Slow downloads when using VPN clients

Similar Messages

• No contact with DHCP server when using VPN Client

  Pretty weird problem I discovered recently.
  We use the VPN Client to connect to a 1841 router. Everything works fine except for one small thing.
  The client do not send out _any_ traffic if the destination is the ip-address of the DHCP-server the client got its original ip-address from.
  This is verified by Wireshark. A ping on the client do not produce any ESP packets towards the VPN concentrator. No matter what traffic you try actually.
  Discovered this when wanting to use Remote Desktop towards the Windows Server that is the local DHCP server and was not able to connect. Then tested ping and still no response. That made me look closer and found out that I could not communicate at all with the DHCP server.
  As I said, pretty weird.
  Anyone else have seen this? Anyone have a solution? Right now I use OpenVPN instead when I need to control that server.
  - Roger

  Hi and thanks for responding.
  Nothing here apart from being unable to send any packets to the dhcp-server. No problem sending to any other system on the same subnet. The same happens when I connect my pc to another subnet that is served by another dhcp-server. Then I can not connect to _that_ dhcp-server. I can then of course connect to the previous dhcp-server.
  I mean _no_ packets are generated out the client at all if the destination are your dhcp-server. No problem with the packet being blocked by a firewall or anything like that. Ping another system on the same subnet as the dhcp-server and the client happily generates ESP packets and sends them to the vpn-concentrator.
  I do not know if it was clear enough in the first post so I am saying it here: the vpn-concentrator gives out the ip for the vpn connection. The dhcp-server I can not connect to is the server that gives the client its ip-address _before_ starting up the vpn client.
  We use this vpn system so the IT personell will be able to connect to restricted resources from their laptops anywhere in the network, also when using wireless.
  This was discovered when one admin wanted to connect from his laptop to a server that also happened to be the dhcp-server that had given his laptop his ip address before he used vpn.
  Should be easy enough for anyone else to test. Just ping your dhcp-server after starting the vpn connection. No RFC 1918 addresses of course, there must be a route from your vpn-concentrator to your dhcp-server and at least icmp echo must be open through any firewall/acl.
  The vpn version is 4.8.00.0440 on Windows XP configured to not allow local LAN access. I might test this with other versions/OS'es when I have the time.
  Regards,
  - Roger

• Slow downloads when using Time Capsule

  When I connect directly to my modem, I can get speed up to 30Mbps.  When I plug my modem into my Time Capsule, my download speeds go way down to under 7Mbps.  Is there any way to increase my speed?

  The TC is  model number A1254 and is at least 3 years old.  i honestly can't remember when I bought it, but it may just be old.
  Yes, that is the Gen1 TC and is old. We have found they get unreliable even if the power supply keeps going after about 3years.
  Anyway.. do some tests..
  1. Factory reset the TC. If you haven't done it already it is worth taking it back to scratch.
  2. Force the speed of the WAN port to 100mbps.
  Your current speed is below the 10mbps everything goes to when things go bad. So check the ethernet cable is good. When you setup WAN, there is option to set the WAN speed. (It is probably missing in v6 airport utility of course).
  3. Check the ethernet cables are good just use them between LAN port of the TC and Mac..
  4. Apple keep trying to update everything all the time but IMO v7.6.1 firmware on the old TC may not be the best.. hold down the option key when you update firmware to choose 7.5.2 firmware and see how that goes.
  But you could just be up for a replacement. If you do get another TC make sure you get it on 7day return as the issue could happen again even with the latest one.
  Use v5 utility. In your profile you are using Lion.. just download and install it.
  http://support.apple.com/kb/DL1482

• Cannot connect using VPN client

  Hi, I have a problem configuring my CISCO ASA 5515-x for VPN client. I succesfully configure AnyConnect and SSL VPN but when client using VPN Client software, they cannot establish the VPN connection. This is my configuration and attached is the error occured when connecting to the firewall. Can anyone help me solve this problem?
  : Saved
  ASA Version 9.1(1)
  hostname ciscoasa
  domain-name g
  ip local pool vpn_client 192.168.2.200-192.168.2.254 mask 255.255.255.0
  ip local pool vpn_250 192.168.3.1-192.168.3.254 mask 255.255.255.0
  interface GigabitEthernet0/0
  nameif DIGI
  security-level 0
  ip address 210.48.*.* 255.255.255.0
  interface GigabitEthernet0/1
  nameif LAN
  security-level 0
  ip address 192.168.2.5 255.255.255.0
  interface GigabitEthernet0/2
  nameif Pone
  security-level 0
  ip address dhcp setroute
  interface GigabitEthernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/4
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/5
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  management-only
  nameif management
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  ftp mode passive
  clock timezone MYT 8
  dns domain-lookup DIGI
  dns server-group DefaultDNS
  name-server 8.8.8.8
  domain-name g
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network NETWORK_OBJ_113.20.*.*_24
  subnet 113.20.*.* 255.255.255.0
  object network NETWORK_OBJ_210.48.*.*_24
  subnet 210.48.*.* 255.255.255.0
  object network CsHiew
  host 192.168.2.9
  object network ERPServer
  host 192.168.2.2
  object network Giap
  host 192.168.2.126
  object network Jennifer
  host 192.168.2.31
  object network KCTan
  host 192.168.2.130
  object network KCTan-NB
  host 192.168.2.77
  object network MailServer
  host 192.168.2.6
  object network YHKhoo
  host 192.168.2.172
  object network Aslina
  host 192.168.2.59
  object network Law
  host 192.168.2.38
  object network Nurul
  host 192.168.2.127
  object network Laylee
  host 192.168.2.17
  object network Ms_Pan
  host 192.168.2.188
  object network Peck_Ling
  host 192.168.2.248
  object network Pok_Leng
  host 192.168.2.36
  object network UBS
  host 192.168.2.21
  object network Ainie
  host 192.168.2.11
  object network Angie
  host 192.168.2.116
  object network Carol
  host 192.168.2.106
  object network ChunKit
  host 192.168.2.72
  object network KKPoong
  host 192.168.2.121
  object network Ben
  host 192.168.2.147
  object network Eva
  host 192.168.2.37
  object network Jacklyn
  host 192.168.2.135
  object network Siew_Peng
  host 192.168.2.149
  object network Suki
  host 192.168.2.61
  object network Yeow
  host 192.168.2.50
  object network Danny
  host 192.168.2.40
  object network Frankie
  host 192.168.2.101
  object network Jamal
  host 192.168.2.114
  object network OcLim
  host 192.168.2.177
  object network Charles
  host 192.168.2.210
  object network Ho
  host 192.168.2.81
  object network YLChow
  host 192.168.2.68
  object network Low
  host 192.168.2.58
  object network Sfgan
  host 192.168.2.15
  object network Joey
  host 192.168.2.75
  object network Rizal
  host 192.168.2.79
  object network 190
  host 192.168.2.190
  object network 191
  host 192.168.2.191
  object network 192
  host 192.168.2.192
  object network 193
  host 192.168.2.193
  object network 194
  host 192.168.2.194
  object network 199
  host 192.168.2.199
  object network 201
  host 192.168.2.201
  object network 203
  host 192.168.2.203
  object network 204
  host 192.168.2.204
  object network 205
  host 192.168.2.205
  object network CNC214
  host 192.168.2.214
  object network Liyana
  host 192.168.2.16
  object network Aipin
  host 192.168.2.22
  object network Annie
  host 192.168.2.140
  object network Ikah
  host 192.168.2.54
  object network Sue
  host 192.168.2.113
  object network Zaidah
  host 192.168.2.32
  object network CKWong
  host 192.168.2.33
  object network KhooSC
  host 192.168.2.47
  object network Neexon-PC
  host 192.168.2.179
  object network Neexon_NB
  host 192.168.2.102
  object network kc
  host 192.168.2.130
  object network P1
  subnet 192.168.2.0 255.255.255.0
  object network NETWORK_OBJ_192.168.2.0_24
  subnet 192.168.2.0 255.255.255.0
  object network NETWORK_OBJ_192.168.2.192_26
  subnet 192.168.2.192 255.255.255.192
  object network NETWORK_OBJ_192.168.10.192_26
  subnet 192.168.10.192 255.255.255.192
  object network VPN
  subnet 192.68.3.0 255.255.255.0
  object network NETWORK_OBJ_192.168.3.0_24
  subnet 192.168.3.0 255.255.255.0
  object-group network HPTM_DIGI
  network-object object CsHiew
  network-object object ERPServer
  network-object object Giap
  network-object object Jennifer
  network-object object KCTan
  network-object object KCTan-NB
  network-object object MailServer
  network-object object YHKhoo
  object-group network Inventory
  network-object object Aslina
  network-object object Law
  network-object object Nurul
  object-group network Account
  network-object object Laylee
  network-object object Ms_Pan
  network-object object Peck_Ling
  network-object object Pok_Leng
  network-object object UBS
  object-group network HR
  network-object object Ainie
  network-object object Angie
  object-group network Heeroz
  network-object object Carol
  network-object object ChunKit
  network-object object KKPoong
  object-group network Sales
  network-object object Ben
  network-object object Eva
  network-object object Jacklyn
  network-object object Siew_Peng
  network-object object Suki
  network-object object Yeow
  object-group network Production
  network-object object Danny
  network-object object Frankie
  network-object object Jamal
  network-object object OcLim
  object-group network Engineering
  network-object object Charles
  network-object object Ho
  network-object object YLChow
  network-object object Joey
  network-object object Rizal
  object-group network Purchasing
  network-object object Low
  network-object object Sfgan
  object-group network Wireless
  network-object object 190
  network-object object 191
  network-object object 192
  network-object object 193
  network-object object 194
  network-object object 199
  network-object object 201
  network-object object 203
  network-object object 204
  network-object object 205
  object-group network IT
  network-object object CNC214
  network-object object Liyana
  object-group network Skype
  network-object object Aipin
  network-object object Annie
  network-object object Ikah
  network-object object Sue
  network-object object Zaidah
  object-group network HPTM-P1
  network-object object CKWong
  network-object object KhooSC
  network-object object Neexon-PC
  network-object object Neexon_NB
  object-group service DM_INLINE_SERVICE_1
  service-object tcp-udp destination eq www
  service-object tcp destination eq https
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group service DM_INLINE_SERVICE_2
  service-object tcp-udp destination eq www
  service-object tcp destination eq https
  access-list DIGI_access_in extended permit ip any any
  access-list DIGI_access_in extended permit icmp any any echo
  access-list LAN_access_in extended deny object-group DM_INLINE_SERVICE_2 object-group Skype any
  access-list LAN_access_in extended deny object-group DM_INLINE_SERVICE_1 object 205 any
  access-list LAN_access_in extended permit ip any any
  access-list DIGI_cryptomap extended permit ip object VPN 113.20.*.* 255.255.255.0
  access-list Pq_access_in extended permit ip any any
  access-list splittun-vpngroup1 extended permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0
  access-list nonat extended permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0
  pager lines 24
  logging enable
  logging asdm informational
  logging recipient-address aaa@***.com level errors
  mtu DIGI 1500
  mtu LAN 1500
  mtu Pone 1500
  mtu management 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-711(1).bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  nat (DIGI,LAN) source static any interface
  nat (Pone,LAN) source static any interface
  nat (DIGI,DIGI) source static NETWORK_OBJ_210.48.*.*_24 NETWORK_OBJ_210.48.*.*_24 destination static NETWORK_OBJ_113.20.*.*_24 NETWORK_OBJ_113.20.*.*_24 no-proxy-arp route-lookup
  nat (LAN,DIGI) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 destination static NETWORK_OBJ_192.168.2.192_26 NETWORK_OBJ_192.168.2.192_26 no-proxy-arp route-lookup
  nat (LAN,DIGI) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 destination static NETWORK_OBJ_192.168.10.192_26 NETWORK_OBJ_192.168.10.192_26 no-proxy-arp route-lookup
  nat (LAN,any) source static any any destination static VPN VPN
  nat (LAN,DIGI) source static any any destination static NETWORK_OBJ_192.168.3.0_24 NETWORK_OBJ_192.168.3.0_24 no-proxy-arp route-lookup
  nat (LAN,DIGI) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 destination static NETWORK_OBJ_192.168.3.0_24 NETWORK_OBJ_192.168.3.0_24 no-proxy-arp route-lookup
  object network VPN
  nat (any,DIGI) dynamic interface
  nat (LAN,Pone) after-auto source dynamic any interface dns
  nat (LAN,DIGI) after-auto source dynamic any interface dns
  access-group DIGI_access_in in interface DIGI
  access-group LAN_access_in in interface LAN
  access-group Pq_access_in in interface Pone
  route Pone 0.0.0.0 0.0.0.0 10.1.*.* 2
  route DIGI 0.0.0.0 0.0.0.0 210.48..*.* 3
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 192.168.2.0 255.255.255.0 LAN
  http 0.0.0.0 0.0.0.0 DIGI
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec ikev2 ipsec-proposal DES
  protocol esp encryption des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal 3DES
  protocol esp encryption 3des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES
  protocol esp encryption aes
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES192
  protocol esp encryption aes-192
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES256
  protocol esp encryption aes-256
  protocol esp integrity sha-1 md5
  crypto ipsec security-association pmtu-aging infinite
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
  crypto dynamic-map DIGI_access_in 20 set ikev1 transform-set ESP-3DES-SHA
  crypto map DIGI_map 65535 ipsec-isakmp dynamic DIGI_access_in
  crypto map DIGI_map interface DIGI
  crypto ca trustpoint ASDM_TrustPoint0
  enrollment self
  fqdn sslvpn.cisco.com
  subject-name CN=sslvpn.cisco.com
  keypair hpmtkeypair
  crl configure
  crypto ca trustpool policy
  crypto ca certificate chain ASDM_TrustPoint0
  certificate ed15c051
      308201ef 30820158 a0030201 020204ed 15c05130 0d06092a 864886f7 0d010105
      0500303c 31193017 06035504 03131073 736c7670 6e2e6369 73636f2e 636f6d31
      1f301d06 092a8648 86f70d01 09021610 73736c76 706e2e63 6973636f 2e636f6d
      301e170d 31333036 32313038 30343438 5a170d32 33303631 39303830 3434385a
      303c3119 30170603 55040313 1073736c 76706e2e 63697363 6f2e636f 6d311f30
      1d06092a 864886f7 0d010902 16107373 6c76706e 2e636973 636f2e63 6f6d3081
      9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100a9 7715ca9e
      4d63204e 66e6517b 9a560be8 188603cc 90bb39a7 c61ef0d8 cd74bf19 8ec33146
      5176547f f43615a2 b8917a03 3a5a9dd6 e087a78a 74bf3a8e 6d7cfad2 0678253d
      b03a677a 52e9ebc0 8e044353 e9fe2055 3cafafa3 3ec74ef9 45eaf8d6 8e554879
      db9bf2fb ebcdb5c3 011bf61f 8c139ed1 a00d300a 8fe4784f 173c7702 03010001
      300d0609 2a864886 f70d0101 05050003 81810046 d32b20a6 a1efb0b5 29c7ed00
      11c0ce87 c58228c9 aae96197 eb275f9a f9da57a1 fc895faf 09a24c0c af43772b
      2818ec29 0a56eb33 c0e56696 dd1fa3bb 151ee0e4 18d27366 92177a31 b2f7842b
      4f5145b9 942fbc49 c785f925 3a909c17 2593efcc 2e410b5c d3026fe1 f48d93c1
      744333e2 c377e5d3 62eebb63 abca4109 d57bb0
    quit
  crypto ikev2 policy 1
  encryption aes-256
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 10
  encryption aes-192
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 20
  encryption aes
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 30
  encryption 3des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 40
  encryption des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 enable DIGI client-services port 443
  crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
  crypto ikev1 enable DIGI
  crypto ikev1 policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 20
  authentication rsa-sig
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 40
  authentication crack
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 50
  authentication rsa-sig
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 60
  authentication pre-share
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 70
  authentication crack
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 80
  authentication rsa-sig
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 90
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 100
  authentication crack
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 110
  authentication rsa-sig
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 130
  authentication crack
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 140
  authentication rsa-sig
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 150
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  track 1 rtr 123 reachability
  telnet 192.168.1.0 255.255.255.0 management
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 DIGI
  ssh timeout 5
  console timeout 0
  vpn-sessiondb max-other-vpn-limit 250
  vpn-sessiondb max-anyconnect-premium-or-essentials-limit 2
  vpn load-balancing
  interface lbpublic DIGI
  interface lbprivate DIGI
  dhcp-client client-id interface Pone
  dhcpd address 192.168.2.10-192.168.2.150 LAN
  dhcpd dns 210.48.*.* 210.48.*.* interface LAN
  dhcpd enable LAN
  dhcpd address 192.168.1.2-192.168.1.254 management
  dhcpd enable management
  threat-detection basic-threat
  threat-detection statistics
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  ssl trust-point ASDM_TrustPoint0 DIGI
  webvpn
  enable DIGI
  anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
  anyconnect profiles anyhpmt_client_profile disk0:/anyhpmt_client_profile.xml
  anyconnect enable
  tunnel-group-list enable
  tunnel-group-preference group-url
  group-policy sslpolicy internal
  group-policy sslpolicy attributes
  vpn-tunnel-protocol ssl-clientless
  webvpn
    url-list none
  group-policy GroupPolicy_anyhpmt internal
  group-policy GroupPolicy_anyhpmt attributes
  wins-server none
  dns-server value 8.8.8.8
  vpn-tunnel-protocol ikev2 ssl-client ssl-clientless
  default-domain value g
  webvpn
    anyconnect profiles value anyhpmt_client_profile type user
  group-policy vpngroup1 internal
  group-policy vpngroup1 attributes
  dns-server value 8.8.8.8
  vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value splittun-vpngroup1
  default-domain value g
  address-pools value vpn_250
  group-policy newvpn internal
  group-policy newvpn attributes
  dns-server value 8.8.8.8
  vpn-tunnel-protocol ikev1 l2tp-ipsec
  default-domain value g
  username cshiew password KK1oQOhoxfwWvya4 encrypted
  username cshiew attributes
  webvpn
    anyconnect keep-installer installed
    anyconnect ask none default anyconnect
  username newuser password GJrqM3H2KqQZv/MI encrypted privilege 1
  tunnel-group vpngroup1 type remote-access
  tunnel-group vpngroup1 general-attributes
  address-pool vpn_250
  default-group-policy vpngroup1
  tunnel-group vpngroup1 webvpn-attributes
  group-alias vpngroup1 enable
  tunnel-group vpngroup1 ipsec-attributes
  ikev1 pre-shared-key *****
  tunnel-group sslhpmt type remote-access
  tunnel-group sslhpmt general-attributes
  default-group-policy sslpolicy
  tunnel-group sslhpmt webvpn-attributes
  group-alias sslhpmt enable
  tunnel-group anyhpmt type remote-access
  tunnel-group anyhpmt general-attributes
  address-pool vpn_client
  default-group-policy GroupPolicy_anyhpmt
  tunnel-group anyhpmt webvpn-attributes
  group-alias anyhpmt enable
  tunnel-group-map default-group vpngroup1
  class-map global-class
  match any
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
  class global-class
    cxsc fail-open
  class class-default
    user-statistics accounting
  policy-map global-policy
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  hpm topN enable
  Cryptochecksum:7a5ee8ff016e63420802423269da864b
  : end

  Hi,
  Safwan Hashan napisano:i dont know which output you referring but this is output from the VPN client.
  We need more information.
  I expect debug output from the ASA.
  To enable debugging and syslog messages, perform the following CLI steps:
  1.
  ASA#configure terminal
  ASA(config)# debug crypto ikev1 127
  ASA(config)# debug crypto ipsec 127
  Enable debuging messages for IKEv1 and IPSec.
  2.
  ASA(config)# logging monitor debug
  Sets syslog messages to be sent to Telnet or SSH sessions.
  Note: You can alternately use the logging buffer debug command to send log messages to a buffer, and then view them later using the show logging command.
  3.
  ASA(config)# terminal monitor
  Sends the syslog messages to a Telnet or SSH session.
  4.
  ASA(config)# logging on
  Enables syslog message generation.
  NOTE: This you have enabled.
  Cleanup CLI
  ASA(config)# no debug crypto ikev1
  ASA(config)# no debug crypto ipsec
  ASA(config)# no logging monitor debug
  ASA(config)# no terminal monitor
  More information: Sensible Debugging and Logging
  I have one suggestion. Change and try.
  group-policy vpngroup1 internal
  group-policy vpngroup1 attributes
  no vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
  vpn-tunnel-protocol ikev1
  Best regards,
  MB
  Please rate all helpful posts. Thx

• Exchange 2013 CU5 , Exchange Power Shell very very very slow reasponse when using get command.

  Exchange 2013 CU5 , Exchange Power Shell very very very slow reasponse when using get command.
  First my organize has Exchange on 2 site like
  site A (internet facing) : 2CAS 2 MB all are Services pack1
  site B (DR Site , no user active on this site) : 2CAS 2MB all are Services pack 1
  so today I upgrade Exchange 2013 from SP1 to CU5 start on "site B" and I found this issue and the details is....
  When I open EMS on any CU5 for query something (like get-mailboxdatabasecopystatus) the response return very slow and some query will not return at all (like get-owavirtualdirectory).
  But If I using EMS on SP1. Everything is ok then I try to use EMS on SP1 connect to CU5 and try to query something. the result is
  some query command cannot return for any result that are server on siteB (just some query command)
  Problem
  EMS on CU5 return very slow result.
  EMS on SP1 still ok.
  Does anyone face this problem before for CU5??? Please help me figure this out. Thank you
  reply from Social.technet

  Hi,
  Have you used the above cmdlets to check your Exchange server health?
  "all other command that I ran on EMS didn't logged on event viewer.", my environment is the same with you. I use Exchange 2013, only errors will be displayed in MSExchange Management. Actually, it is not related to slow EMS response.
  Hope it helps.
  Best regards,
  Amy Wang
  TechNet Community Support

• DSL Connection Very slow ONLY when using wireless router

  My DSL connection was running super slow (approx 136 Kbs) - I disconnected the Linksys wireless router and plugged by DSL modem directly into the computer.  Then my internet speed increased to 1.4 Mbs (a 10 fold increase).
  Any suggestions on how / why my speed drops so extensively when using the Linksys wireless routher (wrt45g).
  Thanks

  Are you using the same test each time to measure the speed?
  The reason I ask is that Windows usually reports its download speed in KB/sec (Kilobytes per second).  But most web (internet) speed tests report their speed in Mbps (Megabits per second.)
  A 1.4 Mbps line will typically pass data at about 140KB/sec.
  To help determine what kind of problem you are having, do the same speed test in 3 different ways:
  1)  Connect one computer, by wire, directly to your modem
  2)  Connect one computer, by wire, directly to your router  (all other computers and network devices should be off).
  3)  Connect one computer, wirelessly, to your router  (all other computers and network devices should be off).
  Report back your results, and also, please state what line speed you are paying for.  Once we have this, we will hopefully be able to help you. 

• Very slow graphics when using AMD Radeon HD 6490M with Yosemite

  I'm using a 15" MacBook Pro early 2011. When I switch to the GPU using gfxCardStatus (or because an app requires it), all graphics become very slow: window dragging, window miniaturize animation, moving the mouse in the menubar etc. 3D view in Maps.app is very slow. All is fine when using the integrated Intel HD 3000. I did not have this problem with Yosemite Developer Previews (I did not install the GMs), nor with Mavericks.
  I tried using AMD kext from the DP, but things are worst (I suppose the kext are not loaded at all because the signature does not match).

  Hi. I tried to do that with the same download package on my Pavilion DV6 CTO Quad edition and it fails to install the driver because of a conflict with the C++ Redistributable 2010 package build into the installer. Does anyone know if HP is going to update the switchable graphic drivers for Windows 8? They better!

• Exchange 2007 Certificate Expired Error when using VPN

  We recently did a server migration to a new domain (split away from part of the company - sept 2013).  I set up the exchange certs and everything worked fine, even when people used the vpn.  Recently (it probably started a few months ago) it has
  started giving cert errors again, but just for VPN users.
  This happens when someone takes their computer or has Outlook 2010 set up on their home computer.  They VPN in and when the program starts, it gives the certificate errors for exchange and for autodiscover saying "The security certificate has expired
  or is not yet valid".  I have checked to make sure that the certs are in fact up to date and are pointing to the correct certificates in IIS.  They haven't changed since I originally set them up.  
  One of the users sent me a picture of the certificate and it is the old cert (that is expired) that used to belong to the previous address when we used the other (completely different) exchange server.  The other users haven't sent me the errors they
  see, but I assume they are similar.  They are able to use exchange if they hit ok on the error box.  I couldn't find anywhere online saying that there was any kind of local caching for certs - it should always call home when connecting.  So
  why are their systems pulling up the old cert when they VPN in, but not when they are hardwired to the internal network on the same computer?
  When using the internal network without the vpn, there aren't any error messages.
  Any ideas?  I've looked around the forums, but I didn't see anything that has helped.  I'm using godaddy for my certs currently.

  Hi,
  Since the Outlook clients work well without VPN, I suggest re-build the VPN (if you don't mind) to verify whether it is a caches issue.
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Slow download when updating or downloading new apps on iTunes

  Hi I am residing in Singapore. Lately, I seem to be experiencing extremely slow downloads from iTunes Store whenever there are updates. Usually, a 200mb + file would take less than 5 minutes to complete the download. Now, it takes more than an hour. Has anyone experiencing this issue?

  Hi all, Im also experiencing extremely slow download rate of apps via App Store these 2 days. Im residing in SG and using Singtel Data as well. Home is Singtel Wifi too. Both data and wifi are CRAWLING when downloading of apps.
  I've tried turning off and on the mobile but it doesnt really work much. For Safari surfing, whatsapp, facebook-ing and etc, all are doing OK as per norm speed. Does anyone has any idea what's really going on? Could it be solely Singtel provider's issue or something else?! My mobile is iPhone 4, with iOS 4.3.5.
  Greatly appreciates prompt solutions to this. Thanks alot!!

• Finder is very slow, particularly when using network drive

  I have a mid-2011 Macbook Air, OSX 10.9.4, and Finder is extremely slow, particularly when I am navigating my Time Capsule.  First, a little history.
  I have tried the fixes listed in these three threads:
  (1) https://discussions.apple.com/thread/3358265?searchText=finder%20slow
  (2) https://discussions.apple.com/thread/1324280?searchText=Finder%20is%20slow
  (3) https://discussions.apple.com/thread/5495797?start=30&tstart=0
  Second, my Time Capsule is new.  I bought it to replace a WD MyBook that used to work really well, and then something changed.  Unfortunately, I assumed that it was some problem on WD's side, so after a year or two of waiting to see if either WD or Apple issued an update to fix it, I assumed it was some kind of file system incompatibility (or other interoperability problem) that wasn't likely to go away, and just sprung for the Time Capsule.  However, after getting all the files on the Time Capsule, the problem remains.  So here's a rundown of what I experience:
  When I navigate the directories on my Time Capsule, if I haven't been in a particular folder, it takes a very long time to load the contents.  On average, it will be 30 seconds, but it is not uncommon for it to be over a minute.  This can happen even if a folder is empty or has just a few files in it.  In addition, adding a subfolder and trying to rename it takes a very long time.  After renaming a new folder, it can then take another full minute or more for the folder to actually show the newly assigned name and bounce into line in alphabetical order.
  Here are some other observations.  First, my connection is very fast, as I'm directly connected to the Time Capsule (albeit via wireless).  Second, there is clearly something extra going on in Finder that is contributing to this issue, because I navigated to different directories using Terminal and did an "ls" command, and as you would expect, the list fired out virtually instantaneously.  Yet, right after that, if I clicked on that same folder with Finder, it would take a minute or more to display the same file names.
  Could it be that the Finder is doing other things at the same time as it is giving me a list of what is in the directory?  For example, could the Finder be loading ALL metadata for each of the files into some database or index being built on the fly every time I pop into a new folder, even if I'm not using a view mode where I am asking to see those other bits of metadata?  If so, that might make sense as I generally am using the network drive to navigate directories of my photographs, and they have a lot more categories of metadata associated with them than do Word docs and PDFs (e.g., date of picture, time of picture, aperture, shutter speed, exposure, etc.).  Or, perhaps is Finder trying to load previews of ALL of the files whenever a directory request is made, so that bouncing through the previews takes less time?  I sort of doubt that, because even after a directory listing finally comes up, it seems to churn a bit on each photo before the preview comes up, which I take as an indication that it's creating each preview only after a request is made for that particular file.  Either way, I will say that in old WinXP and even in the newer Windows 7, if you want to view files in a Detailed setting where you can see other metadata (called "Attributes"), it definitely prioritizes giving you a directory listing, and then continues filling in the various selected Attributes one-by-one after that.  Thus, if you want to sort by the date a photograph was taken (as opposed to its modified or created date, which seem to be default attributes that load as quickly (or nearly as quickly) as the filename), or by the photo's dimensions, it might take a few minutes to load in those attributes for a folder of a couple thousand pictures.  But, critically, if you are not planning on using those attributes, but rather, merely want to see how many files you have in that folder, or select them all and load them into a photo viewer, you won't have to wait for the file system to load the file attributes before you get a listing of the folder's contents.  It seems to me like the Finder, however, might actually be forcing you to wait until it has loaded all of those attributes.
  Does the foregoing sound like a plausible explanation of the problem to those out there with knowledge of how Finder actually works?  And if so, does that bring to mind any potential settings that could be turned off or any other work-arounds (since those I've tried have not fixed the issue)?
  If anyone has other ideas, I am all ears.  I am pretty annoyed that I sunk time into switching over to a Time Capsule on the assumption that Apple couldn't have had a bug this bad, only to find out that I was wrong.  The biggest irony is that my old WinXP computer used to rip through the folder structures with ease on the MyBook, but my fully updated Air is practically crippled by the same task.

  Please read this whole message before doing anything.
  This procedure is a test, not a solution. Don’t be disappointed when you find that nothing has changed after you complete it.
  Step 1
  The purpose of this step is to determine whether the problem is localized to your user account.
  Enable guest logins* and log in as Guest. Don't use the Safari-only “Guest User” login created by “Find My Mac.”
  While logged in as Guest, you won’t have access to any of your documents or settings. Applications will behave as if you were running them for the first time. Don’t be alarmed by this behavior; it’s normal. If you need any passwords or other personal data in order to complete the test, memorize, print, or write them down before you begin.
  Test while logged in as Guest. Same problem?
  After testing, log out of the guest account and, in your own account, disable it if you wish. Any files you created in the guest account will be deleted automatically when you log out of it.
  *Note: If you’ve activated “Find My Mac” or FileVault, then you can’t enable the Guest account. The “Guest User” login created by “Find My Mac” is not the same. Create a new account in which to test, and delete it, including its home folder, after testing.
  Step 2
  The purpose of this step is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login, by a peripheral device, by a font conflict, or by corruption of the file system or of certain system caches.
  Please take this step regardless of the results of Step 1.
  Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards, if applicable. Start up in safe mode and log in to the account with the problem. You must hold down the shift key twice: once when you turn on the computer, and again when you log in.
  Note: If FileVault is enabled, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.
  Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.
  The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
  Test while in safe mode. Same problem?
  After testing, restart as usual (not in safe mode) and verify that you still have the problem. Post the results of Steps 1 and 2.

• -t2cGetCharSet error when using thick client with 1.0.0.15.57

  I think I have found a bug in 1.0.0.15 related to accessing a database using the thick client. I have tested this with 1.0.0.14 release of SQLDeveloper and that version DOES work OK.
  Simply put, I try connecting to a database using the 10g Client on Windows XP and I get "Failure: -t2cGetCharSet" error when running 1.0.0.15.57. I must use 10g thick client so that I can use encyption between the client and the database. 9i thick client doesn't work between Windows and Linux when using encryption. Also, instant client isn't an option; it doesn't support Advanced Security Option (encryption).
  I DID test without encryption enabled to eliminate that as a possible cause and the results were the same.
  If need be, I could back down to 1.0.0.14, but I would prefer not to.

  See:
  Re: TNS Connection Issues
  Raptor does not find My tnsnames
  If don't to solve your problem, let us to know.

• Slow response when using Xcelsius web service connection witn input values

  We've been very successful in using the Xcelsius Web Service Connection. We've recently moved forward toward using input values when calling a web service and having issues with response time. Without input values, it takes 3 - 6 seconds to retrieve and display the results in Xcelsius, but, when using the input values to the web service, it takes about 27 seconds for Xcelsius to retrieve and display the results.  Does anyone have experience with fixing slow response associated with using input values for a web service connection?

  Hi Sharone,
  What's the version of your Xcelsius and BOBJ server?
  I'm asking because using the last version of BOBJ server (BOXI 3.1 SP 3) you have new services on CMC just to help Xcelsius to work better with WebServices.
  Regards,
  Rodrigo.

• Why not pop IE when using VPN

  I use VPN to link a server machine in the OAF(JDeveloper 10).
  But I run the HelloWorldPG.xml, +there are no IE page to pop to display.
  And then throw a error message (connection timed out) in the consoles.
  In the meantime, I have set "Specify Host Name" to VPN IP in the Embedded OC4J Server Perferences.
  What's the reason, and how to solute it, Ths.
  Edited by: Sumury on May 27, 2013 2:33 PM

  Hi,
  Sometimes the connection is very slow over VPN and hence connection times our before the Page is launched. Following are some of the options which could be explored:
  * If the myclass file is already there, system would not recompile all the data and go directly to OC4J server initialization. At times this is enough.
  * If step 1 is not enough, you can try logging into a system where the VPN is fast (through remote login) and then run the program there.
  * This option is to find another instance in your local network and deploy the finalzied code in the final environment.
  Regards
  Sumit

• Slow interface when using 9-slice symbols?

  Hi,
  Just wondering if anyone else experiences really poor performance within the Flash application when using 9-slice symbols?
  I'm using a Quad Core 9300 with 4GB ram, 512mb 780GTX, Windows Vista (32bit) and CS4 with dual 24" screens.  I have noticed it's slightly better in CS5 with Windows 7 but still experiences similar problems.
  I am wondering if maybe it's related to the dual screen setup. I will try disabling one next.
  By slow interface, I mean clicking on a symbol might take 4-5 seconds to register. Double clicking it, another 4-5 seconds, moving it a single pixel, 4-5 seconds etc.  It gets worse the more symbols there are on the stage.  Hide the layer with them on it and it runs fine.
  I've tried using XP compatability mode, disabling windows aero all with no success.
  I'd be very interested to hear if other people have this issue and if anyone has a solution!
  Cheers,
  Joolz

  Hi,
  Just wondering if anyone else experiences really poor performance within the Flash application when using 9-slice symbols?
  I'm using a Quad Core 9300 with 4GB ram, 512mb 780GTX, Windows Vista (32bit) and CS4 with dual 24" screens.  I have noticed it's slightly better in CS5 with Windows 7 but still experiences similar problems.
  I am wondering if maybe it's related to the dual screen setup. I will try disabling one next.
  By slow interface, I mean clicking on a symbol might take 4-5 seconds to register. Double clicking it, another 4-5 seconds, moving it a single pixel, 4-5 seconds etc.  It gets worse the more symbols there are on the stage.  Hide the layer with them on it and it runs fine.
  I've tried using XP compatability mode, disabling windows aero all with no success.
  I'd be very interested to hear if other people have this issue and if anyone has a solution!
  Cheers,
  Joolz

• Could not connect to ESS when using vpn or remote connection to network.

  Hi,
  Our users could not connect directly to ESS when they are using vpn or dial-up.  The ESS link would ask for user id and password.  There is no problem when they are directly connected to the office network.  The ESS page will display directly when they click on it.  It will not ask for user id and password. We are using Single Sign-On.
  thanks,
  krbas

  I have solved the problem. 
  The problem was solved by including the url of our server in the exception list of the IE proxy settings of VPN.
  Thanks to me. :-D
  Now.... How can I assign points to myself?