STUMPED! VPN into ASA5510 not working
Trying to setup remote vpn into a 5510, ran through the wizard, have the preshare and usernames, along with the pool configured. No errors when uploaded, but the Cisco VPN client does not connect at all, Reason 412. I have all crypto debugs running and I got nothing when I try to connect. If I had fat fingered the preshare or the username, I would at least think I would see some debug info when I tried to connect, but I got nothing. I have done this type of setup via the CLI on PIX and have not had problems, but I am not familiar with the new commands, and all I can find are stinking gui examples.
Well, I rebuilt from scratch through CLI, and at least now I have some debug output, but still stumped. Still get the same error with the client.
Jun 06 15:05:37 [IKEv1]: Group = DefaultRAGroup, IP = 10.15.1.121, Removing peer from peer table failed, no match!
Jun 06 15:05:37 [IKEv1]: Group = DefaultRAGroup, IP = 10.15.1.121, Error: Unable to remove PeerTblEntry
Jun 06 15:05:42 [IKEv1]: Group = DefaultRAGroup, IP = 10.15.1.121, Removing peer from peer table failed, no match!
Jun 06 15:05:42 [IKEv1]: Group = DefaultRAGroup, IP = 10.15.1.121, Error: Unable to remove PeerTblEntry
Jun 06 15:05:47 [IKEv1]: Group = DefaultRAGroup, IP = 10.15.1.121, Removing peer from peer table failed, no match!
Jun 06 15:05:47 [IKEv1]: Group = DefaultRAGroup, IP = 10.15.1.121, Error: Unable to remove PeerTblEntry
Jun 06 15:05:52 [IKEv1]: Group = DefaultRAGroup, IP = 10.15.1.121, Removing peer from peer table failed, no match!
Jun 06 15:05:52 [IKEv1]: Group = DefaultRAGroup, IP = 10.15.1.121, Error: Unable to remove PeerTblEntry
Similar Messages
-
I have just upgraded to Lion and now my VPN connection does not work properly. It was working fine when I was using Leopard. The VPN is My Private Network and we use it to link to BBC iPlayer when abroad. It will actually connect to the VPN site and shows a UK IP address, but then when we try to load an iPlayer programme we get the message from the BBC that we are not in the country and, therefore, cannot access the site. Any suggestions?
Have a look at System Preferences, Accessibility, VoiceOver.
(Command - F5).
charlie -
Clientless VPN and Java not working correctly
In a recent discovery we found that the newest version of java will not work with our Cisco SSLVPN setup
We are using an ASA5510 with 8.0.4 IOS version and 6.1.3 ADSM version and most users use an mstsc.exe smart tunnel to rdp into our terminal server farm.
Our laptops are being imaged with Java 6 update 3 (this works fine) then upgraded to Java 6 update 11, after which the smart tunnel appears to launch but a connection cannot be established. Reinstalling the older version of Java resolves the problem.
I was wondering if anyone else has encountered a similar problem and found a workaround. Currently, company equipment is not being upgraded to the latest version of Java but personal equipment is a different story.To get the old downloader back follow the directions below.
# In the [[Location bar autocomplete|Location bar]], type '''about:config''' and press '''Enter'''. The about:config "''This might void your warranty!''" warning page may appear.
# Click '''I'll be careful, I promise!''', to continue to the about:config page.
# Filter '''browser.download.useToolkitIT'''.
# Double click and '''make sure it says true.'''
# You now have the classic downloader back! Yay!
Any issues or confused?
* http://kb.mozillazine.org/About:config -
Zone Base Forewall for VPN connections does not work after IOS upgrade
Hi all,
We use cisco router 2911 as corporate gateway - there is Zone Based Firewall implemented - I upgraded IOS to last version (15.2(2)T1) - originaly version 15.1(4)M1 - to solve issue with Anyconnect connections (bug CSCtx38806) but I found that after upgrade the VPN users are not able to communicate with sources in other zones.
More specific
WebVPN use this virtual template interface
interface Virtual-Template100
description Template for SSLVPN
ip unnumbered GigabitEthernet0/1.100
zone-member security INSIDE
There are other zones VOICE, LAB, ...
In the policy any connection is allowed (used inspection of icmp, tcp and udp) from INSIDE zone to VOICE or LAB zone
After VPN connection I am able to reach resources in INSIDE zone (which is the most important), but not in other zones. Before upgrade it worked.
Once I changed zone in Virtual-Template interface to VOICE, I was able to reach sources in VOICE zone but not in any other. I searched more and found the stateful firewall is not working for connections from VPN as ping is blocked by policy on returning way - it means by policy VOICE->INSIDE, once I allowed communication from "destination" zone to INSIDE zone - the connections started to work, but of cause it is not something I want to setup.
Does anybody has the same experiance?
Regards
PavelIt seems to me I should add one importatant note - if client is connected directly in INSIDE zone, he can reach resources in other zones without any issue - so the problem is only when the client is connected by VPN - not in ZBF policy setup.
Pavel -
RV082 - SRP527W - VPN behind NAT not working
Hello,
I've really strange behaviors with my routers. We managed to get things running but once a week, the VPN link is down.
The connection is not restart, both routers shows "connected" but are not, and we had to click on "disconnect" to get the link back.
That was before an update in our infrastructure. Now, both routers are behind routers, so both NAT.
Now, the connection works for some time, but once a week, the link disconnected but i'm unable to get it back ! NOTHING works.
Last time, i spent 2Hours to configure the link again, setting the same parameters almost 10 time, and suddenly by magic, the 11st time it worked again. I read many people have troubles with RVXXX firmware so i don't know what to think.
Anyway, my BIG concern now, is that the link is down again, and it has been 6hours since we can't got it back. I restarted the routers many times, i've made some changes in the configuration, but if it worked, why should i modify it ?????? Why is it not working anymore ?
The log for the RV082 is almost empty about the link. Here's a snippet :
Feb 10 19:01:52 2014
VPN Log
(g2gips0) #8: initiating Main Mode
Feb 10 19:01:52 2014
VPN Log
(g2gips0) #8: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
Feb 10 19:01:52 2014
VPN Log
(g2gips0) #8: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
Feb 10 19:01:52 2014
System Log
gateway_to_gateway.htm is changed.
Feb 10 19:09:08 2014
VPN Log
(g2gips0): deleting connection
Feb 10 19:09:08 2014
VPN Log
(g2gips0) #8: deleting state (STATE_MAIN_I1)
Feb 10 19:09:08 2014
VPN Log
added connection description (g2gips0)
Feb 10 19:09:08 2014
VPN Log
listening for IKE messages
Feb 10 19:09:08 2014
VPN Log
forgetting secrets
Feb 10 19:09:08 2014
VPN Log
loading secrets from '/etc/ipsec.d/ipsec.secrets'
Feb 10 19:09:09 2014
System Log
gateway_to_gateway.htm is changed.
The log for the SRP527W is full of this :
Dump pluto log message in syslog : cat /var/log/messages |grep plutoJan 1 02:29:39 TLSR0254 authpriv.warn pluto[1156]: "G2" #187: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1Jan 1 02:29:39 TLSR0254 authpriv.warn pluto[1156]: "G2" #187: STATE_MAIN_R1: sent MR1, expecting MI2Jan 1 02:30:09 TLSR0254 authpriv.warn pluto[1156]: "G2" #186: max number of retransmissions (2) reached STATE_MAIN_R1Jan 1 02:30:19 TLSR0254 authpriv.warn pluto[1156]: packet from 37.1.XXX.XXX:500: received Vendor ID payload [RFC 3947] method set to=109 Jan 1 02:30:19 TLSR0254 authpriv.warn pluto[1156]: packet from 37.1.XXX.XXX:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109Jan 1 02:30:19 TLSR0254 authpriv.warn pluto[1156]: packet from 37.1.XXX.XXX:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109Jan 1 02:30:19 TLSR0254 authpriv.warn pluto[1156]: packet from 37.1.XXX.XXX:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]Jan 1 02:30:19 TLSR0254 authpriv.warn pluto[1156]: "G2" #188: responding to Main ModeJan 1 02:30:19 TLSR0254 authpriv.warn pluto[1156]: "G2" #188: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1Jan 1 02:30:19 TLSR0254 authpriv.warn pluto[1156]: "G2" #188: STATE_MAIN_R1: sent MR1, expecting MI2Jan 1 02:30:25 TLSR0254 authpriv.warn pluto[1156]: pending Quick Mode with 37.1.XXX.XXX "G2" took too long -- replacing phase 1Jan 1 02:30:25 TLSR0254 authpriv.warn pluto[1156]: "G2" #189: initiating Main Mode to replace #185Jan 1 02:30:49 TLSR0254 authpriv.warn pluto[1156]: "G2" #187: max number of retransmissions (2) reached STATE_MAIN_R1Jan 1 02:30:59 TLSR0254 authpriv.warn pluto[1156]: packet from 37.1.XXX.XXX:500: received Vendor ID payload [RFC 3947] method set to=109 Jan 1 02:30:59 TLSR0254 authpriv.warn pluto[1156]: packet from 37.1.XXX.XXX:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109Jan 1 02:30:59 TLSR0254 authpriv.warn pluto[1156]: packet from 37.1.XXX.XXX:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109Jan 1 02:30:59 TLSR0254 authpriv.warn pluto[1156]: packet from 37.1.XXX.XXX:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]Jan 1 02:30:59 TLSR0254 authpriv.warn pluto[1156]: "G2" #190: responding to Main Mode
Please help me to get things sorted. I just don't understand why nothing is written in the log about the SRP trying to make a connection. I also don't understand why suddenly the link is broken, and without changing anything, it can't get it back normally !!
Best RegardsHi again,
Samir, i rebooted all the routers dozens of time when that happened, and it doesn't changed anything. Anyway, i called the Cisco Hotline. They could connect by VPN to RV082, but not the SRP, they didn't know why. Hardware or software failure.
Anyway, i bought another router.
Now i would like to use the SRP527W as a WIFI hotspot only. It doesn't work.
My settings are :
- Router defined as BRIDGE only (using Port lan 4 as Ethernet WAN)
- WAN Interface is assigned 192.168.0.246 / 24
- Gateway for the WAN interface is 192.168.0.254
- Ethernet cable is plugged from LAN4/WAN to my new Modem/Router on LAN3.
- Port LAN2 of SRP527W is defined with VLAN IP Address 192.168.15.254.
When connected to the SRP527W on LAN2, from my computer (192.168.15.200), i can't ping 192.168.0.246 neither 0.254 (gateway is set to 15.254)
Still, when connected to the SRP527W and with the Ping Dagnosis interface, pinging "192.168.0.254" shows "timed out".
I tried almost every configuration, none worked.
Please note that when connected from my computer directly to my new modem/router on port LAN3, with IP Address 192.168.0.200, i can access internet and ping everything. When set as DHCP too, i can grab an IP Address from my DHCP Windows Server.
So, why is the SRP527W unable to work in this configuration ? it seems nothing pass through WAN port.
If i'm right, there is only the WAN port that should be plugged to my modem router. With this settings, SSID should go directly to Internet, and for the other SSID, my LAN (through the modem/router). However, it doesn't work.
Could you help me please ? Thank you -
Move jsp code into servlet, not work!!
Hi:
I am new in servlet and java, I can use jdom to read xml file
into a jsp file, but whan I move jsp code into servlet, they are not work
have any ideals?
Thank!Hi:
my.jsp
<%@ page contentType="text/html"%>
<%@ page import="java.io.File,
java.util.*,
org.jdom.*,
org.jdom.input.SAXBuilder,
org.jdom.output.*" %>
<%
String Records = "c:/XMl/Quotes.xml";
SAXBuilder builder = new SAXBuilder("org.apache.xerces.parsers.SAXParser");
Document l_doc = builder.build(new File(Records));
my servlet
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import org.jdom.*;
import org.jdom.input.*;
import org.jdom.input.SAXBuilder;
import org.jdom.output.*;
public class XmlJdom extends HttpServlet
String Records = "c:/xml/Quotes.xml";
SAXBuilder builder = null;
Element Author = null;
Element Text = null;
Element Date = null;
* Initializes the servlet.
public void init(ServletConfig config) throws ServletException
super.init(config); //pass ServletConfig to parent
try
// JDOM can build JDOM trees from a variety of input sources. One
// of those input sources is a SAX parser.
SAXBuilder builder = new SAXBuilder("org.apache.xerces.parsers.SAXParser");
catch ( org.jdom.JDOMEXception e)
public void doGet(
HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
PrintWriter out = null;
out = response.getWriter();
try{
Document l_doc = builder.build(new File(Records));
Element root = l_doc.getRootElement();
//get a list of all recode in my XML document
String l_pages = root.getChild("quote");
String Iterator e = l_pages.iterator();
while ( e.hasNext())
Element l_quote= (Element) e.next();
Element l_Author = l_quote.getChild("Date").getChild("Text");
XMLOutputter l_format = new XMLOutputter();
String ls_result = l_format.outputString(l_doc);
out.println(ls_result);
catch( org.jdom.JDOMException e )
finally
if( out != null)
out.close();
Please tell me, what is wrong!!!
Element root = l_doc.getRootElement();
/* get a list of all the links in our XML document */
List l_pages = root.getChildren("quote");
Iterator Myloop = l_pages.iterator();
while ( Myloop.hasNext())
Element l_quote= (Element) Myloop.next();
Element l_Author = l_quote.getChild("Date").getChild("Text");
XMLOutputter l_format = new XMLOutputter();
String ls_result = l_format.outputString(l_doc);
ls_result = l_format.outputString(l_doc);
%>
<html><head><title></title></head>
<body>
<pre>
<%=ls_result%>
</pre>
</body>
</html> -
Loading external swf into Fla. not working
I have created a Flash page that loads an external swf into
it when you click a button. The swf loads but the actionscript
assigned to the swf which scrolls images across does not work. When
i open the swf in a browser window with the direct link to it the
scroll works but inside the fla file the swf loads but the scroll
buttons are not working at all. Would this be something in the
actionscripting in the swf or fla file. Any advice would be greatly
appreciated, thank you.var imageRequest:URLRequest = new URLRequest("my_gallery.swf");
var imageLoader:Loader = new Loader();
imageLoader.load(imageRequest);
addChild(imageLoader);
is as3 code. that won't work in your as2 project.
here's the equivalent in as2:
this.createEmptyMovieClip("targetMC",this.getNextHighestDepth());
targetMC.loadMovie("my_gallery.swf"); -
CRIO: Unflatten from string into lvclass not working in deployment
Hello,
I am working on a problem for some hours now and I need some help.
I am using a cRIO-9022. I need to do some tasks, and I created a couple of classes which contain the parameters and the methods. They contain using dynamic dispatch VIs. I have an array of these classes (all derived from a parent class) which is my "configuration". I am using "flatten to string" and saving those file on disk. "Unflatten from string" is working fine. These file is created on a LV WIndows Application.
I need to use this file on my cRIO: Unflatten from string, and then work with the array of my classes. When running the cRIO Main VI it's working fine. But when building the application and deploying it as startup, it's not working. I am getting:
Error 1403 occurred at Unflatten From String in Gantry CommEngine.vi->RT Main.vi
Possible reason(s):
LabVIEW: Attempted to read flattened data of a LabVIEW class. The data is corrupt. LabVIEW could not interpret the data as any valid flattened LabVIEW class.
What I tried so far:
- Added the whole lvlib containing the classes and also every single class to "Source files / always included".
- Created constants of the array (containing the classes) to the VI (forcing LV to include the classes?)
- Loaded the file from cRIOs flash and also by shared variable
What else can I do?
Thanks a lot for support!I tried to reproduce the matter, but couldn't.
I attached my example to the post.
What it does:
It creates a class with only a string a bool and a number. This class oblect is saved to C:/somename.xml. The number is a random number.
In the second case the same file is read and the number broadcasted to a variable.
It worked quite fine building it as a startupexe.
Nothing else was necessary. Does it work for you?
Attachments:
class exe.zip 45 KB -
VPN Split-Tunneling not working
Hello,
First off - thanks to all who post here. I often browse the forums and search for help on here and its very useful, so a great pat on the back for everyone who contributes. My first time posting so here goes.....
I have my ASA 5505 v8.2 configured to allow AnyConnect. This is working. Client can connect and access the remote systems through VPN. What is causing me a massive headache is that the client loses internet connectivity. I have played around with my config somewhat so what I am about to post I know for certain is incorrect but any help is greatly appreciated.
Notes
1. The Router was set up for a standard site-to-site VPN which is no longer functional but as you can see all the settings are still in the router.
2. The router also has a DMZ setup to allow some clients access to the internet through it using the DMZ
CONFIGURATION:
ASA Version 8.2(5)
hostname MYHOST
enable password mUUvr2NINofYuSh2 encrypted
passwd UNDrnIuGV0tAPtz2 encrypted
names
name x.x.x.x AIME-SD
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
switchport access vlan 7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.101.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address x.x.x.x 255.255.0.0
interface Vlan7
no forward interface Vlan1
nameif DMZ
security-level 20
ip address 137.57.183.1 255.255.255.0
ftp mode passive
clock timezone MST -7
object-group network obj_any_dmz
access-list 10 extended permit ip 192.168.25.0 255.255.255.0 192.168.6.0 255.255 .255.0
access-list no_nat extended permit ip host x.x.x.x 192.168.25.0 255.255.25 5.0
access-list split-tunneling standard permit 192.168.101.0 255.255.255.0
access-list nonat extended permit ip 192.168.101.0 255.255.255.0 any
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu DMZ 1500
ip local pool Internal_Range 192.168.101.125-192.168.101.130 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list no_nat
nat (inside) 1 access-list nonat
nat (DMZ) 10 137.57.183.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route inside 192.168.8.0 255.255.255.0 192.168.101.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable 64000
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set batus esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map batus 100 match address 10
crypto map batus 100 set peer AIME-SD
crypto map batus 100 set transform-set batus
crypto map batus interface outside
crypto ca trustpoint ASDM_TrustPoint1
enrollment self
subject-name CN=MYHOST
keypair ClientX_cert
crl configure
crypto ca certificate chain ASDM_TrustPoint1
certificate 0f817951
308201e7 30820150 a0030201 0202040f 81795130 0d06092a 864886f7 0d010105
05003038 31173015 06035504 03130e41 494d452d 56504e2d 42415455 53311d30
1b06092a 864886f7 0d010902 160e4149 4d452d56 504e2d42 41545553 301e170d
31333036 32373137 32393335 5a170d32 33303632 35313732 3933355a 30383117
30150603 55040313 0e41494d 452d5650 4e2d4241 54555331 1d301b06 092a8648
86f70d01 0902160e 41494d45 2d56504e 2d424154 55533081 9f300d06 092a8648
86f70d01 01010500 03818d00 30818902 818100c9 ff840bf4 cfb8d394 2c940430
1887f25a 49038aa0 1299cf10 bda2a436 227dcdbf f1c5566b c35c2f19 8b3514d3
4e24f5b1 c8840e8c 60e2b39d bdc0082f 08cce525 97ffefba d42bb087 81b9adb9
db0a8b2f b643e651 d17cd6f8 f67297f2 d785ef46 c3acbb39 615e1ef1 23db072c
783fe112 acd6dc80 dc38e94b 6e56fe94 d59d5d02 03010001 300d0609 2a864886
f70d0101 05050003 8181007e 29e90ea0 e337976e 9006bc02 402fd58a a1d30fe8
b2c1ab49 a1828ee0 488d1d2f 1dc5d150 3ed85f09 54f099b2 064cd622 dc3d3821
fca46c69 62231fd2 6e396cd1 7ef586f9 f41205af c2199174 3c5ee887 42b684c9
7f4d2045 4742adb5 d70c3805 4ad13191 8d802bbc b2bcd8c7 8eec111b 761d89f3
63ebd49d 30dd06f4 e0fa25
quit
crypto isakmp enable outside
crypto isakmp policy 40
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 DMZ
ssh timeout 10
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
ssl trust-point ASDM_TrustPoint1 outside
webvpn
enable outside
svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
svc enable
group-policy ClientX_access internal
group-policy ClientX_access attributes
vpn-tunnel-protocol svc
split-tunnel-network-list value split-tunneling
default-domain value access.local
address-pools value Internal_Range
ipv6-address-pools none
webvpn
svc mtu 1406
svc rekey time none
svc rekey method ssl
username ClientX password ykAxQ227nzontdIh encrypted privilege 15
username ClientX attributes
vpn-group-policy ClientX_access
service-type admin
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
pre-shared-key *****
tunnel-group ClientX type remote-access
tunnel-group ClientX general-attributes
address-pool Internal_Range
default-group-policy ClientX_access
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
default-group-policy ClientX_access
tunnel-group ClientX_access type remote-access
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:e7d92a387d1c5f07e14b3c894d159ec1
: end
Thank you for any help!!Karsten!
That fixed my internet access problem. Yippee!
Unfortunately it seems to have broken my access to the internal network. Boo!
I can no longer access/ping anything on the internal IP range (192.168.101.x).
I assume this is a nat issue somewhere along the line. Posting the top half of my config for any assistance and the info requested by Raj (although VPN is connecting fine). Thank you both for your very prompt replies!!!
Short Config
object-group network obj_any_dmz
access-list 10 extended permit ip 192.168.25.0 255.255.255.0 192.168.6.0 255.255.255.0
access-list no_nat extended permit ip host x.x.x.x 192.168.25.0 255.255.255.0
access-list split-tunneling standard permit 192.168.101.0 255.255.255.0
access-list nonat extended permit ip 192.168.101.0 255.255.255.0 any
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu DMZ 1500
ip local pool Internal_Range 192.168.101.125-192.168.101.130 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list no_nat
nat (inside) 1 access-list nonat
nat (DMZ) 10 137.57.183.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 207.229.2.129 1
route inside 192.168.8.0 255.255.255.0 192.168.101.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
Show vpn-sessiondb svc
Session Type: SVC
Username : ClientX Index : 9
Assigned IP : 192.168.101.125 Public IP : x.x.x.x
Protocol : Clientless SSL-Tunnel DTLS-Tunnel
License : SSL VPN
Encryption : RC4 AES128 Hashing : MD5 SHA1
Bytes Tx : 11662 Bytes Rx : 62930
Group Policy : ClientX_access Tunnel Group : DefaultWEBVPNGroup
Login Time : 22:40:56 MST Mon Jul 1 2013
Duration : 0h:11m:08s
Inactivity : 0h:00m:00s
NAC Result : Unknown
VLAN Mapping : N/A VLAN : none -
Anyconnect VPN Certificate-matching not working
Cisco Adaptive Security Appliance Software Version 9.1(4); Device Manager Version 7.1(5)100; anyconnect-win-3.1.05152-k9.pkg
Hello, I am trying to implement Certificate Matching for certain client profiles. However 'certificate matching' does not seem to work- another certificate is always selected instead for Anyconnect SSL VPN authentication.
For example the client has two client-certificates installed: masin2 and masin3. I have configured the client-profile certificate-matching to use masin2 for authentication, but Anyconnect still chooses masin3 instead.
The client-profile looks like this:
<CertificateMatch>
<KeyUsage>
<MatchKey>Key_Encipherment</MatchKey>
<MatchKey>Digital_Signature</MatchKey>
</KeyUsage>
<ExtendedKeyUsage>
<ExtendedMatchKey>ClientAuth</ExtendedMatchKey>
</ExtendedKeyUsage>
<DistinguishedName>
<DistinguishedNameDefinition Operator="Equal" Wildcard="Disabled" MatchCase="Disabled">
<Name>CN</Name>
<Pattern>masin2</Pattern>
</DistinguishedNameDefinition>
</DistinguishedName>
</CertificateMatch>
Any suggestions/ideas? thanks for any input,
heiki.enabling wildcard did not help. also tried disabling/enabling automatic certificate selection- no luck.
I have also tried with and without different keyusage and extendedkeyusage- no difference.
The Client Profile is correctly updated on the client PC every time a change in made, but it seems like Anyconnect is not evaluating the Certificate Matching fields at all. And it seems like the problem is only with the CertificateMatch fields, because other fields are used as configured (for example: certificatestore, retainvpnonlogoff, usestartbeforelogon and so on).
I even upgraded Anyconnect to the latest version 3.1.05160 and still- anyconnect completely ignores certificatematch configuration in client-profile. -
Select Into code not working in Trigger
Hello there,
I was hoping somebody could give me the solution to this problem ,
I have a scenarior in which I was trying to insert into table B if an insert occurs on Table A by the use of a trigger on table A .
Here is the code:
BEGIN
IF INSERTING THEN
select MAX(Val1),MAX(Val2)
INTO localVar_1 ,localVar_2
from tableC,tableD
where <<some join condition>>
INSERT INTO TABLEB(col1 ,
col2,
col3,
col4,
col5,
col6,
col7,
col8,
col9)
VALUES(:new.someValue1,
:new.someValue2,
:new.someValue3,
localVar_1,
localVar_2,
:new.someValue4,
:new.someValue5,
:new.someValue6,
:new.someValue7);
END IF;
The Error I get is ORA-01400 "Cannot Insert Null Into" "Schema"."Table"."Column" . I suspect my localVar_1 to be nulled out ,which brings into question the SELECT INTO prior to this which is supposed to assign a value to these variables , If I do just a SELECT that seems to work but SELECT INTO seems to be having problems . Any suggestions?Check the NOT NULL constraint in TABLEB, and if you find any columns having it, try to insert a fixed value and see it it works.
thanks -
Count into variable not working in procedure
I'm writing a simple procedure in a package. Based on Record count I'm inserting record into other table.
count(fielname) alwways returns zero. But the same SQL statement works fine when I just execute sql statement out side of procedure in SQL window.
supplierid, userid fields are varchar(20)
L_CNTSUPP NUMBER;
SELECT count(SUPPLIERID)
INTO L_CNTSUPP
FROM TBLSEQUENCE TS, TBLUSER TU
WHERE ltrim(rtrim(TS.SUPPLIERID)) = ltrim(rtrim(TU.INFO_1))
AND ltrim(rtrim(TU.USERID)) = ltrim(rtrim(L_USERID));
DBMS_OUTPUT.put_line(L_CNTSUPP);
Please advice.Hello,
Try this:
SELECT count(*)
INTO L_CNTSUPP
FROM TBLSEQUENCE TS, TBLUSER TU
WHERE ltrim(TS.SUPPLIERID) = ltrim(TU.INFO_1)
AND ltrim(TU.USERID) = ltrim(L_USERID);
DBMS_OUTPUT.put_line(L_CNTSUPP);A few points: you do not need an RTRIM when using VARCHAR since it's automatically RTRIMmed, but you should be using VARCHAR2 in Oracle - VARCHAR is for Oracle's own internal use and may change without notice. You only need LTRIM if you've spaces to the left of the data. -
"Automatically Write Changes Into XMP" Not Working for DNG Files
Hello,
I am needing to update DNG/JPG file pairs with keywords that I add in lightroom. The following is the problem that I am encountering.
When the image consists of only a JPEG file (ie. I had my DSLR only snap a jpeg and not an associated DNG), and I add one or more keywords to the file in Lightroom, these are written / saved immediately in Lightroom and are visible immediately in the 'tags' column for that image in windows explorer. Very useful and important functionality for my workflow.
However, when the image consists of both a JPEG and a sister DNG (i.e.,snapped simultaneously by my DSLR), and I try to add keywords to these (treated at this point as a single image by lightroom) then Lightroom does not record the keywords into either of the two files and consequently no tags are visible in windows explorer. I have confirmed this apparent problem with a seperate image metadata utility software, and am hoping that it's just something simple that I am missing.
Also "Automatically Write Changes Into XMP" is selected and I have also tried manually both: "right click," "metadata," "write metadata to file;" and "right click" "update DNG preview and metadata" and the problem persists.
Hopefully someone has encountered something similar and can point me in the right direction.
Thanks in advance.@Eric: hitting cntrl+s works but can be tedeous on large galleries. I've been doing this but it can be a pain.
@Jeannine: different topic than this thread but to answer anyways... Lightroom automatically saves all changes into your catalogue. You never need to dave your changes (here's the kicker though) as long as you do not move the original file. If you
move the file than lightroom won't know that it's the same image as the one you've edited. Once you are done editing your image you will need to "export" the image to a new file (you don't wan to overwrite the original). If you don't export than only lightroom will have your edits. Lightroom is "non-destructive" Which means that it doesn't touch your original photo. Lightroom keeps a text file containing the instructions on what you did to make the edited version. Since your changes are just text inatryxtions you have to "export" the image to get your final image in a version you can put online, print, etc. But to answer your original question, I think you prob moves the original image. If not, could you give us more info? -
Merge Data Files into Spreadsheet not working
HELP! I created the form files in Adobe Acrobat Pro XI, saved as Reader Extended PDF, have a submit button that emails me, and I download them to a folder on my desktop. When I try to "Merge Data Files into Spreadsheet" all I get back is the file name. I've tried with 10 files and only one file and it STILL won't work so it is not that the fields don't line up.
What do I do now?It's hard to say without looking at one of the files. If you can't post one somewhere, I'd be happy to take a look if you're free to email me: acroscript at gmail dot com
-
Typing web address into browser not working
I type into browser box the web address I want to go to and then press enter. Firefox browser does not go to the web address, it does not respond. I type www.wsj.com and then press "enter" on keyboard or cursor link on the arrow and Firefox browser does not go to that web address. It remains motionless. I have to type the web address into a search engine box in order to get to the web address I want to go to.
Try the Firefox SafeMode to see how it works there. <br />
''A troubleshooting mode, which disables most Add-ons.'' <br />
''(If you're not using it, switch to the Default Theme.)''
* You can open the Firefox 4.0+ SafeMode by holding the '''Shft''' key when you use the Firefox desktop or Start menu shortcut.
* Or use the Help menu item, click on '''Restart with Add-ons Disabled...''' while Firefox is running. <br />
''Don't select anything right now, just use "Continue in SafeMode."''
''To exit the Firefox Safe Mode, just close Firefox and wait a few seconds before using the Firefox shortcut (without the Shft key) to open it again.''
'''''If it is good in the Firefox SafeMode''''', your problem is probably caused by an extension, and you need to figure out which one. <br />
http://support.mozilla.com/en-US/kb/troubleshooting+extensions+and+themes
''When you figure out what is causing that, please let us know. It might help other user's who have that problem.''
Maybe you are looking for
-
Any iPhone 6 user(s) suffered a panic crash and reboot?
This phone keeps springboard crash almost once a day, but I hits panic cause the iPhone reboot in these two days, my phone is running iOS 8.0 which is SANDISK TLC NAND, it's a 128 GB version, Does anyone have same problems? Hardware Model: iPhon
-
When I open iTunes I keep getting the same speech from the general meeting. How do I delete
When I open iTunes I keep getting the speech of the last general session of new Apple products. The talking is always in the background of any new music I try to play. How do I stopped the speech from always playing in iTunes?
-
How do i set up my ipod nano on a new computer?
I had my Ipod nano set up on a previous computer. I had downloaded songs, built playlists, etc. The computer crashed. I have a new computer. When I connect my Ipod and go to Itunes...where can I see my Ipod to acces it and download/sync more music?
-
My Mac Only turn's on to the Blue start up screen... Help?
My computer was thinking so I re-started it and now Its been over 2 days and when I turn it on, It sits on the blue screen and just has the thinking symbol going. The picture changes from the apple, to a folder with a question mark in it or a error c
-
Hi, I was wondering if anyone of you had to report on balance values for the GRE_RUN and GRE_YTD dimensions. So far, the only packages that I've found take a parameter for the assignment_action_id, which doesn't make sense to me given that the dimens