Problem in Configuring Dynamic VPN in the pix
Hi All,
I am having a problem in configuring a dynamic VPN in my pix which has the 7.2 version of ios but i am able to work with same configuration in the pix whch has 6.3 version i just want a user from outside my network using the vpn client access the resource inside my network below is my configuration is it ok are should i need to do anything more? please advice me.
ip local pool vpnpool1 192.168.170.1-192.168.170.254
crypto dynamic-map map2 20 set transform-set guatemala1
crypto map map1 20 ipsec-isakmp dynamic map2
crypto ipsec transform-set guatemala1 esp-aes-256 esp-sha-hmac
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption aes-256
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup Guatemalavpn address-pool vpnpool1
vpngroup Guatemalavpn split-tunnel inside_nat0_outbound
vpngroup Guatemalavpn idle-time 36000
vpngroup Guatemalavpn password xxxxxxx
access-list outside_acl permit tcp 192.168.170.0 255.255.255.0 172.19.10.0 255.255.255.0
route outside 192.168.170.0 255.255.255.0 200.30.222.65
access-list inside_nat0_outbound extended permit ip any 192.168.170.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
access-list 102 permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
Try it and tell me if works:
ip local pool vpnpool1 192.168.170.1-192.168.170.254
access-list inside_nat0_outbound extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
access-list acl-inside extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
access-group acl-inside in interface inside
nat (inside) 0 access-list inside_nat0_outbound
group-policy Guatemalavpn internal
group-policy Guatemalavpn attributes
wins-server value xx.xx.xx.xx
dns-server value xx.xx.xx.xx
default-domain value mydomain.com
crypto ipsec transform-set guatemala1 esp-aes-256 esp-sha-hmac
crypto dynamic-map map2 20 set transform-set guatemala1
crypto map map1 20 ipsec-isakmp dynamic map2
crypto map map1 interface outside
crypto isakmp identity address
crypto isakmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption aes-256
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
tunnel-group Guatemalavpn type ipsec-ra
tunnel-group Guatemalavpn general-attributes
address-pool vpnpool1
default-group-policy Guatemalavpn
tunnel-group Guatemalavpn ipsec-attributes
pre-shared-key *
route outside 192.168.170.0 255.255.255.0 200.30.222.65
Similar Messages
-
Problem in aligning dynamic UI with the static UI
Hi All,
I have problem in aligning dynamic UI with the static UI, I am using Matrix layout.
Static fields are spread over 2 colums and 3 rows:
lableA SPACE input field SPACESPACE lable B SPACE input field
lableC SPACE dropdown SPACESPACElableD SPACE dropdown
lableE SPACE dropdown SPACESPACElableF SPACE dropdown
Now when a value is selected in C, than E becomes visible, and depending on the values selected in E, there are dynamic UI generated, i.e dynamic lables and depending on some validation it will be either a dropdowns or input fiels or both.
at run time screen is like this:
lableA SPACE input field SPACESPACE lable B SPACE input field
lableC SPACE dropdown SPACESPACElableD SPACE dropdown
lableE SPACE dropdown SPACESPACElableF SPACE dropdown
dynaSPACEdropdown
dynbSPACEinput field
if I change my selection in E than layout looks like:
lableA SPACE input field SPACESPACE lable B SPACE input field
lableC SPACE dropdown SPACESPACElableD SPACE dropdown
lableE SPACE dropdown SPACESPACElableF SPACE dropdown
dynaSPACESPACEdropdown
dynbSPACESPACEinput field
Requirment: I need all the lables as well as dropdown/ input fiels in line with the static fields irrespective of my selection in E.
Something like this:
lableA SPACE input field SPACESPACE lable B SPACE input field
lableC SPACE dropdown SPACESPACElableD SPACE dropdown
lableE SPACE dropdown SPACESPACElableF SPACE dropdown
dyna SPACEdropdown
dynbSPACESinput field
dyncSPACESdropdown
All this elements are in a group and that group has 2 transparent containers, 1 for static and for holding dynamic UI.
I tried playing with the container properties, and also tried fixing width of dynamic UI but still the alignment issue is encountered.
Can U guys plz give in ur valuable inputs as i need to fix this urgently.
Regards,
JJHi Armin,
Can you please elaborate your solution ?, I do not have an idea of InvisibleElement & IWDView.resetView() ,
If you can give me the exact pointer than it would be great and a good learning exp. for me.
Thanks for the action assignment part, it worked.
if (wdContext.nodeMaterialClass().size() > 0 && wdContext.currentContextElement().getActionMatCls()) {
if (wdContext.currentMaterialClassElement().getMaterialClass_Description() != null || !wdContext.currentMaterialClassElement ().getMaterialClass_Description().equalsIgnoreCase(" ")) {
IWDGroup Searchgroup = (IWDGroup) view.getElement("DynGroup");
Searchgroup.destroyAllChildren();
view.getContext().reset(false);
for (int i = 0; i < wdContext.nodeMaterialCharateristcs().size(); i++) {
//this for label
IWDLabel CharLabel = (IWDLabel) view.createElement(IWDLabel.class, "label" + i);
CharLabel.setText(wdContext.nodeMaterialCharateristcs().getMaterialCharateristcsElementAt(i).getDescr_Char());
CharLabel.setDesign(WDLabelDesign.EMPHASIZED);
CharLabel.createLayoutData(MatrixHeadData.class); CharLabel.setWidth("154px"); Searchgroup.addChild(CharLabel);
further there are conditions to create either dropdown or input field
Can you please point where and how to apply your solution.
Regards,
JJ -
Problems to configure VPN in a router COMTREND HG536+
I can't configure my VPN in the router COMTREND HG536+. It post me a fail. Can anybody help me?. In the University told me to hability the port 47 UDP and the 1723 TCP to my PC (IP). I dont know how to do it. Thank you very much.
Dear Bruno Ambrio
try to do the following :
- uninstall the MI from the mobile
- delete the MI folder
- restart the Mobile device
- install the MI again
- restart the mobile device
- make the first synchronization
- assign the DB2E as a mobile component to the mobile device
- do synchronization again
if you got any problems ... tell me which version of MI and Db2e are you using ?
hope it may helps
Ahmed Saber -
Need to call a configuration dynamically in SAP CRM 2007
Hi,
I need to call one configuration dynamically. In the runtime one configuration should be called upon fulfilling some conditions.
I need your help regarding this.
Points, Guaranteed.
Thanks,
SantoshHi Santosh,
We have made a solution where we call different configurations based on the UI object type. In the IMG entry called "Define UI Object Types" you can create a new custom object type. This you can use when you configure your view in transaction BSP_WD_CMPWB. Here you then copy your standard configuration to a new one. In the new one you set Object type = the object you have created in customizing. And config key you set to the same as you normally use. Then you have two different configurations that can be called depending on your requirements. We call it based on the business role of the users. But you can of course yourself determine on what criteria the method should call one or the other configuration.
In the method you will need to set the variable cv_object_type to the name of your own object type. Then the system will use this key to determine the configuration. After implementation you will see that it uses this object type by clicking F2 button in the UI.
/Anders -
Problem with VPN Client and PIX 7.0(5)
Hi, i have a problem configuring my pix 525 7.0(5) as a remote vpn server. I already configure the pix
sollowing this instructions (http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml)
and i can establish a vpn using CISCO VPN Client; but i can't reach any resource from my inside network or any network define in the PIX.
I think that could be a missing nat or an acl; but i have do a lot of research but i can figure out the solution.
This is the configuration i apply
access-list cryptomap-scada extended permit ip any 172.10.0.0 255.255.255.0
access-list acl-vpn-sap-remoto extended permit ip any 172.16.42.64 255.255.255.224
access-list acl-vpn-sap-remoto extended permit icmp any 172.16.42.64 255.255.255.224
access-list acl-vpn-sap-remoto extended permit ip any any
access-list acl-vpn-sap-remoto extended permit icmp any any
ip local pool pool_vpn_sap 172.*.*.1-172.10.0.254 mask 255.255.255.0
nat (inside) 0 access-list cryptomap-scada
group-policy VPN_SAP_PED internal
group-policy VPN_SAP_PED attributes
vpn-filter value acl-vpn-sap-remoto
vpn-tunnel-protocol IPSec
username vpnuser password **** encrypted
username vpnuser attributes
vpn-group-policy VPN_SAP_PED
crypto ipsec transform-set vpn-cliente-remoto esp-3des esp-md5-hmac
crypto dynamic-map vpn-remoto-dymap 7 set transform-set vpn-cliente-remoto
crypto dynamic-map vpn-remoto-dymap 7 set reverse-route
crypto map siemens-scada-map 7 ipsec-isakmp dynamic vpn-remoto-dymap
isakmp policy 7 authentication pre-share
isakmp policy 7 encryption 3des
isakmp policy 7 hash sha
isakmp policy 7 group 2
isakmp policy 7 lifetime 43200
tunnel-group VPN_SAP_PED type ipsec-ra
tunnel-group VPN_SAP_PED general-attributes
address-pool pool_vpn_sap
default-group-policy VPN_SAP_PED
tunnel-group VPN_SAP_PED ipsec-attributes
pre-shared-key clavevpnsap
Thanks in AdvancedHi, thanks for you response, if i remove the acl form de vpn filter, i get the same problem (i can't reach any host). This is the output from the command that you ask for.
PIX-Principal(config)# show running-config nat
nat (inside) 0 access-list cryptomap-scada
nat (inside) 9 JOsorioPC 255.255.255.255
nat (inside) 9 GColinaPC 255.255.255.255
nat (inside) 9 AlfonsoPC 255.255.255.255
nat (inside) 9 AngelPC 255.255.255.255
nat (inside) 9 JerryPC 255.255.255.255
nat (inside) 9 EstebanPC 255.255.255.255
nat (inside) 9 GiancarloPC 255.255.255.255
nat (inside) 9 WilliamsPC 255.255.255.255
nat (inside) 9 PerniaPC 255.255.255.255
nat (inside) 9 ElvisDomPC 255.255.255.255
nat (inside) 8 LBermudezPC 255.255.255.255
nat (inside) 9 HelpDeskPC 255.255.255.255
nat (inside) 9 OscarOPC 255.255.255.255
nat (inside) 9 AnaPC 255.255.255.255
nat (inside) 9 RobertoPC 255.255.255.255
nat (inside) 9 MarthaPC 255.255.255.255
nat (inside) 9 NOCPc5-I 255.255.255.255
nat (inside) 9 NOCPc6-I 255.255.255.255
nat (inside) 9 CiraPC 255.255.255.255
nat (inside) 9 JaimePC 255.255.255.255
nat (inside) 9 EugemarPC 255.255.255.255
nat (inside) 9 JosePC 255.255.255.255
nat (inside) 9 RixioPC 255.255.255.255
nat (inside) 9 DaniellePC 255.255.255.255
nat (inside) 9 NorimarPC 255.255.255.255
nat (inside) 9 NNavaPC 255.255.255.255
nat (inside) 8 ManriquePC 255.255.255.255
nat (inside) 8 MarcialPC 255.255.255.255
nat (inside) 8 JAlbornozPC 255.255.255.255
nat (inside) 9 GUrdanetaPC 255.255.255.255
nat (inside) 9 RVegaPC 255.255.255.255
nat (inside) 9 LLabarcaPC 255.255.255.255
nat (inside) 9 Torondoy-I 255.255.255.255
nat (inside) 9 Escuque-I 255.255.255.255
nat (inside) 9 Turbio-I 255.255.255.255
nat (inside) 9 JoseMora 255.255.255.255
nat (inside) 8 San-Juan-I 255.255.255.255
nat (inside) 8 Router7507 255.255.255.255
nat (inside) 8 NOCPc4-I 255.255.255.255
nat (InterfaceSAN) 8 MonitorHITACHI-I 255.255.255.255 -
WRVS4400N - Multiple Dynamic VPN Configurations?
Hello,
I am wondering if anyone knows whether or not the WRVS4400N supports more than one dynamic VPN configuration?
I am trying to get the WRVS4400N to let more than one TheGreenBow client to connect to it.....
Thank you,
A ReadYes, you can configure multiple dynamic-to-static l2l on ASA. But for multiple connections using ezvpn will be much easier. Following links may help you
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml -
Problem with configuring the application in websphere
Hi,
We have taken the back up of war file which was working and have deployed the same,We are using websphere as the application server due to some problem with the configuration we are getting the following error when we are trying to run the application.
Could any one please suggest on the same.
[7/22/08 5:04:30:766 EDT] 9f0473c WebGroup E SRVE0026E: [Servlet Error]-[GAServlet]: java.lang.NoClassDefFoundError: Error while defining class: com.xxrx.ga.al.GAServlet
This error indicates that the class: com.objectframe.servlet.OFServlet
could not be located while defining the class: com.xxrx.ga.al.GAServlet
This is often caused by having the class at a higher point in the classloader hierarchy
Dumping the current context classloader hierarchy:
==> indicates defining classloader
*** indicates classloader where the missing class could have been found
==>[0]
com.ibm.ws.classloader.CompoundClassLoader@1fec073f
Local ClassPath: C:\Documents and Settings\XG\Desktop\MyWorkspace\XG_Pilot\WebContent\WEB-INF\classes;C:\Documents and Settings\XG\Desktop\MyWorkspace\activation1;C:\Documents and Settings\XG\Desktop\MyWorkspace\classes121;C:\Documents and Settings\XG\Desktop\MyWorkspace\CLIENT-GDDRel40-QA.71;C:\Documents and Settings\XG\Desktop\MyWorkspace\cos1;C:\Documents and Settings\XG\Desktop\MyWorkspace\ejs1;C:\Documents and Settings\XG\Desktop\MyWorkspace\fscontext1;C:\Documents and Settings\XG\Desktop\MyWorkspace\jfoundations1;C:\Documents and Settings\XG\Desktop\MyWorkspace\JRAPI-GDDRel40-QA.71;C:\Documents and Settings\XG\Desktop\MyWorkspace\LOADER-GDDRel40-QA.71;C:\Documents and Settings\XG\Desktop\MyWorkspace\log4j1;C:\Documents and Settings\XG\Desktop\MyWorkspace\mail1;C:\Documents and Settings\XG\Desktop\MyWorkspace\MAILER-GDDRel40-QA.71;C:\Documents and Settings\XG\Desktop\MyWorkspace\mvcf-1.0.21;C:\Documents and Settings\XG\Desktop\MyWorkspace\providerutil1;C:\Documents and Settings\XG\Desktop\MyWorkspace\REPORT-GDDRel40-QA.71;C:\Documents and Settings\XG\Desktop\MyWorkspace\XG_Pilot\WebContent;
Delegation Mode: PARENT_FIRST
[1] com.ibm.ws.classloader.JarClassLoader@531728191 Local Classpath: Delegation mode: PARENT_FIRST
[2] com.ibm.ws.classloader.ExtJarClassLoader@1932756796 Local ClassPath: E:\XIP\IBM\WebSphere Studio\Application Developer IE\v5.1\runtimes\ee_v51\lib\app; Delegation Mode: PARENT_LAST
[3] com.ibm.ws.classloader.ProtectionClassLoader@723a473c
[4] com.ibm.ws.bootstrap.ExtClassLoader@3822873d
[5] sun.misc.Launcher$AppClassLoader@383fc73d
[6] sun.misc.Launcher$ExtClassLoader@3833c73d
---Original exception---
java.lang.NoClassDefFoundError: com/objectframe/servlet/OFServlet
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java(Compiled Code))
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java(Compiled Code))
at com.ibm.ws.classloader.CompoundClassLoader._defineClass(CompoundClassLoader.java:446)
at com.ibm.ws.classloader.CompoundClassLoader.findClass(CompoundClassLoader.java(Compiled Code))
at com.ibm.ws.classloader.CompoundClassLoader.loadClass(CompoundClassLoader.java:300)
at java.lang.ClassLoader.loadClass(ClassLoader.java(Compiled Code))
at java.beans.Beans.instantiate(Beans.java:201)
at java.beans.Beans.instantiate(Beans.java:62)
at com.ibm.ws.webcontainer.webapp.WebAppServletManager.loadServlet(WebAppServletManager.java:188)
at com.ibm.ws.webcontainer.webapp.WebAppServletManager.getServletReference(WebAppServletManager.java:455)
at com.ibm.ws.webcontainer.webapp.WebApp.getServletReference(WebApp.java:652)
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcherInfo.calculateInfo(WebAppRequestDispatcherInfo.java:187)
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcherInfo.<init>(WebAppRequestDispatcherInfo.java:68)
at com.ibm.ws.webcontainer.webapp.WebApp.getRequestDispatcher(WebApp.java:1462)
at com.ibm.ws.webcontainer.webapp.WebApp.getRequestDispatcher(WebApp.java:1421)
at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.java:268)
at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(CachedInvocation.java:71)
at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletRequestProcessor.java:182)
at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.java:334)
at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:56)
at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:618)
at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:443)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:672)
--- end Original exception----Hi Guillaume,
I have been "playing" with section you mentioned since yesterday, but I could reach my goal :(
An example of the problem is as following:
Manager 1 is added to both “Project Managers” and “Resource Managers”. Accordingly he is added to “My Projects” category permission.
Manager2.TeamLead1 (not a descendent of Manager 1) is added to only “Project Managers” and accordingly he is added to “My Projects” category permission.
I want (Manager2.TeamLead1)’s projects to viewable only for his Manager 2 (and the Director), not for Manager 1, because the Manager1 is not responsible for managing his work
How can I achieve that ?? :)
Thanks, -
Problem in configuring the File adapter communication channel in ID
Dear All ,
Scenario : <b>IDOC to Xml file</b>
While configuring File adapter configuration channel , I mentioned the following :
"File" in Adapter Type
" File system (NFS) " IN Transport Protocol
" File " in Message Protocol
but nothing appears in Adapter Engine ???
Can anybody help me to solve this problem . What could be the reason .
Thanks in Advance
Regards
PrabhatHi Prabhat
Please elaborate as to in which format you need the file at the receiver's end.
also, please go through this link:
/people/prateek.shah/blog/2005/06/08/introduction-to-idoc-xi-file-scenario-and-complete-walk-through-for-starters
Also there may be some error in sending Idocs, to review that, please go through this link:
http://help.sap.com/saphelp_nw04/helpdata/en/6a/e6194119d8f323e10000000a155106/frameset.htm
I hope it helps,
Thanks & Regards,
Varun Joshi -
Problem in Configuring the Object Editor User Interface
Hi,
I m using NetWeaver 7.0.11 & facing the problem in Configuring the Object Editor User Interface.In the Configuration Browser ,when i click on Object Editor & choose New Configuration & try to select service,it shows the flollowing error:
com.sap.caf.rt.exception.CAFBaseRuntimeException: Service manager initialization failed Illegal argument exception: Unable to create javax.ejb.EJBObject.
at com.sap.caf.rt.ui.cool.generic.ServiceFacade.init(ServiceFacade.java:121)
at com.sap.caf.rt.ui.cool.generic.ServiceFacade.<init>(ServiceFacade.java:50)
at com.sap.caf.rt.ui.cool.generic.ServiceFacadeFactory.getFacadeInstance(ServiceFacadeFactory.java:51)
at com.sap.caf.ui.utils.cool.CoolUtils.getServiceFacade(CoolUtils.java:123)
at com.sap.caf.ui.ptn.objecteditor.ObjectEditorCC.getServiceFacade(ObjectEditorCC.java:505)
at com.sap.caf.ui.ptn.objecteditor.wdp.InternalObjectEditorCC.getServiceFacade(InternalObjectEditorCC.java:245)
at com.sap.caf.ui.ptn.objecteditor.config.OEconfiguratorLayout.onActionSelectModule(OEconfiguratorLayout.java:322)
at com.sap.caf.ui.ptn.objecteditor.config.wdp.InternalOEconfiguratorLayout.wdInvokeEventHandler(InternalOEconfiguratorLayout.java:300)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:87)
at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:67)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doHandleActionEvent(WindowPhaseModel.java:420)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:132)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:759)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:712)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:261)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:160)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Can anybody please tell,what can be the problem?
regards
SumitHello Sumit
This is most probably the result of metadata corruption on runtime.
A possible workaround for this situation is:
Undeploy all the metadata DCs of all the CAF applications you have
deployed (these are the components which names end on "/metadata", excl.
caf/core/metadata and caf/tc/metadata (which are part of CAF itself)).
And then deploy the CAF applications again.
Regards,
Désiré -
i am facing problem when configuring listener.ora and tnsnamess.ora in listener side it is showing The listener supports no services The command completed successfully and in when i cross check with listener from tns it is showing the error
ORA-12514: TNS:listener does not currently know of service requested in connect
descriptor
here is my listener file
lsn =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.125.128)(PORT = 1575))
#ADR_BASE_LISTENER = /u01/app/oracle
(SID_LIST_LISTENER=
(SERVICE_NAME=kull)
(ORACLE_HOME=/u01/app/oracle/product/11.2.0/db_1)
tnsnames.ora
to_lsn=
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = server1)(PORT = 1575))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = kull )
my database name is kull
please somebody helpBiswaranjan wrote:
i have two database one is kull and another is kk
i configured listener.ora in kull
and tnsnames.ora in kk
when i am running lsnrctl start listener in database kull
This makes no sense. You don't configure a listener nor a tnsnames.ora "in a database". I hope this is just a language issue and not reflective of a fundamental misunderstanding of how tns works.
read: http://edstevensdba.wordpress.com/2011/02/09/sqlnet_overview/ Help! I can’t connect to my database
read: http://edstevensdba.wordpress.com/2011/02/16/sqlnet_client_cfg/ Help! I can’t connect to my database (part duex)
it is showing the message
Alias lsn
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 05-JUL-2013 19:08:06
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/11.2.0/db_1/log/diag/tnslsnr/server1/lsn/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1575)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=server1)(PORT=1575)))
The listener supports no services
The command completed successfully
and in another database in kk when i am giving the command tnsping to_lsn
it is giving this message
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = server1)(PORT = 1575)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = kull)))
OK (0 msec)
but when i am cross check sqlplus system/manager@ to_lsn
it is giving the following error
ORA-12514: TNS:listener does not currently know of service requested in connect
descriptor -
Basic Administration Radius configuration on the PIX using 6.2
I am looking for a real basic Radius login configuration for the PIX running 6.2. I just want to be able to have the Radius Server (Steel-Belted) authenticate and account for administrators that access the PIX for doing changes.
Thanks for any help in this issue.
ScottHere is how I did it in our Cisco 520 PIX firewalls:
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 0
aaa-server RADIUS (inside) host radius_server_ip radius_secret_key timeout 5
aaa-server LOCAL protocol local
aaa authentication enable console RADIUS LOCAL
aaa authentication http console RADIUS LOCAL
aaa authentication ssh console RADIUS LOCAL
aaa authentication telnet console RADIUS LOCAL
username admin password very_secret_password encrypted privilege 15
Of course, replace radius_server_ip with your own and radius_secret_key with a real one.
In the RADIUS server (I'm using IAS built-in in Windows 2000/2003 servers) I just defined a policy to allow only the group "Domain Admins" and added the firewall as clients with their own ip address and secret key.
Don't forget to add a username and a password, should your RADIUS server become unavailable, that will be your last resort to get in the PIX.
Catalin. -
Problem in configuring the HTTPS
hi all,
I am facing the problem in configuring HTTPS.I have fallowed the procedure given in the tomcat documentation.I am working with Tomcat 5.0.I have created my own certificate and it was stored in the home directory.
The problem i am facing was when configuring the tomcat's Server.xml file.I have removed the comments and the port number was 8443, which was in the xml tag.But when entering https://localhost:8443/ it was not giving the opening page instead it was giving the "page cannot displayed".
Can anybody please tell me the mistake i have did in configuring the server to HTTPs.Also please tell me the way to configure my IIS.
Thanks in advance
lakshmanhi all,
I did the configuration for the HTTPS in Tomcat.The page was opening and i have did the fallowing modification in the previous connector tag.
I have added the keyStoreFile which provides the Filepath of the .keyStore file.
Now the Https in Tomcat was working fine.
Thanks for your help and advice
lakshman -
What is the problem with native dynamic sql when counting rows in all table
what is the problem with native dynamic sql when counting rows in all table?Giving an error "table or view does not exist". Thanks.
DECLARE
v_sql_string varchar2(1000);
v_no_of_rows number;
BEGIN
for i in ( select table_name from all_tables )
loop
v_sql_string := ' select count(1) from ' || i.table_name;
dbms_output.put_line( v_sql_string );
--execute immediate v_sql_string into v_no_of_rows;
end loop;
END;Usually your problem can be described with 'Who cares'. I mean, for what reason do you do this? I doubt that there's a business need to get 100 % accurate answers for this. Normally such things are used to get a picture about the growth of data.
Personally I would prefer to have up-to-date statistics for all tables and just query the number of rows from there. Sufficient for me in < 99 % of all cases.
Just my $ .02... -
Site-to-Site VPN between ASA & PIX
Hi everyone,
If this has been posted before, which it probably has, I apologize in advance.
Basically, I have to configure a VPN between our NY ASA and a PIX we shipped to our LA office. The PIX is replacing an old Cisco router. The ASA is our main device which is configured for multiple VPN connections (and I have not touched this) and still has the old VPN config from that old Cisco router.
On my part, I configured the PIX with the same pre-share key, and security protocols as the old router. When I checked the log files of the ASA I see the error message: "tunnel manager has failed to establish an l2l sa all configured ike versions failed to establish the tunnel."
Since this is my first time setting up a PIX, I'm thinking there might be something the matter with my config, though I'm not exactly sure. The PIX config is as follows:
interface Ethernet0
nameif Outside
security-level 0
ip address 173.xxx.xxx.xxx 255.255.255.224
interface Ethernet1
nameif Inside
security-level 100
ip address 192.168.xxx.xxx 255.255.255.0
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
ftp mode passive
dns server-group DefaultDNS
domain-name xxxxxx.xxxxx.org
access-list acl_vpn extended permit ip 192.168.xxx.xxx 255.255.255.0 192.168.5.0 255.255.255.0
access-list acl_vpn extended permit ip 192.168.xxx.xxx 255.255.255.0 192.168.6.0 255.255.255.0
access-list acl_vpn extended permit ip 192.168.xxx.xxx 255.255.255.0 192.168.7.0 255.255.255.0
access-list acl_vpn extended permit ip 192.168.xxx.xxx 255.255.255.0 192.168.8.0 255.255.255.0
access-list acl_vpn extended permit ip 192.168.xxx.xxx 255.255.255.0 10.12.40.0 255.255.255.0
pager lines 24
mtu Outside 1500
mtu Inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Outside
no asdm history enable
arp timeout 14400
global (Outside) 1 173.xxx.xxx.xxx netmask 255.255.255.224
nat (Inside) 2 192.168.0.0 255.0.0.0
nat (Inside) 1 0.0.0.0 0.0.0.0
route Outside 0.0.0.0 0.0.0.0 173.xxx.xxx.xxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec df-bit clear-df Outside
crypto map mymap 1 match address acl_vpn
crypto map mymap 1 set pfs
crypto map mymap 1 set peer 69.18.xxx.xxx
crypto map mymap 1 set transform-set myset
crypto map mymap 1 set security-association lifetime seconds 28800
crypto map mymap 1 set security-association lifetime kilobytes 4608000
crypto isakmp identity address
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 5000
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 10000
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
tunnel-group 69.18.xxx.xxx type ipsec-l2l
tunnel-group 69.18.xxx.xxx ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
parameters
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
Cryptochecksum:ff5fe6ea51385f0d3f6580a5fdd73d40
: end
If you need further information, please let me know. Also any feedback would be greatly appreciated.
Thanks,
-SashaAlso,
It would seem to me that you have not configured NAT0 for the VPN traffic
This in most cases matches exactly the ACL used in the Crypto Map configurations.
I suggest that you use another ACL for this purpose though to avoid any future problems
access-list NAT0 extended permit ip 192.168.xxx.xxx 255.255.255.0 192.168.5.0 255.255.255.0
access-list NAT0 extended permit ip 192.168.xxx.xxx 255.255.255.0 192.168.6.0 255.255.255.0
access-list NAT0 extended permit ip 192.168.xxx.xxx 255.255.255.0 192.168.7.0 255.255.255.0
access-list NAT0 extended permit ip 192.168.xxx.xxx 255.255.255.0 192.168.8.0 255.255.255.0
access-list NAT0 extended permit ip 192.168.xxx.xxx 255.255.255.0 10.12.40.0 255.255.255.0
nat (inside) 0 access-list NAT0
The below command seems to be useless since it doesnt have a match "global" configuration for ID 2
nat (Inside) 2 192.168.0.0 255.0.0.0
- Jouni -
Problem with Remote Access VPN on ASA 5505
I am currently having an issue configuring an ASA 5505 to connect via remote access VPN using the Cisco VPN Client 5.0.07.0440 running on Windows 8 Pro x64. The VPN client prompts for the username and password during the connect process, but fails soon after.
The VPN client logs are as follows:
Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.2.9200
2 15:09:21.240 12/11/12 Sev=Info/4 CM/0x63100002
Begin connection process
3 15:09:21.287 12/11/12 Sev=Info/4 CM/0x63100004
Establish secure connection
4 15:09:21.287 12/11/12 Sev=Info/4 CM/0x63100024
Attempt connection with server "**.**.***.***"
5 15:09:21.287 12/11/12 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with **.**.***.***.
6 15:09:21.287 12/11/12 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
7 15:09:21.303 12/11/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to **.**.***.***
8 15:09:21.365 12/11/12 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
9 15:09:21.334 12/11/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
10 15:09:21.334 12/11/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?)) from **.**.***.***
11 15:09:21.334 12/11/12 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
12 15:09:21.334 12/11/12 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
13 15:09:21.334 12/11/12 Sev=Info/5 IKE/0x63000001
Peer supports DPD
14 15:09:21.334 12/11/12 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
15 15:09:21.334 12/11/12 Sev=Info/5 IKE/0x63000001
Peer supports IKE fragmentation payloads
16 15:09:21.334 12/11/12 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
17 15:09:21.334 12/11/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to **.**.***.***
18 15:09:21.334 12/11/12 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
19 15:09:21.334 12/11/12 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0xFBCE, Remote Port = 0x1194
20 15:09:21.334 12/11/12 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
21 15:09:21.334 12/11/12 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
22 15:09:21.365 12/11/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
23 15:09:21.365 12/11/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from **.**.***.***
24 15:09:21.365 12/11/12 Sev=Info/4 CM/0x63100015
Launch xAuth application
25 15:09:21.474 12/11/12 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
26 15:09:21.474 12/11/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
27 15:09:27.319 12/11/12 Sev=Info/4 CM/0x63100017
xAuth application returned
28 15:09:27.319 12/11/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to **.**.***.***
29 15:09:27.365 12/11/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
30 15:09:27.365 12/11/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from **.**.***.***
31 15:09:27.365 12/11/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to **.**.***.***
32 15:09:27.365 12/11/12 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
33 15:09:27.365 12/11/12 Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator
34 15:09:27.365 12/11/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to **.**.***.***
35 15:09:27.397 12/11/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
36 15:09:27.397 12/11/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from **.**.***.***
37 15:09:27.397 12/11/12 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.2.70
38 15:09:27.397 12/11/12 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK: , value = 255.255.255.0
39 15:09:27.397 12/11/12 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.2.1
40 15:09:27.397 12/11/12 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(2): , value = 8.8.8.8
41 15:09:27.397 12/11/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000001
42 15:09:27.397 12/11/12 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = NCHCO
43 15:09:27.397 12/11/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
44 15:09:27.397 12/11/12 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc ASA5505 Version 8.2(5) built by builders on Fri 20-May-11 16:00
45 15:09:27.397 12/11/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SMARTCARD_REMOVAL_DISCONNECT: , value = 0x00000001
46 15:09:27.397 12/11/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194
47 15:09:27.397 12/11/12 Sev=Info/4 CM/0x63100019
Mode Config data received
48 15:09:27.412 12/11/12 Sev=Info/4 IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.2.70, GW IP = **.**.***.***, Remote IP = 0.0.0.0
49 15:09:27.412 12/11/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to **.**.***.***
50 15:09:27.444 12/11/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
51 15:09:27.444 12/11/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from **.**.***.***
52 15:09:27.444 12/11/12 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
53 15:09:27.444 12/11/12 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 6 seconds, setting expiry to 86394 seconds from now
54 15:09:27.459 12/11/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
55 15:09:27.459 12/11/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from **.**.***.***
56 15:09:27.459 12/11/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to **.**.***.***
57 15:09:27.459 12/11/12 Sev=Info/4 IKE/0x63000049
Discarding IPsec SA negotiation, MsgID=CE99A8A8
58 15:09:27.459 12/11/12 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=A3A341F1C7606AD5 R_Cookie=F1F403018625E924) reason = DEL_REASON_IKE_NEG_FAILED
59 15:09:27.459 12/11/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.***.***
60 15:09:27.459 12/11/12 Sev=Info/4 IKE/0x63000058
Received an ISAKMP message for a non-active SA, I_Cookie=A3A341F1C7606AD5 R_Cookie=F1F403018625E924
61 15:09:27.459 12/11/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(Dropped) from **.**.***.***
62 15:09:27.490 12/11/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
63 15:09:30.475 12/11/12 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=A3A341F1C7606AD5 R_Cookie=F1F403018625E924) reason = DEL_REASON_IKE_NEG_FAILED
64 15:09:30.475 12/11/12 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
65 15:09:30.475 12/11/12 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
66 15:09:30.475 12/11/12 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
67 15:09:30.475 12/11/12 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
68 15:09:30.475 12/11/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
69 15:09:30.475 12/11/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
70 15:09:30.475 12/11/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
71 15:09:30.475 12/11/12 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
The running configuration is as follows (there is a site-to-site VPN set up as well to another ASA 5505, but that is working flawlessly):
: Saved
ASA Version 8.2(5)
hostname NCHCO
enable password hTjwXz/V8EuTw9p9 encrypted
passwd hTjwXz/V8EuTw9p9 encrypted
names
name 192.168.2.0 NCHCO description City Offices
name 192.168.2.80 VPN_End
name 192.168.2.70 VPN_Start
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address **.**.***.*** 255.255.255.248
boot system disk0:/asa825-k8.bin
ftp mode passive
access-list outside_nat0_outbound extended permit ip NCHCO 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip NCHCO 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.2.64 255.255.255.224
access-list outside_1_cryptomap extended permit ip NCHCO 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside_1_cryptomap_1 extended permit ip NCHCO 255.255.255.0 192.168.1.0 255.255.255.0
access-list LAN_Access standard permit NCHCO 255.255.255.0
access-list LAN_Access standard permit 0.0.0.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPN_Pool VPN_Start-VPN_End mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (outside) 0 access-list outside_nat0_outbound
route outside 0.0.0.0 0.0.0.0 74.219.208.49 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
network-acl outside_nat0_outbound
webvpn
svc ask enable default svc
http server enable
http 192.168.1.0 255.255.255.0 inside
http **.**.***.*** 255.255.255.255 outside
http 74.218.158.238 255.255.255.255 outside
http NCHCO 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set l2tp-transform esp-3des esp-sha-hmac
crypto ipsec transform-set l2tp-transform mode transport
crypto ipsec transform-set vpn-transform esp-aes-256 esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map dyn-map 10 set pfs group1
crypto dynamic-map dyn-map 10 set transform-set l2tp-transform vpn-transform
crypto dynamic-map dyn-map 10 set reverse-route
crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_MD5
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer 74.219.208.50
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto map vpn-map 1 match address outside_1_cryptomap_1
crypto map vpn-map 1 set pfs group1
crypto map vpn-map 1 set peer 74.219.208.50
crypto map vpn-map 1 set transform-set ESP-3DES-SHA
crypto map vpn-map 10 ipsec-isakmp dynamic dyn-map
crypto isakmp identity address
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 15
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 35
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp ipsec-over-tcp port 10000
client-update enable
telnet 192.168.1.0 255.255.255.0 inside
telnet NCHCO 255.255.255.0 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh NCHCO 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd address 192.168.2.150-192.168.2.225 inside
dhcpd dns 216.68.4.10 216.68.5.10 interface inside
dhcpd lease 64000 interface inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.2.1
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value nchco.local
group-policy DfltGrpPolicy attributes
dns-server value 192.168.2.1
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
password-storage enable
ipsec-udp enable
intercept-dhcp 255.255.255.0 enable
address-pools value VPN_Pool
group-policy NCHVPN internal
group-policy NCHVPN attributes
dns-server value 192.168.2.1 8.8.8.8
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value NCHCO
username admin password LbMiJuAJjDaFb2uw encrypted privilege 15
username 8njferg password yB1lHEVmHZGj5C2Z encrypted privilege 15
username NCHvpn99 password QhZZtJfwbnowceB7 encrypted
tunnel-group DefaultRAGroup general-attributes
address-pool (inside) VPN_Pool
address-pool VPN_Pool
authentication-server-group (inside) LOCAL
authentication-server-group (outside) LOCAL
authorization-server-group LOCAL
authorization-server-group (inside) LOCAL
authorization-server-group (outside) LOCAL
default-group-policy DefaultRAGroup
strip-realm
strip-group
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *****
peer-id-validate nocheck
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
no authentication ms-chap-v1
authentication ms-chap-v2
tunnel-group DefaultWEBVPNGroup ppp-attributes
authentication pap
authentication ms-chap-v2
tunnel-group 74.219.208.50 type ipsec-l2l
tunnel-group 74.219.208.50 ipsec-attributes
pre-shared-key *****
tunnel-group NCHVPN type remote-access
tunnel-group NCHVPN general-attributes
address-pool VPN_Pool
default-group-policy NCHVPN
tunnel-group NCHVPN ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:15852745977ff159ba808c4a4feb61fa
: end
asdm image disk0:/asdm-645.bin
asdm location VPN_Start 255.255.255.255 inside
asdm location VPN_End 255.255.255.255 inside
no asdm history enable
Anyone have any idea why this is happening?
Thanks!Thanks again for your reply, and sorry about the late response, havent gotten back to this issue until just now. I applied the above command as you specified, and unfortunately, it did not resolve the problem. Below are the logs from the VPN Client for the connection + attempted browsing of a network share that is behind the ASA, and the new running configuration.
VPN Client Log:
Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.2.9200
331 13:11:41.362 12/17/12 Sev=Info/4 CM/0x63100002
Begin connection process
332 13:11:41.362 12/17/12 Sev=Info/4 CM/0x63100004
Establish secure connection
333 13:11:41.362 12/17/12 Sev=Info/4 CM/0x63100024
Attempt connection with server "69.61.228.178"
334 13:11:41.362 12/17/12 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 69.61.228.178.
335 13:11:41.362 12/17/12 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
336 13:11:41.424 12/17/12 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
337 13:11:41.362 12/17/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 69.61.228.178
338 13:11:41.393 12/17/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 69.61.228.178
339 13:11:41.393 12/17/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?)) from 69.61.228.178
340 13:11:41.393 12/17/12 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
341 13:11:41.393 12/17/12 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
342 13:11:41.393 12/17/12 Sev=Info/5 IKE/0x63000001
Peer supports DPD
343 13:11:41.393 12/17/12 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
344 13:11:41.393 12/17/12 Sev=Info/5 IKE/0x63000001
Peer supports IKE fragmentation payloads
345 13:11:41.393 12/17/12 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
346 13:11:41.393 12/17/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 69.61.228.178
347 13:11:41.393 12/17/12 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
348 13:11:41.393 12/17/12 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0xD271, Remote Port = 0x1194
349 13:11:41.393 12/17/12 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
350 13:11:41.393 12/17/12 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
351 13:11:41.424 12/17/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 69.61.228.178
352 13:11:41.424 12/17/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 69.61.228.178
353 13:11:41.424 12/17/12 Sev=Info/4 CM/0x63100015
Launch xAuth application
354 13:11:41.424 12/17/12 Sev=Info/4 CM/0x63100017
xAuth application returned
355 13:11:41.424 12/17/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 69.61.228.178
356 13:11:41.456 12/17/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 69.61.228.178
357 13:11:41.456 12/17/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 69.61.228.178
358 13:11:41.456 12/17/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 69.61.228.178
359 13:11:41.456 12/17/12 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
360 13:11:41.456 12/17/12 Sev=Info/5 IKE/0x6300005E
Client sending a firewall request to concentrator
361 13:11:41.456 12/17/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 69.61.228.178
362 13:11:41.502 12/17/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 69.61.228.178
363 13:11:41.502 12/17/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 69.61.228.178
364 13:11:41.502 12/17/12 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.2.70
365 13:11:41.502 12/17/12 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK: , value = 255.255.255.0
366 13:11:41.502 12/17/12 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.2.1
367 13:11:41.502 12/17/12 Sev=Info/5 IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(2): , value = 8.8.8.8
368 13:11:41.502 12/17/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000001
369 13:11:41.502 12/17/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000001
370 13:11:41.502 12/17/12 Sev=Info/5 IKE/0x6300000F
SPLIT_NET #1
subnet = 192.168.2.0
mask = 255.255.255.0
protocol = 0
src port = 0
dest port=0
371 13:11:41.502 12/17/12 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = NCHCO.local
372 13:11:41.502 12/17/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
373 13:11:41.502 12/17/12 Sev=Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc ASA5505 Version 8.4(1) built by builders on Mon 31-Jan-11 02:11
374 13:11:41.502 12/17/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SMARTCARD_REMOVAL_DISCONNECT: , value = 0x00000001
375 13:11:41.502 12/17/12 Sev=Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194
376 13:11:41.502 12/17/12 Sev=Info/4 CM/0x63100019
Mode Config data received
377 13:11:41.502 12/17/12 Sev=Info/4 IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.2.70, GW IP = 69.61.228.178, Remote IP = 0.0.0.0
378 13:11:41.502 12/17/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 69.61.228.178
379 13:11:41.534 12/17/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 69.61.228.178
380 13:11:41.534 12/17/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from 69.61.228.178
381 13:11:41.534 12/17/12 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
382 13:11:41.534 12/17/12 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 0 seconds, setting expiry to 86400 seconds from now
383 13:11:41.549 12/17/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 69.61.228.178
384 13:11:41.549 12/17/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIME) from 69.61.228.178
385 13:11:41.549 12/17/12 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 28800 seconds
386 13:11:41.549 12/17/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH) to 69.61.228.178
387 13:11:41.549 12/17/12 Sev=Info/5 IKE/0x63000059
Loading IPsec SA (MsgID=C4F5B5A6 OUTBOUND SPI = 0xD2DBADEA INBOUND SPI = 0x14762837)
388 13:11:41.549 12/17/12 Sev=Info/5 IKE/0x63000025
Loaded OUTBOUND ESP SPI: 0xD2DBADEA
389 13:11:41.549 12/17/12 Sev=Info/5 IKE/0x63000026
Loaded INBOUND ESP SPI: 0x14762837
390 13:11:41.549 12/17/12 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.162 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.162 192.168.1.162 266
192.168.1.162 255.255.255.255 192.168.1.162 192.168.1.162 266
192.168.1.255 255.255.255.255 192.168.1.162 192.168.1.162 266
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 192.168.1.162 192.168.1.162 266
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 192.168.1.162 192.168.1.162 266
391 13:11:41.877 12/17/12 Sev=Info/6 CVPND/0x63400001
Launch VAInst64 to control IPSec Virtual Adapter
392 13:11:43.455 12/17/12 Sev=Info/4 CM/0x63100034
The Virtual Adapter was enabled:
IP=192.168.2.70/255.255.255.0
DNS=192.168.2.1,8.8.8.8
WINS=0.0.0.0,0.0.0.0
Domain=NCHCO.local
Split DNS Names=
393 13:11:43.455 12/17/12 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.162 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.162 192.168.1.162 266
192.168.1.162 255.255.255.255 192.168.1.162 192.168.1.162 266
192.168.1.255 255.255.255.255 192.168.1.162 192.168.1.162 266
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 192.168.1.162 192.168.1.162 266
224.0.0.0 240.0.0.0 0.0.0.0 0.0.0.0 266
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 192.168.1.162 192.168.1.162 266
255.255.255.255 255.255.255.255 0.0.0.0 0.0.0.0 266
394 13:11:47.517 12/17/12 Sev=Info/4 CM/0x63100038
Successfully saved route changes to file.
395 13:11:47.517 12/17/12 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.162 10
69.61.228.178 255.255.255.255 192.168.1.1 192.168.1.162 100
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.162 192.168.1.162 266
192.168.1.2 255.255.255.255 192.168.1.162 192.168.1.162 100
192.168.1.162 255.255.255.255 192.168.1.162 192.168.1.162 266
192.168.1.255 255.255.255.255 192.168.1.162 192.168.1.162 266
192.168.2.0 255.255.255.0 192.168.2.70 192.168.2.70 266
192.168.2.0 255.255.255.0 192.168.2.1 192.168.2.70 100
192.168.2.70 255.255.255.255 192.168.2.70 192.168.2.70 266
192.168.2.255 255.255.255.255 192.168.2.70 192.168.2.70 266
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 192.168.1.162 192.168.1.162 266
224.0.0.0 240.0.0.0 192.168.2.70 192.168.2.70 266
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 192.168.1.162 192.168.1.162 266
255.255.255.255 255.255.255.255 192.168.2.70 192.168.2.70 266
396 13:11:47.517 12/17/12 Sev=Info/6 CM/0x63100036
The routing table was updated for the Virtual Adapter
397 13:11:47.517 12/17/12 Sev=Info/4 CM/0x6310001A
One secure connection established
398 13:11:47.517 12/17/12 Sev=Info/4 CM/0x6310003B
Address watch added for 192.168.1.162. Current hostname: MATT-PC, Current address(es): 192.168.2.70, 192.168.1.162.
399 13:11:47.517 12/17/12 Sev=Info/4 CM/0x6310003B
Address watch added for 192.168.2.70. Current hostname: MATT-PC, Current address(es): 192.168.2.70, 192.168.1.162.
400 13:11:47.517 12/17/12 Sev=Info/5 CM/0x63100001
Did not find the Smartcard to watch for removal
401 13:11:47.517 12/17/12 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
402 13:11:47.517 12/17/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
403 13:11:47.517 12/17/12 Sev=Info/6 IPSEC/0x6370002C
Sent 109 packets, 0 were fragmented.
404 13:11:47.517 12/17/12 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
405 13:11:47.517 12/17/12 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
406 13:11:47.517 12/17/12 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0xeaaddbd2 into key list
407 13:11:47.517 12/17/12 Sev=Info/4 IPSEC/0x63700010
Created a new key structure
408 13:11:47.517 12/17/12 Sev=Info/4 IPSEC/0x6370000F
Added key with SPI=0x37287614 into key list
409 13:11:47.517 12/17/12 Sev=Info/4 IPSEC/0x6370002F
Assigned VA private interface addr 192.168.2.70
410 13:11:47.517 12/17/12 Sev=Info/4 IPSEC/0x63700037
Configure public interface: 192.168.1.162. SG: 69.61.228.178
411 13:11:47.517 12/17/12 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 1.
412 13:11:52.688 12/17/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 69.61.228.178
413 13:11:52.688 12/17/12 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 69.61.228.178, our seq# = 2722476009
414 13:11:52.704 12/17/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 69.61.228.178
415 13:11:52.704 12/17/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 69.61.228.178
416 13:11:52.704 12/17/12 Sev=Info/5 IKE/0x63000040
Received DPD ACK from 69.61.228.178, seq# received = 2722476009, seq# expected = 2722476009
417 13:12:03.187 12/17/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 69.61.228.178
418 13:12:03.187 12/17/12 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 69.61.228.178, our seq# = 2722476010
419 13:12:03.202 12/17/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 69.61.228.178
420 13:12:03.202 12/17/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 69.61.228.178
421 13:12:03.202 12/17/12 Sev=Info/5 IKE/0x63000040
Received DPD ACK from 69.61.228.178, seq# received = 2722476010, seq# expected = 2722476010
422 13:12:14.185 12/17/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 69.61.228.178
423 13:12:14.185 12/17/12 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 69.61.228.178, our seq# = 2722476011
424 13:12:14.201 12/17/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 69.61.228.178
425 13:12:14.201 12/17/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 69.61.228.178
426 13:12:14.201 12/17/12 Sev=Info/5 IKE/0x63000040
Received DPD ACK from 69.61.228.178, seq# received = 2722476011, seq# expected = 2722476011
427 13:12:24.762 12/17/12 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 69.61.228.178
428 13:12:24.762 12/17/12 Sev=Info/6 IKE/0x6300003D
Sending DPD request to 69.61.228.178, our seq# = 2722476012
429 13:12:24.778 12/17/12 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 69.61.228.178
430 13:12:24.778 12/17/12 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 69.61.228.178
431 13:12:24.778 12/17/12 Sev=Info/5 IKE/0x63000040
Received DPD ACK from 69.61.228.178, seq# received = 2722476012, seq# expected = 2722476012
New running configuration:
: Saved
ASA Version 8.4(1)
hostname NCHCO
enable password hTjwXz/V8EuTw9p9 encrypted
passwd hTjwXz/V8EuTw9p9 encrypted
names
name 192.168.2.0 NCHCO description City Offices
name 192.168.2.80 VPN_End
name 192.168.2.70 VPN_Start
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 69.61.228.178 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
boot system disk0:/asa841-k8.bin
ftp mode passive
object network NCHCO
subnet 192.168.2.0 255.255.255.0
object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
object network obj-192.168.2.64
subnet 192.168.2.64 255.255.255.224
object network obj-0.0.0.0
subnet 0.0.0.0 255.255.255.0
object network obj_any
subnet 0.0.0.0 0.0.0.0
access-list outside_nat0_outbound extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list outside_nat0_outbound extended permit ip object NCHCO 192.168.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.2.64 255.255.255.224
access-list inside_nat0_outbound extended permit ip 0.0.0.0 255.255.255.0 192.168.2.64 255.255.255.224
access-list outside_1_cryptomap extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list outside_1_cryptomap_1 extended permit ip object NCHCO 192.168.1.0 255.255.255.0
access-list LAN_Access standard permit 192.168.2.0 255.255.255.0
access-list LAN_Access standard permit 0.0.0.0 255.255.255.0
access-list NCHCO_splitTunnelAcl_1 standard permit 192.168.2.0 255.255.255.0
access-list AnyConnect_Client_Local_Print extended deny ip any any
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPN_Pool VPN_Start-VPN_End mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-649.bin
no asdm history enable
arp timeout 14400
nat (inside,any) source static NCHCO NCHCO destination static obj-192.168.1.0 obj-192.168.1.0
nat (inside,any) source static any any destination static obj-192.168.2.64 obj-192.168.2.64
nat (inside,any) source static obj-0.0.0.0 obj-0.0.0.0 destination static obj-192.168.2.64 obj-192.168.2.64
object network obj_any
nat (inside,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 69.61.228.177 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
network-acl outside_nat0_outbound
webvpn
svc ask enable default svc
http server enable
http 192.168.1.0 255.255.255.0 inside
http 69.61.228.178 255.255.255.255 outside
http 74.218.158.238 255.255.255.255 outside
http NCHCO 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set l2tp-transform esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set l2tp-transform mode transport
crypto ipsec ikev1 transform-set vpn-transform esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_MD5 mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map dyn-map 10 set pfs group1
crypto dynamic-map dyn-map 10 set ikev1 transform-set l2tp-transform vpn-transform
crypto dynamic-map dyn-map 10 set reverse-route
crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer 74.219.208.50
crypto map outside_map 1 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto map vpn-map 1 match address outside_1_cryptomap_1
crypto map vpn-map 1 set pfs group1
crypto map vpn-map 1 set peer 74.219.208.50
crypto map vpn-map 1 set ikev1 transform-set ESP-3DES-SHA
crypto map vpn-map 10 ipsec-isakmp dynamic dyn-map
crypto isakmp identity address
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 ipsec-over-tcp port 10000
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto ikev1 policy 15
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 35
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
client-update enable
telnet 192.168.1.0 255.255.255.0 inside
telnet NCHCO 255.255.255.0 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh NCHCO 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd address 192.168.2.150-192.168.2.225 inside
dhcpd dns 216.68.4.10 216.68.5.10 interface inside
dhcpd lease 64000 interface inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.2.1
vpn-tunnel-protocol ikev1 l2tp-ipsec
default-domain value nchco.local
group-policy DfltGrpPolicy attributes
dns-server value 192.168.2.1
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
password-storage enable
ipsec-udp enable
intercept-dhcp 255.255.255.0 enable
address-pools value VPN_Pool
group-policy NCHCO internal
group-policy NCHCO attributes
dns-server value 192.168.2.1 8.8.8.8
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value NCHCO_splitTunnelAcl_1
default-domain value NCHCO.local
username admin password LbMiJuAJjDaFb2uw encrypted privilege 15
username 8njferg password yB1lHEVmHZGj5C2Z encrypted privilege 15
username NCHvpn99 password dhn.JzttvRmMbHsP encrypted
tunnel-group DefaultRAGroup general-attributes
address-pool (inside) VPN_Pool
address-pool VPN_Pool
authentication-server-group (inside) LOCAL
authentication-server-group (outside) LOCAL
authorization-server-group LOCAL
authorization-server-group (inside) LOCAL
authorization-server-group (outside) LOCAL
default-group-policy DefaultRAGroup
strip-realm
strip-group
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate nocheck
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
no authentication ms-chap-v1
authentication ms-chap-v2
tunnel-group DefaultWEBVPNGroup ppp-attributes
authentication pap
authentication ms-chap-v2
tunnel-group 74.219.208.50 type ipsec-l2l
tunnel-group 74.219.208.50 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group NCHCO type remote-access
tunnel-group NCHCO general-attributes
address-pool VPN_Pool
default-group-policy NCHCO
tunnel-group NCHCO ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:b6ce58676b6aaeba48caacbeefea53a5
: end
asdm image disk0:/asdm-649.bin
asdm location VPN_Start 255.255.255.255 inside
asdm location VPN_End 255.255.255.255 inside
no asdm history enable
I'm at a loss myself as to why this isn't working, and i'm sure that you are running out of solutions yourself. Any other ideas? I really need to get this working.
Thanks so much!
Matthew
Maybe you are looking for
-
Ipod will not sync to itunes, just stops half way and freezes the computer
my ipod has suddenly stopped syncing to itunes half way through and freezes the computer. it is not the songs because they sync to my phone. how can i fix this?
-
NX7600GT Diamond Plus and fan speed with Dual Core Center
I just got a NX 7600GT Diamond Plus for my HTPC. I noted that Riva Tuner and other utilities are not able to control the fan speed of the video card. The only way one can control the fan speed is via Dual Core Center and 3D Core Cell. The problem is
-
Otterbox defender case sometimes prevents touch screen operation
My Droid charge screen goes black during or at the end of a phone call and no amount of touching the screen or pushing the buttons on the phone anywhere makes any difference. I have to take the rubber covering off and open the Otterbox case to get t
-
LSMW - Read Data not showing in Converted Data
Hi, I am using LSMW to load data from a flat file (via recording). I have it working except I have one issue. When I display the data in read data all fields are showing. No errors popup when I select convert data. When I select display converted
-
In some situation ctxsrv fails with the following error message: Oracle interMedia Text: Release 8.1.6.0.0 - Production on Fri May 12 12:37:49 20 00 (c) Copyright 1999 Oracle Corporation. All rights reserved. 12:37:49 05/12/00 === OCO server startup