Seeburger AS2: Authentication_error after upgrade
Hello all,
We've recently upgraded our XI 3.0 system to PI 7.1EHP1, and since this upgrade we're having problems with the Seeburger AS2 adapter (2.1.3). The outbound message (signed and encrypted) to our other party is fine, but the acknowledgment gives an error in the message overview:
Error while parsing AS2 message: AUTHENTICATION_ERROR #
We've checked the certificates in the NWA store, and they are all fine. We've also checked the user for the AS2 adapter in the connection factory, and these settings are also fine. The sender agreement contains a reference to the right certificates in the store.
Has anybody run into the same problem, and does anybody know how to fix it? There are some posts on SDN about this, but they all point towards the certificates (which seem to be fine) and don't offer any further explanation of the problem and a possible solution.
Kind regards, Wilbert
Hello all,
Note 1287778 solved the problem. Thanks for the reply.
Kind regards, Wilbert
Edited by: Wilbert Jeuken on Feb 24, 2010 9:43 AM
Similar Messages
-
Seeburger AS2 issue after PI Upgrade to 7.31
Hi,
After we upgrade the PI from 7.11 to 7.31, we have the following error when we test the Outbound AS2 scenarios.
Message could not be forwarded to the JCA adapter. Reason: Fatal exception: javax.resources.ResourceException:
com/seeburger/uri/dt/master/schema/ReportCategoryType : cannot initialize class because prior initialization attempt failed,
com/seeburger/uri/dt/master/schema/ReportCategoryType : cannot initialize calss because prior initialization attempt failedHi Rick
What is the SP and patch level of your PI 7.31 system? Also, what is the version of your Seeburger installation, and was it upgraded as well?
You can refer to Stefan Hilpp's guide for upgrading Seeburger Upgrade Guide available for Seeburger EDI-Adapters , as well as check OSS note 890721 for the compatibility matrix.
Rgds
Eng Swee -
Seeburger As2 adapter error after upgrade
Hello,
After an upgrade from PI 7.01 to PI 7.11 we have problems with our AS2 seeburger adapter. We installed the compatible version of seeburger but got stuck on the following error:
Message could not be forwarded to the JCA adapter. Reason: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: java.io.IOException: org.bouncycastle.cms.CMSException: key inappropriate for algorithm., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: java.io.IOException: org.bouncycastle.cms.CMSException: key inappropriate for algorithm.
Thanks a lot for any advice,
Regards,
ErikHi
Pls chk the security jar files. you can download the latest version of these from java portal. This might fix the issues related to Key.
Srikanth Srinivasan -
Seeburger 1.8.2 Upgrade: Subject missing in AS2 Ack
Hi All,
After upgrading our PI environment with Seeburger 1.8.2, we started facing an issue in the Ack Report (MDN Response) received in response to the AS2 messages posted to our partner.
We have a scenario, where HTTPS AS2 messages are posted through the Seeburger AS2 Adapter receiver channel to an external partner with 'Handle received MDN option' set as "Refer to XI system".
We have another AS2 Adapter sender Reports channel which receives these MDN and provides confirmation on posting of these messages to the end-users.
After the upgrade, the Subject value is missing in the Ack Reports XML.
Please find below the Ack Reports XML pre-upgrade:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<DtReport xmlns="http://uri.seeburger.com/dt/master/schema">
<correlationId>4ce4a7f9-9dd1-6fb3-e100-00000f8de046</correlationId>
<category>DeliveryReport</category>
<state>SUCCESS</state>
<finalReport>true</finalReport>
<freeText>Received synchronous MDN successfully.</freeText>
<specificData>
<key>messageID</key>
<value><[email protected]></value>
</specificData>
<specificData>
<key>subject</key>
<value>DBDCRI SD=Sender,RV=Receiver,MF=XXX,MT=YYY,FN=0215_0215_2010-11-18T07:35:01.887Z</value>
</specificData>
<specificData>
<key>channelID</key>
<value></value>
</specificData>
<specificData>
<key>channel</key>
<value>DBDC_MDNReport_AS2_Sender</value>
</specificData>
<specificData>
<key>originalchannel</key>
<value>DBDC_PaymentRunFromgSAPAndUlysses_AS2_Receiver</value>
</specificData>
<specificData>
<key>to</key>
<value>DBDC</value>
</specificData>
<specificData>
<key>from</key>
<value>Syngenta</value>
</specificData>
</DtReport>
And please find below the Ack Reports XML pre-upgrade (where the subject is missing now):
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<DtReport xmlns="http://uri.seeburger.com/dt/master/schema">
<clientId>000</clientId>
<correlationId>eec9b8da-a217-4b48-3729-a2c5e55b10f1</correlationId>
<category>DeliveryReport</category>
<state>SUCCESS</state>
<finalReport>true</finalReport>
<freeText>Received synchrone MDN successfully.</freeText>
<specificData>
<key>messageID</key>
<value><[email protected]></value>
</specificData>
<specificData>
<key>subject</key>
<value/>
</specificData>
<specificData>
<key>channelID</key>
<value></value>
</specificData>
<specificData>
<key>channel</key>
<value>DBDC_MDNReport_AS2_Sender_Test</value>
</specificData>
<specificData>
<key>originalchannel</key>
<value>DBDC_PaymentRunFromgSAPAndUlysses_AS2_Receiver_Test</value>
</specificData>
<specificData>
<key>to</key>
<value>DBDC</value>
</specificData>
<specificData>
<key>from</key>
<value>Syngenta</value>
</specificData>
<reportAttachment refID="79282d90-f65a-11df-8fa1-9a790f8de00a">
<ns1:objectInfo charset="binary" creation="2010-11-22T17:03:48.457+00:00" location="MEMORY" size="1237" type="INLINE" xmlns:ns1="http://uri.seeburger.com/bisas/message/schema"/>
</reportAttachment>
</DtReport>
As part of Seeburger upgrade, the below shown latest SCAs have already been deployed:
AS2AdapterXI.sca
SeeBaseToolsXI.sca
SeeExtendedToolsXI.sca
SeeModuleCollectionXI.sca
SeeSolutionIdModuleXI-as2.sca
After the Seeburger upgrade, we have updated the AS2AdapterMetadata.xml within our repository.
Also, we have imported the latest version of the below XSDs into the repository:
dtreport.xsd
dtglobaltypes.xsd
attachments.xsd
dtarchiving.xsd
Could you please help me in resolving this, in case anyone of you have encountered a similar issue previously.
Thanks & Regards,
ROSIE SASIDHARANActually, I saw the rant in the bug reporting tool on dropping pam_userdb.
I understand fully the decision:
- PAM should not have plentora of dependencies: nobody would integrate
pam-sqlite, pam-postgresql or other pam modules with external dependencies
into the 'pam' base package
- Berkley DB has licensing issues, so AUR is a good place for it
- ArchLinux is a bleeding edge distribution, there is no such rule as "keep features for
the current main release".
I'm personally opting for an AUR project 'pam-userdb' which just provides this one module,
so nobody has to migrate 200 users on his production system.
And a short notice on the main page about the dropping of db support in PAM and the
availability of the separate module.
Last edited by andreas_baumann (2014-06-07 12:15:06) -
SEEBURGER AS2: AS2 Adapter failure -- CryptoApiException: Access Denied.
Hi,
I am trying to send AS2 message to my partner by using Certificates and I am getting the following error at AS2 receiver adapter.Looks like it doesn't have User Credentials to access the certificates.But we provided all the details.We are not sure where it is going wrong.
2008-08-30 14:49:42 Error Unable to forward message to JCA adapter. Reason: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed:com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Access Denied., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Access Denied.
Can anyone please suggest us what is missing and where it is going wrong?
Regards
StephanoHi,
1) First of all create the Seeburger Certificates.
2) You have to deploy those certiates in your Visual Administrator.
After that in Interration Builder -
> Receiver Agreement -
> In Security Settings -
>
AS2 Sender Configuration -
> Signing Key -
>give the certificate name over there.
AS2 Sender Configuration -
> Encription Certificate & Authenitication Certificate is there
u have to give u r certificate names over there.
Thanks,
Satya Kumar -
Error in AS2 RCV adapter.. SEEBURGER AS2: 307 Temporary Redirect #
Hi all,
Iam just doing File to File scenario and passing the resultant file to Partner system through AS2 adapter.
I gave the following details in AS2 RCV adapter..
SND>XI->Webdispatcher--->Partner.
My message will be reached to webdispatcher.. from there it will route to Partner Url.
So i will be giving my webdispatcher URL in my AS2 RCV adapter.
TP : HTTP
MP : AS2
Server : vvvvvv.com.NZ
Port : 50000
Url : /as2gs1/partnera
Message is processed succesfully but its failing in AS2 RCV adapter with following error.
Success SEEBURGER/AS2: Received order from system.
Error Unable to forward message to JCA adapter. Reason: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: 307 Temporary Redirect # , SEEBURGER AS2: 307 Temporary Redirect #
Error MP: Exception caught with cause javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: 307 Temporary Redirect # , SEEBURGER AS2: 307 Temporary Redirect #
Error Exception caught by adapter framework: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: 307 Temporary Redirect # , SEEBURGER AS2: 307 Temporary Redirect #
Error Delivery of the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: 307 Temporary Redirect # , SEEBURGER AS2: 307 Temporary Redirect # : javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: 307 Temporary Redirect # , SEEBURGER AS2: 307 Temporary Redirect #.
Error The message status set to NDLV.
Kindly let me know if anyone know th solution.
Regards
Seema.Hi Peter,
>> a, what do you mean with the Web Dispatcher?
We are not using the partner URL directly.We will be using Webdispatcher URL .. from there they have written the rule to goto Partner URL.
>> b, you receive a HTTP code 307, which means that the target AS2 location has been moved. Try to connect the target AS2 server on the URL and check, if it is really there and if it is working.
Looks like this is working.. its showed success state for a while and after few minutes.. its showing the below error in communication channel monitoring.
Delivery of the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: java.net.SocketException: Connection timed out:could be due to invalid address # , SEEBURGER AS2: java.net.SocketException: Connection timed out:could be due to invalid address # : javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: java.net.SocketException: Connection timed out:could be due to invalid address # , SEEBURGER AS2: java.net.SocketException: Connection timed out:could be due to invalid address #.
This is the error it is showing in Seeburger Monitoring.
State : Error on send, will be retried
Status Description : Could not deliver as2 message to partner: java.net.SocketException: Connection timed out:could be due to invalid address # null
What is this error?
Do u think there is no problem with AS2 adapter.. its the problem wit webdispatcher.??
Waiting for your reply.
-Seema. -
Seeburger AS2 receiver adapter conf PI 7.1
Dear All,
I have seen a changed AS2 adapter on PI 7.1,the options are totally different than what we have in previous version of AS2 adapter.
I am looking for seeburger AS2 adapter documents and configuration steps for PI7.1 version.
Any inputs...
chirag
Edited by: Chirag Gohil on Sep 8, 2010 5:03 AMAS2Receiver:
ModuleName: localejbs/ModuleProcessorExitBean
Type: Local Enterprise Bean
Module Key: Exit
-_Module Parameter_-
Module Key: Exit
Parameter Name: JNDIName
Parameter Value: deployedAdapters/SeeXIAS2/shareable/SeeXIAS2
-_Parameters Tab_-
HTTP
Server - Computer with listening AS2 Server
Port - Port of the endpoint with listening AS2 Server
URL Path - Path to the endpoint with listening AS2 server
HTTP Timeout - Timeout in seconds for waiting for server's response
HTTP Keep Alive - If enabled, the HTTP session is re-used. This optimizes the performance.
Basic Authentication
User - User for basic authentication
Password - Password for basic authentication
Realm - Realm for basic authentication
Proxy
Proxy Server - Your proxy server
Proxy Port - The port of the proxy server
Proxy User - User for optional authentication
Proxy Password - Password for optional authentication
Proxy Protocol - Select either - HTTP 1.0 or -HTTP 1.1
AS2
Compress - Select this option if the payload is to be compressed
Sign - Select this if the payload is to be signed
Signing Algorithm - Select an algorithm which is applied for signing the payload; we recommend "SHA-12"
Encrypt - Select this, if the payload is to be encrypted
Encryption Algorithm - Select an algorithm that is used for encrypting the payload; we recommend "RC2/128" or "3DES"
MDN Mode - SYNC to request a synchronous MDN; ASYNC to request an asynchronous MDN; NONE if no MDN is required
Receipt Delivery Address - Enter the URL of the Asynchronous MDNs that are to be delivered (i.e. the URL of your own AS2 server)
MDN Timeout - Enter a time period (in min), after which an outstanding asynchronous MDN will be interpreted as an error. The value "0" means no timeout
Sign MDN - Select this option, if the MDN is to be signed
Message Subject - This text is sent to the server within the optional HTTP header "subject"
Content Type - The content type should be set. A random content type can be set, but we recommend one of the following
= "application/edifact" for EDIFACT files
= "application/edi-x12" for ANSI X.12 files
= "application/xml" for XML files
= "text/plain" for plain text files
= "application/octet-stream" for arbitrary binary files
Delivery transmission report - A special transmission report is delivered to the report channel -
Seeburger AS2 Adapter: Receiving multiple messages
Hi guys,
I'm having some trouble using AS2 Adapter for receiving multiple messages. The problem is really similar to Peter's problem.
Seebuger AS2 adapter for XI as sender for multiple messages
I have it configured for one scenario and it's working fine. The problem is when I'm trying to receive other messages for the same Party but different services. Meaning, I've one Party(example BMW) and several services (BMW_DE, BMW_USA, etc). I'm able to receive messages from service BMW_DE but when configuring BMW_USA I'm getting HTTP 403 Forbidden.
This error may have different reasons:
a) You or your partner has entered an incorrect AS2 ID for one of the involved parties.
b) A valid sender agreement is missing.
c) There are more then one AS2 sender agreements with the same sender AND receiver party.
d) The corresponding inbound channel is set to inactive.
And the problem is that there are two sender agreements. Although the services are different, XI is not able to find the correct sender agreement to be used. After deleting the second second agreement, I'm able to send the respective message....
Can anyone give me a hint on how to solve this problem?Hi,
this is done by different AS2 subjects. The sender agreement is selected based on this. So create separate AS2 receiver adapters for every message you need and put there different message subjects.
So if you'll have 3 AS2 receiver channels with subjects:
MessageType1_DE
MessageType1_US
the AS2 adapter will work like following:
first it tries to find an exact message subject, if it is found, message is "assigned" to this sender agreement. If no exact message matches the subject, then wildcards are used. (this mechanism is described in the Seeburger AS2 guide).
If you are getting 403 HTTP code, there may be also problem with authentication certificates.
Another problem may be, you don't have configured AS2 receiver channel for current subject.
Does this help you? Or you meant it another way?
Peter
p.s. check the answer above my post, Vardharajan's right
Edited by: Peter Jarunek on May 19, 2008 2:11 PM -
Download SEEBURGER AS2 Adapter
Hi All,
I would appreciate if you could let me know, from where I could download the SEEBURGER AS2 adapter which will be compatible to PI 7.10 EhP1?
Regards,
Ramanathan EKAMBARAMHi Hemant,
We have it installed on our current PI 7.0 environment and have the necessary license. However, when I look into Installations and Upgrades - Entry by Application Group - Adapters - Seeburger - XI-A GENERIC EDI BY SEEB., I could see only NW71-PI-A GEN SEEB 2.1 and not SEEBURGER AS2.
Let me know, if SEEBURGER AS2. contains NW71-PI-A GEN SEEB 2.1.
Regards,
Ramanathan EKAMBARAM -
Renewing public key certificate used for Seeburger AS2
My general question is when a public key certificate, used for Seeburger AS2 payload decryption and digital signatures, needs to be renewed, how carefully do the certificate renewal steps need to be coordinated for a seamless transition? More specifically...
1. Once we import the CSR response from the CA, will the public key currently used by our partner become invalid, or will it continue to work until its expiration date?
2. Will our partner be able to validate our signature after the new CSR has been imported, but prior to them applying the new public key certificate in their system?
3. Or can we renew the certificate, import the CSR request, provide our partner with the renewed certificate, and let them apply the certificate at their own volition, provided they do it prior to the original certificate expiration?Hi Kurt
In my experience, the renewal/replacement of AS2 certificates for encryption/decryption & signing/authentication requires coordinated effort on both sides.
This is because AS2 uses asymmetrical encryption, so both parties need to use the same pair of certificates at the same time, i.e. you encrypt on your private key, and partner decrypt on the public key matching your private key. If the keys used do not belong to the same pair, then decryption will not work.
I'm not sure what AS2 software your partner uses and if it has the feature of automatic rollover of certificate, but PI/Seeburger does not. The approach in PI/Seeburger can either be one of the following:-
i) import new cert replacing original cert of the same name
ii) import new cert into new name, manually update sender/receiver agreements
Due to the manual nature of the tasks, normally it requires coordinated effort during a cutover window.
Rgds
Eng Swee -
ASA5510 VPN not working after upgrade from 8.2 to 8.3
Hi,
I have recently upgraded a customer ASA5510 to version 8.3.
After upgrade web access etc is working fine however VPN is down.
The config looks very different after the upgrade plus what looks to be duplicate entries.
I suspect its an access list issue but I'm not sure.
If anyone has any ideas based on the config below it would be greatly appreciated as I'm at a loss....?!
hostname ciscoasa
domain-name default.domain.invalid
enable password NvZgxFP5WhDo0hQl encrypted
passwd FNeDAwBbhVaOtVAu encrypted
names
dns-guard
interface Ethernet0/0
nameif Outside
security-level 0
ip address 217.75.8.203 255.255.255.248
interface Ethernet0/1
nameif Inside
security-level 100
ip address 192.168.1.254 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 10.1.1.1 255.255.255.0
management-only
boot system disk0:/asa832-k8.bin
ftp mode passive
clock timezone GMT/IST 0
clock summer-time GMT/IDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup Inside
dns server-group DefaultDNS
domain-name default.domain.invalid
object network obj-192.168.1.2-04
host 192.168.1.2
object network obj-192.168.1.7-04
host 192.168.1.7
object network obj-192.168.1.0-02
subnet 192.168.1.0 255.255.255.0
object network obj-192.168.2.0-02
subnet 192.168.2.0 255.255.255.0
object network obj-10.1.2.0-02
subnet 10.1.2.0 255.255.255.0
object network obj-192.168.1.224-02
subnet 192.168.1.224 255.255.255.240
object network obj-192.168.1.9-02
host 192.168.1.9
object network obj-192.168.1.2-05
host 192.168.1.2
object network obj-192.168.1.103-02
host 192.168.1.103
object network obj-192.168.1.7-05
host 192.168.1.7
object network NETWORK_OBJ_10.1.2.0_24
subnet 10.1.2.0 255.255.255.0
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object-group network obj-192.168.1.2-02
object-group network obj-192.168.1.7-02
object-group network obj-192.168.1.0-01
object-group network obj-192.168.2.0-01
object-group network obj-10.1.2.0-01
object-group network obj-192.168.1.224-01
object-group network obj-192.168.1.9-01
object-group network obj-192.168.1.2-03
object-group network obj-192.168.1.103-01
object-group network obj-192.168.1.7-03
object-group network obj-192.168.1.2
object-group network obj-192.168.1.7
object-group network obj-192.168.1.0
object-group network obj-192.168.2.0
object-group network obj-10.1.2.0
object-group network obj-192.168.1.224
object-group network obj-192.168.1.9
object-group network obj-192.168.1.2-01
object-group network obj-192.168.1.103
object-group network obj-192.168.1.7-01
object-group network obj_any
object-group network obj-0.0.0.0
object-group network obj_any-01
object-group service MonitcomUDP udp
port-object range 3924 3924
access-list Inside_nat0_inbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Inside_nat0_inbound extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.1.224 255.255.255.240
access-list Outside_cryptomap_60 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Outside_cryptomap_60 extended permit icmp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq smtp
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq pop3
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq 2000 inactive
access-list Outside_access_in extended permit icmp any any
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in extended permit tcp any host 217.75.8.204 eq 1200
access-list Outside_access_in remark Monitcom
access-list Outside_access_in extended permit tcp host 87.232.117.66 host 217.75.8.205 eq 5900
access-list Outside_access_in extended permit udp any host 217.75.8.205 eq 3924
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 220
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 230
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 240
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 250
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 260
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 1433
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in extended permit tcp any host 217.75.8.206 eq www
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq https
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq www
access-list Outside_access_in extended permit udp any any eq 4500 inactive
access-list Outside_access_in extended permit udp any any eq isakmp inactive
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Inside_access_in extended permit ip any any
access-list Inside_access_in extended permit icmp any any
access-list RemoteVPN_splitTunnelAcl standard permit any
access-list Outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Outside_cryptomap_dyn_20 extended permit ip any 192.168.1.224 255.255.255.240
pager lines 24
logging enable
logging asdm warnings
mtu Outside 1500
mtu Inside 1500
mtu management 1500
ip local pool VPNPool 192.168.1.230-192.168.1.240 mask 255.255.255.0
ip verify reverse-path interface Outside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Outside
icmp permit any Inside
asdm location 192.168.1.208 255.255.255.252 Inside
asdm location 192.168.1.103 255.255.255.255 Inside
asdm location 192.168.1.6 255.255.255.255 Inside
asdm location 192.168.1.7 255.255.255.255 Inside
asdm location 192.168.1.9 255.255.255.255 Inside
no asdm history enable
arp timeout 14400
nat (Inside,any) source static obj-192.168.1.0-02 obj-192.168.1.0-02 destination static obj-192.168.2.0-02 obj-192.168.2.0-02 unidirectional
nat (Inside,any) source static obj-192.168.1.0-02 obj-192.168.1.0-02 destination static obj-10.1.2.0-02 obj-10.1.2.0-02 unidirectional
nat (Inside,any) source static any any destination static obj-192.168.1.224-02 obj-192.168.1.224-02 unidirectional
nat (Inside,Outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_10.1.2.0_24 NETWORK_OBJ_10.1.2.0_24
object network obj-192.168.1.2-04
nat (Outside,Inside) static 217.75.8.204
object network obj-192.168.1.7-04
nat (Outside,Inside) static 217.75.8.206
object network obj-192.168.1.0-02
nat (Inside,Outside) dynamic interface
object network obj-192.168.1.9-02
nat (Inside,Outside) static 217.75.8.201
object network obj-192.168.1.2-05
nat (Inside,Outside) static 217.75.8.204
object network obj-192.168.1.103-02
nat (Inside,Outside) static 217.75.8.205
object network obj-192.168.1.7-05
nat (Inside,Outside) static 217.75.8.206
access-group Outside_access_in in interface Outside
access-group Inside_access_in in interface Inside
route Outside 0.0.0.0 0.0.0.0 217.75.8.198 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server DellServerAAA protocol radius
aaa-server DellServerAAA (Inside) host 192.168.1.4
key test
http server enable
http 62.17.29.2 255.255.255.255 Outside
http 82.141.224.155 255.255.255.255 Outside
http 63.218.54.8 255.255.255.252 Outside
http 213.79.44.213 255.255.255.255 Outside
http 192.168.1.0 255.255.255.0 Inside
http 10.1.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection timewait
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec df-bit clear-df Outside
crypto ipsec df-bit clear-df Inside
crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20
crypto map Outside_map 1 match address Outside_1_cryptomap
crypto map Outside_map 1 set peer 89.127.172.29
crypto map Outside_map 1 set transform-set ESP-3DES-SHA
crypto map Outside_map 60 match address Outside_cryptomap_60
crypto map Outside_map 60 set peer 89.105.114.98
crypto map Outside_map 60 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
crypto isakmp identity key-id nattingreallymatters
crypto isakmp enable Outside
crypto isakmp enable Inside
crypto isakmp policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet 192.168.1.0 255.255.255.0 Inside
telnet timeout 5
ssh 82.141.224.155 255.255.255.255 Outside
ssh 62.17.29.2 255.255.255.255 Outside
ssh 213.79.44.213 255.255.255.255 Outside
ssh 192.168.1.0 255.255.255.0 Inside
ssh timeout 5
console timeout 0
management-access Inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy RemoteVPN internal
group-policy RemoteVPN attributes
wins-server value 192.168.1.31
dns-server value 192.168.1.31
default-domain value freefoam.ie
username freefoam password JLYaVf7FqRM2LH0e encrypted
username cork password qbK2Hqt1H5ttJzPD encrypted
tunnel-group 193.114.70.130 type ipsec-l2l
tunnel-group 193.114.70.130 ipsec-attributes
pre-shared-key ******
tunnel-group 89.127.172.29 type ipsec-l2l
tunnel-group 89.127.172.29 ipsec-attributes
pre-shared-key ******
tunnel-group 89.105.114.98 type ipsec-l2l
tunnel-group 89.105.114.98 ipsec-attributes
pre-shared-key *****
tunnel-group RemoteVPN type remote-access
tunnel-group RemoteVPN general-attributes
address-pool VPNPool
authentication-server-group DellServerAAA
default-group-policy RemoteVPN
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect h323 h225
inspect h323 ras
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:0dc16fe893bd4bba6fdf6b7eed93e553Hi,
Many thanks for your reply.
Finally got access to implement your suggestions.
Initially none of the VPN's were up.
After making the change the two VPN's came up.
However only data via the first VPN is possible.
Accessing resources on the 10.1.2.0 network is still not possible.
Attached is the latest config, any input is greatly appreciated;
hostname ciscoasa
domain-name default.domain.invalid
enable password NvZgxFP5WhDo0hQl encrypted
passwd FNeDAwBbhVaOtVAu encrypted
names
dns-guard
interface Ethernet0/0
nameif Outside
security-level 0
ip address 217.75.8.203 255.255.255.248
interface Ethernet0/1
nameif Inside
security-level 100
ip address 192.168.1.254 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 10.1.1.1 255.255.255.0
management-only
boot system disk0:/asa832-k8.bin
ftp mode passive
clock timezone GMT/IST 0
clock summer-time GMT/IDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup Inside
dns server-group DefaultDNS
domain-name default.domain.invalid
object network obj-192.168.1.2-04
host 192.168.1.2
object network obj-192.168.1.7-04
host 192.168.1.7
object network obj-192.168.1.0-02
subnet 192.168.1.0 255.255.255.0
object network obj-192.168.2.0-02
subnet 192.168.2.0 255.255.255.0
object network obj-10.1.2.0-02
subnet 10.1.2.0 255.255.255.0
object network obj-192.168.1.224-02
subnet 192.168.1.224 255.255.255.240
object network obj-192.168.1.9-02
host 192.168.1.9
object network obj-192.168.1.2-05
host 192.168.1.2
object network obj-192.168.1.103-02
host 192.168.1.103
object network obj-192.168.1.7-05
host 192.168.1.7
object network NETWORK_OBJ_10.1.2.0_24
subnet 10.1.2.0 255.255.255.0
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object-group network obj-192.168.1.2-02
object-group network obj-192.168.1.7-02
object-group network obj-192.168.1.0-01
object-group network obj-192.168.2.0-01
object-group network obj-10.1.2.0-01
object-group network obj-192.168.1.224-01
object-group network obj-192.168.1.9-01
object-group network obj-192.168.1.2-03
object-group network obj-192.168.1.103-01
object-group network obj-192.168.1.7-03
object-group network obj-192.168.1.2
object-group network obj-192.168.1.7
object-group network obj-192.168.1.0
object-group network obj-192.168.2.0
object-group network obj-10.1.2.0
object-group network obj-192.168.1.224
object-group network obj-192.168.1.9
object-group network obj-192.168.1.2-01
object-group network obj-192.168.1.103
object-group network obj-192.168.1.7-01
object-group network obj_any
object-group network obj-0.0.0.0
object-group network obj_any-01
object-group service MonitcomUDP udp
port-object range 3924 3924
access-list Inside_nat0_inbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Inside_nat0_inbound extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.1.224 255.255.255.240
access-list Outside_cryptomap_60 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Outside_cryptomap_60 extended permit icmp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq smtp
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq pop3
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq 2000 inactive
access-list Outside_access_in extended permit icmp any any
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in extended permit tcp any host 217.75.8.204 eq 1200
access-list Outside_access_in remark Monitcom
access-list Outside_access_in extended permit tcp host 87.232.117.66 host 217.75.8.205 eq 5900
access-list Outside_access_in extended permit udp any host 217.75.8.205 eq 3924
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 220
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 230
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 240
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 250
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 260
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 1433
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in extended permit tcp any host 217.75.8.206 eq www
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq https
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq www
access-list Outside_access_in extended permit udp any any eq 4500 inactive
access-list Outside_access_in extended permit udp any any eq isakmp inactive
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Inside_access_in extended permit ip any any
access-list Inside_access_in extended permit icmp any any
access-list RemoteVPN_splitTunnelAcl standard permit any
access-list Outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Outside_cryptomap_dyn_20 extended permit ip any 192.168.1.224 255.255.255.240
access-list global_access extended permit ip any any
access-list Outside_cryptomap_80_3 extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Split-tunnel standard permit 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm warnings
mtu Outside 1500
mtu Inside 1500
mtu management 1500
ip local pool VPNPool 192.168.1.230-192.168.1.240 mask 255.255.255.0
ip verify reverse-path interface Outside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Outside
icmp permit any Inside
asdm image disk0:/asdm-647.bin
asdm location 192.168.1.208 255.255.255.252 Inside
asdm location 192.168.1.103 255.255.255.255 Inside
asdm location 192.168.1.6 255.255.255.255 Inside
asdm location 192.168.1.7 255.255.255.255 Inside
asdm location 192.168.1.9 255.255.255.255 Inside
no asdm history enable
arp timeout 14400
nat (Inside,any) source static obj-192.168.1.0-02 obj-192.168.1.0-02 destination static obj-192.168.2.0-02 obj-192.168.2.0-02
nat (Inside,any) source static obj-192.168.1.0-02 obj-192.168.1.0-02 destination static obj-10.1.2.0-02 obj-10.1.2.0-02
nat (Inside,any) source static any any destination static obj-192.168.1.224-02 obj-192.168.1.224-02 unidirectional
nat (Inside,Outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_10.1.2.0_24 NETWORK_OBJ_10.1.2.0_24
object network obj-192.168.1.2-04
nat (Outside,Inside) static 217.75.8.204
object network obj-192.168.1.7-04
nat (Outside,Inside) static 217.75.8.206
object network obj-192.168.1.0-02
nat (Inside,Outside) dynamic interface
object network obj-192.168.1.9-02
nat (Inside,Outside) static 217.75.8.201
object network obj-192.168.1.2-05
nat (Inside,Outside) static 217.75.8.204
object network obj-192.168.1.103-02
nat (Inside,Outside) static 217.75.8.205
object network obj-192.168.1.7-05
nat (Inside,Outside) static 217.75.8.206
nat (Inside,Outside) after-auto source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24
access-group Outside_access_in in interface Outside
access-group Inside_access_in in interface Inside
access-group global_access global
route Outside 0.0.0.0 0.0.0.0 217.75.8.198 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server DellServerAAA protocol radius
aaa-server DellServerAAA (Inside) host 192.168.1.4
key test
http server enable
http 62.17.29.2 255.255.255.255 Outside
http 82.141.224.155 255.255.255.255 Outside
http 63.218.54.8 255.255.255.252 Outside
http 213.79.44.213 255.255.255.255 Outside
http 192.168.1.0 255.255.255.0 Inside
http 10.1.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection timewait
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec df-bit clear-df Outside
crypto ipsec df-bit clear-df Inside
crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map Outside_map 1 match address Outside_1_cryptomap
crypto map Outside_map 1 set peer 89.127.172.29
crypto map Outside_map 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-DES-SHA ESP-3DES-MD5 ESP-AES-256-MD5 ESP-3DES-SHA ESP-DES-MD5
crypto map Outside_map 60 match address Outside_cryptomap_60
crypto map Outside_map 60 set peer 89.105.114.98
crypto map Outside_map 60 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
crypto isakmp identity key-id nattingreallymatters
crypto isakmp enable Outside
crypto isakmp enable Inside
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash md5
group 5
lifetime 86400
crypto isakmp policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet 192.168.1.0 255.255.255.0 Inside
telnet timeout 5
ssh 82.141.224.155 255.255.255.255 Outside
ssh 62.17.29.2 255.255.255.255 Outside
ssh 213.79.44.213 255.255.255.255 Outside
ssh 192.168.1.0 255.255.255.0 Inside
ssh timeout 5
console timeout 0
management-access Inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable Outside
anyconnect-essentials
svc image disk0:/anyconnect-dart-win-2.5.3055-k9.pkg 1
svc image disk0:/anyconnect-macosx-powerpc-2.5.3055-k9.pkg 2
svc enable
tunnel-group-list enable
group-policy RemoteVPN internal
group-policy RemoteVPN attributes
wins-server value 192.168.1.31
dns-server value 192.168.1.31
vpn-tunnel-protocol IPSec svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split-tunnel
default-domain value freefoam.ie
username freefoam password JLYaVf7FqRM2LH0e encrypted
username cisco password DfO7NBd5PZ1b0kZ1 encrypted privilege 15
username cork password qbK2Hqt1H5ttJzPD encrypted
tunnel-group 193.114.70.130 type ipsec-l2l
tunnel-group 193.114.70.130 ipsec-attributes
pre-shared-key ************
tunnel-group 89.127.172.29 type ipsec-l2l
tunnel-group 89.127.172.29 ipsec-attributes
pre-shared-key ************
tunnel-group 89.105.114.98 type ipsec-l2l
tunnel-group 89.105.114.98 ipsec-attributes
pre-shared-key ************
tunnel-group RemoteVPN type remote-access
tunnel-group RemoteVPN general-attributes
address-pool VPNPool
authentication-server-group DellServerAAA
default-group-policy RemoteVPN
tunnel-group RemoteVPN webvpn-attributes
group-alias Anyconnect enable
tunnel-group RemoteVPN ipsec-attributes
pre-shared-key c0nnect10nParameter$
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect h323 h225
inspect h323 ras
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:fae6b7bc25fcf39daffbcdc6b91c9d8e -
After upgrade 11.1.1.5 to 11.1.1.6, the Web Query (.iqy) does not work. After open the .iqy file in Excel, entered the user and password, it only pulls in "PK" in one cell, instead of the expected analysis report. This was working in 11.1.1.5 before upgrade.
Does anyone know how to correct this issue? Is this a bug in 11.1.1.6, or required some new configuration settings?
Thanks in advance.
DXA bug has been registered.
Bug 14040587 - OBIEE 11.1.1.6: OPENING WEB QUERY (.IQY) FILE IN EXCEL SHOWS JUNK CHARACTERS. -
I cannot update apps after upgrading to Yosemite. Please Help!
Hello,
After upgrading to Yosemite, i wanted to go on to iMovie, but i have to update. So i try to update but it refuses and tells me: "This update is not available for this Apple ID either because it was bought by a different user or the item was refunded or cancelled."
So what i understand is because i bought this mac in the US and I'm using it in the UK its not letting me update it. But what i don't understand is that i was able to upgrade to Yosemite with my mac knowing i was in the UK.
How can i update my applications?
Thank you for your time,
TOAOMAPerform the following, stopping with the first one which works:
1. Open the Mac App Store's Purchases tab. If you're prompted to accept it and the other iLife/iWork applications into your Apple ID, do so.
2. Move them out of the Applications folder(they may need to be put into the Trash temporarily), and then see if you can download them for free from their individual product pages. If you're asked to buy them, see #3.
3. Click here, contact Apple, and wait for a response.
4. Buy them.
(116660) -
Cannot open customize OAF screen after upgrade to 12.1.3
Hi,
After upgrade to 12.1.3, I am not able top open customize OAF screens from Applications.
By following some documents from MOS, I have done the following.
1)-applied patch 9879989 on Linux server.
2)-I am able to install JDeveloper,open and compile my customize programs from JDeveloper installed on Linux server. I compilation, new *.jpx files created from *.jpr
From Oracle Applications, I am getting the same error that I was getting without compiling customize program.
My question is that, how Oracle applications will read the new compiled program. Do all program need to be in specific unix directory ?
I copied all the customized program under " /u01/oracle/jdev_install_dir/jdevhome/jdev/myprojects" .
I think the problem is now to place OAF files in the problem directory, which I don't know.
Do I need to set environment variable like JDEV_USER_HOME in the environment file ?
Please help.
Best RegardsNot sure if your issue is resolved. Did you compile the java sources in JDeveloper and moved all files from myclasses folder to unix under $JAVA_TOP or appropriate directory and deployed the PG files using xmlimporter?
Thanks
Shree -
Cannot use elementary icons themes after upgrading to GTK+-2.22.0 ?
Hello All,
After upgrading to GTK+-2.22.0, elementary icons look horribly wrong for some reason. I thought maybe i need to download the icons themes again (https://launchpad.net/elementaryicons/+download) so i did download the latest elementary icons and install them in ~/icons. However, the icons themes dont look the way they should look. Therefore, I am not sure what i did wrong, or if it had to do with upgrading to GTK+-2.22.0 and i am wondering if i am missing something or need to change some setting.
I am using Xface4 as my Desktop Environments.
Any help would be much appreciated.After upgrading, almost all of my icon themes are broken, including Elementary, which is the only one I actually care about.
*EDIT*
Recent update to libpng seems to have solved it for me. They still don't display properly in the "Appearance -> Theme -> Customize... -> Icons" dialog, but they display properly in Nautilus and on the panels.
Last edited by futuremonkey (2010-10-05 12:17:02)
Maybe you are looking for
-
Fixed Asset calculates extra period for Depreciation
Hi All, I have imported the Fixed Asset for 2007B for the Year 2010. while checking the import, i notice that the system calculates an additional period for depreciation. Here is my scenario : a. Asset Cost = 15,863.12 (purchased on 31-May-2007). b.
-
How do I import an iPhoto library to an existing iPhoto library?
I have about 6-7GB of photos stored in iPhoto on an old MacBook. I want to import them to an existing iPhoto library on my wife's new iMac. What's the best way to do this without losing any data? I have an external USB HD, but I'm not sure the bes
-
What am I to do when the home button and lock button doesn't work on ipod Touch?
On clicking the buttons nothing happens...neither does it lock nor does it go to the home page...the screen is also not timing out....
-
Acrobat 9 Pro. S/N not valid
Dear all; I used to have on my old laptop WIN XP 32. "Adobe Acrobat 9 pro." and i have uninstalled this software because I have a new laptop now WIN 7 64. while installing Adobe Acrobat 9 pro, I am receiving an error message that my Serial number is
-
SMS at the time Invoice invoice is saved
Hi I want to send SMS to the Customer Moblie when his Invoice is Created in the SAP system. The SMS should have the SAP invoice no. and the Amount of Invoice.