SSL VPN Connection error with SA520
Hi there,
I have an SA520 setup and all my users can login to the SSL VPN tunnel except one user. The laptop is running windows 7 64bit and had IE9 installed. When I try to connect her to use an SSL VPN Tunnel, I get the following error: Cisco-SSLVPN-Tunnel Install Failed: Error in getting proxy settings!.
I have made sure the firewall was turned off. Any idea on how to get the ssl tunel connected?
Thanks
Hihi,
we have the same problem, running on Vista 32 bit, and IE9.
On the same machine, using virtual PC and emulating an XP environment it works, what a paradox!
It works also on Win 7 64 bit, although only with the 64 bit version of IE.
Coming back to our Vista issue, we did not find any way to make it work properly.
Tried to turn off firewall, disinstall a lot of stuff that may interphere, etc. , still same problem.
We are a bit annoyed there seems to be no documentation about this error nor troubleshooting help.
Anyone has any suggestion ??
Tks
Similar Messages
-
I setup a Cisco ASA 5510 SSL VPN with the folowing;
IOS 7.2
SSL VPN CLient sslclient-win-1.1.1.164.pkg
Out of 400 users, there is one user having problem installing the SSL Client to his laptop. The user laptop information is;
IBM Thinkpad T40
Windows XP SP 2
Internet Explorer 7
All patches up-to-date
All drivers up-to-date
SSL VPN Client connection process;
- User login with valid account and password
- The SSL VPN Client package will automatically download and installed.
- User will then be connected to SSL VPN
The ERRORS;
1. GUI (Cisco SSL VPN Client installation process)
"The SSL VPN Client driver has Encountered an Error"
2. Event Viewer
The only error in this user event viewer that differs from other users who successfully connected are;
a)
Function: EnableVA
Return code: 0
File: e:\temp\build\workspace\SSLClient\Agent\VAMgr.cpp
Line: 310
Description: unknown
b)
Function: EnableVA
Return code: 0xFE080007
File: e:\temp\build\workspace\SSLClient\Agent\VpnMgr.cpp
Line: 1145
Description: VAMGR_ERROR_ENABLE_VA_FAILED
Anyone know what thus the error means?
BTW, anyone know the link to SSL VPN knowledgebase. i.e errors, root cause, solutions?
ThanksThe Cisco SVC provides end users running Microsoft Windows XP or Windows 2000 with the benefits of a Cisco IPSec VPN client without the administrative overhead required to install and configure an IPSec client. It supports applications and functions unavailable to a standard WebVPN connection.
http://www.cisco.com/univercd/cc/td/doc/product/vpn/svc/svcrn110.htm -
OS X LION 10.8.2 connection error with AFP
Ok the issue is that i tried to access my external harddrive over AFP with OS X LION and got a error message like this one above. I couldn’t login with a registered user .
We had the same problem in a earlier update but somehow got around it follwing the terminal commands from: http://www.alexanderwilde.com/2011/04/os-x-lion-connection-error-with-afp-and-wo rkaround/
But now after the update its back to be broken again...
Please help!
ThanksExactly the same problem here for a satellite user working abroad.
10.8.2 - cannot connect to the server over AFP. I've run the commands in the link posted, no dice.
Users running 10.8.2 on the internal LAN have no issues however, just this one off-site user. -
VPN connection created with CMAK fails to update routing table on Windows 8.1 with error 8000ffff
When my clients connect their CMAK-created VPN, it fails to run the script to set their routing table with the following error:
Custom script (to update your routing table) failed (8000ffff)
My objective is to create a VPN connection with split tunneling - does not use the VPN connection as the client's default gateway.
All my clients are on Windows 8.1 64-bit, and are logged in with Administrative privileges
My VPN Clients are on 10.242.2.0/24, my internal network is on 10.172.16.0/24
I want only traffic for 10.172.16.0 to go via the VPN. Everything else should go via the client's internet connection
My Connection Manager Administration Kit profile, was created on Windows 2012 R2 CMAK with the following settings:
"Make this connection the client's default gateway" is UNticked on the IPv4 tab.
Define a routing table update is specified with a text file containing:
+++ Start of txt file +++
REMOVE_GATEWAY
add 10.172.16.0 mask 255.255.255.0 default metric default if default
+++ End of txt file +++
The txt file is saved in DOS/Windows format (not Unicode or UTF-8 which I've read causes problems)
I've tried everything in lower and upper case in the txt file after reading that the file might be case sensitive
The following appears on the client with logging enabled:
[cmdial32] 10:42:34
03 Pre-Init Event CallingProcess = C:\WINDOWS\system32\rasautou.exe
[cmdial32] 10:42:40
04 Pre-Connect Event ConnectionType = 1
[cmdial32] 10:42:40
06 Pre-Tunnel Event UserName = UserName Domain = DUNSetting = VPN (L2TP x64 NoGW) Tunnel DeviceName = TunnelAddress = vpn.mydomain.tld
[cmdial32] 10:42:43
07 Connect Event
[cmdial32] 10:42:43
09 Custom Action Exe ActionType = Connect Actions Description = (none) ActionPath = CMDL32.EXE. The program was launched successfully.
[cmdial32] 10:42:43
08 Custom Action Dll ActionType = Connect Actions Description = to update your routing table ActionPath = C:\Users\UserName\AppData\Roaming\Microsoft\Network\Connections\Cm\VPN64\CMROUTE.DLL ReturnValue
= 0x8000ffff
[cmdial32] 10:42:43
21 On-Error Event ErrorCode = -2147418113 ErrorSource = to update your routing table
[cmdial32] 10:42:43
13 Disconnect Event CallingProcess = C:\WINDOWS\system32\cmdial32.dll
Where can I find out what error codes 8000ffff or -2147418113 mean?That was it. Thanks, Steven
"By default, the dial-up entry and the VPN entry have Make this connection the default gateway selected.
Leave this default in place, and remove any gateways by using the REMOVE_GATEWAY command in the routing table update file itself."
It seems counter-intuitive to leave
Make this connection the default gateway selected, when I specifically don't want that behaviour, but leaving it selected and using REMOVE_GATEWAY works for me. -
SSL VPN (WebVPN) issues with IOS 15.0(1)M1
Hello everyone... I need your help!
I am having some weird issues with webvpn/anyconnect, please find the relevant information below;
Symptoms:
- AnyConnect Client prompts users with the following error:
"The secure gateway has rejected the agent's VPN connect or reconnect request. A new connection requires re-authentication and must be started manually. Please contact your network administrator if this problem persists."
Debug:
Mar 5 13:09:45:
Mar 5 13:09:45: WV-TUNL: Tunnel CSTP Version recv use 1
Mar 5 13:09:45: WV-TUNL: Allocating tunl_info
Mar 5 13:09:45: WV-TUNL: Allocating stc_config
Mar 5 13:09:45: Inserting static route: 172.25.130.126 255.255.255.255 SSLVPN-VIF36 to routing table
Mar 5 13:09:45: WV-TUNL: Use frame IP addr (172.25.130.126) netmask (255.255.255.255)
Mar 5 13:09:45: WV-TUNL: Tunnel entry create failed:IP= 172.25.130.126 vrf=77 session=0x67234340
Mar 5 13:09:45: HTTP/1.1 401 Unauthorized
Mar 5 13:09:45:
Mar 5 13:09:45:
Mar 5 13:09:45:
Mar 5 13:09:45: Deleting static route: 172.25.130.126 255.255.255.255 SSLVPN-VIF36 from routing table
Mar 5 13:09:45: WV-TUNL: Failed to install (addr 172.25.130.126, table_id 77) to TCP
Mar 5 13:09:45: WV-TUNL*: Received server IP packet 0x6692EB08:
Mar 5 13:09:45: WV-TUNL: CSTP Message frame received from user usr-test (172.25.130.126)
WV-TUNL: Severity ERROR Type USER_LOGOUT
WV-TUNL: Text: HTTP response contained an HTTP error code.
Mar 5 13:09:45: WV-TUNL: Call user logout function
Mar 5 13:09:45: WV-TUNL: Clean-up tunnel session (usr-test)
When the error occurs, the "SVCIP install TCP failed" counter increments:
VPN-Router1# show webvpn stats detail context CUSTOMER-VPN
[snip]
Tunnel Statistics:
Active connections : 1
Peak connections : 3 Peak time : 19:09:04
Connect succeed : 9 Connect failed : 5
Reconnect succeed : 0 Reconnect failed : 0
SVCIP install IOS succeed: 14 SVCIP install IOS failed : 0
SVCIP clear IOS succeed : 18 SVCIP clear IOS failed : 0
SVCIP install TCP succeed: 9 SVCIP install TCP failed : 5
DPD timeout : 0
[snip]
IOS Version Details:
Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
System image file is "disk2:c7200-advipservicesk9-mz.150-1.M1.bin"
The router also runs IPSEC remote access VPN in addition to the webvpn/anyconnect scheme.
Config:
webvpn context CUSTOMER-VPN
title "SSL VPN for Customer"
ssl authenticate verify all
login-message "Enter username and passcode"
policy group CUSTOMER-VPN
functions svc-required
svc keep-client-installed
svc split include 10.1.16.0 255.255.240.0
svc split include 10.1.2.0 255.255.254.0
vrf-name CUSTOMER-VPN
default-group-policy CUSTOMER-VPN
aaa authentication list AAA-LIST
aaa authentication auto
aaa accounting list AAA-LIST
gateway vpn virtual-host customer.xx.com
logging enable
inservice
The error happens sporadically, at least once a week, and on different contexts. Does anyone have any clue on what can cause this issue? Any help is appreciated!Have you seen my post https://supportforums.cisco.com/message/2016069#2016069 ?
At that point in time we were running with local pool definition.
As the http 401 rc happens very sporadically we still gathering incident reports internally.
Will open a case if you did not yet.
cheers, Andy -
Cisco vpn connect problem with 3g dongle
Hi,
I am trying to connect cisco vpn but every time i am getting following error while trying to connect from huawei 3g usb dongle in win8. for win7 it works fine with no issue. Also the problem is only form datacard, form lan and wireless interaface i can easily connect to vpn without any issue. Any help/idea/suggestion highly appreciated?
Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.2.9200
25 08:06:46.846 12/25/13 Sev=Info/4 CM/0x63100002
Begin connection process
26 08:06:46.848 12/25/13 Sev=Info/4 CM/0x63100004
Establish secure connection
27 08:06:46.848 12/25/13 Sev=Info/4 CM/0x63100024
Attempt connection with server "116.68.208.113"
28 08:06:46.849 12/25/13 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 116.68.208.113.
29 08:06:46.855 12/25/13 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
30 08:06:46.858 12/25/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 116.68.208.113
31 08:06:47.145 12/25/13 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
32 08:06:47.145 12/25/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
33 08:06:52.144 12/25/13 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
34 08:06:52.144 12/25/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 116.68.208.113
35 08:06:57.144 12/25/13 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
36 08:06:57.144 12/25/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 116.68.208.113
37 08:07:02.145 12/25/13 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
38 08:07:02.145 12/25/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 116.68.208.113
39 08:07:07.145 12/25/13 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=97205EA6A12866F0 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
40 08:07:07.645 12/25/13 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=97205EA6A12866F0 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
41 08:07:07.645 12/25/13 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "116.68.208.113" because of "DEL_REASON_PEER_NOT_RESPONDING"
42 08:07:07.645 12/25/13 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
43 08:07:07.645 12/25/13 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
44 08:07:07.645 12/25/13 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
45 08:07:08.146 12/25/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
46 08:07:08.146 12/25/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
47 08:07:08.146 12/25/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
48 08:07:08.146 12/25/13 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
49 08:19:59.202 12/25/13 Sev=Info/4 CM/0x63100002
Begin connection process
50 08:19:59.202 12/25/13 Sev=Info/4 CM/0x63100004
Establish secure connection
51 08:19:59.202 12/25/13 Sev=Info/4 CM/0x63100024
Attempt connection with server "116.68.208.113"
52 08:19:59.202 12/25/13 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 116.68.208.113.
53 08:19:59.202 12/25/13 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
54 08:19:59.218 12/25/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 116.68.208.113
55 08:19:59.656 12/25/13 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
56 08:19:59.656 12/25/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
57 08:20:04.656 12/25/13 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
58 08:20:04.656 12/25/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 116.68.208.113
59 08:20:09.656 12/25/13 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
60 08:20:09.656 12/25/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 116.68.208.113
61 08:20:14.656 12/25/13 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
62 08:20:14.656 12/25/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 116.68.208.113
63 08:20:19.656 12/25/13 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=46B8917FD54C64AC R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
64 08:20:20.156 12/25/13 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=46B8917FD54C64AC R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
65 08:20:20.156 12/25/13 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "116.68.208.113" because of "DEL_REASON_PEER_NOT_RESPONDING"
66 08:20:20.156 12/25/13 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
67 08:20:20.156 12/25/13 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
68 08:20:20.156 12/25/13 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
69 08:20:20.156 12/25/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
70 08:20:20.156 12/25/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
71 08:20:20.156 12/25/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
72 08:20:20.156 12/25/13 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stoppedHi Karsten,
Thank you for the reply !!! & best wishes for the new year 2014.
The problem is like this, if i select datacard connection type to NDIS it works but it doesnt work when i select RAS(modem) connection type for 3G datacard it doesnt. (NDIS and RAS(Modem) connection types are the 2 modes currently supporetd by the datacard.). Is there any case the users are experiencing from the similar problem? and what they have done to solve the issues? And thank you for the workaroung, i have checked the shrew-soft with win7 and it was working fine but not on win8, i will check shrew-soft on win8 very soon. Also we can move to the anyconnect solution but just want to know if this can solve our problem or not? whether there will be any issues with anyconnect solution for win 8 or not? can you please confim.
Thank you -
ASA5520 AnyConnect SSL VPN Connected but unable to ping my inside LAN
Hi there, please forgive if I have missed any forum protocols as this is my first post.
I am trying to configure Anyconnect SSL VPN. I am able to connect to the VPN on a laptop, witch is able to download the anyconnect client from the ASA. I am unable to ping any of my IP's that are on the inside of my ASA. Before posting here I have spent many hours on forums and watching videos on anyconnect SSL VPN creation and I am following it to the T but still no ping. Any help would be very much appreciated.
Inside 192.168.1.254/24
Outside dhcp
VPN Pool 192.168.250.1-50/24
Inside LAN 192.168.1.0/24
: Saved
ASA Version 8.4(4)1
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address dhcp setroute
interface GigabitEthernet0/1
nameif inside
security-level 99
ip address 192.168.1.254 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 99
ip address 192.168.100.1 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name dock.local
same-security-traffic permit inter-interface
object network inside-network-object
subnet 192.168.1.0 255.255.255.0
object network management-network-object
subnet 192.168.100.0 255.255.255.0
object network NETWORK_OBJ_192.168.250.0_25
subnet 192.168.250.0 255.255.255.128
object-group network AllInside-networks
network-object object inside-network-object
network-object object management-network-object
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit icmp any any echo-reply
access-list split_tunnel standard permit 192.168.1.0 255.255.255.0
access-list split_tunnel standard permit 192.168.100.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool vpn_pool 192.168.250.1-192.168.250.100 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic AllInside-networks interface
nat (inside,any) source static any any destination static NETWORK_OBJ_192.168.250.0_25 NETWORK_OBJ_192.168.250.0_25 no-proxy-arp route-lookup
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable 4433
http 192.168.100.0 255.255.255.0 management
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 192.168.100.0 255.255.255.0 management
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-3.1.03103-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_anyconnect internal
group-policy GroupPolicy_anyconnect attributes
wins-server none
dns-server value 8.8.8.8
vpn-tunnel-protocol ssl-client ssl-clientless
split-tunnel-policy tunnelall
split-tunnel-network-list value split_tunnel
default-domain value dock.local
username test password JAasdf434ey521ZCT encrypted privilege 15
tunnel-group anyconnect type remote-access
tunnel-group anyconnect general-attributes
address-pool vpn_pool
default-group-policy GroupPolicy_anyconnect
tunnel-group anyconnect webvpn-attributes
group-alias anyconnect enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:24bcba3c4124ab371297d52260135924
: end :: Saved
ASA Version 8.4(4)1
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address dhcp setroute
interface GigabitEthernet0/1
nameif inside
security-level 99
ip address 192.168.1.254 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 99
ip address 192.168.100.1 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name dock.local
same-security-traffic permit inter-interface
object network inside-network-object
subnet 192.168.1.0 255.255.255.0
object network management-network-object
subnet 192.168.100.0 255.255.255.0
object network NETWORK_OBJ_192.168.250.0_25
subnet 192.168.250.0 255.255.255.0
object-group network AllInside-networks
network-object object inside-network-object
network-object object management-network-object
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit icmp any any echo-reply
access-list split_tunnel standard permit 192.168.1.0 255.255.255.0
access-list split_tunnel standard permit 192.168.100.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool Anyconnect-pool 192.168.250.1-192.168.250.100 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic AllInside-networks interface
nat (inside,outside) source static inside-network-object inside-network-object destination static NETWORK_OBJ_192.168.250.0_25 NETWORK_OBJ_192.168.250.0_25
nat (inside,outside) source static management-network-object management-network-object destination static NETWORK_OBJ_192.168.250.0_25 NETWORK_OBJ_192.168.250.0_25
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.100.2 255.255.255.255 management
http 192.168.100.0 255.255.255.0 management
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 192.168.100.0 255.255.255.0 management
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-3.1.03103-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_Anyconnect_VPN internal
group-policy GroupPolicy_Anyconnect_VPN attributes
wins-server none
dns-server value 8.8.8.8
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelall
split-tunnel-network-list value split_tunnel
default-domain value dock.local
username sander password f/J.5nLef/EqyPfy encrypted
username aveha password JA8X3IiqPvFFsZCT encrypted privilege 15
tunnel-group Anyconnect_VPN type remote-access
tunnel-group Anyconnect_VPN general-attributes
address-pool Anyconnect-pool
default-group-policy GroupPolicy_Anyconnect_VPN
tunnel-group Anyconnect_VPN webvpn-attributes
group-alias Anyconnect_VPN enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4636fa566ffc11b0f7858b760d974dee
: end: -
Having an Issue with an SSL VPN I can't seem to get past. Using Anyconnect software on PC or android phone I am not able to send any traffic thru the tunnel. The Client is able to authenticate beforehand successfully and assigns a private ip via the pool configured as its supposed to but nothing there. I have listed the configuration below along with the debugs. I have omitted any public ip information. The debugs say there is any issue w/ an ACL but everything appears correct. Any help would be most appreciated.
*************Equipment/Software
Cisco 2851 Router Version 15.4(M9) Software
anyconnect-win-3.1.07021-k9.pkg
*************Configuration
ip local pool webvpn1 172.16.100.80 172.16.100.90
ip forward-protocol nd
no ip http server
ip http secure-server
ip access-list extended webvpn-acl
permit tcp 172.16.100.0 0.0.0.255 host 172.16.100.60 eq telnet
permit tcp 172.16.100.0 0.0.0.255 host 172.16.100.70 eq telnet
permit tcp 172.16.100.0 0.0.0.255 host 172.16.100.8 eq telnet
permit tcp 172.16.100.0 0.0.0.255 host 172.16.100.8 eq 22
permit tcp 172.16.100.0 0.0.0.255 host 172.16.100.8 eq www
permit tcp 172.16.100.0 0.0.0.255 host 172.16.100.8 eq 443
webvpn gateway CCIELAB
hostname Porshe_GT3
ip interface GigabitEthernet0/0 port 443
http-redirect port 80
ssl trustpoint my-sslvpn-ca
inservice
webvpn install svc flash:/webvpn/anyconnect-win-3.1.07021-k9.pkg sequence 1
webvpn context CCIELab
title "Networking Lab"
ssl authenticate verify all
login-message "All Sessions are logged and monitored.Please be respectful and if any questions contact [email protected]"
policy group Labrats
functions svc-enabled
banner "Success, You Made It"
filter tunnel webvpn-acl
svc address-pool "webvpn1" netmask 255.255.255.0
svc keep-client-installed
svc rekey method new-tunnel
svc split include 172.16.100.0 255.255.255.0
default-group-policy Labrats
aaa authentication list webvpn
gateway CCIELAB
inservice
*********************Debugs
*May 2 09:12:50.601: [WV-TUNL-PAK]:[4BB44B08] TxServer, Forwarding the pak 4A2D3B94
*May 2 09:12:50.601: [WV-TUNL-PAK]: IP4 Len =60 Src =172.16.100.87 Dst =172.16.100.8 Prot =6
*May 2 09:12:50.601: [WV-TUNL-PAK]:TCP sport=53571, dport=2001, seq=4091902471 ack=0, bits=SYN
*May 2 09:12:50.601: [WV-TUNL-PAK]:[4BB44B08] TxServer, Pak 4A2D3B94 failed ACL webvpn-acl
*May 2 09:13:19.841: [WV-TUNL-EVT]:[4BB44B08] CSTP Control, KeepAlive Detected. Dropped
*May 2 09:19:57.757: [WV-TUNL-EVT]:[4BB44B08] CSTP Control, Recd DPD Req frame (User RemzRR, IP 172.16.100.87)
*May 2 09:19:57.757: [WV-TUNL-EVT]:[4BB44B08] CSTP Control, Sending DPD Res frame (User RemzRR, IP 172.16.100.87)
*May 2 09:25:27.925: [WV-TUNL-EVT]:[4BB44B08] CSTP Control, KeepAlive Detected. Dropped
*May 2 09:25:58.025: [WV-TUNL-EVT]:[4BB44B08] CSTP Control, KeepAlive Detected. Dropped
*May 2 09:26:28.509: [WV-TUNL-EVT]:[4BB44B08] CSTP Control, KeepAlive Detected. Dropped
*May 2 09:27:00.381: [WV-TUNL-EVT]:[4BB44B08] CSTP Control, KeepAlive Detected. Dropped
*********************Verification
Porshe_GT3#show webvpn policy group Labrats context all
WEBVPN: group policy = Labrats ; context = CCIELab
banner = "Success, You Made It"
idle timeout = 2100 sec
session timeout = Disabled
functions =
svc-enabled
citrix disabled
address pool name = "webvpn1"
netmask = 255.255.255.0
tunnel-mode filter = "webvpn-acl"
dpd client timeout = 300 sec
dpd gateway timeout = 300 sec
keepalive interval = 30 sec
SSLVPN Full Tunnel mtu size = 1406 bytes
keep sslvpn client installed = enabled
rekey interval = 3600 sec
rekey method = new-tunnel
lease duration = 43200 sec
split include = 172.16.100.0 255.255.255.0The problem is related to either of these issues:
Maximum Transmission Unit (MTU)/Maximum Segment Size (MSS) size
Fragmentation policy during encryption
Perform a sniffer trace from the client to the server side in order to find out which is the best MTU to use.Continue to reduce the value of 1400 by 20 until there is a reply -
Connection Error with iPod mini to Bose Home Theater System
When connecting my iPod mini to my Bose Home Theater system, it recognizes that iPod has been connected, but after the "Acquiring Signal" process, it gives me an "iPod connection error. Please re-insert iPod into docking station." I tried several times, but the result is the same.
My iPod mini has been updated with the latest software, and I did a system restore to return everything to factory defaults, but still no luck.
Any suggestions.Hi. What you need to do is Launch DVD Player. Go to Preferences. Select Disc Setup tab. In Audio Output under Audio in the second part of the menu, select Digital Out-Built-in-Output. Then click OK. See if this works, 'cause mine does.
-
IPhone 3G 2.1 connection error with iTunes 8 on Windows Vista Enterprise
I was previously able to connect my iphone with my work computer (Windows Vista Enterprise) and it would recognize my phone. However, since I updated my iphone to version 2.1, it will not recognize the phone and gives me the following error message:
"iTunes could not connect to the iphone because an unknown error occured (0xE8000024)."
I am able to connect my phone with version 2.1 to my home computer running Windows XP SP2.
Any idea what may be causing the connection error in Windows Vista?Hey TranceCadet,
This could be caused by a USB connection issue.
Make sure the iPhone is directly connected to a high speed USB port on the PC and not plugged into a hub, monitor, or keyboard. Disconnect any other USB devices, other than the keyboard and mouse.
This article has some general USB troubleshooting tips: http://support.apple.com/kb/TS1286
You may also want to disable or reconfigure any security software. This article will walk you through putting the PC in a selective startup mode, which will bypass most application conflicts.
http://support.apple.com/kb/HT2292
Jason -
After updating to Firefox 33.0.3 why am I getting Untrusted Connection Errors with Yahoo and Amazon?
I have updated to Firefox 33.0.3 and now I am getting untrusted connection errors when trying to go to Yahoo.com and Amazon.com this happens with both http and https. My time is in sync. I tried deleting the cert8.db file.
I have looked at other solutions and they have not worked. These sites were working fine on the previous version for me but now with this new update they are not working. Why hasn't Mozilla fixed this already?Yes I have tried the steps above. For example, When I try to get to Yahoo web site, I get this:
This Connection is Untrusted
You have asked Firefox to connect securely to www.yahoo.com, but we can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
www.yahoo.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)
I do not have the option to do an exception because I can only click on the Technical Details and the Get me Out of Here button.
As I've said in my previous post, I have deleted the cert8.db file, my clock is in sync, and I have tried to do the other solutions but they have not worked. -
ORCHESTRTAOR connection error with AD
I have installed Orchestrator 2012 r2 in a machine and its a member of a domain.
I am not able create a user through orchestrator, its showing following error.
DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.RefreshCache()
at System.DirectoryServices.DirectoryEntry.FillCache(String propertyName)
at System.DirectoryServices.DirectoryEntry.get_NativeGuid()
at System.DirectoryServices.DirectoryEntry.get_Guid()
at Microsoft.Accelerators.ActiveDirectoryCore.Internals.SafeDirectoryEntry.Exists()
at Microsoft.Accelerators.ActiveDirectoryCore.LdapUser.CreateNew(ISafeDirectoryFactory factory, DistinguishedName distinguishedName, String samAccountName)
at Microsoft.Accelerators.ActiveDirectoryCore.LdapDirectory.CreateNewUser(DistinguishedName distinguishedName, String samAccountName)
at Microsoft.SystemCenter.IntegrationPack.ActiveDirectory.Execution.CreateUserExecutor.CreateExecutionObject(ILdapDirectory ldapDirectory)
at Microsoft.SystemCenter.IntegrationPack.ActiveDirectory.Execution.AExecutor.Execute()
at Microsoft.SystemCenter.IntegrationPack.ActiveDirectory.Execution.ActiveDirectoryProgram.ExecuteProxy(ExecutionProxy proxy)
at Microsoft.SystemCenter.IntegrationPack.ActiveDirectory.AActiveDirectoryActivity.Execute(IActivityRequest request, IActivityResponse response)
Could you please help me through this.
Thank YouHi,
Did you receive the error with "Create User" Activity from the Microsoft Active Directory Integration Pack (IP) for System Center 2012 - Orchestrator? Are Activities from this IP like "Get User" working? -> A vaild "Container
Distinguished Name" must be specified, either in the "Create User" Activity or a default in the connection settings of the Active Directory IP.
Perhaps you can share how the Activity and the connection is configured. It will help to help you.
Regards,
Stefan
www.sc-orchestrator.eu ,
Blog sc-orchestrator.eu -
Unable to start SAP due to the connection error with Oracle
Dear All,
We have done distributed installation. CI, Oracle has been installed successfully.
But when we tried to connect the DB from CI. we are getting the error
R3trans -d is giving the return code 00012, when we tried to start system from CI.
Following is the trans.log error
$ more trans.log
4 ETW000 R3trans version 6.09 (release 640 - 26.10.04 - 15:45:42).
4 ETW000 ===============================================
4 ETW000
4 ETW000 date&time : 05.05.2009 - 18:03:30
4 ETW000 control file: <no ctrlfile>
4 ETW000 R3trans was called as follows: R3trans -d
4 ETW000 trace at level 2 opened for a given file pointer
4 ETW000 [dev trc ,00000] Tue May 5 18:03:30 2009 48 0.000048
4 ETW000 [dev trc ,00000] db_con_init called 11 0.000059
4 ETW000 [dev trc ,00000] create_con (con_name=R/3) 40 0.000099
4 ETW000 [dev trc ,00000] Loading DB library '/usr/sap/BSW/SYS/exe/run/dboraslib.o' ...
4 ETW000 37 0.000136
4 ETW000 [dev trc ,00000] load shared library (/usr/sap/BSW/SYS/exe/run/dboraslib.o), hdl 0
4 ETW000 3493 0.003629
4 ETW000 [dev trc ,00000] Library '/usr/sap/BSW/SYS/exe/run/dboraslib.o' loaded
4 ETW000 18 0.003647
4 ETW000 [dev trc ,00000] function DbSlExpFuns loaded from library /usr/sap/BSW/SYS/exe/run/dboraslib.o
4 ETW000 34 0.003681
4 ETW000 [dev trc ,00000] Version of '/usr/sap/BSW/SYS/exe/run/dboraslib.o' is "640.00", patchlevel (0.32)
4 ETW000 120 0.003801
4 ETW000 [dev trc ,00000] function dsql_db_init loaded from library /usr/sap/BSW/SYS/exe/run/dboraslib.o
4 ETW000 20 0.003821
4 ETW000 [dev trc ,00000] function dbdd_exp_funs loaded from library /usr/sap/BSW/SYS/exe/run/dboraslib.o
4 ETW000 42 0.003863
4 ETW000 [dev trc ,00000] New connection 0 created 20 0.003883
4 ETW000 [dev trc ,00000] 0: name = R/3, con_id = -000000001 state = DISCONNECTED, perm = YES, reco = NO , timeout = 00
0, con_max = 255, con_opt = 255, occ = NO
4 ETW000 23 0.003906
4 ETW000 [dev trc ,00000] db_con_connect (con_name=R/3) 25 0.003931
4 ETW000 [dev trc ,00000] find_con_by_name found the following connection for reuse:
4 ETW000 18 0.003949
4 ETW000 [dev trc ,00000] 0: name = R/3, con_id = 000000000 state = DISCONNECTED, perm = YES, reco = NO , timeout = 000
, con_max = 255, con_opt = 255, occ = NO
4 ETW000 20 0.003969
4 ETW000 [dev trc ,00000] Got ORACLE_HOME=/oracle/BSW/920_64 from environment
4 ETW000 300 0.004269
4 ETW000 [dev trc ,00000] -->oci_initialize 20 0.004289
4 ETW000 [dev trc ,00000] Client NLS settings: AMERICAN_AMERICA.WE8DEC 4762 0.009051
4 ETW000 [dev trc ,00000] Logon as OPS$-user to get SAPR3's password 29 0.009080
4 ETW000 [dev trc ,00000] Connecting as /@BSW on connection 0 ... 22 0.009102
4 ETW000 [dev trc ,00000] Allocating service context handle 22 0.009124
4 ETW000 [dev trc ,00000] Allocating server context handle 13 0.009137
4 ETW000 [dev trc ,00000] Attaching to DB Server BSW (con_hdl=0,svchp=110791c98,svrhp=1107942f8)
4 ETW000 67 0.009204
4 ETW000 [dev trc ,00000] Assigning server context 1107942f8 to service context 110791c98
4 ETW000 39616 0.048820
4 ETW000 [dev trc ,00000] Allocating user session handle 29 0.048849
4 ETW000 [dev trc ,00000] Starting user session (con_hdl=0,svchp=110791c98,srvhp=1107942f8,usrhp=11079cd38)
4 ETW000 24 0.048873
4 ETW000 [dboci.c ,00000] *** ERROR => OCI-call 'OCISessionBegin' failed: rc = 1034
4 ETW000 2415 0.051288
4 ETW000 [dev trc ,00000] server_detach(con_hdl=0,stale=1,svrhp=1107942f8)
4 ETW000 28 0.051316
4 ETW000 [dev trc ,00000] Detaching from DB Server (con_hdl=0,svchp=110791c98,srvhp=1107942f8)
4 ETW000 18 0.051334
4 ETW000 [dev trc ,00000] Deallocating server context handle 1107942f8 142 0.051476
4 ETW000 [dbsloci. ,00000] *** ERROR => CONNECT failed with sql error '1034'
4 ETW000 25 0.051501
4 ETW000 [dev trc ,00000] Try to connect with default password 20 0.051521
4 ETW000 [dev trc ,00000] Connecting as SAPR3/<pwd>@BSW on connection 0 ...
4 ETW000 19 0.051540
4 ETW000 [dev trc ,00000] Allocating server context handle 11 0.051551
4 ETW000 [dev trc ,00000] Attaching to DB Server BSW (con_hdl=0,svchp=110791c98,svrhp=1107942f8)
4 ETW000 27 0.051578
4 ETW000 [dev trc ,00000] Assigning server context 1107942f8 to service context 110791c98
4 ETW000 33038 0.084616
4 ETW000 [dev trc ,00000] Assigning username to user session 11079cd38 15 0.084631
4 ETW000 [dev trc ,00000] Assigning password to user session 11079cd38 13 0.084644
4 ETW000 [dev trc ,00000] Starting user session (con_hdl=0,svchp=110791c98,srvhp=1107942f8,usrhp=11079cd38)
4 ETW000 22 0.084666
4 ETW000 [dboci.c ,00000] *** ERROR => OCI-call 'OCISessionBegin' failed: rc = 1034
4 ETW000 1858 0.086524
4 ETW000 [dev trc ,00000] server_detach(con_hdl=0,stale=1,svrhp=1107942f8)
4 ETW000 18 0.086542
4 ETW000 [dev trc ,00000] Detaching from DB Server (con_hdl=0,svchp=110791c98,srvhp=1107942f8)
4 ETW000 19 0.086561
4 ETW000 [dev trc ,00000] Deallocating server context handle 1107942f8 123 0.086684
4 ETW000 [dbsloci. ,00000] *** ERROR => CONNECT failed with sql error '1034'
4 ETW000 24 0.086708
4 ETW000 [dblink ,00419] ***LOG BY2=>sql error 1034 performing CON [dblink#1 @ 419]
4 ETW000 57 0.086765
4 ETW000 [dblink ,00419] ***LOG BY0=>ORA-01034: ORACLE not available 18 0.086783
4 ETW000 ORA-27101: shared memory realm does not exist
4 ETW000 IBM AIX RISC System/6000 Error: 2: No such file or directory [dblink#1 @ 419]
2EETW169 no connect possible: "DBMS = ORACLE --- dbs_ora_tnsname = 'BSW'"
Could you please provide us the relavant solution.hi
> 4 ETW000 [dblink ,00419] ***LOG BY0=>ORA-01034: ORACLE not available 18 0.086783
Check for your ORACLE_HOME and ORACLE_SID
ORA-01034 is thrown during you attempt to upgrade because there is an invalid entry in one of the following files:
/etc/oratab
/var/opt/oracle/oratab
Regards,
Nitin Salunkhe -
My configuration: Windows 7 and i use a proxy
I've receive an error message when i launch adobe digital edition :
Error to obtain licence.connection problem with server licence : E_ADEPT_XML_SYNTAXIs the home instance up and running?
Did you try doing a full server restart
opmnctl stopall
opmnctl startallVerify all the apps are running with this command:
opmnctl status -app -land make sure orabpel is active.
-steve- -
Installation and Connection Error with Desktop Manager and Curve 3G
I just installed Desktop Manager 6.01 and then tried connecting my Curve 3G to the system using the accompanying USB cable.. But there was a connection error.. so i did a bit searching on the net and went to (http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB00125) which gave me a solution to install m\y driver.. But when i try to manually install my driver, it shows an error "THE SERVICE CANNOT BE STARTED, EITHER BECAUSE IT IS DISABLED OR IT HAS NO ENABLED DEVICES ASSOCIATED WITH IT" now the USB is working because my phone is being recognised by the laptop and moreover in the device manager od my Vista, Blackberry is being shown... I cn see in drivers that Drivers have been installed but the drive Information such as Version, date is not available and the driver is unsigned...
Can someone tell me what exactly might the problem?? any reply will be appreciated..I encountered the same issue, Not sure if you'll have the same results, but all i did was enable windows updates, and did an automatic driver update from the web (as in from windows updates) and after a reboot, all was back to normal.
hope that helps,
Maybe you are looking for
-
I'm not that advanced with motherboard technologies, so I'll ask my question in Layman terms. I have a HP Pavilion 761n that comes equip with a MSI board, AMD Athlon, Win XP and 512 DDR SDRAM memory. My first signs of problems began when under normal
-
Hello, I'm running Ubuntu 7.10 on two machines AMD64 and x86 architectures. It appears that I have a 32 bit sun compiler: $ sunCC -V sunCC: Sun C++ 5.9 Linux_i386 Patch 124865-01 2007/07/30 It work fine on Ubuntu 7.10 x86, but there seems to be a lin
-
i sometimes work where there is no 3G and wifi is not allowed is there a way to connect my ipad3 through my laptop please help...
-
Unable to Initialize the Plannig Area
Hello, While initializing the planning area for DP, we are getting the below error. Job started Step 001 started (program /SAPAPO/TS_PAREA_INITIALIZE, variant &0000000000017 ABAP/4 processor: DBIF_DSQL2_SQL_ERROR Job cancelled When checking the consi
-
How to reduce storage for iCloud and lower monthly charges?
How to reduce iCloud storage plan and lower monthly charges?