Remote access VPN with Cisco Router - Can not get the Internal Lan .

Similar Messages

• Help with Remote access VPN on Cisco router 3925 via Dialer Interface

  Hi Everybody,
  I need help for my work now, I appreciate if someone can fix my problem.I have a Cisco router 3925 and access Internet via PPPoE link.  I want config VPN Remote Access and using software Cisco VPN client. But it doesn't  work.. Here my config router :
  HUNRE#show running-config
  Building configuration...
  Current configuration : 5515 bytes
  ! No configuration change since last restart
  version 15.3
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname HUNRE
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$vEFw$rLfvLglzUgddCVwXDx03K.
  enable password cisco
  aaa new-model
  aaa session-id common
  crypto pki trustpoint TP-self-signed-1050416327
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-1050416327
   revocation-check none
   rsakeypair TP-self-signed-1050416327
  crypto pki certificate chain TP-self-signed-1050416327
   certificate self-signed 01
    3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31303530 34313633 3237301E 170D3134 30393235 31313534
    31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30353034
    31363332 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100CC79 74FCFABE 81183B70 5A9F4A53 EB609754 7D5F8587 9150B76E 3207A86E
    5B65F9E9 6CDAC21A 6D69221D 1FF61632 14763308 43B2A1CC 8EE5ABAC EF07530E
    3F0D35FE F08C955B 60B52B92 F8F54D53 DD6DD623 01F83493 02F9C49A F0C3483D
    3B48A008 8D96700E 88924BFE DE00201B DE5965DE 32898CAD 9012AB55 76B6F39B
    2D470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
    551D2304 18301680 14C3418C BC35F3D9 B26B2475 2BB5F826 060525AB B3301D06
    03551D0E 04160414 C3418CBC 35F3D9B2 6B24752B B5F82606 0525ABB3 300D0609
    2A864886 F70D0101 05050003 81810070 AC7C26C6 4606A551 1A3FD6C5 2A5AEAE8
    35DAC86E F8885E26 51F6EEAE 7565D3AA D532C8F3 55F6656F D103F38C 8FBDE7F1
    83E77143 76469040 7FEA41E8 14963DB3 F7F28EA0 C5F2F42C B186B75C AAB04900
    15F9CB38 A16964F5 4E7B4378 35041AA8 AE8EC181 D58D6A62 676E286A 7B9D80E6
    35A0B9FB FB76E976 3D2A19D7 006078
          quit
  ip name-server 210.245.1.253
  ip name-server 210.245.1.254
  ip cef    
  no ipv6 cef
  multilink bundle-name authenticated
  vpdn enable
  vpdn-group 1
  vpdn-group 2
  license udi pid C3900-SPE100/K9 sn FOC1823839B
  license boot module c3900 technology-package securityk9
  username cisco privilege 15 secret 5 $1$aAjB$D3iLyPFTE7O1bHPnKSJcH0
  username kdhong privilege 15 secret 5 $1$nfyX$FO1BPTabCUaE6uKQwpLT.1
  redundancy
  track 1 ip sla 1 reachability
  track 2 ip sla 2 reachability
  crypto isakmp policy 1
   encr 3des
   authentication pre-share
   group 2
  crypto isakmp client configuration group VPN-HUNRE
   key hunre
   dns 8.8.8.8
   domain hunre
   pool IP-VPN
   acl 199
   max-users 100
  crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
   mode tunnel
  crypto dynamic-map DYNMAP 1
   set transform-set encrypt-method-1
  crypto map VPN client configuration address respond
  crypto map VPN 65535 ipsec-isakmp dynamic DYNMAP
  interface Embedded-Service-Engine0/0
   no ip address
   shutdown
  interface GigabitEthernet0/0
   ip address 192.168.1.1 255.255.255.0
   ip mtu 1492
   ip nat inside
   ip virtual-reassembly in
   ip tcp adjust-mss 1412
   duplex auto
   speed auto
  interface GigabitEthernet0/1
   description FPT
   no ip address
   ip tcp adjust-mss 1412
   duplex auto
   speed auto
   pppoe enable group global
   pppoe-client dial-pool-number 1
  interface GigabitEthernet0/2
   description Connect to CMC
   no ip address
   ip mtu 1442
   ip nat outside
   ip virtual-reassembly in
   ip tcp adjust-mss 1412
   duplex auto
   speed auto
   pppoe enable group global
   pppoe-client dial-pool-number 2
   no cdp enable
  interface Dialer1
   ip address negotiated
   ip mtu 1452
   ip nat outside
   ip virtual-reassembly in
   encapsulation ppp
   dialer pool 1
   dialer-group 1
   ppp authentication chap pap callin
   ppp chap hostname [USERNAME]
   ppp chap password 0 [PASSWORD]
   ppp pap sent-username [USERNAME] password 0 [PASSWORD]
   ppp ipcp dns request
   crypto map VPN
  interface Dialer2
   description Logical ADSL Interface 2
   ip address negotiated
   ip mtu 1442
   ip nat outside
   ip virtual-reassembly in
   encapsulation ppp
   ip tcp adjust-mss 1344
   dialer pool 2
   dialer-group 2
   ppp authentication chap pap callin
   ppp chap hostname [USERNAME]
   ppp chap password 0 [PASSWORD]
   ppp pap sent-username [USERNAME] password 0 [PASSWORD]
   ppp ipcp address accept
   no cdp enable
  ip local pool IP-VPN 10.252.252.2 10.252.252.245
  ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  ip nat inside source list 10 interface Dialer1 overload
  ip nat inside source list 11 interface Dialer2 overload
  ip nat inside source static 10.159.217.10 interface Dialer1
  ip nat inside source list 199 interface Dialer1 overload
  ip nat inside source static tcp 10.159.217.10 80 210.245.54.49 80 extendable
  ip nat inside source static tcp 10.159.217.10 3389 210.245.54.49 3389 extendable
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip route 10.159.217.0 255.255.255.0 192.168.1.8
  ip sla auto discovery
  ip sla responder
  dialer-list 1 protocol ip permit
  dialer-list 2 protocol ip permit
  access-list 10 permit any
  access-list 11 permit any
  access-list 101 permit icmp any any
  access-list 199 permit ip any any
  control-plane
  line con 0
  line aux 0
  line 2
   no activation-character
   no exec
   transport preferred none
   transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
   stopbits 1
  line vty 0 4
   password cisco
   transport input all
  line vty 5 15
   password cisco
   transport input all
  scheduler allocate 20000 1000
  ntp master
  end
  However, I cannot ping interfac Dialer 1. I using Cisco vpn client software ver 5.0.07.0290.
  Hopeful for your answers !
  Thanks

  Hi David Castro,
  Thanks for your answer,
  I configed following your guide, but it have not worked yet. I saw that I cannot ping IP gateway Internet . I using ADSL Internet and config PPPoE  and my router receive IP from ISP. Here show ip int brief :
  GigabitEthernet0/0         192.168.1.1     YES NVRAM  up                    up      
  GigabitEthernet0/1         unassigned      YES NVRAM  up                    up      
  GigabitEthernet0/2         unassigned      YES NVRAM  up                    up      
  Dialer1                    210.245.54.49   YES IPCP   up                    up      
  Dialer2                    101.99.7.73     YES IPCP   up                    up      
  NVI0                       192.168.1.1     YES unset  up                    up      
  Virtual-Access1            unassigned      YES unset  up                    up      
  Virtual-Access2            unassigned      YES unset  up                    up      
  Virtual-Access3            unassigned      YES unset  up                    up 
  But I cannot ping Interface Dialer 1, so may be VPN is does not worked. Do you have some ideal ?
  Thanks very much !

• Remote access VPN with ASA 5510 using DHCP server

  Hi,
  Can someone please share your knowledge to help me find why I am not able to receive an IP address on remote access VPN connection while I can get an IP address on local DHCP pool?
  I am trying to setup remote access VPN with ASA 5510. It works with local dhcp pool but doesn't seem to work when I tried using an existing DHCP server. It is being tested in an internal network as follows:
  ASA Version 8.2(5)
  interface Ethernet0/1
  nameif inside
  security-level 100
  ip address 10.6.0.12 255.255.254.0
  ip local pool testpool 10.6.240.150-10.6.240.159 mask 255.255.248.0 !(worked with this)
  route inside 0.0.0.0 0.0.0.0 10.6.0.1 1
  crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map dyn1 1 set transform-set FirstSet
  crypto map mymap 1 ipsec-isakmp dynamic dyn1
  crypto map mymap interface inside
  crypto isakmp enable inside
  crypto isakmp policy 1
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 43200
  vpn-addr-assign aaa
  vpn-addr-assign dhcp
  group-policy testgroup internal
  group-policy testgroup attributes
  dhcp-network-scope 10.6.192.1
  ipsec-udp enable
  ipsec-udp-port 10000
  username testlay password *********** encrypted
  tunnel-group testgroup type remote-access
  tunnel-group testgroup general-attributes
  default-group-policy testgroup
  dhcp-server 10.6.20.3
  tunnel-group testgroup ipsec-attributes
  pre-shared-key *****
  I got following output when I test connect to ASA with Cisco VPN client 5.0
  Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDO
  4024 bytesR copied in 3.41 0 secs (1341 by(tes/sec)13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 853
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing SA payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ke payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ISA_KE payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing nonce payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received xauth V6 VID
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received DPD VID
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Fragmentation VID
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, IKE Peer included IKE fragmentation capability flags:  Main Mode:        True  Aggressive Mode:  False
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received NAT-Traversal ver 02 VID
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Cisco Unity client VID
  Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, Connection landed on tunnel_group testgroup
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing IKE SA payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, IKE SA Proposal # 1, Transform # 9 acceptable  Matches global IKE entry # 1
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ISAKMP SA payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ke payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing nonce payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Generating keys for Responder...
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing hash payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Cisco Unity VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing xauth V6 VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing dpd vid payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Traversal VID ver 02 payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Fragmentation VID + extended capabilities payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
  Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 440
  Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NOTIFY (11) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 168
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing hash payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing notify payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000408)
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Received Cisco Unity client VID
  Jan 16 15:39:21 [IKEv1]: Group = testgroup, I
  [OK]
  kens-mgmt-012# P = 10.15.200.108, Automatic NAT Detection Status:     Remote end is NOT behind a NAT device     This   end is NOT behind a NAT device
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing blank hash payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing qm hash payload
  Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72
  Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 87
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, process_attr(): Enter!
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing MODE_CFG Reply attributes.
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary DNS = cleared
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary DNS = cleared
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary WINS = cleared
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary WINS = cleared
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: IP Compression = disabled
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Split Tunneling Policy = Disabled
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Setting = no-modify
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Bypass Local = disable
  Jan 16 15:39:26 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, User (testlay) authenticated.
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
  Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
  Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 60
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg ACK attributes
  Jan 16 15:39:27 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=49ae1bb8) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 182
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg Request attributes
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 address!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 net mask!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DNS server address!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for WINS server address!
  Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Received unsupported transaction mode attribute: 5
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Banner!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Save PW setting!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Default Domain Name!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split Tunnel List!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split DNS!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for PFS setting!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Browser Proxy Setting!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for backup ip-sec peer list!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Application Version!
  Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Client Type: WinNT  Client Application Version: 5.0.07.0440
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for FWTYPE!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DHCP hostname for DDNS is: DEC20128!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for UDP Port!
  Jan 16 15:39:32 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected.  No last packet to retransmit.
  Jan 16 15:39:37 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=b04e830f) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
  Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing hash payload
  Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing notify payload
  Jan 16 15:39:37 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected.  No last packet to retransmit.
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE received response of type [] to a request from the IP address utility
  Jan 16 15:39:39 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Cannot obtain an IP address for remote peer
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE TM V6 FSM error history (struct &0xd8030048)  <state>, <event>:  TM_DONE, EV_ERROR-->TM_BLD_REPLY, EV_IP_FAIL-->TM_BLD_REPLY, NullEvent-->TM_BLD_REPLY, EV_GET_IP-->TM_BLD_REPLY, EV_NEED_IP-->TM_WAIT_REQ, EV_PROC_MSG-->TM_WAIT_REQ, EV_HASH_OK-->TM_WAIT_REQ, NullEvent
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE AM Responder FSM error history (struct &0xd82b6740)  <state>, <event>:  AM_DONE, EV_ERROR-->AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL-->AM_TM_INIT_MODECFG_V6H, NullEvent-->AM_TM_INIT_MODECFG, EV_WAIT-->AM_TM_INIT_XAUTH_V6H, EV_CHECK_QM_MSG-->AM_TM_INIT_XAUTH_V6H, EV_TM_XAUTH_OK-->AM_TM_INIT_XAUTH_V6H, NullEvent-->AM_TM_INIT_XAUTH_V6H, EV_ACTIVATE_NEW_SA
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE SA AM:bd3a9a4b terminating:  flags 0x0945c001, refcnt 0, tuncnt 0
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, sending delete/delete with reason message
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing IKE delete payload
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
  Jan 16 15:39:39 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=9de30522) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
  Regards,
  Lay

  For RADIUS you need a aaa-server-definition:
  aaa-server NPS-RADIUS protocol radius
  aaa-server NPS-RADIUS (inside) host 10.10.18.12
    key *****   
    authentication-port 1812
    accounting-port 1813
  and tell your tunnel-group to ask that server:
  tunnel-group VPN general-attributes
    authentication-server-group NPS-RADIUS LOCAL
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• Remote Access VPN on Cisco ASA Problem

  Hi, i configured Remote access VPN on Cisco ASA 8.x as per below configuration.
  Problem is that my internet has stopped working, and default route is just showing stars.
  i can ping internal server 10.110.10.150 fine , which i allowed on VPN ACL, but my other traffic not going to regular internet on my laptop,
  what additional required to force my internet to go to regular internet instead of getting encrypted?
  Also attaching output of route print at the point when VPN is connected.
  ip local pool RA_VPN_POOL 10.1.200.100-10.1.200.150 mask 255.255.255.0
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto dynamic-map RA_VPN 65535 set transform-set ESP-AES-128-SHA
  crypto dynamic-map RA_VPN 65535 set security-association lifetime seconds 28800
  crypto dynamic-map RA_VPN 65535 set security-association lifetime kilobytes 4608000
  crypto map VPN_MAP 65535 ipsec-isakmp dynamic RA_VPN
  crypto map VPN_MAP interface outside
  isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  tunnel-group ITT_RA type remote-access
  tunnel-group ITT_RA general-attributes
  address-pool RA_VPN_POOL
  default-group-policy RA_VPN_GP
  tunnel-group ITT_RA ipsec-attributes
  pre-shared-key <group key>
  group-policy RA_VPN_GP internal
  group-policy RA_VPN_GP attributes
  dns-server value 10.0.0.1 10.0.0.2
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value Split_Tunnel_List
  default-domain value mydomain.com
  address-pools value RA_VPN_POOL
  access-list Split_Tunnel_List extended permit ip host 10.110.10.150 10.1.200.0 255.255.255.0
  access-list nonattest extended permit ip host 10.110.10.150 10.1.200.0 255.255.255.0
  nat (inside) 0 access-list nonattest
  IPv4 Route Table
  ===========================================================================
  Active Routes:
  Network Destination        Netmask          Gateway       Interface  Metric
            0.0.0.0          0.0.0.0      10.111.36.1      10.111.36.9          276
            0.0.0.0          0.0.0.0         On-link      10.1.200.100            20
         10.1.200.0    255.255.255.0         On-link      10.1.200.100    276
       10.1.200.100  255.255.255.255         On-link      10.1.200.100    276
       10.1.200.255  255.255.255.255         On-link      10.1.200.100    276
      10.110.10.150  255.255.255.255       10.1.200.1     10.1.200.100    100
        10.111.36.0    255.255.255.0         On-link       10.111.36.9    276

  Hi, i configured Remote access VPN on Cisco ASA 8.x as per below configuration.
  Problem is that my internet has stopped working, and default route is just showing stars.
  i can ping internal server 10.110.10.150 fine , which i allowed on VPN ACL, but my other traffic not going to regular internet on my laptop,
  what additional required to force my internet to go to regular internet instead of getting encrypted?
  Also attaching output of route print at the point when VPN is connected.
  ip local pool RA_VPN_POOL 10.1.200.100-10.1.200.150 mask 255.255.255.0
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto dynamic-map RA_VPN 65535 set transform-set ESP-AES-128-SHA
  crypto dynamic-map RA_VPN 65535 set security-association lifetime seconds 28800
  crypto dynamic-map RA_VPN 65535 set security-association lifetime kilobytes 4608000
  crypto map VPN_MAP 65535 ipsec-isakmp dynamic RA_VPN
  crypto map VPN_MAP interface outside
  isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  tunnel-group ITT_RA type remote-access
  tunnel-group ITT_RA general-attributes
  address-pool RA_VPN_POOL
  default-group-policy RA_VPN_GP
  tunnel-group ITT_RA ipsec-attributes
  pre-shared-key <group key>
  group-policy RA_VPN_GP internal
  group-policy RA_VPN_GP attributes
  dns-server value 10.0.0.1 10.0.0.2
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value Split_Tunnel_List
  default-domain value mydomain.com
  address-pools value RA_VPN_POOL
  access-list Split_Tunnel_List extended permit ip host 10.110.10.150 10.1.200.0 255.255.255.0
  access-list nonattest extended permit ip host 10.110.10.150 10.1.200.0 255.255.255.0
  nat (inside) 0 access-list nonattest
  IPv4 Route Table
  ===========================================================================
  Active Routes:
  Network Destination        Netmask          Gateway       Interface  Metric
            0.0.0.0          0.0.0.0      10.111.36.1      10.111.36.9          276
            0.0.0.0          0.0.0.0         On-link      10.1.200.100            20
         10.1.200.0    255.255.255.0         On-link      10.1.200.100    276
       10.1.200.100  255.255.255.255         On-link      10.1.200.100    276
       10.1.200.255  255.255.255.255         On-link      10.1.200.100    276
      10.110.10.150  255.255.255.255       10.1.200.1     10.1.200.100    100
        10.111.36.0    255.255.255.0         On-link       10.111.36.9    276

• Can not get the Cisco TSP to show UP - 2003 64bit

  Can not get the Cisco TSP to show up on the list of Providers in Phone and Modem Options- Advance tab. Installed ver. 4.1, it seems to install correctly, with no errors but when I restart the server, there is no Cisco TSP001.tsp in the providers list. It works perfectly on my Windows 2003 servers, but will not work on this new Windows 2003 64 bit server. Any tricks to getting this to load?
  Thanks
  Keith

  Hi
  There is no 64-bit TSP yet. Whilst 32-bit apps will work OK for the most part on 64-bit via the WoW function, drivers tend to not be so flexible, and that's what TSP is...
  You'll have to bother your Cisco accounts folks to get this prioritised, it is upsetting a lot of people...
  Aaron
  Please rate helpful posts...

• HT4628 I can not use the internal wireless card with my Mac pro 2012, I don't know if it is broken

  I can not use the internal wireless card with my Mac pro 2012, I don't know if it is broken. The problem is happen recently, I have to use an independent wireless card now. Thanks!

  When you enable Internet Sharing in OS X, you are creating a separate sub-net.
  There is no option to allow this to be a simple pass-through from Ethernet to AirPort (or the other way).
  The problem is easily solved by getting an inexpensive wireless router. You can replace your current router OR disable the DHCP server on the wireless router and allow the wireless clients to get an IP address from the current router.

• I can not get the flash player plug in to work with Internet Explorer

  I can not get the flash player plug in to work with Internet Explorer

  Zoltan71 wrote:
  I just bought this computer. My Internet Explorer is version 11.0.1
  I have the box checked to Install new version automatically, but it has not done any upgrading.
  I can't get the computer to update anything as far as I can see.
  The flash plug in does work with the Crome browser but it will not work with Internet explorer.
  I looked in the manage add-ons and it says enabled.
  I also went into the safety tab and deselected
  Active X filtering.
  Restarted and still does not work.
  I need help.....
  Chrome uses a different and separate plug-in.
  There are things about IE you need to know, especially 11. Specifically:
  "User-Agent Strings"
  That doesn't mean a lot, I'm sure, but it's the root of your problems, and Flash Player has nothing to do with it.
  Microsoft "rewrote" the User-Agent Strings for the abomination they call their latest and greatest browser. User-Agent Strings are what websites use to identify the browser you're using and provide the proper content for it's browser engine, like ActiveX stuff, and Flash or HTML5 video. Thanks to the geniuses in Redmond, WA, the User-Agent Strings for IE11 (which has a Trident engine), ID it as either "Gecko" (Firefox) or "Webkit" (Chrome). Problem is: when the site the directs to the content for one of these two engines, the Trident engine in IE can't intepret it and the site then sees IE as an "unidentified" browser.
  The problem with an unidentified browser is that the plug-ins in that browser aren't recognized either, so even though you're up to date, it says you need the latest Flash Player when you use IE11. YouTube... has converted to HTML5 video so if it doesn't detect Flash Player, it can display HTML5 (MP4) video which requires no plug-in to play. Facebook can't do that, because HTML5 doesn't apply to games... only video.
  Microsoft has no plans to "fix" the mess they've created because they think it's a great idea to block you out of the websites you visit.
  They recommend using "Compatibility View" and pretending that you're using an older verison of IE... Problem with that is that it's seen limited success, and you have to enable it for EVERY page that has problems... individually.
  I'm not big on "pretending" so I recommend actually using another browser.
  Firefox (from Mozilla)
  Opera (from Opera)
  Safari (from Apple)
  Chrome (from Google)
  ANY of those will work where IE11 won't, with the Flash Player Plug-in (For all other browsers), and Chrome doesn't even need that because it has its own Flash Player plugin built in.

• HT204382 I was attempting to upload a video to face book and decided to cancel, now I can not get the quicktime icon with Facebook icon embedded to delete? what are steps to clear desktop?

  I was attempting to upload a video to face book and decided to cancel, now I can not get the quicktime icon with Facebook icon embedded to delete? what are steps to clear desktop?

  A warm welcome to Apple discussions!
  A 2003 iMac cannot support Snow Leopard 10.6; you'd need an Intel processor and that cannot be retrofitted to your Mac. What does "About this Mac" in your Apple menu say  for your processor speed? What does it say about how much RAM you have?
  If the processor is 1ghz or faster, you can run OS 10.5; otherwise, you are maxed out at 10.4.11.
  Also, are you running any commercial ("pay for") anti-virus or security software? They are notorious for slowing most Macs to a fraction of their speed potential.
  A too-full hard drive can drag down performance, especially if you don't have a lot of physical RAM installed. If you single-click your hard drive icon and then do command i, you'll see the disk usage. Looks like this:
  The value for "Used" should be no more than about 90 percent of "Capacity." In the example image, that drive has about 34 percent of its space used and 66 percent free--more than enough. Please post what you see for your Capacity and Used numbers
  There are a few more things we might check but this is a good start.
  Awaiting your information,
  Allan

• I can not get the iPad to connect to the internet thru the router it shows the modum but will not connect

  I can not get the iPad to connect to the internet thru the router it shows the modum but will not connect it keeps saying choose a netwokand the IP Address it automaticaly puts in is wrong?

  Look at iOS Troubleshooting Wi-Fi networks and connections  http://support.apple.com/kb/TS1398
  Additional things to try.
  Turn Off your iPad. Then turn Off (disconnect power cord) the wireless router & then back On. Now boot your iPad. Hopefully it will see the WiFi.
  On your iPad go to Settings > General > Reset > Reset network settings and see if that enables you to connect.
  If none of the above suggestions work, look at this link.
  iPad Wi-Fi Problems: Comprehensive List of Fixes
  http://appletoolbox.com/2010/04/ipad-wi-fi-problems-comprehensive-list-of-fixes/
   Cheers, Tom

• HT4112 I can not get the 2003 Bluetooth wireless keyboard to pair with my ipad.  How do I do this?  According to the information above, this IS possible...

  I can not get the 2003 Bluetooth wireless keyboard to pair with my ipad mini, 32gb wifi.  How do I do this?  According to the information above, this IS possible...

  Never mind...  Didn't see the "not compatible"...  Stupid...  It's bluetooth.  Bluetooth apple should connect to bluetooth apple...  Period...

• I have an ut ipad 2 with no configuration for the i cloud. I have follow the instructions of synch the ipad with itunes v 10.6 in my pc, but i can not get the display of the cloud icon in the general settings of the ipad. appreciate any help

  I have an ut ipad 2 with no configuration for the i cloud. I have follow the instructions of synch the ipad with itunes v 10.6 in my pc, but i can not get the display of the cloud icon in the general settings of the ipad. appreciate any help

  I'm asking because ios5 introduced iCloud. You have to have updated to ios5 to see it.

• I want to reset (clean out) my old 4S.  I have just bought a 6 and have the 4S as a stand alone unit (No connection to network.  I can not get the sitcom to do the erase all command.  It wants to access the Cloud which is impossible.

  I want to reset (clean out) my old 4S.  I have just bought a 6+ and have the 4S as a stand alone unit (No connection to network).  I can not get the system to do the erase all command,  it wants to access the Cloud which is impossible.  Is there anyway to 'Erase All Content and Settings". 

  Something here might help a detailed list of actions
  What to do before selling or giving away your iPhone, iPad, or iPod touch - Apple Support
  refer to If you no longer have iPhone  section

• Guided access has Ben activated no password I can not get the red slider bar to shoe up when I hold the off and the home bottom down, it comes back to sarfri , I also tried  over ten times to enter a passcode, but no go

  Guide access has been activated, never set a pass word,I can not get the red slider to come up by holding the off and home button, tried entering a wrong pass word 10 time to reset it but it will not . Can only use Safari.

  Step by step, how did you arrive at seeing this agreement?

• Hello, I'm using ubuntu with firefox5 and can not find the option to import my bookmarks file backup

  Hello, I'm using ubuntu with firefox5 and can not find the option to import my bookmarks file backup

  Is that Ubuntu 11.04?
  Ubuntu 11.04 displays window menus in the control bar at the top of the screen<br />
  Click on Bookmarks/Show All Bookmarks then move your mouse to the left upper corner toward Firefox Web Browser.<br />
  You'll get pop up menu (Organize, Views and Import and Backup).<br />

• HT201210 I can not get the iphone to sync with itunes and the iphone locked up my ipad too. I have downloaded the recent itunes 10.6.3 and restarted my computer. What do I do?

  My iphone was not synced when I received it. I plugged it in to charge it, and it locked up my ipad. My itunes was not updated on my desktop, so I just updated it to itunes 10.6.3. I have restarted my computer, and nothing is changing. I can not get the iphone to move from the screen, its stuck on the itunes icon. Help please.

  I am downloading the 11.0.2 as we speak. I will update in a bit.