RV082 to SA540 vpn but no ping, something wrong
I'll try my best to explani and give details.
SA540 v.2.1.71 at host
RV082 v4.2.1.02 at remote site.
Trying to setup tunnel between the 2. WHEN this works, I'll have 20 remote sites tunneling into the SA540 host.
SA540:
SA540 says site to site vpn is up and IPsec SA Established.
192.168.1.0
Gateway Policies
Client Policies
Exchange Mode:
Main
Aggressive
ID Type:
Local WAN IP
FQDN
Local WAN ID:
Local WAN IP
local.com
Remote WAN ID:
N/A
remote.com
Encryption Algorithm:
AES-128
AES-128
Authentication Algorithm:
SHA-1
SHA-1
Authentication Method:
Pre-shared Key
Pre-shared Key
Key-Group:
DH-Group 2 (1024 bit)
DH-Group 2 (1024 bit)
Life Time:
8 hours
8 hours
VPN Wizard default values for VPN:
Encryption Algorithm:
AES-128
Authentication Algorithm:
SHA-1
Life Time:
1 hour
PFS Key Group:
DH-Group 2(1024 bit)
NETBIOS:
Enabled (Gateway Policies)
Disabled (Client Policies)
WAN Security Checks
Block Ping to WAN interface
Enable Stealth Mode
Block TCP flood
RV082:
RV082 says gateway to gateway is Connected.
192.168.2.0
same settings w/ Aggressive, Keep Alive and NAT Traversal checked.
Firewall Setting Status
SPI (Stateful Packet Inspection) :
On
DoS (Denial of Service) :
On
Block WAN Request :
Off
Remote Management :
On
FROM RV082 diagnostics on router, I cannot ping 192.168.1.1 router or 192.168.1.70 server inside host.
FROM SA540 host diagnostics, I CAN ping 192.168.2.1 when I check Ping through VPN tunnel, but I canNOT ping an XP computer at 192.168.2.100 which has firewall turned off.
What am I missing?
Goal is to establish full tunneling and computer/server access between sites.
Any help is greatly appreciated.
I have added the permit any any on the outside and vpn interfaces of both ASAs. I also change the source and destination of the nat exempt rule to any any.
Similar Messages
-
RV082 to SA540 tunnel but no ping - HELP
I'll try my best to explani and give details.
SA540 v.2.1.71 at host
RV082 v4.2.1.02 at remote site.
Trying to setup tunnel between the 2. WHEN this works, I'll have 20 remote sites tunneling into the SA540 host.
SA540:
SA540 says site to site vpn is up and IPsec SA Established.
192.168.1.0
Gateway Policies
Client Policies
Exchange Mode:
Main
Aggressive
ID Type:
Local WAN IP
FQDN
Local WAN ID:
Local WAN IP
local.com
Remote WAN ID:
N/A
remote.com
Encryption Algorithm:
AES-128
AES-128
Authentication Algorithm:
SHA-1
SHA-1
Authentication Method:
Pre-shared Key
Pre-shared Key
Key-Group:
DH-Group 2 (1024 bit)
DH-Group 2 (1024 bit)
Life Time:
8 hours
8 hours
VPN Wizard default values for VPN:
Encryption Algorithm:
AES-128
Authentication Algorithm:
SHA-1
Life Time:
1 hour
PFS Key Group:
DH-Group 2(1024 bit)
NETBIOS:
Enabled (Gateway Policies)
Disabled (Client Policies)
WAN Security Checks
Block Ping to WAN interface
Enable Stealth Mode
Block TCP flood
RV082:
RV082 says gateway to gateway is Connected.
192.168.2.0
same settings w/ Aggressive, Keep Alive and NAT Traversal checked.
Firewall Setting Status
SPI (Stateful Packet Inspection) :
On
DoS (Denial of Service) :
On
Block WAN Request :
Off
Remote Management :
On
FROM RV082 diagnostics on router, I cannot ping 192.168.1.1 router or 192.168.1.70 server inside host.
FROM SA540 host diagnostics, I CAN ping 192.168.2.1 when I check Ping through VPN tunnel, but I canNOT ping an XP computer at 192.168.2.100 which has firewall turned off.
What am I missing?
Goal is to establish full tunneling and computer/server access between sites.
Any help is greatly appreciated.I have added the permit any any on the outside and vpn interfaces of both ASAs. I also change the source and destination of the nat exempt rule to any any.
-
Databse connected successfully but there are something wrong in my procedur
hi
i am writing a small java application that use Microsoft SQL Server 2000 .the test application show that i am successful connect to the database.
But in my application when my press the query button ,the resulte cannot append on the textrea, i am double about it .Can anyone help me out of this??thanks !! the fllowing are my code:
import java.awt.*;
import java.awt.event.*;
import java.sql.*;
public class jdbc //main class
{ public static void main(String args[])
GUI gui=new GUI();//GUI
gui.pack(); //excute GUI
class GUI extends Frame implements ActionListener
TextArea text;Panel panel; TextField sno;Button btn;
GUI()//
super("made by yaowu");
setLayout(new BorderLayout());
setBackground(Color.cyan);
setVisible(true); text=new TextArea();
btn=new Button("query");
sno=new TextField(16);
panel=new Panel();
panel.add(new Label("entre the id of student(include10number)"));
panel.add(sno);panel.add(btn);
add("North",panel);add("Center",text);
text.setEditable(false);btn.addActionListener(this);
addWindowListener(new WindowAdapter(){
public void windowClosing(WindowEvent e)
setVisible(false);
System.exit(0);}});}
public void actionPerformed(ActionEvent e){
if(e.getSource()==btn)// when press
{text.setText("rusult"+'\n');
try{
Liststudent();
catch(SQLException ee){}
public void Liststudent() throws SQLException//connct with database
String xh,xm,xb,nl,em,tl;
try{
Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver").newInstance();
catch(ClassNotFoundException e){e.printStackTrace();
System.out.println("Error Trace in getConnection() : " + e.getMessage());}
catch(java.lang.InstantiationException e)
catch(java.lang.IllegalAccessException e)
String url="jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=mydata";
String user="";
String password="";
Connection con= DriverManager.getConnection(url,user,password); //
Statement sql=con.createStatement();//creat Statement
ResultSet rs=sql.executeQuery("select* from xsqk"); //xsqk table
while(rs.next()) //ptint the result
{ xh =rs.getString("id");
xm=rs.getString("name");
xb=rs.getString("sex");
nl=rs.getString("age");
em=rs.getString("E�Mail");
tl=rs.getString("tl");
if(xh.trim().equals(sno.getText().trim()))
text.append('\n'+"id"+" "+"name"+" "+"sex"+" "+"age"+" "+"E-Mail"+" "+"tl"+'\n');
text.append('\n'+xh+" "+xm+" "+xb+" "+nl+" "+em+" "+tl+'\n');
}Something is wrong but your code doesn't care: catch(SQLException ee){}What happens if there is an SQL exception? Nothing. That's probably what happened. Try this to find out: catch(SQLException ee){ee.printStackTrace();}
-
Autoplays in IE but not FF - Something wrong with my code?
PLEASE help. I have searched the net and tried just about everything I came across. I created this movie in SwishMax 3. I recreated it in Dreamweaver 8. When I saved it, it saved as a .swf and also an HTML file. There was no .jsf to be seen anywhere.
I got the page to auto-play in IE finally, but I CANNOT get it to auto-play in Firefox, no matter what I do. It DOES work if I right click on the screen and click "Play", but that is not what I need.
Any assistance would be greatly appreciated.
I have tried about 30 possible "fixes" before asking for help, to no avail.
I need to have at least this page up by tomorrow, if possible. If you see any error that may be preventing me from getting this movie to auto-play upon screen load, I would greatly appreciate you pointing the error out to me.
Thank you, in advance!
-Christine
Here is the website to which I will (once fixed) direct all users automatically:
http://axissalonsc.com/index.html
Here is all of the code for my homepage:
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Axis Salon Home</title>
</head>
<body bgcolor="#000000">
<p align="center"><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html40/loose.dtd">
<html>
<head>
<title>Home</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="author" content="Christine C. Baker">
<meta name="description" content="">
<meta name="keywords" content="209, 2947, 29527, 488, 843, appointment, axis, bring, call, conway, diligently, in, laurel, live, loading, meantime, please, salon, sc, schedule, site, st, this, welcome, working, your">
<!-- text used in the movie -->
<!-- 209, 2947, 29527, 488, 843, appointment, axis, bring, call, conway, diligently, -->
<!-- in, laurel, live, loading, meantime, please, salon, sc, schedule, site, st, -->
<!-- this, welcome, working, your -->
<style type="text/css">
/*<![CDATA[*/
html, body
margin: 0;
padding: 0;
height: 100%;
overflow: hidden;
object
vertical-align: top;
/*]]>*/
</style>
</head>
<body bgcolor="#000000">
<center>
<object
classid="clsid27CDB6E-AE6D-11cf-96B8-444553540000"
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=10,0,32,18"
id="Home.swf"
width="800" height="480"
>
<param name="movie" value="Home.swf">
<param name="bgcolor" value="#000000">
<param name="play" value="true">
<param name="quality" value="high">
<param name="seamlesstabbing" value="false">
<param name="allowscriptaccess" value="samedomain">
<embed
type="application/x-shockwave-flash"
pluginspage="http://www.adobe.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash"
name="Home.swf"
width="800" height="480"
src="http://axissalonsc.com/Home.swf"
bgcolor="#000000"
quality="high"
seamlesstabbing="false"
allowscriptaccess="samedomain"
>
</embed>
</object>
</center>
</body>
</html>
</p>
</body>
</html>Hi,
Why dont you try adding the play attribute in the embed tag:
<embed
type="application/x-shockwave-flash"
pluginspage="http://www.adobe.com/shockwave/download/index.cgi?P1_Prod_Version=Shoc kwaveFlash"
name="Home.swf"
width="800" height="480"
src="http://axissalonsc.com/Home.swf"
bgcolor="#000000"
quality="high"
seamlesstabbing="false"
allowscriptaccess="samedomain"
play="true"
>
\Not sure if this will work..just a try.
Warm Regards
Deepanjan Das
http://deepanjandas.wordpress.com/ -
I believe creating a clipping mask is the answer, but im doing something wrong
This is a hard one to describe so i attached this link: file:///C:/Users/Marcus/Documents/Wacom%20work/zang-deli.jpg.
Im trying to make the object (the black bit) consist of the image in the background so instead of being black it will be multicoloured?
Thanks in advanceMarcus,
ive now placed a new image to be clipped and when i drag my object onto it it hides beneath it?
It is crucial that the path/vector object to become the Clipping Path (the black bit in the OP I presume) is on top of the other object, as you can (also) see in the Layers palette.
it doesnt hide beneath it anymore because now im importing the object from another document but it plainly gives me the instruction "cannot clip mask"
Exactly what does the object consist of? -
Try to queue threads of clients but there is something wrong!
Hello. I have been trying to queue threads of clients in multithreaded server but there is a problem none of the threads is alive.
here is my code.
class queueClient extends Thread{
HandleServer sa1;
LinkedList queue = new LinkedList();
queueClient(){
super();
}//end of costructor
/**method in the queueClient class to put each client in the queue*/
public void queuethem(HandleServer s){
try{
s.wait();
queue.add(s);
catch(InterruptedException sleep){
System.exit(0);
}//end of queuethem
/**method in the queueClient class to manage the clients in the queue*/
public void manageQueue(HandleServer sa){
if(!queue.isEmpty() && (queue.size())==1){
sa= (HandleServer)queue.removeFirst();
sa.notify();
sa.start();
else if (!queue.isEmpty() && (queue.size()>1)){
sa= (HandleServer)queue.removeFirst();
sa.notify();
sa.start();
try {
if(sa.currentThread().isAlive()){
sa1= (HandleServer)queue.removeFirst();
sa1.join();
else{
sa1.notify();
sa1.start();
catch (InterruptedException join) {
System.exit(0);
else{
System.out.println("Queue is empty");
}//end manageQueue
}//queueClient class endok lets say that i have 3 clients connected to my server which is responsible to pass the messages from only one client to a robot.
Ok ?
Then this server must queue the other two clients and leave only one "Alive" and the other two must wait a certain amount of time untill the current client that speaks with the server and the robot to die and then to wake up the other one client and start to talk with the server and the robot
now is it more clear? -
VPN - Can't ping vpn by IP or Name - Help!!!!
I have a problem with my VPN. The client computers can connect to the vpn but cannot ping the server. Through windows explorer, the clients can access the shares only using the computer name. (Windows Explorer fails when the IP Address is used). From the
client computers, I can ping every other network resources except the server.
I'm using Windows Server 2012 for the VPN. I've disabled all firewalls for testing but still no luck. I look forward to a response.
-JoshHi,
Similar thread discussed below:
can not connect to shares on a 2008 r2 server via ip
http://social.technet.microsoft.com/Forums/en-US/3a4e6d6a-5f89-4971-98b6-c24727e0cb2a/can-not-connect-to-shares-on-a-2008-r2-server-via-ip?forum=winse
Please refer to the link provided by Ace as well.
Hope this helps. -
Some please help me. I tried to re start my iphone 4, but it went something wrong. instead of it turned black and tunred on again. it like a gray color. When i took out my card i can see the light inside it. what should i do turned it back on again..
At the AT&T store. Tried using iCloud but only 120 songs were transferred and when I access my iTunes account now it only shows 120 and not the 450 anymore that I purchased on my old phone. Tried to sync again from the phone to iTunes and it still not working.
I purchased everything under the same apple ID account I called apple support and spent almost 2 hours with tech support for assistance and we got disconected and they never called me back.
I'm at the point where I'm about to never purchase anything anymore from apple go to another company retrieve every single charge made on my bank account from iTunes and file a law suit against the company. It's being a week that I called for assistance and no one called me back to help me with this matter even after I responded a survey with a complaint about not getting a resolution to my problem.
If you could please help me I will appreciate, I'm out of the country now and can't stay on the phone for a long time.
I need to sell my old phone but as right now besides all my bank statements the old phone is the only evidence that I purchased the songs. -
Something wrong when installing then demo database schema
rdbms server 9.2.0.5 win32
jdev904
bibeans904
Something is wrong when installing the demo database schema.While executing cwm2_olap_metadata_refresh.mr_refresh at last ,system hint that cwm2_olap_metadata_refresh.mr_refresh must be declared.That means there is not cwm2_olap_metadata_refresh.
Why and What should I do ?
Thanks a lot!After executing the file catpatch.sql,the demo database schema completed successfully.But there is something wrong during bi_checkconfig.
BI Beans Diagnostics(v1.0.2.0) 04-6-30
==========================================================JDEV_ORACLE_HOME .......................... = d:\jdev904
JAVA_HOME ................................. = d:\jdev904\jdk
JDeveloper version ........................ = 9.0.4.0.1419
BI Beans release description .............. = BI Beans 9.0.4 Production Release
BI Beans component number ................. = 9.0.4.23.0
BI Beans internal version ................. = 2.7.5.32
Connect to database ....................... = Successful
JDBC driver version ....................... = 9.2.0.4.0
JDBC JAR file location .................... = D:\jdev904\jdev\lib\patches
Database version .......................... = 9.2.0.5.0
OLAP Catalog version ...................... = 9.2.0.5.0
OLAP AW Engine version .................... = 9.2.0.5.0
OLAP API Server version ................... = 9.2.0.5.0
BI Beans Catalog version .................. = N/A; not installed in bibdemo
OLAP API JAR file version ................. = N/A
OLAP API JAR file location ................ = d:\jdev904\jdev\lib\ext
Load OLAP API metadata .................... = Unsuccessful
Error: BIB-10100 Cannot connect to the database. (Reason: See error BIB-16626)
============================================================================
1) BIB-10100 Cannot connect to the database. (Reason: See error BIB-16626)
2) BIB-16626 Cannot connect to the database because OLAP client classes are missing.
1) BIB-10100 Cannot connect to the database. (Reason: See error BIB-16626)
============================================================================
oracle.dss.metadataManager.common.MetadataManagerException: BIB-10100 Cannot connect to the database. (Reason: See error BIB-16626)
at oracle.dss.metadataManager.client.MetadataManager.setConnectionObjects(MetadataManager.java:4015)
at oracle.dss.metadataManager.client.MetadataManager.attach(MetadataManager.java:862)
at oracle.dss.metadataManager.client.MetadataManager.attach(MetadataManager.java:799)
at BICheckConfig.checkConnection(BICheckConfig.java:277)
at BICheckConfig.main(BICheckConfig.java:1348)
2) BIB-16626 Cannot connect to the database because OLAP client classes are missing.
============================================================================
oracle.dss.connection.common.ConnectionException: BIB-16626 Cannot connect to the database because OLAP client classes are missing.
at oracle.dss.connection.server.drivers.mdm.MDMConnectionDriverImpl.connect(MDMConnectionDriverImpl.java:182)
at oracle.dss.connection.server.ConnectionImpl.connect(ConnectionImpl.java:286)
at oracle.dss.connection.client.Connection.connect(Connection.java:409)
at oracle.dss.connection.client.Connection.connect(Connection.java:326)
at oracle.dss.metadataManager.client.MetadataManager.setConnectionObjects(MetadataManager.java:3997)
at oracle.dss.metadataManager.client.MetadataManager.attach(MetadataManager.java:862)
at oracle.dss.metadataManager.client.MetadataManager.attach(MetadataManager.java:799)
at BICheckConfig.checkConnection(BICheckConfig.java:277)
at BICheckConfig.main(BICheckConfig.java:1348)
What should I do ,any help?
Thanks ! -
Connect to VPN but not my iMac at work
Hi all,
Very frustrating problem here. When I'm at home using my MacBook Pro, I can connect to the Cisco VPN at work and log into SMB servers. I can also log in to AFP servers. But I want to be able to control my iMac at work because sometimes I need files on that hard drive. And I can't see any macs! When I bring my MBP to work and am on the network, I can control my iMac and see all of the other macs under the "Shared" section of the Finder sidebar.
Here's my setup at home.
MBP: running 10.6.8 using built-in VPN. Tried to connect using "Screen Sharing," which works at work. IT gave me ARD 3.5.1. Still doesn't work.
Home Router: Airport Extreme Base Station (dual-band model, but I can't remember the model #). The firmware is current. Using Airport Utility, I have Port Mapping set up for ARD service (automatically does stuff for ports 3283 and 5900, but I don't know what the numbers mean).
I use a Comcast Cable Modem to connect to the Internet.
This thread https://discussions.apple.com/message/3144943#3144943 said I should "configure the AEBS so that the option to distribute IP addresses is DISABLED." It is obviously talking about an older version of Airport utility, but when I go to my AU > Internet > Internet Connection > Connection Sharing drop-down menu, I see three options: Share a public IP address (selected), Distribute a range of IP addresses, and Off (Bridge Mode). I am not using my AEBS as a bridge, so I think that's configured correctly.
Since I can control my iMac from my MBP over the wireless network at work, and I can make a VPN connection from home and log onto SMB and AFP servers at work, I suspect there is something wrong with my AEBS setup that's blocking something to do with Screen Sharing. Any ideas? I've even tried turning off the OS X firewall and still didn't have any luck.Using Airport Utility, I have Port Mapping set up for ARD service (automatically does stuff for ports 3283 and 5900, but I don't know what the numbers mean).
FYI. Port 3283 is used by the Net Assistant function of the ARD (Apple Remote Desktop) service. Port 5900 is used by both ARD or a VNC server, like Screen Sharing in OS X. Note: When you enable Screen Sharing within the Sharing panel in System Preferences, you are basically turning on the Mac's VNC server service. You would then access this server via a VNC client ... like another Mac or from a PC that has a VNC client installed.
Since I can control my iMac from my MBP over the wireless network at work, and I can make a VPN connection from home and log onto SMB and AFP servers at work, I suspect there is something wrong with my AEBS setup that's blocking something to do with Screen Sharing. Any ideas? I've even tried turning off the OS X firewall and still didn't have any luck.
Actually, it is somewhat backwards of this. It's NOT your router that needs to have port mapping configured; it would be your work's router instead. The only reason you would configure yours is if you were attempting to access a computer on your home's local network from the work (or anywhere else from the Internet).
Since you already got ARD from your work's IT guys, they should be able to help you configure Screen Sharing, running on a work computer, to be accessible via a VPN tunnel from your home's network. -
Anyconnect VPN peers cannot ping, RDP each other
I have an ASA5505 running ASA 8.3(1) and ASDM 7.1(1). I have a remote access VPN set up and the remote access users are able to log in and access LAN resources. I can ping the VPN peers from the remote LAN. My problem that the VPN peers cannot ping (RDP, ectc..) each other. Pinging one VPN peer from another reveals the following error in the ASA Log.
Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src outside:10.10.10.8 dst outside:10.10.10.9 (type 8, code 0) denied due to NAT reverse path failure.
Below is my ASA running-config:
ASA Version 8.3(1)
hostname ciscoasa
domain-name dental.local
enable password 9ddwXcOYB3k84G8Q encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 192.168.1.128
domain-name dental.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network RAVPN
subnet 10.10.10.0 255.255.255.0
object network NETWORK_OBJ_10.10.10.0_28
subnet 10.10.10.0 255.255.255.240
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
access-list Local_LAN_Access remark VPN client local LAN access
access-list Local_LAN_Access standard permit host 0.0.0.0
access-list DefaultRAGroup_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list VpnPeers remark allow vpn peers to ping each other
access-list VpnPeers extended permit ip object NETWORK_OBJ_10.10.10.0_28 object NETWORK_OBJ_10.10.10.0_28
pager lines 24
logging enable
logging asdm informational
logging mail informational
logging from-address [email protected]
logging recipient-address [email protected] level informational
logging rate-limit 1 600 level 6
mtu outside 1500
mtu inside 1500
ip local pool VPNPool 10.10.10.5-10.10.10.10 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-711.bin
no asdm history enable
arp timeout 14400
nat (inside,any) source static any any destination static RAVPN RAVPN
nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_10.10.10.0_28 NETWORK_OBJ_10.10.10.0_28
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.10.10.0_28 NETWORK_OBJ_10.10.10.0_28
object network obj_any
nat (inside,outside) dynamic interface
object network RAVPN
nat (any,outside) dynamic interface
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint LOCAL-CA-SERVER
keypair LOCAL-CA-SERVER
crl configure
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=ciscoasa
keypair billvpnkey
proxy-ldc-issuer
crl configure
crypto ca server
cdp-url http://ciscoasa/+CSCOCA+/asa_ca.crl
issuer-name CN=ciscoasa
smtp from-address admin@ciscoasa
crypto ca certificate chain LOCAL-CA-SERVER
certificate ca 01
**hidden**
quit
crypto ca certificate chain ASDM_TrustPoint0
certificate 10bdec50
**hidden**
quit
crypto isakmp enable outside
crypto isakmp policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
client-update enable
telnet 192.168.1.1 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd auto_config outside
dhcpd address 192.168.1.50-192.168.1.99 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
svc image disk0:/anyconnect-win-3.1.04072-k9.pkg 1
svc profiles DellStudioClientProfile disk0:/dellstudioclientprofile.xml
svc enable
tunnel-group-list enable
internal-password enable
smart-tunnel list SmartTunnelList RDP mstsc.exe platform windows
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.1.128
vpn-tunnel-protocol l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl
default-domain value dental.local
webvpn
svc modules value vpngina
group-policy DefaultRAGroup_1 internal
group-policy DefaultRAGroup_1 attributes
dns-server value 192.168.1.128
vpn-tunnel-protocol l2tp-ipsec
default-domain value dental.local
group-policy DfltGrpPolicy attributes
dns-server value 192.168.1.128
vpn-simultaneous-logins 4
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
group-lock value RAVPN
split-tunnel-network-list value Local_LAN_Access
default-domain value dental.local
webvpn
url-list value DentalMarks
svc modules value vpngina
svc profiles value dellstudio type user
svc ask enable default webvpn
smart-tunnel enable SmartTunnelList
username wketchel1 password 5c5OoeNtCiX6lGih encrypted
username wketchel1 attributes
vpn-group-policy DfltGrpPolicy
webvpn
svc profiles value DellStudioClientProfile type user
username wketchel password 5c5OoeNtCiX6lGih encrypted privilege 15
username wketchel attributes
vpn-group-policy DfltGrpPolicy
webvpn
svc modules none
svc profiles value DellStudioClientProfile type user
username jenniferk password 5.TcqIFN/4yw0Vq1 encrypted privilege 0
username jenniferk attributes
vpn-group-policy DfltGrpPolicy
webvpn
svc profiles value DellStudioClientProfile type user
tunnel-group DefaultRAGroup general-attributes
address-pool VPNPool
authorization-server-group LOCAL
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
authentication ms-chap-v2
authentication eap-proxy
tunnel-group RAVPN type remote-access
tunnel-group RAVPN general-attributes
address-pool VPNPool
authorization-server-group LOCAL
tunnel-group RAVPN webvpn-attributes
group-alias RAVPN enable
tunnel-group RAVPN ipsec-attributes
pre-shared-key *****
tunnel-group RAVPN ppp-attributes
authentication pap
authentication ms-chap-v2
authentication eap-proxy
tunnel-group WebSSLVPN type remote-access
tunnel-group WebSSLVPN webvpn-attributes
group-alias WebSSLVPN enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
smtp-server 173.194.64.108
prompt hostname context
hpm topN enable
Cryptochecksum:3304bf6dcf6af5804a21e9024da3a6f8
: endHi,
Seems to me that you could clean up the current NAT configuration a bit and make it a bit clearer.
I would suggest the following changes
object network VPN-POOL
subnet 10.10.10.0 255.255.255.0
object network LAN
subnet 192.168.1.0 255.255.255.0
object-group network PAT-SOURCE
network-object 192.168.1.0 255.255.255.0
network-object 10.10.10.0 255.255.255.0
nat (inside,outside) source static LAN LAN destination static VPN-POOL VPN-POOL
nat (outside,outside) 1 source static VPN-POOL VPN-POOL destination static VPN-POOL VPN-POOL
nat (any,outside) after-auto source dynamic PAT-SOURCE interface
The above should enable
Dynamic PAT for LAN and VPN users
NAT0 for the traffic between LAN and VPN
NAT0 for traffic between VPN users
You could then remove the previous NAT configurations. Naturally please do backup the configuration before doing the change if you wish to move back to the original configuration.
no nat (inside,any) source static any any destination static RAVPN RAVPN
no nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_10.10.10.0_28 NETWORK_OBJ_10.10.10.0_28
no nat (inside,outside) source static any any destination static NETWORK_OBJ_10.10.10.0_28 NETWORK_OBJ_10.10.10.0_28
no object network obj_any
no object network RAVPN
In the event that you dont want to change the configurations that much you might be fine just by adding this
object network VPN-POOL
subnet 10.10.10.0 255.255.255.0
nat (outside,outside) 1 source static VPN-POOL VPN-POOL destination static VPN-POOL VPN-POOL
But the other above configurations changes would make the current NAT configurations simpler and clearer to see each "nat" configurations purpose.
- Jouni -
RV220W IPsec tunnel connected, but no ping is working
Hello,
I have a problem with my RV220w router and IPsec connections.
The tunnel is connected, but no ping is working. I have not changed any Settings on the Client Site or Router Site. The last succsessful tunnel wit this configuration is a half year ago.
The local and remote network have different ip-address.
I have both firmware versions 1.0.4.17 and 1.0.5.8 tested.
A tunnel over PPTP is working fine. The ping works successful.
Has anyone an idea?
kind regards
Martin Schubert
Configuration:
Client Software:
- Windows 7 64Bit
- ShrewSoft VPNClient 2.2.2
n:version:4
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:1
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:0
n:client-banner-enable:1
n:network-notify-enable:1
n:client-dns-used:1
n:client-dns-auto:1
n:client-dns-suffix-auto:1
n:client-splitdns-used:1
n:client-splitdns-auto:1
n:client-wins-used:0
n:client-wins-auto:1
n:phase1-dhgroup:5
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:0
n:phase1-keylen:0
n:phase2-keylen:0
s:client-auto-mode:pull
s:client-iface:direct
s:network-natt-mode:enable
s:network-frag-mode:enable
s:auth-method:mutual-psk-xauth
s:ident-client-type:fqdn
s:ident-server-type:fqdn
s:ident-client-data:remote.com
s:ident-server-data:local.com
s:phase1-exchange:aggressive
s:phase1-cipher:aes
s:phase1-hash:sha2-256
s:phase2-transform:esp-aes
s:phase2-hmac:sha2-256
s:ipcomp-transform:disabled
n:phase2-pfsgroup:5
s:policy-level:auto
s:policy-list-include:192.168.1.0
Router:
IpsecIKEPolicy[1]["Direction"] = "1"
IpsecIKEPolicy[1]["EncryptionAlgorithm"] = "5"
IpsecIKEPolicy[1]["LocalIdentifier"] = "local.com"
IpsecIKEPolicy[1]["ExchangeMode"] = "1"
IpsecIKEPolicy[1]["RemoteIdentifier"] = "remote.com"
IpsecIKEPolicy[1]["Presharedkey"] = "is secret"
IpsecIKEPolicy[1]["IKEPolicyName"] = "abc"
IpsecIKEPolicy[1]["LocalIdentifierType"] = "1"
IpsecIKEPolicy[1]["SALifeTime"] = "28800"
IpsecIKEPolicy[1]["DPDDetectionPeriod"] = "10"
IpsecIKEPolicy[1]["ModeConfigStatus"] = "0"
IpsecIKEPolicy[1]["XAUTHType"] = "2"
IpsecIKEPolicy[1]["DPDFailureCount"] = "3"
IpsecIKEPolicy[1]["AuthAlgorithm"] = "3"
IpsecIKEPolicy[1]["AuthType"] = "0"
IpsecIKEPolicy[1]["DHGroup"] = "5"
IpsecIKEPolicy[1]["DPD"] = "0"
IpsecIKEPolicy[1]["_ROWID_"] = "1"
IpsecIKEPolicy[1]["RemoteIdentifierType"] = "1"
IpsecVPNPolicy[1]["EnableKeepAlive"] = "0"
IpsecVPNPolicy[1]["LocalSubnetMask"] = "255.255.255.0"
IpsecVPNPolicy[1]["EncryptionAlgorithm"] = "5"
IpsecVPNPolicy[1]["AuthAlgorithm"] = "3"
IpsecVPNPolicy[1]["RemoteNetworkType"] = "0"
IpsecVPNPolicy[1]["LocalGateway"] = "0"
IpsecVPNPolicy[1]["RVGStatus"] = "0"
IpsecVPNPolicy[1]["VPNPolicyName"] = "abc"
IpsecVPNPolicy[1]["LocalStartAddress"] = "192.168.1.0"
IpsecVPNPolicy[1]["Status"] = "1"
IpsecVPNPolicy[1]["Netbios"] = "0"
IpsecVPNPolicy[1]["AutoPolicyType"] = "1"
IpsecVPNPolicy[1]["KeepAlivePeriod"] = "10"
IpsecVPNPolicy[1]["PFSKeyGroup"] = "5"
IpsecVPNPolicy[1]["SPIOut"] = "0x"
IpsecVPNPolicy[1]["KeepAliveFailureCount"] = "3"
IpsecVPNPolicy[1]["LocalNetworkType"] = "3"
IpsecVPNPolicy[1]["SALifeTime"] = "3600"
IpsecVPNPolicy[1]["IKEPolicyName"] = "abc"
IpsecVPNPolicy[1]["FailbackTime"] = "30"
IpsecVPNPolicy[1]["RemoteEndPoint"] = "remote.com"
IpsecVPNPolicy[1]["NodeId"] = "1"
IpsecVPNPolicy[1]["SALifeTimeType"] = "0"
IpsecVPNPolicy[1]["PolicyType"] = "1"
IpsecVPNPolicy[1]["SPIIn"] = "0x"
IpsecVPNPolicy[1]["RemoteEndPointType"] = "1"
IpsecVPNPolicy[1]["_ROWID_"] = "1"
IpsecVPNPolicy[1]["Rollover"] = "0"At the glance,
First, what are your netmasks for those networks? I suppose they are 255.255.255.0.
Second, check your Remote Security Group and Local Security Group on B and C for their tunnel. Maybe permutation?
Third, check Routing table (Setup->More->Advanced Routing then at the bottom Show Routing Table).
Should be something like - on B:
10.0.0.0
255.255.255.0
GW for B
10
ipsec0
and on C:
10.0.1.0
255.255.255.0
GW for C
10
ipsec0 -
Could setup VPN but could not connect to the server behind Windows
Hello,
Server 1 and Server 2 are directly connect with cable. Server 1 has 2 NIC.
I want to configure the following network, already have done most of the steps.
Install the Role “Network Policy and Access Services.My
router is configured to assign ip to NIC1 and Linux server. I enabled IP forwarding in Win server from registry. My clients are able to connect to
VPN -> and ping Server 1. But they are unable to ping Server 2 through VPN. But
I am able to ping Server 2 directly from Server 1. Are Server 1 and Server 2 not in same LAN ? Should not outside users be able to ping Server 2 after successful VPN connect ?
Please help with conceptual errors.Hi,
According to your description, my understanding is that VPN client failed to ping internal devices after connecting to VPN server.
Ping command is used to detect network or host communication failures and troubleshoot common TCP/IP connectivity problems by sending ICMP echo request messages and record the receipt of ICMP echo reply messages. Turn off firewalls and protection software(if
any) and then try to ping again. And, ping IP address instead of name.
You have mentioned “enabled IP forwarding in Win server from registry”, since you have installed RRAS on VPN server, if you want the remote access clients to have access to resources on the intranet, I recommend you to enable NAT on VPN server.
Besides, according to the picture, 2 NICs of VPN server and the Linux server are on the same sub network. In general, NIC 2 connects to internal network and NIC1 connect to external network. I recommend you to reference the link below for
Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab(similar configuration with your VPN):
https://technet.microsoft.com/en-us/library/cc757206%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Cant Ping UC320W from 881 but can ping 881 from UC320w
Hi,
Wondering if soembody could help me here. I have a uc320 and router directly connected and I can ping the router from the 320 but cant ping the other way. As a result I only have SIP traffic working outbound but cant get and calls inbound. Im missing something here but cant figure out what
Any ideas ?
Thanks a million
J-PHi,
Thanks for the response. The UC320 has the WAN Interface is statically assigned 192.160.160.2/30 and the gateway is
192.160.160.1 there is no CLI on the 320 so cant provide any config. I can ping the 881 from the 320 no problem but it wont work the other way. Evrything looks like it up and running from show commands etc.
The config of the 881 is below have changed the wan address's etc for obviuos reasons -
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname _Router
boot-start-marker
boot-end-marker
logging message-counter syslog
no aaa new-model
dot11 syslog
ip source-route
ip cef
ip name-server 83.147.160.2
ip name-server 83.147.160.130
no ipv6 cef
multilink bundle-name authenticated
archive
log config
hidekeys
class-map match-any VOIP
match protocol rtp audio
class-map match-any WEB_TRAFFIC
match protocol http
match protocol ftp
match protocol secure-http
match protocol secure-ftp
class-map match-any VIDEO
match protocol rtp video
policy-map QOS_POLICY
class VOIP
priority percent 15
set dscp ef
class WEB_TRAFFIC
bandwidth percent 30
random-detect
set dscp af32
class VIDEO
bandwidth percent 20
set dscp cs4
class class-default
bandwidth percent 30
random-detect
set dscp default
interface FastEthernet0
switchport trunk native vlan 100
switchport mode trunk
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
switchport mode trunk
interface FastEthernet4
bandwidth 5000
no ip address
speed 100
full-duplex
service-policy output QOS_POLICY
interface FastEthernet4.201
description Voice_VLAN
encapsulation dot1Q 201
ip address 172.18.24.x 255.255.255.252
ip nat outside
ip virtual-reassembly
interface FastEthernet4.202
description DATA_VLAN
encapsulation dot1Q 202
ip address 92.51.19.x 255.255.255.252
ip nat outside
ip virtual-reassembly
interface Vlan1
ip address 192.168.160.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Vlan100
ip address 192.160.160.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 92.51.19.X
ip route 172.18.24.x 255.255.255.255 172.18.24.x
no ip http server
no ip http secure-server
ip nat sip-sbc
ip nat inside source static udp 192.160.160.2 5060 interface FastEthernet4.201 5060
ip nat inside source list 1 interface FastEthernet4.201 overload
ip nat inside source list 2 interface FastEthernet4.202 overload
access-list 1 permit 192.160.160.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
banner login
Thanks again
J-P -
My phone wont let me download anything even free stuff or update.it keep saying something wrong with my billing info so i fix it but still cant download.I signed out sign back in still nothing please help i'm getting angry
If it says your billing info is wrong that means that your credit card issuer is refusing to approve your account. You will have to solve the problem with your bank or credit card company.
Maybe you are looking for
-
Can I return my MacBook Air for a full refund
I bought a MacBook Air on the 10th of December and I am disappointed about its lack of power especially as I was going to buy a MacBook Pro but I was advised at the apple store to get a MacBook Air as they thought it would suit my needs better. Will
-
HT2731 how can i make an apple id without a credit card?I only want to download free apps
How can icreat an apple id without a credit card
-
AxisFault seen while invoking document style web service
I am seeing the following stacktrace when I try to invoke a document-style web service. <partnerRole name="MyWebService1_Role"> <ServiceName>{http://idm.oracle.com/}MyWebService1</ServiceName> <PortType>{http://idm.oracle.com/}MyWebService1</PortType
-
Time machine migration when apps on new computer are later versions
I have a time machine backup of my old macbook, just got a new one and it comes with iLife 11 preinstalled. I don't want these apps to be overwritten with my older (iLife 09) apps. Should I rename them first, or delete the older apps off of time mach
-
Hi! Since the sw upgrade to version 7.3.101.0 (wlc 5508) i have the following issue. We have a WLAN with 802.1x (WPA2/AES) secured. Before the update the users need to enter user/ pw every time when they reconnect (WLAN switch off/ on again) to the W