S/MIME encryption does not work
Hello everbody,
since 2 days I'm trying to get email encryption up and running without any success.
I have a personal certificate from the german mail provider WEB.DE installed including a private key. I also installed the necessary root and mail certificates of this provider so that the chain of trust is given. Keychain says, that the certificate is valid.
I now received a signed email from a friend. This gets his certificate installed into keychain. It is also shown in the adressbook next to his email adress. When I now reply to this mail and check the encrypt button, I get the error message, that the email can not be encrypted and I shall check wether valid certifcates are installed for all recipients.
Sending signed emails works like a charm and I can also check the encrypt button. It is not grayed out.
I deleted all certificates and reinstalled them multiple times with no effect. I also ensured, that I do not have any conflicts with other certificates. The mail adress in the TO field of mail is written in the same way, it is given in the recipients certificate. I also executed first aid from the keychain application. No problems found.
I changed the trust settings in both my own and the recipients certificate in different ways and restarted mail in between. I also restarted osx multiple times. Nothing solved the issue so far.
I read about 50 articels on the web including everything about SMIME encryption in this commuity but I can not find a solution.
What is the problem here?
Best regards...
First, the address associated with the S/MIME public key must exactly match the address to which you're trying to send the encrypted message. The matching is case-sensitive. "[email protected]" does not match "[email protected]".
The recipient's certificate must be valid: not self-signed, expired, or revoked. You can check the status of the certificate in Keychain Access (see below.)
If you can't encrypt messages to a valid address with a valid certificate, continue.
Back up all data.
Launch the Keychain Access application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
Select the login keychain from the list on the left side of the Keychain Access window. If your default keychain has a different name, select that.
If the lock icon in the top left corner of the window shows that the keychain is locked, click to unlock it. You'll be prompted for the keychain password, which is the same as your login password, unless you've changed it.
Right-click or control-click the login entry in the list. From the menu that pops up, select
Change Settings for Keychain "login"
In the sheet that opens, uncheck both boxes, if not already unchecked.
From the menu bar, select
Keychain Access ▹ Preferences ▹ First Aid.
If the box labeled Keep login keychain unlocked is not checked, check it.
Select Keychain from the menu bar and repair the keychain.
Quit and relaunch Mail. Test. If the problem isn't resolved, continue.
Export all S/MIME certificates, delete them from the keychain, and reimport. For instructions, select
Help ▹ Keychain Access Help
from the menu bar and search for the term "export" in the help window. Test.
If the test fails, delete all the certificates again, then reinstall them from fresh copies.
Similar Messages
-
Mail 4.5 Message Encryption Does Not Work per Articles
Apple's various articles and help files on how to send encrypted mail do not work for my currently installed Mail 4.5 on my 10.6.8 OS;
"An Encrypt (closed lock) icon appears next to the Signed icon if you have a personal certificate for a recipient in your keychain; the icon indicates the message will be encrypted when you send it." This DOES NOT WORK.
I followed instructions to create certificates with Keychain Access on both sending and receiving MacBooks, imported each others certificates and set them to trust always per Apple instruction. But Mail 4.5 DOES NOT allow me to send an encrypted email message from an email address with a certificate in KeyChain Access to an email address in KayChain Access; the lock remains grayed out.
I'd appreciate some help (and it would be nice if the Apple articles were corrected also).
Regards,
KayakGuide.comWhen I had this problem originally, I called Apple support. Their solution was to remove all the 'interesting' files from the Library/Mail folder (including the V2 folder and its files) and import all the mailboxes manually. This would have worked but taken an eternity (>50 mailboxes, >100,000 messages), plus recreating rules, etc.
So I started experimenting. The critical files that made Mail not start up correctly were the SmartMailboxes plists (SmartMailboxes.plist, VersionedSmartMailboxes.plist). I deleted them (and their backups) and Mail started up OK. I put them back, Mail failed to start up. (Tried all that after Mail had transitioned all the old mail to V2 but hadn't successfully started up.)
So I cleared my Mail folder, reinstalled it from backup, removed SmartMailbox plists, and started up Mail. Imported everything just fine (except the old MailTags plugin of course), started up normally. Very Happy now. -
Encrypt Message does not work with new Plug-in 7.3
I installed the new Email Security Plug-in 7.3 but now the Encrypt Message button does not work. It is grayed out and unavailable when I attempt to create a new message.
I first tried installed 7.3 over the previous version but every time I opened Outlook I received an error message about XML not loading. I uninstalled the plugin, rebooted and installed it clean and that took care of the XML message. But I then found the encrypt button issue and have not been able to solve that issue. This is not isolated to my machine as I have tried installing it on another machine that never had the plug-in installed before.My understanding is that they completely rewrote it, which is probably why an upgrade doesn't work well...
I did get one way of deploying figured out, the stuff on page 3-20 has some errors.
Here's what I did that works:
Do a clean install on a machine that doesn't have any plugin installed.
Copy the C:\Users\All Users\Cisco\Cisco IronPort Email Security Plug-In\Common directory and its contents to a network accsible share, say \\fs1\share\pluginconfig, so you now have \\fs1\share\pluginconfig\Common, etc...
Copy your BCE_Config_Signed.xml file to the Common folder
Rename that to config_1.xml
Edit the CommonEncryptionConfig.xml to have the following XML:
Now you can push the install with a command line that references the folder (the example on page 3-20 is wrong, no 's' ):
CiscoIronPortEmailSecurity-7-3-0-102.exe /exenoui /qn UseCustomConfig="\\fs\share\pluginconfig"
(if you're doing it on the same machine you did the clean install with, you should uninstall it first...)
Message was edited by: Ken Stieers -
Encryption program does not work in IBM JDK
Hi
I have a encrypt, decrypt program, which does not work in IBM JDK
the code is as below, it gives PBEWithMD5AndDES does not exist kind of error when running with IBM JDK
import java.io.UnsupportedEncodingException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.KeySpec;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
public class MapsPasswordUtil
Cipher ecipher;
Cipher dcipher;
// 8-byte Salt
byte[] salt = { (byte) 0xA9, (byte) 0x9B, (byte) 0xC8, (byte) 0x32,
(byte) 0x56, (byte) 0x35, (byte) 0xE3, (byte) 0x03 };
// Iteration count
int iterationCount = 19;
public MapsPasswordUtil(String passPhrase)
try
KeySpec keySpec = new PBEKeySpec(passPhrase.toCharArray(), salt,
iterationCount);
SecretKey key = SecretKeyFactory.getInstance("PBEWithMD5AndDES")
.generateSecret(keySpec);
ecipher = Cipher.getInstance(key.getAlgorithm());
dcipher = Cipher.getInstance(key.getAlgorithm());
// Prepare the parameter to the ciphers
AlgorithmParameterSpec paramSpec = new PBEParameterSpec(salt,
iterationCount);
// Create the ciphers
ecipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
dcipher.init(Cipher.DECRYPT_MODE, key, paramSpec);
} catch (java.security.InvalidAlgorithmParameterException e)
e.printStackTrace();
} catch (java.security.spec.InvalidKeySpecException e)
e.printStackTrace();
} catch (javax.crypto.NoSuchPaddingException e)
e.printStackTrace();
} catch (java.security.NoSuchAlgorithmException e)
e.printStackTrace();
} catch (java.security.InvalidKeyException e)
e.printStackTrace();
public String encrypt(String str)
try
// Encode the string into bytes using utf-8
byte[] utf8 = str.getBytes("UTF8");
// Encrypt
byte[] enc = ecipher.doFinal(utf8);
// Encode bytes to base64 to get a string
return new sun.misc.BASE64Encoder().encode(enc);
} catch (javax.crypto.BadPaddingException e)
e.printStackTrace();
} catch (IllegalBlockSizeException e)
e.printStackTrace();
} catch (UnsupportedEncodingException e)
e.printStackTrace();
return null;
public String decrypt(String str)
try
// Decode base64 to get bytes
byte[] dec = new sun.misc.BASE64Decoder().decodeBuffer(str);
// Decrypt
byte[] utf8 = dcipher.doFinal(dec);
// Decode using utf-8
return new String(utf8, "UTF8");
} catch (javax.crypto.BadPaddingException e)
e.printStackTrace();
} catch (IllegalBlockSizeException e)
e.printStackTrace();
} catch (UnsupportedEncodingException e)
e.printStackTrace();
} catch (java.io.IOException e)
e.printStackTrace();
return null;
}Works for me with the latest IBM JDK. You will need to specify your context i.e. what platform, what JDK/JRE etc etc etc.
P.S. That exception handling is rubbish.
Edited by: sabre150 on Mar 23, 2009 6:01 AM
I suspect that you are using JDK 1.5 and that you have fallen foul of the bug where key.getAlgorithm() does net return the correct value. You get round this by specifying it as SecretKey key = SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(keySpec);
ecipher = Cipher.getInstance("PBEWithMD5AndDES");Of course if you are clever you will just define a static final constant for this algorithm.
Edited by: sabre150 on Mar 23, 2009 6:09 AM -
I am trying to backup my iPhone on my new iMac iTunes. It is currently backed up on my PC and encrypted. Both PC and iMac iTunes have Encrypted backup selected. My password does not work for either iMac or PC. Should I go ahead and try to backup to my iMac iTunes.
Sorry to hear about your phone jb111jb! We'll do everything we can to help find the best route! The only way to remove the password is flashing the device, but that will erase all the content. Have you ever backed up using Verizon Cloud or Google Sync? Do you have a memory card?
AshleyS_VZW
Follow us on Twitter @VZWSupport -
I backed up and encrypted with password but on restore the password does not work. Advice
After a HD failure on my 2009 iMac,, fittgyed new oner, installedf os (tiger), from original disk, restored all documents etc. changed password with disk utility. over 48 hrs re3setting permissions so switched off. all seemed ok. downloaded combined os updates. Now my password does not work. tried rersetting, no go. Terminal does not have rest password on.
Any suggestions please -
Lan and WLan does not work on Satellite L40-18W
Hi all
I have TOSHIBA Satellite L40-18W and my problem 1- wireless not work & wired lan does not work.
I have download driver and every thing is ok but it does not work ( when i search by wireless i do not find any network. My router is working fine)
plzz help meeeeeHi
Its hard to understand what you mean by not working.
What does this mean exactly?
Are you not able to connect to the internet or what?
Usually if the WLan card and the LAN card have been recognized properly in device manager then the drivers are working fine and the issue could be related to wrong router configuration or maybe to some enabled firewalls, etc
Firstly I recommend checking the router settings. Check if the router has been configured with the right data from ISP and if all other common options have been set correctly.
The notebook supports Realtek Wlan and LAN card.
Check if Wlan card uses the same WLan standard like the WLan router and if right encryption has been used too. -
Windows 7 Prof. decryption on an external hard drive (WD My Passport) DOES NOT WORK
I cannot decrypt files and subfolders of a top folder on a WD My Passport hard drive using the "advanced attributes" of folder "properties". (The "advanced attributes" of folder "properties" works
on the internal hard drive.)
I can decrypt a file individually on the WD My Passport hard drive using "advanced attributes" of folder "properties". However when I try to use "apply changes to this folder, subfolders and files" option, the
decryption DOES NOT WORK on files and subfolders. (The system does not generate any error message just runs through the items and leaves files and subfolders in an encrypted state.)
Is there another way to decrypt files and subfolders of a top folder?I am having this same issue... it seems all my files have been encrypted and I am the original owner of them! Have you found a solution to this problem?
-
NGS Sponsors authentication does not work in case user has non-English character in his password
Hi,
we are using the NAC Guest Server v 2.0.1 and have Sponsors authentication done through Radius servers. Radius servers are Microsoft IAS using AD.
Sponsors user authentication works okay in case user's password includes English characters, but does not work in case an user uses national characters like for example Umlauts in German.
On Radius server I can see these error messages:
User XXXX was denied access.
Reason = Authentication was not successful because an unknown user name or incorrect password was used.
As soon as an user changes his password and uses English characters only, it resolves.
I guess this might be that NGS uses different coding while sending a password to Radius server, but not sure.
Appreciate if anyone knows a root cause and what could be a workaround. Unfortunately our AD policy allows users to use national characters and we can hardly change it. So a change on NGS or Radius side would be more viable.
Many thanks for your help.A case has been opened at Cisco and it is now quite clear that it is a problem with coding.
According to Cisco development team NGS uses UTF-8 coding to send the password, of course encrypted, to the Radius server. This cannot be changed within NGS. We use Radius Microsoft IAS Version 5.2.3790.3959 running on VMWare Windows 2003 SP2. More tests are scheduled to be performed. -
What is up with the Quicktime 7.2 upgrade, it DOES NOT WORK!
Quicktime 7.2 Internet Plug-In does not work with Safari? I am very up to date with all the upgrades to maintain security, and this most recent "upgrade" while may be plugging a security hole for the iPhone does not maintain past functionality. I have searched and done most if not all the suggested fixes (repairing permissions, removing Internet Plug-Ins, installing most up to date flash player, un checking Flash Media MIME setting, even forcing Safari to load w/ Rosetta) and am very disappointed with having to force Safari into Rosetta and shocked to hear the suggestion to abandon Apple altogether and use Firefox. I am using Safari to get away from Netscape and third party software to AVOID conflicts. Worse Firefox does in-fact work making me doubt its' security for internet banking.
When is Apple going to FIX this Quicktime Update so that it works?!Same here. I don't have in Intel Mac, so it's not a Rosetta issue. I've patiently followed every tip I've read in many discussions. Reinstalled Quicktime. Installed Flash 9 Upgrade. Changed Quicktime settings (unchecked enable flash, unchecked Flash Media under MIME settings). Trashed Quicktime preferences.
However in Safari, on upon trying to open any movie trailer on the Quicktime web site
http://www.apple.com/trailers/
or even watch the iLife 08 guided tour
http://www.apple.com/ilife/guidedtour/small.html
I get a Quicktime logo with a question mark. In Firefox (which I've also reinstalled) it quits unexpectedly when trying to open a movie trailer. In my own experiments, I've opened another admin account on my computer and when I log in there, everything works fine. You say "well just use that account then", that would mean me having to transfer all my files to the other account which I don't want to do unless someone has a really quick way to do so. Also, in checking the system preferences for Quicktime under both accounts, I don't see any difference. Both accounts are accessing the same software from the root level Applications folder, so why does it work in one account and not the other? Someone help, as I don't think I can read another 10 page discussion on this. -
MAC Authentication does not work
My MAC Authentication does not work.
I have a ACS 3.0 server set. the MAC address is set in the user name field and in the password field.
I can ping the ACS, I can ping my AP, I can ping my client.
I don't want WEP and I don't want LEAP just MAC. So I set my authentication to "Open with MAC" My client has WEP set to NO WEP and authentication to OPEN
I have the latest drivers for both AP and my 350 Client.
I see that the client is associating and disassociating back and forth non stop. My AP log is full with the following message:
Station 0009.7c9f.xxxx Authentication failed
this is my config:
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname GOM_1200IOS
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
server 10.1.2.197 auth-port 1812 acct-port 1812
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa group server radius wlccp_rad_infra
aaa group server radius wlccp_rad_eap
aaa group server radius wlccp_rad_leap
aaa group server radius wlccp_rad_mac
aaa group server radius wlccp_rad_any
aaa group server radius wlccp_rad_acct
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login wlccp_infra group wlccp_rad_infra
aaa authentication login wlccp_eap_client group wlccp_rad_eap
aaa authentication login wlccp_leap_client group wlccp_rad_leap
aaa authentication login wlccp_mac_client group wlccp_rad_mac
aaa authentication login wlccp_any_client group wlccp_rad_any
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
aaa accounting network wlccp_acct_client start-stop group wlccp_rad_acct
aaa session-id common
enable secret xxxxxx
username Cisco password xxxx
ip subnet-zero
iapp standby timeout 5
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption key 1 size 40bit 7 9DF1C10BF11A transmit-key
ssid GOM_1230
authentication open mac-address mac_methods
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
rts threshold 2312
channel 2462
station-role root
no cdp enable
dot1x reauth-period server
dot1x client-timeout 600
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no cdp enable
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 172.16.43.45 255.255.240.0
no ip route-cache
ip default-gateway 172.16.47.254
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
ip radius source-interface BVI1
access-list 700 permit 000a.b74c.e8c9 0000.0000.0000
access-list 700 permit 0009.7c9f.d6e0 0000.0000.0000
access-list 700 permit 0006.25b1.2f79 0000.0000.0000
access-list 700 permit 000a.b78b.2d19 0000.0000.0000
access-list 700 permit 000b.5f6e.77c8 0000.0000.0000
access-list 700 deny 0000.0000.0000 ffff.ffff.ffff
access-list 701 deny 000b.5f6e.77c8 0000.0000.0000
access-list 701 permit 0000.0000.0000 ffff.ffff.ffff
no cdp run
snmp-server community GOM_AP1230 RO
snmp-server enable traps tty
radius-server local
group AP1230
user brazil nthash 7 1249523544595F517972017912677A3055325A25770B08770D5C5B4E4478087605 group AP1230
radius-server host 10.1.2.197 auth-port 1812 acct-port 1812 key 7 00233C2B
radius-server retransmit 3
radius-server attribute 32 include-in-access-req format %h
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 5 15
end
What is wrong?
Thanks very much for your help.I figured out what was wrong so thank you for stopping by.
I will publish the config for other people to see.
Regards, -
JRE System-level settings does not work - JRE1.6.30
Good day,
I need to set deployment.security.mixcode parameter to "DISABLE" within of deployment.properties configuration file.
Also I wish to place the deployment.properties configuration file is not user-specific path. The default location is
<User Application Data Folder>\Sun\Java\Deployment\deployment.properties.
TO change the default location I read about possibility to use the deployment.config for specifying the System-Level
deployment.properties in the infrastructure.
Unfortunatelly seems does not work. Someone have got experience about system level settings of deployment.properties?
This is the configuration I have used.
deployment.config:
deployment.system.config.mandatory=FALSE
deployment.system.config=file/:C:\Program Files\Java\jre6\lib\deployment.properties
deployment.properties:
#deployment.properties
#Fri Feb 17 15:54:57 CET 2012
deployment.version=6.0
deployment.capture.mime.types=true
deployment.browser.path=C\:\\Program Files\\Internet Explorer\\iexplore.exe
#Java Deployment jre's
#Fri Feb 17 15:54:57 CET 2012
deployment.javaws.jre.0.product=1.6.0_31
deployment.javaws.jre.0.registered=true
deployment.javaws.jre.0.osname=Windows
deployment.javaws.jre.0.platform=1.6
deployment.javaws.jre.0.path=C\:\\Program Files\\Java\\jre6\\bin\\javaw.exe
deployment.javaws.jre.0.location=http\://java.sun.com/products/autodl/j2se
deployment.javaws.jre.0.enabled=true
deployment.javaws.jre.0.osarch=x86
deployment.security.mixcode=DISABLE <<====
Thank you in advance
Adriano C.
Edited by: user12025469 on Feb 20, 2012 6:23 AM
Edited by: user12025469 on Feb 20, 2012 7:48 AMuser12025469 wrote:
This is the configuration I have used.
deployment.config:
deployment.system.config.mandatory=FALSE
deployment.system.config=file/:C:\Program Files\Java\jre6\lib\deployment.propertiesHm, try using a file URL like this:
file\:C:/Program Files/Java/jre6/lib/deployment.propertiesI believe that the file is interpreted as a properties file, which means the colon and slashes need to be escaped. This would be it if you want to use a proper Windows path:
file\:C:\\Program Files\\Java\\jre6\\lib\\deployment.properties -
Copy Protection without DLT - Link does not work
I'm trying to find out how I can protect DVDS with Encore. Or if anyone knows of reasonably priced software to do this. I see there is a link to something called, Protection without DLT, but the link does not work....
Help!
JessicaCSS keys are only licensed to replicators, player manufacturers, etc. so it is highly unlikely that there will ever be a free solution for creating encrypted DVDs.
CSS encryption is worthless, by the way. It has been compromised for over a decade. There are more complex copy-protection methods available that work by creating malformed structures on the DVD meant to confuse "ripping" programs. However, they are an additional cost from third parties and, more significantly, they run the risk of making your product incompatible with older players or with some computer DVD-ROM drives or software players.
Your replication facility can tell you which additional copy-protection methods they offer and what their cost is. -
Cisco 1841 as PPTP client Does not work
Dear All,
I have Cisco 1841 router running the below roles
1) SSL VPN Server
2) PPTP Server
3) Site to Site Connection with Sonicwall router
I want the router to be configured a pptp client to internet vpn server (so that i will get a fixed public ip )
Once i get this ip address i want to use this connection to accept in coming connection and forward ports to internal host,
I went through below
http://www.mreji.eu/content/cisco-router-pptp-client
https://supportforums.cisco.com/thread/2167562
But it does not work as i do not have the option for the below 2 commands in vpdn-group 2 section.(Please see section in blue)
protocol pptp
rotary-group 4
Please Advise and Help
Regards
Hasan Reza
My Current Config is as below
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.06.09 17:55:23 =~=~=~=~=~=~=~=~=~=~=~=
exit
Gateway#show run |
Building configuration...
Current configuration : 25109 bytes
! Last configuration change at 13:33:57 UTC Sun Jun 9 2013 by admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Gateway
boot-start-marker
boot system flash c1841-advsecurityk9-mz.151-2.T1.bin
boot-end-marker
logging buffered 4096
no logging console
enable secret 5 $1$SciF$TlX1tR5qaG9ZE7pdZHcRJ/
no aaa new-model
dot11 syslog
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.236.5.1 10.236.5.20
ip dhcp excluded-address 10.236.5.21 10.236.5.50
ip dhcp excluded-address 172.21.51.2 172.21.51.50
ip dhcp pool ContosoPool
network 10.236.5.0 255.255.255.0
default-router 10.236.5.254
dns-server 213.42.20.20 195.229.241.222
ip dhcp pool DMZ
network 172.21.51.0 255.255.255.0
dns-server 172.21.51.10
default-router 172.21.51.1
domain-name contoso.local
ip cef
ip domain name contoso.local
ip name-server 213.42.20.20
ip name-server 195.229.241.22
ip name-server 195.229.241.222
ip ddns update method dyndns
HTTP
add http://xxxxxx:[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
remove http://xxxxxx:yyyyy@@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
interval maximum 0 1 0 0
multilink bundle-name authenticated
vpdn enable
vpdn-group 2
request-dialin
protocol l2tp
initiate-to ip 173.195.0.42
vpdn-group RAS-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel timeout no-session 15
crypto pki token default removal timeout 0
crypto pki trustpoint TP.StartSSL.CA
enrollment terminal pem
revocation-check none
crypto pki trustpoint TP.StartSSL-vpn
enrollment terminal pem
usage ssl-server
serial-number none
fqdn ssl.spktelecom.com
ip-address none
revocation-check crl
rsakeypair RSA.StartSSL-vpn
crypto pki trustpoint TP-self-signed-1981248591
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1981248591
revocation-check none
rsakeypair TP-self-signed-1981248591
crypto pki trustpoint VMWare
enrollment terminal
revocation-check crl
crypto pki trustpoint OWA
enrollment terminal pem
revocation-check crl
crypto pki certificate chain TP.StartSSL.CA
certificate ca 01
(removed the certificate info for clarity)
quit
crypto pki certificate chain TP.StartSSL-vpn
certificate 0936E1
(removed the certificate info for clarity)9
quit
certificate ca 18
(removed the certificate info for clarity)
quit
crypto pki certificate chain TP-self-signed-1981248591
certificate self-signed 01
(removed the certificate info for clarity)
quit
crypto pki certificate chain VMWare
certificate ca 008EDCE6DBCE6B
(removed the certificate info for clarity)
quit
crypto pki certificate chain OWA
(removed the certificate info for clarity)
license udi pid CISCO1841 sn FCZ122191TW
archive
log config
hidekeys
username admin privilege 15 password 7 1304131F02023B7B7977
username ali password 7 06070328
redundancy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 84000
crypto isakmp key admin_123 address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
crypto ipsec transform-set strongsha esp-3des esp-sha-hmac
crypto dynamic-map mydyn 10
set transform-set strongsha
crypto map Dxb-Auh 1000 ipsec-isakmp dynamic XXXXXXXXXX
interface FastEthernet0/0
description Internal Network (Protected Interface)
ip address 10.236.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
interface BRI0/1/0
no ip address
encapsulation hdlc
shutdown
interface Virtual-Template1
ip unnumbered Dialer1
peer default ip address dhcp-pool ContosoPool
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2 eap
interface Dialer1
ip ddns update hostname XXXXXXX.dyndns.org
ip ddns update dyndns
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1450
dialer pool 1
ppp pap sent-username vermam password 7 13044E155E0913323B
crypto map Dxb-Auh
interface Dialer2
mtu 1460
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 2
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2 callin
ppp eap refuse
ppp chap hostname hasanreza
ppp chap password 7 070E2541470726544541
interface Dialer995
no ip address
ip local pool webssl 10.236.6.10 10.236.6.30
ip forward-protocol nd
ip http server
ip http secure-server
ip nat inside source list nat interface Dialer1 overload
ip nat inside source static tcp 10.236.5.12 25 interface Dialer1 25
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 172.21.51.0 255.255.255.0 10.236.5.253
ip access-list extended internal
permit ip any 10.236.5.0 0.0.0.255
ip access-list extended nat
deny ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
deny ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 any
ip access-list extended nonat
permit ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
ip access-list extended sslacl
ip access-list extended webvpn
permit tcp any any eq 443
logging esm config
access-list 101 permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
control-plane
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
line vty 5 15
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
scheduler allocate 20000 1000
webvpn gateway gateway1
ip interface Dialer1 port 443
ssl encryption rc4-md5
ssl trustpoint TP.StartSSL-vpn
inservice
webvpn install svc flash:/webvpn/anyconnect-win-3.1.00495-k9.pkg sequence 1
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context webvpn
ssl authenticate verify all
url-list "Webservers"
heading "SimpleIT Technologies NBNS Servers"
url-text "Google" url-value "www.google.com"
url-text "Mainframe" url-value "10.236.5.2"
url-text "Mainframe2" url-value "https://10.236.5.2"
nbns-list "ContosoServer"
nbns-server 10.236.5.10
nbns-server 10.236.5.11
nbns-server 10.236.5.12
port-forward "PortForwarding"
local-port 3389 remote-server "10.236.5.10" remote-port 3389 description "Server-DC01"
policy group policy1
url-list "Webservers"
port-forward "PortForwarding"
nbns-list "ContosoServer"
functions file-access
functions file-browse
functions file-entry
functions svc-enabled
svc address-pool "webssl"
svc default-domain "Contoso.Local"
svc keep-client-installed
svc split include 10.236.5.0 255.255.255.0
svc split include 10.236.6.0 255.255.255.0
svc split include 172.31.1.0 255.255.255.0
svc split include 172.21.51.0 255.255.255.0
svc dns-server primary 172.21.51.10
default-group-policy policy1
gateway gateway1
inservice
end
Gateway#Dear All,
I have Cisco 1841 router running the below roles
1) SSL VPN Server
2) PPTP Server
3) Site to Site Connection with Sonicwall router
I want the router to be configured a pptp client to internet vpn server (so that i will get a fixed public ip )
Once i get this ip address i want to use this connection to accept in coming connection and forward ports to internal host,
I went through below
http://www.mreji.eu/content/cisco-router-pptp-client
https://supportforums.cisco.com/thread/2167562
But it does not work as i do not have the option for the below 2 commands in vpdn-group 2 section.(Please see section in blue)
protocol pptp
rotary-group 4
Please Advise and Help
Regards
Hasan Reza
My Current Config is as below
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.06.09 17:55:23 =~=~=~=~=~=~=~=~=~=~=~=
exit
Gateway#show run |
Building configuration...
Current configuration : 25109 bytes
! Last configuration change at 13:33:57 UTC Sun Jun 9 2013 by admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Gateway
boot-start-marker
boot system flash c1841-advsecurityk9-mz.151-2.T1.bin
boot-end-marker
logging buffered 4096
no logging console
enable secret 5 $1$SciF$TlX1tR5qaG9ZE7pdZHcRJ/
no aaa new-model
dot11 syslog
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.236.5.1 10.236.5.20
ip dhcp excluded-address 10.236.5.21 10.236.5.50
ip dhcp excluded-address 172.21.51.2 172.21.51.50
ip dhcp pool ContosoPool
network 10.236.5.0 255.255.255.0
default-router 10.236.5.254
dns-server 213.42.20.20 195.229.241.222
ip dhcp pool DMZ
network 172.21.51.0 255.255.255.0
dns-server 172.21.51.10
default-router 172.21.51.1
domain-name contoso.local
ip cef
ip domain name contoso.local
ip name-server 213.42.20.20
ip name-server 195.229.241.22
ip name-server 195.229.241.222
ip ddns update method dyndns
HTTP
add http://xxxxxx:[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
remove http://xxxxxx:yyyyy@@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
interval maximum 0 1 0 0
multilink bundle-name authenticated
vpdn enable
vpdn-group 2
request-dialin
protocol l2tp
initiate-to ip 173.195.0.42
vpdn-group RAS-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel timeout no-session 15
crypto pki token default removal timeout 0
crypto pki trustpoint TP.StartSSL.CA
enrollment terminal pem
revocation-check none
crypto pki trustpoint TP.StartSSL-vpn
enrollment terminal pem
usage ssl-server
serial-number none
fqdn ssl.spktelecom.com
ip-address none
revocation-check crl
rsakeypair RSA.StartSSL-vpn
crypto pki trustpoint TP-self-signed-1981248591
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1981248591
revocation-check none
rsakeypair TP-self-signed-1981248591
crypto pki trustpoint VMWare
enrollment terminal
revocation-check crl
crypto pki trustpoint OWA
enrollment terminal pem
revocation-check crl
crypto pki certificate chain TP.StartSSL.CA
certificate ca 01
(removed the certificate info for clarity)
quit
crypto pki certificate chain TP.StartSSL-vpn
certificate 0936E1
(removed the certificate info for clarity)9
quit
certificate ca 18
(removed the certificate info for clarity)
quit
crypto pki certificate chain TP-self-signed-1981248591
certificate self-signed 01
(removed the certificate info for clarity)
quit
crypto pki certificate chain VMWare
certificate ca 008EDCE6DBCE6B
(removed the certificate info for clarity)
quit
crypto pki certificate chain OWA
(removed the certificate info for clarity)
license udi pid CISCO1841 sn FCZ122191TW
archive
log config
hidekeys
username admin privilege 15 password 7 1304131F02023B7B7977
username ali password 7 06070328
redundancy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 84000
crypto isakmp key admin_123 address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
crypto ipsec transform-set strongsha esp-3des esp-sha-hmac
crypto dynamic-map mydyn 10
set transform-set strongsha
crypto map Dxb-Auh 1000 ipsec-isakmp dynamic XXXXXXXXXX
interface FastEthernet0/0
description Internal Network (Protected Interface)
ip address 10.236.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
interface BRI0/1/0
no ip address
encapsulation hdlc
shutdown
interface Virtual-Template1
ip unnumbered Dialer1
peer default ip address dhcp-pool ContosoPool
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2 eap
interface Dialer1
ip ddns update hostname XXXXXXX.dyndns.org
ip ddns update dyndns
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1450
dialer pool 1
ppp pap sent-username vermam password 7 13044E155E0913323B
crypto map Dxb-Auh
interface Dialer2
mtu 1460
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 2
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2 callin
ppp eap refuse
ppp chap hostname hasanreza
ppp chap password 7 070E2541470726544541
interface Dialer995
no ip address
ip local pool webssl 10.236.6.10 10.236.6.30
ip forward-protocol nd
ip http server
ip http secure-server
ip nat inside source list nat interface Dialer1 overload
ip nat inside source static tcp 10.236.5.12 25 interface Dialer1 25
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 172.21.51.0 255.255.255.0 10.236.5.253
ip access-list extended internal
permit ip any 10.236.5.0 0.0.0.255
ip access-list extended nat
deny ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
deny ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 any
ip access-list extended nonat
permit ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
ip access-list extended sslacl
ip access-list extended webvpn
permit tcp any any eq 443
logging esm config
access-list 101 permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
control-plane
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
line vty 5 15
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
scheduler allocate 20000 1000
webvpn gateway gateway1
ip interface Dialer1 port 443
ssl encryption rc4-md5
ssl trustpoint TP.StartSSL-vpn
inservice
webvpn install svc flash:/webvpn/anyconnect-win-3.1.00495-k9.pkg sequence 1
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context webvpn
ssl authenticate verify all
url-list "Webservers"
heading "SimpleIT Technologies NBNS Servers"
url-text "Google" url-value "www.google.com"
url-text "Mainframe" url-value "10.236.5.2"
url-text "Mainframe2" url-value "https://10.236.5.2"
nbns-list "ContosoServer"
nbns-server 10.236.5.10
nbns-server 10.236.5.11
nbns-server 10.236.5.12
port-forward "PortForwarding"
local-port 3389 remote-server "10.236.5.10" remote-port 3389 description "Server-DC01"
policy group policy1
url-list "Webservers"
port-forward "PortForwarding"
nbns-list "ContosoServer"
functions file-access
functions file-browse
functions file-entry
functions svc-enabled
svc address-pool "webssl"
svc default-domain "Contoso.Local"
svc keep-client-installed
svc split include 10.236.5.0 255.255.255.0
svc split include 10.236.6.0 255.255.255.0
svc split include 172.31.1.0 255.255.255.0
svc split include 172.21.51.0 255.255.255.0
svc dns-server primary 172.21.51.10
default-group-policy policy1
gateway gateway1
inservice
end
Gateway# -
If I use a check box component then FScommand2 Quit does not work
If I use a check box component then FScommand2 Quit does not
work? Even tho the check box component works fine.
Why is this so? I spent two hours tearing my hair out to work
this out!I have tried to help my friend Blasta and then he export the photo (as you told us to do) the description is lost. Then I have read your god advices I took up one photo in Graphic Converter with result:
---- ExifTool ----
ExifTool Version Number: 9.39
---- System ----
File Name: DSC00160.jpg
Directory: /Users/akesjodin/Documents/Jan 2
File Size: 594 kB
File Modification Date/Time: 2013:12:17 13:46:16+01:00
File Access Date/Time: 2013:12:17 13:51:37+01:00
File Inode Change Date/Time: 2013:12:17 13:48:05+01:00
File Permissions:
rw-r--r--
---- File ----
File Type: JPEG
MIME Type: image/jpeg
Current IPTC Digest: fac9fec98a44c4d807be572ed64373d6
Exif Byte Order: Big-endian (Motorola, MM)
Image Width: 3328
Image Height: 2216
Encoding Process: Baseline DCT, Huffman coding
Bits Per Sample: 8
Color Components: 3
Y Cb Cr Sub Sampling: YCbCr4:2:0 (2 2)
---- JFIF ----
JFIF Version: 1.01
Resolution Unit: inches
X Resolution: 72
Y Resolution: 72
---- IPTC ----
Coded Character Set: UTF8
Application Record Version: 2
Caption-Abstract: Alla bilder Gepe Made in Sweden (41 stycken) utom 17 stycken Agfacolor Service German Made, 1 stycken Agfacolor Dia Agfa, 15 stycken Kodachrome Slide Kodak Processed by Kodak, 5 stycken Kodachrome Transparency Processed by Kodak och 1 stycken okänd...Bergastrand. X. 1970. Blandade bilder. .(Somm?)ar 1970 1 magasin..Torsten Erna 1 magasin..Blandade bilder 710-749...Bergastrand...Vänstra magasinet: Bergastrand 1 år I...12-68. 701.
Object Name: DSC00160
and there is the description text in Caption-Abstract under ----IPTC---
If I use Preview I can´t se any descrption and if I import to Iphoto no descption.
we are very greatful for all help
Maybe you are looking for
-
Error message when updating apps
This is what I get when I try to update an app: We could not complete your purchase INSTALLERROR_DISTRIBUTION_SIGNED_BYAPPLE I have deleted preferences, cookies, caches from Library that was suggested from one topic. I tried the code in Terminal too
-
How to get the process id of a sql statement or a session ....
How to get the process id of a sql statement or a session . ..? Thanks
-
how to retrieve the information about the date and the time of a file. I want to identify my files with filename + date.toString() + time.toString() It because some files may have the same name, but different date and time thanks in advance for it, F
-
Messeed up files after moving Itunes file
ahhhh, someone help me please!!!! I wanted to move the C:\Muziek\Itunes to D:\Muziek\Itunes when I did, the question came if I wanted to move all files that where on C:\Muziek\Itunes to the "D\muziek drive. I chose YES. but now all my files that wher
-
How to know the function module for a message type
hi sd gurus, how can i know the function modules used ( based on message type can i know it?) in inbound idoc processing. can anyone let me know where can i find it out and the related transaction codes Thanks&Regards Srini