failed a request rqh(0x5b060db8), type(6), status(2), bytes(0)
  Any help will be greatly appriciated.
  Thanks and Regards.
  Message was edited by:
  user507290

  Dear Chris.
  Thanks for your reply.
  Does "KJC: Wait for msg sends to complete" wait event
  have something to do with the following udump trace file?
  I do not know how to respond the following message in UDUMP.
  There is no bdump trace file and there is no message in alert log files.
  The following message in udump can be ignored??
  Or, shoud I take an action??
  -->IPCSendMsg: could not initiate send on conn 0x5b0d3e98 to node [rac1 : 696 : 3996 : 359937], err 10054
  --> IPCGetRequestInfo: failed a request rqh(0x5b060db8), type(6), status(2), bytes(0)
  Thanks and Regards.
  Dump file d:\oracle\product\10.2.0\admin\rac\udump\rac2_ora_5656.trc
  Mon Sep 24 00:04:40 2007
  ORACLE V10.2.0.2.0 - Production vsnsta=0
  vsnsql=14 vsnxtr=3
  Oracle Database 10g Enterprise Edition Release 10.2.0.2.0 - Production
  With the Real Application Clusters, OLAP and Data Mining options
  Windows Server 2003 Version V5.2 Service Pack 1
  CPU : 4 - type 586, 2 Physical Cores
  Process Affinity : 0x00000000
  Memory (Avail/Total): Ph:5278M/8190M, Ph+PgF:6596M/10041M, VA:316M/2047M
  Instance name: rac2
  Redo thread mounted by this instance: 2
  Oracle process number: 64
  Windows thread id: 5656, image: ORACLE.EXE (SHAD)
  *** 2007-09-24 00:04:40.156
  *** ACTION NAME:() 2007-09-24 00:04:40.156
  *** MODULE NAME:(OEM.SystemPool) 2007-09-24 00:04:40.156
  *** SERVICE NAME:(RAC.world) 2007-09-24 00:04:40.156
  *** CLIENT ID:() 2007-09-24 00:04:40.156
  *** SESSION ID:(486.53) 2007-09-24 00:04:40.156
  IPCSendMsg: could not initiate send on conn 0x5b0d3e98 to node [rac1 : 696 : 3996 : 359937], err 10054
  IPCGetRequestInfo: failed a request rqh(0x5b060db8), type(6), status(2), bytes(0)
  ------------------------------------------------

• Cisco ASA VPN question: %ASA-4-713903: IKE Receiver: Runt ISAKMP packet

  Dear community,
  quite frequently I am now receiving the following error message in my ASA 5502's log:
  Oct 17 12:52:17 <myASA> %ASA-4-713903: IKE Receiver: Runt ISAKMP packet discarded on Port 4500 from <some_ip>:<some_port>
  Oct 17 12:52:22 <myASA> %ASA-4-713903: IKE Receiver: Runt ISAKMP packet discarded on Port 4500 from <some_ip>:<some_port>
  Oct 17 12:52:27 <myASA> %ASA-4-713903: IKE Receiver: Runt ISAKMP packet discarded on Port 4500 from <some_ip>:<some_port>
  The VPN Clients (in the last case: A linux vpnc) disconnect with message
     vpnc[7736]: connection terminated by dead peer detection
  The ASA reports for that <some_ip> at around the same time:
  Oct 17 12:52:32 <myASA> %ASA-4-113019: Group = blah, Username = johndoe, IP = <some_ip>, Session disconnected. Session Type: IPSecOverNatT, Duration: 2h:40m:35s, Bytes xmt: 2410431, Bytes rcv: 23386708, Reason: User Requested    
  A google search did not reveal any explanation to the "%ASA-4-713903: IKE Receiver: Runt ISAKMP packet..." message -- so my questions would be
     1) What does the message exactly mean -- I know runts as a L2 problem so I d suppose it means the same: The ISAKMP packet is somehow
         crippled (I d suppose this happens during rekeying) ?
     2) Any idea where to look for the cause of this
            WAN related (however I d assume no -- why does this happen in these regular time frames as show above)?
            SW related (vpnc bug)?
  Thanks in advance for any pointer...
  Joachim

  Yes.  You need to eliminate the things I've said to eliminate with the other side.  Ensure your configs are matching exactly.  They probably are, whatever, just make sure of it because it's easy.  You both need to run packet captures on your interfaces both in and out to even begin to have an idea of where to look.
  The more info you can have just one person responsible for the better.  What I mean by that is, it's typically a nice step for the 'bigger end' to have the 'smaller end's' config file to look at.
  If you are seeing packets come in your inside, leave your outside, and never make it to his inside, then take it a step at a time.
  If you're seeing them come in his interface and never come back out, you know where to look.
  Set your caps to a single host to single host if need be, and generate traffic accordingly.
  You need to narrow down where NOT to look so that you know where TO look.  I would say then, and only then, do you get the ISP involved.  Once you're sure the problem exists between his edge device and your edge device.
  I do exactly this for a living on a daily basis...day after day after day.  I'm responsible for over 200 IPSec s2s connections and thousands of SSL VPN sessions.  I always start the exact same way...from the very bottom.

• I can not to connect to nated address

  Hi
  I have server with real address 10.173.1.242, i created static nat to address 10.164.32.15, but I can not to connect to address 10.164.32.15 from IP 10.161.111.130, here is config of ASA:
  Peter
  ASA Version 8.0(5)
  names
  interface GigabitEthernet0/0
  nameif intranet
  security-level 30
  ip address 10.164.241.1 255.255.255.0 standby 10.164.241.2
  interface GigabitEthernet0/1
  nameif cdi
  security-level 80
  ip address 10.173.241.1 255.255.255.0 standby 10.173.241.2
  interface GigabitEthernet0/2
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/2.491
    vlan 491
  nameif service491
  security-level 50
  ip address 10.173.1.241 255.255.255.0 standby 10.173.1.240
  interface GigabitEthernet0/2.492
  vlan 492
  nameif service492
  security-level 50
  ip address 10.173.2.241 255.255.255.0 standby 10.173.2.240
  interface GigabitEthernet0/2.493
  vlan 493
  nameif service493
  security-level 50
  ip address 10.173.3.241 255.255.255.0 standby 10.173.3.240
  interface GigabitEthernet0/2.500
    vlan 500
  nameif service500
  security-level 50
  ip address 10.173.0.241 255.255.255.0 standby 10.173.0.240
  interface GigabitEthernet0/2.550
  vlan 550
  nameif service550
  security-level 50
  no ip address
  interface GigabitEthernet0/3
  description LAN Failover Interface
  boot system disk0:/asa805-k8.bin
  ftp mode passive
  dns server-group DefaultDNS
  domain-name t-dc.sk
  access-list cdi-in extended permit icmp any any log debugging
  access-list cdi-in extended deny ip any any
  access-list intranet-in extended permit ip 10.161.111.0 255.255.255.0 host 10.0.0.0 log debugging
  access-list intranet-in extended permit ip 10.164.32.0 255.255.255.0 host 10.0.0.0 log debugging
  access-list intranet-in extended deny ip any any
  access-list service491-in extended permit icmp any any log debugging
  access-list service491-in extended deny ip any any
  access-list service492-in extended deny ip any any
  access-list service493-in extended deny ip any any
  access-list service500-in extended deny ip any any
  access-list service550-in extended deny ip any any
  access-list cap extended permit ip any any
  pager lines 24
  logging buffered debugging
  logging trap debugging
  logging asdm debugging
  logging host service491 10.173.1.242
  mtu intranet 1500
  mtu cdi 1500
  mtu service491 1500
  mtu service492 1500
  mtu service493 1500
  mtu service500 1500
  mtu service550 1500
  mtu mngmt 1500
  ip local pool pool1 10.31.250.129-10.31.250.255 mask 255.255.255.0
  failover
  failover lan unit primary
  failover lan interface failover GigabitEthernet0/3
  failover interface ip failover 172.16.10.1 255.255.255.252 standby 172.16.10.2
  no monitor-interface intranet
  no monitor-interface cdi
  no monitor-interface mngmt
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any intranet
  icmp permit any cdi
  icmp permit any service491
  icmp permit any service492
  icmp permit any service493
  icmp permit any service500
  icmp permit any service550
  asdm image disk0:/asdm-647.bin
  no asdm history enable
  arp timeout 14400
  static (service491,intranet) 10.164.32.15 10.173.1.242 netmask 255.255.255.255
  access-group intranet-in in interface intranet
  access-group cdi-in in interface cdi
  access-group service491-in in interface service491
  access-group service492-in in interface service492
  access-group service493-in in interface service493
  access-group service500-in in interface service500
  access-group service550-in in interface service550
  route intranet 0.0.0.0 0.0.0.0 10.164.241.5 1
  route cdi 10.97.0.0 255.255.0.0 10.173.241.5 1
  route cdi 10.168.0.0 255.255.0.0 10.173.241.5 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication ssh console LOCAL
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto ca trustpoint localtrust
  enrollment self
  fqdn sslvpn.t-dc.sk
  keypair sslvpnkeypair
  crl configure
  crypto ca certificate chain localtrust
  certificate c116474f
      308201e7 30820150 a0030201 020204c1 16474f30 0d06092a 864886f7 0d010104
      bce 90a3424e
      f9f040e2 95c69b91 779b8a
    quit
  no crypto isakmp nat-traversal
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ssl trust-point localtrust intranet
  webvpn
  enable intranet
  svc image disk0:/anyconnect-win-2.5.3055-k9.pkg 1
  svc enable
  group-policy GrpPolicy-ssl1 internal
  group-policy GrpPolicy-ssl1 attributes
  vpn-tunnel-protocol svc
  tunnel-group ssl1 type remote-access
  tunnel-group ssl1 general-attributes
  address-pool pool1
  default-group-policy GrpPolicy-ssl1
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:be82cd121bde8e5de3981453caa201f0
  : end

  i corrected "packet-tracer..." there was mistake,  10.161.11.130 instead 10.161.111.130
  pna-tdc1# packet-tracer input intranet tcp 10.161.111.130 1025 10.164.32.15 22
  Phase: 1
  Type: FLOW-LOOKUP
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Found no matching flow, creating a new flow
  Phase: 2
  Type: UN-NAT
  Subtype: static
  Result: ALLOW
  Config:
  static (service491,intranet) 10.164.32.15 10.173.1.242 netmask 255.255.255.255
    match ip service491 host 10.173.1.242 intranet any
      static translation to 10.164.32.15
      translate_hits = 0, untranslate_hits = 4
  Additional Information:
  NAT divert to egress interface service491
  Untranslate 10.164.32.15/0 to 10.173.1.242/0 using netmask 255.255.255.255
  Phase: 3
  Type: ACCESS-LIST
  Subtype: log
  Result: ALLOW
  Config:
  access-group intranet-in in interface intranet
  access-list intranet-in extended permit ip 10.161.111.0 255.255.255.0 10.0.0.0 255.0.0.0 log debugging
  Additional Information:
  Phase: 4
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 5
  Type: FOVER
  Subtype: standby-update
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 6
  Type: NAT
  Subtype: rpf-check
  Result: ALLOW
  Config:
  static (service491,intranet) 10.164.32.15 10.173.1.242 netmask 255.255.255.255
    match ip service491 host 10.173.1.242 intranet any
      static translation to 10.164.32.15
      translate_hits = 0, untranslate_hits = 4
  Additional Information:
  Phase: 7
  Type: NAT
  Subtype: host-limits
  Result: ALLOW
  Config:
  static (service491,intranet) 10.164.32.15 10.173.1.242 netmask 255.255.255.255
    match ip service491 host 10.173.1.242 intranet any
      static translation to 10.164.32.15
      translate_hits = 0, untranslate_hits = 4
  Additional Information:
  Phase: 8
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 9
  Type: FLOW-CREATION
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  New flow created with id 2956, packet dispatched to next module
  Phase: 10
  Type: ROUTE-LOOKUP
  Subtype: output and adjacency
  Result: ALLOW
  Config:
  Additional Information:
  found next-hop 10.173.1.242 using egress ifc service491
  adjacency Active
  next-hop mac address 0014.4fed.bb6c hits 41
  Result:
  input-interface: intranet
  input-status: up
  input-line-status: up
  output-interface: service491
  output-status: up
  output-line-status: up
  Action: allow
  pna-tdc1#
  pna-tdc1#

• Can not ping internal network from ASA

  I can not ping internal computer from ASA. Comp IP address 192.168.187.15, gateway is 192.168.187.14 which is ASA internal interface. I've got an IP Phone connected to the same ASA with Ip address 192.168.185.15 and internal ASA interface 192.168.185.14 and everything works fine. We are doing testing, do not be surprised of configuration.
  ASA Version 8.2(1)
  hostname ciscoasa
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  dns-guard
  interface GigabitEthernet0/0
  nameif ouside3
  security-level 0
  ip address 10.254.17.25 255.255.255.248
  interface GigabitEthernet0/1
  nameif outside
  security-level 0
  ip address 10.254.17.9 255.255.255.248
  interface GigabitEthernet0/2
  nameif Lan
  security-level 100
  ip address 192.168.185.14 255.255.255.0
  interface GigabitEthernet0/3
  nameif comp
  security-level 50
  ip address 192.168.187.14 255.255.255.0
  interface Management0/0
  nameif management
  security-level 100
  no ip address
  management-only
  boot system disk0:/asa821-k8.bin
  ftp mode passive
  access-list 110 extended permit ip any any
  access-list nat extended permit ip any any
  access-list allow_ping extended permit icmp any any echo-reply
  access-list allow_ping extended permit icmp any any source-quench
  access-list allow_ping extended permit icmp any any unreachable
  access-list allow_ping extended permit icmp any any time-exceeded
  access-list allow_ping extended permit udp any any eq isakmp
  access-list allow_ping extended permit esp any any
  access-list allow_ping extended permit ah any any
  access-list allow_ping extended permit gre any any
  access-list nonat extended permit ip any any
  access-list nat2 extended permit ip any any
  access-list nonat2 extended permit ip any any
  pager lines 24
  logging asdm informational
  mtu ouside3 1500
  mtu outside 1500
  mtu Lan 1500
  mtu comp 1500
  mtu management 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (Lan) 0 access-list nonat
  nat (Lan) 1 access-list nat
  nat (comp) 0 access-list nonat
  nat (comp) 1 access-list nat
  access-group allow_ping in interface outside
  router eigrp 2008
  neighbor 10.254.17.10 interface outside
  network 10.254.17.8 255.255.255.248
  network 192.168.185.0 255.255.255.0
  network 192.168.187.0 255.255.255.0
  route outside 0.0.0.0 0.0.0.0 10.254.17.10 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 management
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set myset esp-3des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto map mymap 10 match address 110
  crypto map mymap 10 set peer 10.254.17.10
  crypto map mymap 10 set transform-set myset
  crypto map mymap interface outside
  crypto map mymap2 20 match address 110
  crypto map mymap2 20 set peer 10.254.17.18
  crypto map mymap2 20 set transform-set myset
  crypto map mymap2 interface comp
  crypto map mymap3 30 match address 110
  crypto map mymap3 30 set peer 10.254.17.26
  crypto map mymap3 30 set transform-set myset
  crypto map mymap3 interface ouside3
  crypto isakmp identity address
  crypto isakmp enable ouside3
  crypto isakmp enable outside
  crypto isakmp enable comp
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 28800
  no crypto isakmp nat-traversal
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  priority-queue outside
  threat-detection basic-threat

  This is what I get, looks like ASA does not reply. Why?
  ciscoasa# sh capture cpi
  5 packets captured
  1: 05:20:14.494908 192.168.187.15 > 192.168.187.14: icmp: echo request
  2: 05:20:19.526935 192.168.187.15 > 192.168.187.14: icmp: echo request
  3: 05:20:25.026320 192.168.187.15 > 192.168.187.14: icmp: echo request
  4: 05:20:30.525699 192.168.187.15 > 192.168.187.14: icmp: echo request
  5: 05:20:36.025084 192.168.187.15 > 192.168.187.14: icmp: echo request

• An alert message pops up upon opening saying could not initiate application security component, and it says to check to see if profile has no read/write restrictions.

  An alert message pops up upon opening saying could not initiate application security component, and it says to check to see if profile has no read/write restrictions. Than when it opens all of my saved passwords are gone, I use a master password and its disabled. When I try to enter in a new on e it says can't change password. I can't even open yahoo e-mail says that my ssl security is down but when I check it its clicked. I'm just very confused as to whats going on.
  == This happened ==
  Every time Firefox opened
  == 5/14/2010 ==
  == User Agent ==
  Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5

  See [[Could not initialize the browser security component]]
  Rename (or delete) secmod.db (secmod.db.old) in the [http://kb.mozillazine.org/Profile_folder_-_Firefox Profile Folder] in case there is a problem with the file.

• Can not extract data into BW from SQL SERVER

  Dear All,
    I meet a problem to extract data from database(MS SQL Server 2000(sp3)) into BW now and can not extract data into BW ODS, even PSA, In the monitor, display yellow light(0 from 0 record), detail message just display message "data request arranged" "confirmed with: confirmation" in requests(message) step; "missing message: request received" in extract (message)  step; "no data" in processing(data packet) step and so on. but in fact, there are two records in my database test table and DB connection is OK. Even I can extract data from another test oracle database into BW ODS successfully.
     Our BW system has two BW applicaton server and use oracle database. the one application server locates on IBM AIX host. the another one locates on one NT server. the application server on NT server is used for data extration from MS SQL SERVER  database into BW oracle database. and MS SQL SERVER and NT platform application server locate on same one host. DBSL was installed on the NT application server already. and DB connector also was created successfully for MS SQL SERVER and datasource also was generated. DBSL type is Kernel640-WIN-IA32bit-unicode. my BW system is ECC5.0/UNICODE/ORACLE. all table/view/field name of MS SQL server is upcase and have not any specific character. for example: ZDEMO etc.
  wait your help.
  Thanks in advance.
  Billy

  Hi  Ravi,
  Could you help me to get knowledge about the followings:
  approximately how many records    extracting and transfering  from SAP R/3 to BIW  in an organisation. for that how much time  will take .
  How to extract data from  two are three source system  to BIW. Kindly help me with step by step explanation .If any screen shots with documents pls fwd to my ID. "[email protected]"
  Your help highly appreciated.
  Thanks.
  Hema

• [Error ORABPEL - 10900]... : Can not find definition for element 'process'

  Hi,
  When I try to deploy a bpel process using JDeveloper I'm having the following xml parse error:
  Error(21):
  [Error ORABPEL-10900]: xml parser error
  [Description]: in line 21 of "file:/C:/JDeveloper/jdev/mywork/NERGA/CriarProjectoSA/bpel/CriarProjectoSA.bpel", XML parsing failed because file:/C:/JDeveloper/jdev/mywork/NERGA/CriarProjectoSA/bpel/CriarProjectoSA.bpel<Line 21, Column 63>: XML-24538: (Error) Can not find definition for element 'process'.
  [Potential fix]: Fix the invalid XML.
  I don't understand why... Any idea?

  Ok.
  This is my BPEL code. The sapattern tags are from a program that is generating part of the code. The JDeveloper doesn't show any error, I only get the error when I try to deploy.
  <?xml version = "1.0" encoding = "UTF-8" ?>
  <process name="CriarProjectoSA"
  targetNamespace="http://xmlns.oracle.com/CriarProjectoSA"
  suppressJoinFailure="no"
  xmlns="http://xmlns.oracle.com/CriarProjectoSA"
  xmlns:bpws="http://schemas.xmlsoap.org/ws/2003/03/business-process/"
  xmlns:ns4="http://xmlns.oracle.com/CriarProjectoSA"
  xmlns:ns7="http://xmlns.oracle.com/bpel/services/IdentityService/xpath"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:ns5="http://schemas.oracle.com/xpath/extension"
  xmlns:ns6="http://xmlns.oracle.com/bpel/workflow/xpath"
  xmlns:ns11="http://www.oracle.com/XSL/Transform/java/oracle.tip.esb.server.headers.ESBHeaderFunctions"
  xmlns:ns9="http://www.oracle.com/XSL/Transform/java/oracle.tip.pc.services.functions.ExtFunc"
  xmlns:ns1="http://xmlns.oracle.com/ValidacaoProjectos"
  xmlns:ns3="http://www.nerga.pt" xmlns:ns2="http://tempuri.org/"
  xmlns:bpelx="http://schemas.oracle.com/bpel/extension"
  xmlns:ns10="http://www.oracle.com/XSL/Transform/java/oracle.tip.pc.services.functions.Xpath20"
  xmlns:ns8="http://schemas.xmlsoap.org/ws/2003/03/business-process/">
  <!--Generated by Telelogic System Architect on 05/01/2007 11:06:18 by easm-->
  <sapattern>
  <guid>41207640-d934-480f-902a-b3764f3d9c9f</guid>
  </sapattern>
  <partnerLinks>
  <partnerLink name="client" partnerLinkType="ns4:CriarProjectoSA"
  myRole="CriarProjectoSAProvider"/>
  <partnerLink name="NergaIS" partnerLinkType="ns2:ServiceSoap_PL"
  myRole="ServiceSoap_Role" partnerRole="ServiceSoap_Role"/>
  <partnerLink name="ValidacaoProjectos"
  partnerLinkType="ns1:ValidacaoProjectos"
  myRole="ValidacaoProjectosRequester"
  partnerRole="ValidacaoProjectosProvider"/>
  <sapattern>
  <!--The System Architect objects used in the pattern. To ensure traceability to System Architect DO NOT REMOVE-->
  <guid>e728e550-f404-47bf-aa13-72429480cbc6</guid>
  <guid>3111d1af-0b31-4d02-b3fc-73d14ce95405</guid>
  <guid>e9cdca59-888a-4e67-af54-a63ce2347ad3</guid>
  </sapattern>
  </partnerLinks>
  <variables>
  <variable name="outputVariable"
  messageType="ns4:CriarProjectoSAResponseMessage"/>
  <variable name="inputVariable"
  messageType="ns4:CriarProjectoSARequestMessage"/>
  <sapattern>
  <!--The System Architect objects used in the pattern. To ensure traceability to System Architect DO NOT REMOVE-->
  <guid>2503e820-3add-4cd1-bbc5-5cc5fff57090</guid>
  <guid>8bcc3532-46b7-4e88-816f-72ecdaee76ab</guid>
  </sapattern>
  <variable name="invocaVP_initiate_InputVariable"
  messageType="ns1:ValidacaoProjectosRequestMessage"/>
  <variable name="recebeVP_onResult_InputVariable"
  messageType="ns1:ValidacaoProjectosResponseMessage"/>
  <variable name="InvocaAdicionarProjecto_InputVariable"
  messageType="ns2:AdicionarProjectoSoapIn"/>
  <variable name="InvocaAdicionarProjecto_OutputVariable"
  messageType="ns2:AdicionarProjectoSoapOut"/>
  </variables>
  <sequence>
  <receive name="recebeTemplate" joinCondition="False" partnerLink="client"
  portType="ns4:CriarProjectoSA" operation="process"
  variable="inputVariable" createInstance="yes">
  <sapattern>
  <!--The System Architect objects used in the pattern. To ensure traceability to System Architect DO NOT REMOVE-->
  <guid>e728e550-f404-47bf-aa13-72429480cbc6</guid>
  <guid>68e62379-55ac-48eb-b681-aee8f5a7696d</guid>
  </sapattern>
  </receive>
  <scope variableAccessSerializable="no" name="ValidarExigências"
  joinCondition="False">
  <faultHandlers>
  <catchAll>
  <assign name="assignInvalid">
  <bpelx:append>
  <bpelx:from expression="concat(ns8:getVariableData('inputVariable','payload','/ns3:Template/ns3:Projecto/ns3:Observacoes'), string('Projecto inválido!!'))"/>
  <bpelx:to variable="inputVariable" part="payload"
  query="/ns3:Template/ns3:Projecto/ns3:Observacoes"/>
  </bpelx:append>
  </assign>
  </catchAll>
  </faultHandlers>
  <sapattern>
  <!--The System Architect objects used in the pattern. To ensure traceability to System Architect DO NOT REMOVE-->
  <guid>2e56af66-6622-43e0-9adc-6d5f109cf374</guid>
  </sapattern>
  <sequence name="ValidarExigências" joinCondition="False">
  <assign name="assignVPIn">
  <copy>
  <from variable="inputVariable" part="payload"/>
  <to variable="invocaVP_initiate_InputVariable" part="payload"/>
  </copy>
  </assign>
  <sapattern>
  <!--The System Architect objects used in the pattern. To ensure traceability to System Architect DO NOT REMOVE-->
  <guid>2e56af66-6622-43e0-9adc-6d5f109cf374</guid>
  </sapattern>
  <invoke name="invocaVP" joinCondition="False"
  partnerLink="ValidacaoProjectos" portType="ns1:ValidacaoProjectos"
  operation="initiate"
  inputVariable="invocaVP_initiate_InputVariable">
  <sapattern>
  <!--The System Architect objects used in the pattern. To ensure traceability to System Architect DO NOT REMOVE-->
  <guid>f3bc9c04-f4d2-4e96-acc8-7a6c88a8ced5</guid>
  </sapattern>
  </invoke>
  <receive name="recebeVP" joinCondition="False"
  partnerLink="ValidacaoProjectos"
  portType="ns1:ValidacaoProjectosCallback" operation="onResult"
  createInstance="no" variable="recebeVP_onResult_InputVariable">
  <sapattern>
  <!--The System Architect objects used in the pattern. To ensure traceability to System Architect DO NOT REMOVE-->
  <guid>e9cdca59-888a-4e67-af54-a63ce2347ad3</guid>
  <guid>1eba96a8-330a-4e4d-a14b-cdf6641fa614</guid>
  </sapattern>
  </receive>
  <assign name="assignVPOut">
  <copy>
  <from variable="recebeVP_onResult_InputVariable" part="payload"/>
  <to variable="inputVariable" part="payload"/>
  </copy>
  </assign>
  </sequence>
  </scope>
  <scope variableAccessSerializable="no" name="AdicionarProjecto"
  joinCondition="False">
  <sapattern>
  <!--The System Architect objects used in the pattern. To ensure traceability to System Architect DO NOT REMOVE-->
  <guid>89c02eae-7788-4892-a616-e46b65ef1b50</guid>
  </sapattern>
  <sequence name="InvocarISAdicionarProjecto" joinCondition="False">
  <assign name="assignIS">
  <copy>
  <from variable="inputVariable" part="payload"
  query="/ns3:Template/ns3:Projecto/ns3:NomeProjecto"/>
  <to variable="InvocaAdicionarProjecto_InputVariable" part="parameters"
  query="/ns2:AdicionarProjecto/ns2:nome"/>
  </copy>
  <copy>
  <from variable="inputVariable" part="payload"
  query="/ns3:Template/ns3:Projecto/ns3:TipoProjecto"/>
  <to variable="InvocaAdicionarProjecto_InputVariable" part="parameters"
  query="/ns2:AdicionarProjecto/ns2:tipo"/>
  </copy>
  </assign>
  <sapattern>
  <!--The System Architect objects used in the pattern. To ensure traceability to System Architect DO NOT REMOVE-->
  <guid>89c02eae-7788-4892-a616-e46b65ef1b50</guid>
  </sapattern>
  <invoke name="InvocaAdicionarProjecto" joinCondition="False"
  partnerLink="NergaIS" portType="ns2:ServiceSoap"
  operation="AdicionarProjecto"
  inputVariable="InvocaAdicionarProjecto_InputVariable"
  outputVariable="InvocaAdicionarProjecto_OutputVariable">
  <sapattern>
  <!--The System Architect objects used in the pattern. To ensure traceability to System Architect DO NOT REMOVE-->
  <guid>76519bd3-c506-4c79-8190-8ff09abdd27d</guid>
  </sapattern>
  </invoke>
  </sequence>
  </scope>
  <assign name="assignOutput">
  <copy>
  <from variable="inputVariable" part="payload"
  query="/ns3:Template/ns3:Projecto"/>
  <to variable="outputVariable" part="payload"/>
  </copy>
  </assign>
  <reply name="devolveProjecto" joinCondition="False" partnerLink="client"
  portType="ns4:CriarProjectoSA" operation="process"
  variable="outputVariable">
  <sapattern>
  <!--The System Architect objects used in the pattern. To ensure traceability to System Architect DO NOT REMOVE-->
  <guid>e728e550-f404-47bf-aa13-72429480cbc6</guid>
  <guid>0dbefef0-3d04-4356-abbc-b291ea40d256</guid>
  </sapattern>
  </reply>
  </sequence>
  </process>

• Jabber can not enter the PIN for voice mail

  I installed Cisco Jabber 8.6 on the android mobile,And registered jabber to CUCM8.0. In the same time, CUCM8.0 integrated with Unity Connection8.0 via SCCP, Everything is normal.
  Tested using any of a telephone call Jabber, it can received voice mail, and shows have a voice mail on the android mobile. then, Hear the tone of the Connection system :"please enter your PIN." However, in any case the PIN can not be submit to the Unity Connection, System reminded over and over again:please enter your PIN.......
  I guess the mobile's dial pad can not be supported by Unity Connection, Or other reasons.
  help!!!

  The Android client is a SIP device and uses RFC2833 for DTMF relay. Unity Connection supports RFC2833 when integrated with either SCCP or SIP. The first question that comes to mind: is the call invoking a transocder/MTP that would be in the media path? For example, if Jabber is using G.729 and you haven't enabled that on CXN or you're requiring a TRP.
  I would start with a Wireshark capture from the CXN server to see: a) what the far-end IP address is for the RTP packets; and, b) whether you see the RFC2833 packets arrive. If the sender IP isn't the Jabber client a media resource got invoked which may be dropping the RFC2833 packets. If the IP is correct but you don't see the RFC2833 packets arrive you could then run a Wireshark or collect SDI logs with SIP stack trace enabled from the CUCM node that Jabber is registered to. That would allow you to see the SDP negotiation at call setup to see if RFC2833 even gets negotiated.
  Please remember to rate helpful responses and identify helpful or correct answers.

• I can Ping FW inside interface but can not connect to remote resources

  dear all
  i configer my asa 5520 through ASDM to enable VPN Connection , i follow the cisco steps and it works fine and the anyconnect version 3.1 in Windows 8 - one day troubleshoot for this point only - can connect and have an IP address from the range , but i have something wrong in NAT may be because all guides talking about old ASDM ( NAT Exempt) but i am confeused to apply it on the new ASDM.
  i can ping the inside interface  from my labtop which using anyconnect , but i can not access anything else inside my network
  Please anyone has a solution , please describe it using ASDM , thanks for help
  This is my configuration
  interface GigabitEthernet0/1
  description
  nameif SRV_ZONE
  security-level 50
  ip address 192.168.1.1 255.255.255.0
  interface GigabitEthernet0/2
  description
  nameif TRUST_ZONE
  security-level 100
  ip address 172.17.200.1 255.255.255.0
  interface GigabitEthernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  nameif MGMT
  security-level 0
  ip address 10.10.10.1 255.255.255.0
  dns server-group DefaultDNS
  domain-name xxx.xxx.xxx
  object network obj-192.168.1.11
  host 192.168.1.11
  object network obj-xxx.xxx.xxx.xxx
  host xxx.xxx.xxx.xxx
  object service obj-tcp-source-eq-25
  service tcp source eq smtp
  object network obj-192.168.1.12
  host 192.168.1.12
  object network obj-xxx.xxx.xxx.xxx
  host xxx.xxx.xxx.xxx
  object network obj-192.168.1.0
  subnet 192.168.1.0 255.255.255.0
  object service obj-tcp-eq-25
  service tcp destination eq smtp
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network obj-0.0.0.0
  host 0.0.0.0
  object network obj_any-01
  subnet 0.0.0.0 0.0.0.0
  object network obj-172.17.8.8
  host 172.17.8.8
  object network obj-172.17.0.0
  subnet 172.17.0.0 255.255.0.0
  object network obj_any-02
  subnet 0.0.0.0 0.0.0.0
  object network obj_any-03
  subnet 0.0.0.0 0.0.0.0
  object network obj_any-04
  subnet 0.0.0.0 0.0.0.0
  object network obj_any-05
  subnet 0.0.0.0 0.0.0.0
  object network obj_any-06
  subnet 0.0.0.0 0.0.0.0
  object network obj.172.17.8.115
  host 172.17.8.115
  object network obj.xxx.xxx.xxx.xxx
  host xxx.xxx.xxx.xxx
  object service http
  service tcp source eq www destination eq www
  object network obj.xxx.xxx.xxx.xxx
  host xxx.xxx.xxx.xxx
  object service https
  service tcp source eq https destination eq https
  object service newservice
  service tcp source eq pop3 destination eq pop3
  object network mail
  host 172.17.8.8
  description mail     
  object network 192.168.1.11
  host 192.168.1.11
  description smtp     
  object service smtpnew
  service tcp source eq 587 destination eq 587
  object network VPN_RANGE
  description VPN ACCESS RANGE  
  object network VPN_PoOL
  subnet 172.17.16.0 255.255.255.0
  description vpn
  object-group network DM_INLINE_NETWORK_1
  network-object host 192.168.1.11
  network-object host 192.168.1.12
  object-group network Eighth_Floor
  network-object 172.17.8.0 255.255.255.0
  object-group service WEB_SERVICES
  service-object tcp destination eq www
  object-group network ENT_SERVERS
  network-object host 192.168.1.11
  network-object host 192.168.1.1
  object-group network DM_INLINE_NETWORK_2
  network-object 172.17.200.0 255.255.255.0
  network-object 172.17.8.0 255.255.255.0
  object-group service DM_INLINE_TCP_2 tcp
  port-object eq www
  port-object eq https
  port-object eq smtp
  object-group service web tcp
  port-object eq www
  port-object eq xxx
  port-object eq ftp
  port-object eq xxx
  port-object eq xxx
  object-group service xxx_Web_and_Email
  service-object object http
  service-object tcp destination eq pop3
  service-object tcp destination eq smtp
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group protocol DM_INLINE_PROTOCOL_1
  protocol-object udp
  protocol-object tcp
  object-group protocol DM_INLINE_PROTOCOL_2
  protocol-object ip
  object-group protocol DM_INLINE_PROTOCOL_3
  protocol-object ip
  access-list DMZ_access_in extended permit ip 192.168.1.0 255.255.255.0 172.17.0.0 255.255.0.0
  access-list DMZ_access_in extended permit ip 192.168.1.0 255.255.255.0 any
  access-list justice_splitTunnelAcl standard permit 10.100.100.0 255.255.255.0
  access-list xxx-VPN_splitTunnelAcl remark vpn
  access-list xxx-VPN_splitTunnelAcl standard permit 172.17.16.0 255.255.255.0
  access-list xxx-VPN_splitTunnelAcl standard permit any
  access-list cap extended permit tcp any host xxx.xxx.xxx.xxx eq smtp log
  access-list cap1 extended permit tcp host 192.168.1.11 any eq smtp
  access-list SRV_ZONE_nat_outbound extended permit tcp 192.168.1.0 255.255.255.0 any eq smtp
  access-list SRV_ZONE_nat_outbound extended permit ip host 192.168.1.11 any
  access-list TRUST_ZONE_access_in extended permit ip host 172.17.88.108 any
  access-list TRUST_ZONE_access_in extended permit object-group DM_INLINE_PROTOCOL_2 10.10.3.0 255.255.255.0 any
  access-list TRUST_ZONE_access_in extended permit object-group DM_INLINE_PROTOCOL_3 10.10.50.0 255.255.255.0 any
  access-list TRUST_ZONE_access_in extended permit ip 172.17.8.0 255.255.255.0 any
  access-list TRUST_ZONE_access_in extended permit ip 172.17.200.0 255.255.255.0 any
  access-list TRUST_ZONE_access_in extended permit ip 172.17.0.0 255.255.0.0 host 192.168.1.12
  access-list TRUST_ZONE_cryptomap extended permit ip xxx.xxx.xxx.xxx 255.255.255.248 any
  access-list outside_access_in extended permit tcp any host 192.168.1.11 eq smtp
  access-list outside_access_in extended permit tcp any host 172.17.8.8 eq www
  access-list outside_access_in extended permit tcp any host 192.168.1.12 object-group web
  access-list outside_access_in extended permit tcp any host 172.17.8.8 eq pop3
  access-list outside_access_in extended permit ip 172.17.16.0 255.255.255.0 any inactive
  access-list vpn remark vpn
  access-list vpn standard permit 172.17.16.0 255.255.255.0
  pager lines 24
  logging enable
  logging trap informational
  logging asdm informational
  logging host TRUST_ZONE 172.17.8.100
  mtu INT_ZONE 1500
  mtu SRV_ZONE 1500
  mtu TRUST_ZONE 1500
  mtu MGMT 1500
  ip local pool VPN_POOL 172.17.16.100-172.17.16.254 mask 255.255.255.0
  ip verify reverse-path interface INT_ZONE
  ip verify reverse-path interface SRV_ZONE
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any SRV_ZONE
  icmp permit any TRUST_ZONE
  asdm image disk0:/asdm-635.bin
  no asdm history enable
  arp timeout 14400
  nat (SRV_ZONE,INT_ZONE) source static obj-192.168.1.11 obj-xxx.xxx.xxx.xxx service any obj-tcp-source-eq-25
  nat (SRV_ZONE,INT_ZONE) source static obj-192.168.1.12 obj-xxx.xxx.xxx.xxx
  nat (SRV_ZONE,INT_ZONE) source dynamic obj-192.168.1.0 interface service obj-tcp-eq-25 obj-tcp-eq-25
  nat (INT_ZONE,SRV_ZONE) source static any any destination static 192.168.1.11 obj-172.17.8.8 service obj-tcp-source-eq-25 obj-tcp-source-eq-25
  nat (TRUST_ZONE,INT_ZONE) source static VPN_PoOL VPN_PoOL destination static VPN_PoOL VPN_PoOL
  object network obj_any
  nat (SRV_ZONE,INT_ZONE) dynamic obj-0.0.0.0
  object network obj_any-01
  nat (SRV_ZONE,MGMT) dynamic obj-0.0.0.0
  object network obj-172.17.8.8
  nat (TRUST_ZONE,INT_ZONE) static xxx.xxx.xxx.xxx service tcp www www
  object network obj-172.17.0.0
  nat (TRUST_ZONE,SRV_ZONE) static 172.17.0.0
  object network obj_any-02
  nat (TRUST_ZONE,INT_ZONE) dynamic interface
  object network obj_any-03
  nat (TRUST_ZONE,SRV_ZONE) dynamic interface
  object network obj_any-04
  nat (TRUST_ZONE,INT_ZONE) dynamic obj-0.0.0.0
  object network obj_any-05
  nat (TRUST_ZONE,SRV_ZONE) dynamic obj-0.0.0.0
  object network obj_any-06
  nat (TRUST_ZONE,MGMT) dynamic obj-0.0.0.0
  object network obj.172.17.8.115
  nat (TRUST_ZONE,INT_ZONE) static obj.xxx.xxx.xxx.xxx service tcp www www
  object network mail
  nat (TRUST_ZONE,INT_ZONE) static obj-xxx.xxx.xxx.xxx service tcp pop3 pop3
  nat (TRUST_ZONE,INT_ZONE) after-auto source static obj-172.17.8.8 obj-xxx.xxx.xxx.xxx service https https
  access-group outside_access_in in interface INT_ZONE
  access-group DMZ_access_in in interface SRV_ZONE
  access-group TRUST_ZONE_access_in in interface TRUST_ZONE
  route INT_ZONE 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
  route TRUST_ZONE 10.10.0.0 255.255.0.0 172.17.200.254 1
  route TRUST_ZONE 10.11.0.0 255.255.0.0 172.17.200.254 1
  route TRUST_ZONE 10.12.0.0 255.255.0.0 172.17.200.254 1
  route TRUST_ZONE 10.13.0.0 255.255.0.0 172.17.200.254 1
  route TRUST_ZONE 172.17.0.0 255.255.0.0 172.17.200.254 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication enable console LOCAL
  aaa authentication http console LOCAL
  aaa authentication ssh console LOCAL
  aaa authentication serial console LOCAL
  http server enable
  http 172.17.8.0 255.255.255.0 TRUST_ZONE
  http 172.17.8.155 255.255.255.255 TRUST_ZONE
  http 172.17.8.45 255.255.255.255 TRUST_ZONE
  http 10.10.10.2 255.255.255.255 MGMT
  http 192.168.1.12 255.255.255.255 SRV_ZONE
  http 0.0.0.0 0.0.0.0 INT_ZONE
  http 172.17.200.0 255.255.255.0 TRUST_ZONE
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto dynamic-map pol 1 match address TRUST_ZONE_cryptomap
  crypto dynamic-map pol 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map INT_ZONE_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map TRUST_ZONE_map0 1 ipsec-isakmp dynamic pol
  crypto map TRUST_ZONE_map0 interface TRUST_ZONE
  crypto map INT_ZONE_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map INT_ZONE_map0 interface INT_ZONE
  crypto ca trustpoint ASDM_TrustPoint0
  enrollment self
  fqdn SEC-xxx-FW1
  subject-name CN=SEC-xxx-FW1
  no client-types
  proxy-ldc-issuer
  crl configure
  crypto ca trustpoint ASDM_TrustPoint1
  enrollment self
  subject-name CN=SEC-xxx-FW1
  keypair sslvpnkeypair
  crl configure
  crypto ca certificate chain ASDM_TrustPoint0
  certificate 31
      57f4e52e 6b851966 77515d62 c209a0df 1c32ce94 bb90cbce 497cfd04 6745ea85
      efb75f85 2ae1ad35 344d94ab 915e01ab d3292626 ac697a52 b4ed6632 d3ed2332 ae
    quit
  crypto ca certificate chain ASDM_TrustPoint1
  certificate e6054352
      c64f3661 30f14c3d 06b5f039 9f14560d 3b154fd1 42782268 7531689e 8e547d91
      85e88415 e326f653 74733a6c a3f5c935 f7e83f56 f6
    quit
  crypto isakmp enable INT_ZONE
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 65535
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 INT_ZONE
  ssh 172.17.8.0 255.255.255.0 TRUST_ZONE
  ssh 10.10.10.2 255.255.255.255 MGMT
  ssh timeout 5
  console timeout 0
  management-access TRUST_ZONE
  vpn load-balancing
  interface lbpublic INT_ZONE
  interface lbprivate INT_ZONE
  priority-queue INT_ZONE
    tx-ring-limit 256
  threat-detection basic-threat
  threat-detection scanning-threat
  threat-detection statistics host number-of-rate 3
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ssl trust-point ASDM_TrustPoint1 INT_ZONE
  webvpn
  enable INT_ZONE
  svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1
  svc enable
  tunnel-group-list enable
  group-policy xxx-VPN internal
  group-policy xxx-VPN attributes
  dns-server value xx.xx.xx.xx xx.xx.xx.xx
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value xxx-VPN_splitTunnelAcl
  group-policy DfltGrpPolicy attributes
  vpn-tunnel-protocol webvpn
  group-policy GPNEW internal
  group-policy GPNEW attributes
  dns-server value 172.17.8.41
  vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
  default-domain value xxx.xxx.xxx
  address-pools value VPN_POOL
  username VPNAM password xxx encrypted
  username VPNAM attributes
  service-type remote-access
  vpn-group-policy xxx-VPN
  tunnel-group xxx-VPN type remote-access
  tunnel-group xxx-VPN general-attributes
  dhcp-server 172.17.8.41
  tunnel-group xxx-VPN ipsec-attributes
  pre-shared-key *****
  tunnel-group pol type ipsec-l2l
  tunnel-group pol ipsec-attributes
  pre-shared-key *****
  trust-point ASDM_TrustPoint0
  tunnel-group SSLClientProfile type remote-access
  tunnel-group SSLClientProfile general-attributes
  address-pool VPN_POOL
  default-group-policy GPNEW
  tunnel-group SSLClientProfile webvpn-attributes
  group-alias SSLVPNClient enable
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
    inspect ip-options
    inspect pptp
  service-policy global_policy global
  prompt hostname context
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:78a941e3f509dec8f3570c60061eedaa
  : end

  thanks god
  i solve the problem
  the problem is in NAT
  i creat an object with the ip address host from VPN pool and name it vpn
  then i do the nat from inside to that host as the following picture...
  trust zone is the inside zone
  vpn is the outside vpn host...
  thanks and hope it helps anyone else...

• ASA 5505 VPN Can not connect clients

  Hi,
  I tried to search for an answer to this question but I couldn't find the answer.
  I configured the VPN on the ASA, I can not  get a client to connect to the ASA  I've tried and search for an answer and I really need som help!
  Any help is greatly appreciated.
  : Saved
  ASA Version 7.2(2)
  hostname
  domain-name
  enable password
  names
  ddns update method
  ddns both
  interface Vlan1
  nameif inside
  security-level 100
  ddns update hostname
  ddns update
  dhcp client update dns
  ip address 192.168.1.1 255.255.255.0
  ospf cost 10
  interface Vlan2
  nameif outside
  security-level 0
  ip address x.x.x.x 255.255.255.0
  ospf cost 10
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  switchport access vlan 3
  interface Ethernet0/6
  interface Ethernet0/7
  passwd 2KFQnbNIdI.2KYOU encrypted
  ftp mode passive
  dns domain-lookup inside
  dns domain-lookup outside
  dns server-group DefaultDNS
  name-server
  name-server
  domain-name
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  access-list EasyVPN_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
  access-list OUTSIDE_IN_ACL extended permit ip any any
  access-list OUTSIDE_IN_ACL extended permit icmp any interface outside
  access-list Remote-VPN_splitTunnelAcl standard permit any
  access-list DefaultRAGroup_splitTunnelAcl standard permit any
  access-list Bild_splitTunnelAcl standard permit any
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ip local pool TKK 192.168.1.200-192.168.1.220 mask 255.255.255.224
  ip local pool VPN-Pool 192.168.254.1-192.168.254.10 mask 255.255.255.0
  no failover
  monitor-interface inside
  monitor-interface outside
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any outside
  asdm image disk0:/asdm-522.bin
  no asdm history enable
  arp timeout 14400
  nat-control
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  nat (outside) 0 access-list outside_nat0_outbound
  static (inside,inside) tcp interface 3389 access-list inside_nat_static
  static (inside,inside) tcp interface ftp access-list inside_nat_static_2
  static (outside,inside) x.x.x.x 192.168.1.0 netmask 255.255.255.255 dns
  access-group inside_access_in in interface inside
  access-group inside_access_out out interface inside
  access-group outside_access_in in interface outside
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout uauth 0:05:00 absolute
  group-policy DefaultRAGroup internal
  group-policy DefaultRAGroup attributes
  vpn-tunnel-protocol l2tp-ipsec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl
  group-policy DfltGrpPolicy attributes
  banner none
  wins-server none
  dns-server value 192.168.1.253
  dhcp-network-scope none
  vpn-access-hours none
  vpn-simultaneous-logins 3
  vpn-idle-timeout 30
  vpn-session-timeout none
  vpn-filter none
  vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
  password-storage disable
  ip-comp disable
  re-xauth disable
  group-lock none
  pfs disable
  ipsec-udp disable
  ipsec-udp-port 10000
  split-tunnel-policy tunnelall
  split-tunnel-network-list none
  default-domain none
  split-dns none
  intercept-dhcp 255.255.255.255 disable
  secure-unit-authentication disable
  user-authentication disable
  user-authentication-idle-timeout 30
  ip-phone-bypass disable
  leap-bypass disable
  nem disable
  backup-servers keep-client-config
  msie-proxy server none
  msie-proxy method no-modify
  msie-proxy except-list none
  msie-proxy local-bypass disable
  nac disable
  nac-sq-period 300
  nac-reval-period 36000
  nac-default-acl none
  address-pools none
  client-firewall none
  client-access-rule none
  webvpn
    functions url-entry
    html-content-filter none
    homepage none
    keep-alive-ignore 4
    http-comp gzip
    filter none
    url-list none
    customization value DfltCustomization
    port-forward none
    port-forward-name value Application Access
    sso-server none
    deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission
  to use any of the VPN features. Contact your IT administrator for more information
    svc none
    svc keep-installer installed
    svc keepalive none
    svc rekey time none
    svc rekey method none
    svc dpd-interval client none
    svc dpd-interval gateway none
    svc compression deflate
  group-policy EasyVPN internal
  group-policy EasyVPN attributes
  dns-server value 192.168.1.253
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value EasyVPN_splitTunnelAcl
  default-domain value xxx.se
  group-policy Remote-VPN internal
  group-policy Remote-VPN attributes
  dns-server value 192.168.1.253
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value Remote-VPN_splitTunnelAcl
  default-domain value xxx.se
  group-policy CiscoASA internal
  group-policy CiscoASA attributes
  dns-server value 192.168.1.253 x.x.x.x
  vpn-tunnel-protocol IPSec webvpn
  group-policy Bild internal
  group-policy Bild attributes
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value Bild_splitTunnelAcl
  username User attributes
  vpn-group-policy DfltGrpPolicy
  username Bild password encrypted privilege 0
  username Bild attributes
  vpn-group-policy Bild
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set TRANS_ESP_DES_SHA esp-des esp-sha-hmac
  crypto ipsec transform-set TRANS_ESP_DES_SHA mode transport
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto dynamic-map outside_dyn_map 20 set pfs
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-SHA
  crypto dynamic-map outside_dyn_map 40 set pfs
  crypto dynamic-map outside_dyn_map 40 set transform-set ESP-DES-SHA
  crypto dynamic-map outside_dyn_map 60 set pfs
  crypto dynamic-map outside_dyn_map 60 set transform-set ESP-DES-SHA
  crypto dynamic-map outside_dyn_map 80 set pfs
  crypto dynamic-map outside_dyn_map 80 set transform-set ESP-DES-SHA
  crypto dynamic-map outside_dyn_map 100 set pfs
  crypto dynamic-map outside_dyn_map 100 set transform-set ESP-DES-SHA
  crypto dynamic-map outside_dyn_map 120 set pfs
  crypto dynamic-map outside_dyn_map 120 set transform-set ESP-DES-SHA
  crypto dynamic-map outside_dyn_map 140 set pfs
  crypto dynamic-map outside_dyn_map 140 set transform-set ESP-DES-SHA
  crypto dynamic-map outside_dyn_map 160 set pfs
  crypto dynamic-map outside_dyn_map 160 set transform-set ESP-DES-SHA
  crypto dynamic-map outside_dyn_map 180 set pfs
  crypto dynamic-map outside_dyn_map 180 set transform-set TRANS_ESP_DES_SHA
  crypto dynamic-map outside_dyn_map 200 set pfs
  crypto dynamic-map outside_dyn_map 200 set transform-set ESP-DES-SHA
  crypto dynamic-map outside_dyn_map 220 set pfs
  crypto dynamic-map outside_dyn_map 220 set transform-set ESP-DES-SHA
  crypto dynamic-map inside_dyn_map 20 set pfs
  crypto dynamic-map inside_dyn_map 20 set transform-set ESP-DES-SHA
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map
  crypto map inside_map interface inside
  crypto isakmp enable inside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp nat-traversal  20
  crypto isakmp ipsec-over-tcp port 10000
  tunnel-group DefaultRAGroup general-attributes
  address-pool vpn
  default-group-policy DefaultRAGroup
  tunnel-group DefaultRAGroup ipsec-attributes
  pre-shared-key *
  tunnel-group Bild type ipsec-ra
  tunnel-group Bild general-attributes
  address-pool TKK
  default-group-policy Bild
  tunnel-group Bild ipsec-attributes
  pre-shared-key *
  tunnel-group CiscoASA type ipsec-ra
  tunnel-group CiscoASA general-attributes
  address-pool vpn
  default-group-policy CiscoASA
  tunnel-group CiscoASA ipsec-attributes
  pre-shared-key *
  tunnel-group EasyVPN type ipsec-ra
  tunnel-group EasyVPN general-attributes
  address-pool vpn
  default-group-policy EasyVPN
  tunnel-group EasyVPN ipsec-attributes
  pre-shared-key *
  tunnel-group Remote-VPN type ipsec-ra
  tunnel-group Remote-VPN general-attributes
  address-pool VPN-Pool
  default-group-policy Remote-VPN
  tunnel-group Remote-VPN ipsec-attributes
  pre-shared-key *
  class-map global-class
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global-policy
  class global-class
    inspect ftp
    inspect icmp
    inspect pptp
  service-policy global-policy global
  prompt hostname context
  Cryptochecksum:8cdda33b1993ba7bb33db88d996e939c
  : end

  Hi Fredrik,
  I see your acl "outside_nat0_outbound" set on inside interface for no nat, but I do not see, the acl is being defined anywhere on your config.
  I also strongly recommand create your vpn-pool to be different subnet rather being as same as your inside ip of your ASA.
  so, let assume your vpn pool is 192.168.255.1-254/24
  so, your no-nat for inside will look like this below.
  access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.255.0 255.255.255.0
  Let me know, if this helps.
  thanks