Site not accessable in VRF

Hi,
I have a L3 VPN customer, in my MPLS network who works in a MESH topolgy.Customer is connected to PE on a E1 link. I am finding a problem with one location of the customer. Below is the problem statement and work around done.
1. Customer is not able to access one specific website which is in his Intranet which is located in his HO again on the MPLS network, the web browser shows you as connecting, but the page is not opening. From his LAN ping,trace, telnet to port 443 and 80 is happening.
2. All other 8 locations which is connected to the same MPLS cloud from differnt location on different PE rouers are able to connect to the the server and able to open the webppage.
Work Around.
1. Assinged the affected LAN IP pool to another location where the website is opening, and found it works from that location.So the Source IP blocking issue is sorted out.
2. Checked the configurations at all the locations and found everything to be identical.
All the locations have cisco7609 with 12.2.18SXE working as PE and mtu is set to 1600.
Can anybody help out in this.
Thanks
Abey

It looks like it might be an issue with the path mtu. Have you tried pinging from the client to the server using a 1500 bytes packet and setting the DF bit as follow assuming the workstation is an MS workstation:
ping -f -l 1472
NB: the 1472 bytes is the size of the ICMP echo-request payload, which added to the 8 bytes of ICMP header and 20 bytes of IP header results in 1500 bytes total.
Hope this helps,

Similar Messages

  • SharePoint Site not accessing on Windows Phone

    We have a SharePoint 2010 site. We are planning to give mobile access the same site.
    We are able show this site for Andriod and iPhone users by doing some changes in compact.browser file at web application level.
    But the same site when I am accessing from the Windows Phone I am getting an error saying
    "we're having trouble in displaying this page".
    Is there any specific configurations for Windows Phone?
    Thanks,

    Make sure you have checked below pages incase you plan for mobile site
    http://technet.microsoft.com/en-us/library/gg610510%28v=office.15%29.aspx
    Check for supported authentications and devices
    Table: Mobile authentication support matrix for Office Hub
    SharePoint infrastructure
    Authentication mode
    Authentication provider
    Windows Phone 7.5 or later versions
    SharePoint on-premises
    NTLM
    Active Directory
    Supported
    SharePoint on-premises
    Basic authentication
    Active Directory
    Not supported
    SharePoint on-premises
    SAML
    WS-Federation 1.1 compatible Identity Provider
    Not supported
    SharePoint Online
    Forms-based authentication
    Org-ID
    Supported
    Mobile device operating system
    Operating system version
    Browser
    Smartphone device
    Slate or tablet device
    Windows Phone
    Windows Phone 7.5 or later versions
    Internet Explorer Mobile
    Supported
    Not applicable
    Windows
    Windows 7 or later versions
    Internet Explorer
    Not applicable
    Supported
    iOS
    5.0 or later versions
    Note:
    Video play experience requires iOS version 6.0 or later.
    Safari
    Supported
    Supported
    Important:
    Office Web Apps full functionality is supported on iPad versions 2 and 3 using iOS 6.0 or later versions. Limited viewing and editing functionality is also supported on iPad versions 1, 2, 3 using iOS version 5.1.
    Android
    4.0 or later versions
    Note:
    Video play experience requires Android version 4.1 or later.
    Android Browser
    Supported
    Supported
    Plan for views
    http://technet.microsoft.com/en-us/library/jj673030%28v=office.15%29.aspx
    Also follow below for optimization
    http://blog.mastykarz.nl/optimizing-sharepoint-2013-websites-mobile-devices/
    If this helped you resolve your issue, please mark it Answered

  • Folders in /Library/Webserver/Sites/ not accessable with chmod by ftp

    When i create a new folder within a website and want to give it write permission with chmod 777 by ftp client it changes back to the default setting. So i always have to open server admin > filesharing to accomplish writable folder access.
    Is there a way to do some configuration to avoid this and do this the usal way when webdeveloping by ftp and chmod?
    (local testsites and upload by ftp client, i use transmit)

    Have you tried using "PureFTPd" Manager?
    I found it was much better when it comes to working with Users and Permissions compared to using the built in FTP server chmod permissions.
    Try it out.

  • Can not access Server admin site

    I can not access http://MYSERVER1:50000 site. I get error "The page cannot be displayed. The page you are looking for is currently unavailable.".
    But I was able to access even yesterday. Could you tell me any possible problems and how to fix the error?
    Thanks!
    Mike

    Hi Mike
    That means your J2EE engine is not running...
    Restart the engine, also check that the DB is up and running.
    Regards
    Juan

  • Safari update does not access some web sites

    I just did the latest Mac update, the Safari, Quicktime,Itunes update. And now Safari does not allow me to access my own Flash based web site. It says it's loaded 3 of 4 and then just stops, no error message, nothing, just a blank page.
    And worse I am not the only person having this problem, several other people on Macs, in different parts of the country,and using Safari also can not access my site. However Firefox has no problem on my computer or theirs. Worse still, I am traveling and will be away for several weeks more and it's the holidays which is a key time for my website as it is an important sales tool for my business. There haven't been any changes to the website itself for over a year. I guess I just won't be expecting any business from Mac users this Christmas........
    Also other websites seem to have loading issues as well.
    I used to look forward to Apple updates as they USED to improve the performance of my computer, however the last two updates caused severe problems to a computer that had been working perfectly.

    Hello,
    I'm afraid that site doesn't work either for me with Safari 3.0.4 on OS X 10.4.11.
    The page appears to load but only displays a blank page.
    The W3C (web standards consortium) validation tool shows a few errors with the site: [validation results|http://validator.w3.org/check?uri=www.kosoff.com&charset=%28detect+auto matically%29&doctype=Inline&group=0]

  • I have a web site that I subscribe to and when I pulled it up Firefox asked me if I wanted to allow it or not. Accidently I pressed never allow for this site. Opps . . How do I undo this? I tried restarting and am now stuck as I can not access my website

    I have a web site that I subscribe to and when I pulled it up Firefox asked me if I wanted to allow it or not. Accidently I pressed never allow for this site. Opps . . How do I undo this? I tried restarting and am now stuck as I can not access my website

    Do you mean saving a password?
    If you clicked "Never" then you have created an exception that you need to remove.
    Remove site(s) from the Exceptions:
    * Tools > Options > Security: Passwords: Exceptions
    * https://support.mozilla.com/kb/Remembering+passwords

  • Yosemti OSX 10.10.1 Safari can NOT access US Schwab web site.  Chrome could.  Why???

    OSX10.10.1 Yosemti Safari can NOT access US Charles Schwab web site. 
    Chrome could.  Why????

    Many financial cites are just not compatible with Safari. Contact Schwab and ask them.
    Similar to your other post:
    OSX Yousemite Safari could NOT accesss US Citibank web site.  Chrome could.  Why???

  • AOL mail not updating. Spinning wheel just keep spinning. It hasn't updated in 5 days. I can use the AOL web site and access it on my android phone, but not on my MacBook Pro. OS 10.6.8

    AOL mail not updating. Spinning wheel just keeps spinning. It hasn't updated in 5 days. G-mail updates normally. I can use the AOL web site and access it on my android phone too, but not on my MacBook Pro. OS 10.6.8

    Hello robe427,
    Thanks for using Apple Support Communities.
    To troubleshoot this issue where you are unable to receive email from one of your accounts, please follow the steps in the article linked to below.
    Mac Basics: Use Mail on your Mac
    Take care,
    Alex H.

  • Safari 1.3.2 Not Accessing Some Secure Web Sites Including This One

    Operating system is 10.3.9 running Safari 1.3.2 and today I couldn't access American Express or Apple Discussions web site. I had a lock up yesterday that forced me to do a hard reset. Funny thing is, Safari otherwise is running fine other than not accessing secure sites that I accessed just fine yesterday. FWIW, I am entering this info from a PC not my Mac...Any Ideas.

    Hi Richard!
    It's probably a corrupt Cache or Cookie item.
    Do you know your user names & passwords for sites that require them?
    If so, open Safari Preferences > Security.
    Click on Show Cookies.
    Click on Remove All.
    Click on Done.
    If you do not know your user name & PWs for sites, you will have to individually click on the cookies for the ones that are not opening, and delete them one by one.
    Then from the Safari contextual menu, select Empty Cache.
    Click on Empty.
    Good Luck!
    ali b

  • I bought my ipad mini in the UK and it worked fine, I live in Cyprus and since being back i can not access any web sites

    My web browser( Google ) home page appears but when i type in the web address it does not access them it just constantly appears to be loading.
    Any help would be appreciated
    Thanks

    there are a lot of complaints here about wifi issues with the ipad mini - all seam to deal with 3rd party routers. you might want to check these Threads out.
    did you delete the wifi network on your ipad and reconnect? Are you using WPA2? Did you select TKIP/AES or only one of them? Does your ipad get an ip address?

  • Maintain access to network(shared folders) resources if the site loses access to a Domain Controller?

    Scenario
    Windows 7 users log on to workstations at a site. Domain Controller is up and does the domain authentication for those users across the WAN. Users are then accessing a local(same building) Shared directory on a Windows 2008r2 server, in order to open, modify,
    save new files, etc.
    Then, the site loses access to the Domain Controller due to a WAN outage.
    Question
    Will those users that have already logged onto their Windows 7 workstations continue to have access to the shared resources on the local Windows 2008r2 server with their cached credentials(assuming they don't logoff or restart their machines)?? This has
    been the case in the past, but wondering if anything has changed with Windows 2008??
    Thanks

    Hi,
    The duration that you can access the server depends on when the server requires re-authentication.
    In Windows implementation, SMB session expiration is enforced based upon the client’s support of dynamic re-authentication capability [MS-SMB].
    If the client enables the CAP_DYNAMIC_REAUTH capability bit, the server will enforce session expiration. If a client does not set CAP_DYNAMIC_REAUTH, the Windows server does not return STATUS_NETWORK_SESSION_EXPIRED. 
    The SMB dynamic re-authentication feature was introduced in Windows XP. From there, Windows-based clients set the CAP_DYNAMIC_REAUTH capability bit to indicate to the server that the client supports re-authentication when the Kerberos service ticket for
    the session expires.
    Windows servers do check CAP_DYNAMIC_REAUTH:
    If clientCapabilities sets CAP_DYNAMIC_REAUTH, the server will set Server. Session.AuthenticationExpirationTime to the expiry time returned by AcceptSecuirtyContext.
    If clientCapabilities does not set CAP_DYNAMIC_REAUTH, the server will not set Server. Session.AuthenticationExpirationTime, basically a CAP_DYNAMIC_REAUTH capability bit not set by the client means the session will not expire on the server side.
    To configure Maximum lifetime for service ticket, you can use grouppolicy. The default value of
    Maximum lifetime for service ticket
    in Default Domain Policy is 600 minutes.
    Note:This setting is applied to DC, not clients.
    For detailed information, please view the link below
    CIFS and SMB Timeouts in Windows
    http://blogs.msdn.com/b/openspecification/archive/2013/03/19/cifs-and-smb-timeouts-in-windows.aspx
    Maximum lifetime for service ticket
    http://technet.microsoft.com/en-us/library/jj852188.aspx
    Hope this helps.
    Steven Lee
    TechNet Community Support

  • ASA-5505 Site-to-Site Not Working

    I am somewhat new to Cisco but to do have some experience. I am trying to connect two ASA 5505's together via site-to-site VPN. They are configured with public IPs and all other services are working. I have used the VPN wizard on both boxes successfully but the tunnels are not working. The two devices are on the Comcast network. Any help would be appreacited.
    Site A: ASA 5505 w/50 User license
    Site B: ASA 5505 w/10 User license
    Site A Config:
    ASA Version 8.2(5)
    hostname *********************
    enable password 6.De4e7UzES9wBPg encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    name 192.168.100.10 Web_Server
    name 10.0.6.0 Ghost_Flower_Inside
    name 10.0.5.0 San_Mateo_Inside
    name 10.0.5.100 Any_Connect_100
    name 10.0.5.101 Any_Connect_101
    name 10.0.5.102 Any_Connect_102
    name 10.0.5.103 Any_Connect_103
    name 10.0.5.104 Any_Connect_104
    name 10.0.5.105 Any_Connect_105
    name 10.0.5.106 Any_Connect_106
    name 10.0.5.107 Any_Connect_107
    name 10.0.5.108 Any_Connect_108
    name 10.0.5.109 Any_Connect_109
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    switchport access vlan 12
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.0.5.201 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address 173.10.XXX.XXX 255.255.255.252
    interface Vlan12
    no forward interface Vlan1
    nameif dmz
    security-level 50
    ip address 192.168.100.1 255.255.255.0
    ftp mode passive
    dns domain-lookup outside
    dns server-group DefaultDNS
    name-server 75.75.75.75
    object-group protocol TCPUDP
    protocol-object udp
    protocol-object tcp
    object-group network Any_Connect_DHCP
    network-object host Any_Connect_100
    network-object host Any_Connect_101
    network-object host Any_Connect_102
    network-object host Any_Connect_103
    network-object host Any_Connect_104
    network-object host Any_Connect_105
    network-object host Any_Connect_106
    network-object host Any_Connect_107
    network-object host Any_Connect_108
    network-object host Any_Connect_109
    access-list outside_access_in extended permit tcp any interface outside eq www
    access-list outside_access_in extended permit tcp any interface outside eq ssh
    access-list outside_1_cryptomap extended permit ip San_Mateo_Inside 255.255.255.0 Ghost_Flower_Inside 255.255.255.0
    access-list inside_nat0_outbound extended permit ip San_Mateo_Inside 255.255.255.0 Ghost_Flower_Inside 255.255.255.0
    access-list inside_nat0_outbound extended permit ip object-group Any_Connect_DHCP any
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    mtu dmz 1500
    ip local pool AnyConnectDHCPPool Any_Connect_100-10.0.5.110 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    global (dmz) 1 192.168.100.2 netmask 255.255.255.255
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (dmz,outside) tcp interface www Web_Server www netmask 255.255.255.255
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 173.10.XXX.XXX 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication http console LOCAL
    aaa authentication ssh console LOCAL
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    http 10.0.1.0 255.255.255.0 inside
    http 10.1.10.0 255.255.255.0 outside
    http San_Mateo_Inside 255.255.255.255 inside
    http San_Mateo_Inside 255.255.255.0 inside
    http 0.0.0.0 0.0.0.0 outside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto map outside_map 1 match address outside_1_cryptomap
    crypto map outside_map 1 set peer 173.12.XXX.XXX
    crypto map outside_map 1 set transform-set ESP-3DES-SHA
    crypto map outside_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    vpn-sessiondb max-webvpn-session-limit 10
    telnet timeout 5
    ssh 192.168.1.0 255.255.255.0 inside
    ssh 10.0.1.0 255.255.255.0 inside
    ssh San_Mateo_Inside 255.255.255.0 inside
    ssh 10.1.10.0 255.255.255.0 outside
    ssh 0.0.0.0 0.0.0.0 outside
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside
    dhcpd address 10.0.5.10-10.0.5.30 inside
    dhcpd dns 75.75.75.75 75.75.76.76 interface inside
    dhcpd enable inside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    anyconnect-essentials
    svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 1 regex "Intel Mac OS X"
    svc profiles CATS disk0:/cats.xml
    svc enable
    tunnel-group-list enable
    group-policy DfltGrpPolicy attributes
    dns-server value 75.75.75.75
    vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
    webvpn
      svc profiles value CATS
    username user1 password tTq7bIZ.C4x0j.qv encrypted privilege 15
    username ********* password sPxon1E6hTszm7Ko encrypted privilege 15
    tunnel-group 173.12.XXX.XXX type ipsec-l2l
    tunnel-group 173.12.XXX.XXX ipsec-attributes
    pre-shared-key *****
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:1751532c3624a6c2eec3c1ae0c31fe03
    : end
    Site B:
    ASA Version 8.2(5)
    hostname ***************
    enable password 6.De4e7UzES9wBPg encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    name 192.168.100.10 Web_Server
    name 10.0.6.0 Ghost_Flower_Inside
    name 10.0.5.0 San_Mateo_Inside
    name 10.0.5.100 Any_Connect_100
    name 10.0.5.101 Any_Connect_101
    name 10.0.5.102 Any_Connect_102
    name 10.0.5.103 Any_Connect_103
    name 10.0.5.104 Any_Connect_104
    name 10.0.5.105 Any_Connect_105
    name 10.0.5.106 Any_Connect_106
    name 10.0.5.107 Any_Connect_107
    name 10.0.5.108 Any_Connect_108
    name 10.0.5.109 Any_Connect_109
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    switchport access vlan 12
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.0.5.201 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address 173.10.XXX.XXX 255.255.255.252
    interface Vlan12
    no forward interface Vlan1
    nameif dmz
    security-level 50
    ip address 192.168.100.1 255.255.255.0
    ftp mode passive
    dns domain-lookup outside
    dns server-group DefaultDNS
    name-server 75.75.75.75
    object-group protocol TCPUDP
    protocol-object udp
    protocol-object tcp
    object-group network Any_Connect_DHCP
    network-object host Any_Connect_100
    network-object host Any_Connect_101
    network-object host Any_Connect_102
    network-object host Any_Connect_103
    network-object host Any_Connect_104
    network-object host Any_Connect_105
    network-object host Any_Connect_106
    network-object host Any_Connect_107
    network-object host Any_Connect_108
    network-object host Any_Connect_109
    access-list outside_access_in extended permit tcp any interface outside eq www
    access-list outside_access_in extended permit tcp any interface outside eq ssh
    access-list outside_1_cryptomap extended permit ip San_Mateo_Inside 255.255.255.0 Ghost_Flower_Inside 255.255.255.0
    access-list inside_nat0_outbound extended permit ip San_Mateo_Inside 255.255.255.0 Ghost_Flower_Inside 255.255.255.0
    access-list inside_nat0_outbound extended permit ip object-group Any_Connect_DHCP any
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    mtu dmz 1500
    ip local pool AnyConnectDHCPPool Any_Connect_100-10.0.5.110 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    global (dmz) 1 192.168.100.2 netmask 255.255.255.255
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (dmz,outside) tcp interface www Web_Server www netmask 255.255.255.255
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 173.10.242.182 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication http console LOCAL
    aaa authentication ssh console LOCAL
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    http 10.0.1.0 255.255.255.0 inside
    http 10.1.10.0 255.255.255.0 outside
    http San_Mateo_Inside 255.255.255.255 inside
    http San_Mateo_Inside 255.255.255.0 inside
    http 0.0.0.0 0.0.0.0 outside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto map outside_map 1 match address outside_1_cryptomap
    crypto map outside_map 1 set peer 173.12.XXX.XXX
    crypto map outside_map 1 set transform-set ESP-3DES-SHA
    crypto map outside_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    vpn-sessiondb max-webvpn-session-limit 10
    telnet timeout 5
    ssh 192.168.1.0 255.255.255.0 inside
    ssh 10.0.1.0 255.255.255.0 inside
    ssh San_Mateo_Inside 255.255.255.0 inside
    ssh 10.1.10.0 255.255.255.0 outside
    ssh 0.0.0.0 0.0.0.0 outside
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside
    dhcpd address 10.0.5.10-10.0.5.30 inside
    dhcpd dns 75.75.75.75 75.75.76.76 interface inside
    dhcpd enable inside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    anyconnect-essentials
    svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 1 regex "Intel Mac OS X"
    svc profiles CATS disk0:/cats.xml
    svc enable
    tunnel-group-list enable
    group-policy DfltGrpPolicy attributes
    dns-server value 75.75.75.75
    vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
    webvpn
      svc profiles value CATS
    username ************** password sPxon1E6hTszm7Ko encrypted privilege 15
    tunnel-group 173.12.XXX.XXX type ipsec-l2l
    tunnel-group 173.12.XXX.XXX ipsec-attributes
    pre-shared-key *****
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:1751532c3624a6c2eec3c1ae0c31fe03
    : end

    Hi Kevin,
    Both the sides have IP address of 173.10.XXX.XXX  on the respective Outside interfaces and you have configured the peers for 173.12.X.X.
    Please ensure the correct IP addresses for VPN peers are configured , via the following command:
    crypto map outside_map 1 set peer X.X.X.X
    e.g. If you have 173.10.X.X on Site X and 173.12.X.X on Site Y , then
    On Site X, peer would be
    crypto map outside_map 1 set peer 173.12.X.X
    and the tunnel-group will be
    tunnel-group 173.12.XXX.XXX type ipsec-l2l
    tunnel-group 173.12.XXX.XXX ipsec-attributes
    pre-shared-key *****
    On Site Y, peer would be
    crypto map outside_map 1 set peer 173.10.X.X
    and the tunnel-group will be
    tunnel-group 173.10.XXX.XXX type ipsec-l2l
    tunnel-group 173.10.XXX.XXX ipsec-attributes
    pre-shared-key *****
    Also , the nat exempt would be complimentary on each other i.e.
    On Site X,
    access-list inside_nat0_outbound extended permit ip San_Mateo_Inside 255.255.255.0 Ghost_Flower_Inside 255.255.255.0
    On Site Y,
    access-list inside_nat0_outbound extended permit ip Ghost_Flower_Inside 255.255.255.0 San_Mateo_Inside 255.255.255.0
    Hope that helps.
    Regards,
    Dinesh Moudgil

  • WRT54G2 and WRT54G locks-up (freezes) when blocking web sites using Access Restrictions

    I am convinced that a few Linksys routers such as WRT54G2 and WRT54G have a major issue when blocking web sites using Access Restrictions (Internet Access Policy). After a few hours of internet access by 15 wired users the Linksys locks-up and blocks all internet web access. The only solution is to restart the power on the router.
    We are currently using a Linksys WRT54G2 v1 (firmware 1.0.04). We upgraded the WRT54G2 v1 firmware to the latest 1.0.04 version which did not resolve the issue.  NOTE: We were previosuly using a a Linksys WRT54G v1.1 (firmware 4.21.1) until the power supply blew a week after we started blocking web sites using Access Restrictions (Internet Access Policy).  
    Basically, we have a T1 internet connection and a hub connected to the Linksys router. We are trying to block several web sites such as facebook, myspace, etc. for 15 wired users. We do not use wireless connections.
    This is the 2nd time it happened with 2 different models.
    Please help ASAP.
    Thank you,
    Lance
    (Mod note: Edited post. Some parts off topic.. Thanks!)

    Also,  you have already upgrade/re-flash the firmware of your Linksys Router you need to reset and reconfigure your router from scratch. Press and hold the reset button for 30 seconds...Release the reset button...Unplug the power cable from your router, wait for 30 seconds and re-connect the power cable...Now re-configure your router...

  • Access Denied Error while accessing "Site Settings Access requests and invitations"

    Hi,
    I am getting Access Denied Error while accessing "Site Settings > Access requests and invitations" in SharePoint  2013 online. Currently I am the owner of the site and have "FULL CONTROL" access. I am able to access using
    site collection account. So, what permission I have to give my regular account to access this page?
    Thanks, Pal

    Hello,
    Have you recently changed the Owners group of the site collection or removed the user from the original owners group? 
    The reason I am asking is when the Access requests and invitations list are created, the permissions are given only to the default owners group at the time that the Access Request list was created.  If this "regular account" is not part of that owners
    group, the user will receive access denied.  Site Collection Admins always have permissions for the Access Request List.
    A workaround for the Access Denied issue is listed in the KB article http://support.microsoft.com/kb/2911390/en-us.  By giving the correct group or user the permissions to this list, the users will not receive
    the Access Denied issue anymore.  
    Preferably, in order to grant the user the full permissions ( you will see features like resending invitations may still fail after implementing the above workaround) there is one other workaround that may be required depending on what the original issue
    was.  Below are additional steps to restore full functionality.
    1)Access the /_layouts/15/permsetup.aspx of the site collection, make sure the default Owners Group
    is set correctly.  (There is a group selected)
    2) Add user to that Owners Group.  (Issue may be resolved at this step if the site collection Owners
    Group was never changed, if not continue to next step.)
    3) Implement workaround on http://support.microsoft.com/kb/2911390/en-us, by adding that owners
    group as Full control on Access Request list Permissions.
    Let me know how this works out for you.
    - Shpendi Jashari

  • Issue with the site level access in the trial ac

    I am following the given video to get an understanding of site level access.
    SAP HANA Cloud Portal Setting Access Levels in the Site - YouTube
    I could not find the option of setting the site level access to either public, restricted or private in my trial ac. in the site settings as per the given video above. Could this be some authorization issue or some settings that needs to be done.

    Hello,
    The site access level configuration is now under the Access Managment entry in the side panel.
    Please follow the documentation in the link below.
    SAP HANA Cloud Portal Documentation
    Regards,
    Eliel.

Maybe you are looking for

  • Invoice of downpayment of 100%

    Sometimes  when we sell  a material we sometimes ask the downpayment of 100% of the order. When we deliver a material we issue a delivery note and the final invoice,  but it is impossible to issue a final invoice of 0 Euro with a registration on the

  • BPS variable in BeX

    Hi! I have a question. May I use BPS variable in BeX?

  • I Have done my Objects in 300 Client.I want to Import it into other client

    hi I Have done my Objects in 300 Client.I want to Import it into other client. What is the Procedure for that Please clarify ASAP.. Thanks

  • Gig DWDM connection between 2 x 3750's

    We have a customer that has a gig DWDM connection between 2 cat3750's. The interfaces are SMF. He is complaining of throughput issues. He has a pair of AIX servers transfering a file between them using we believe RPC (not 100% sure). If he does it ac

  • I-pod not working computer will not recognize it

    Last night my I-pod froze I couldn't get it to do anything. After my computer started acting up so I restored it. Now I got my I-pod un froze but all my music is gone? I can't get my computer to recognize it, and it will not download drivers cause it