STUMPED! VPN into ASA5510 not working

Similar Messages

• I have just upgraded to Lion and I now find that my VPN network does not work properly.  It worked fine with Leopard.

  I have just upgraded to Lion and now my VPN connection does not work properly.  It was working fine when I was using Leopard.  The VPN is My Private Network and we use it to link to BBC iPlayer when abroad.  It will actually connect to the VPN site and shows a UK IP address, but then when we try to load an iPlayer programme we get the message from the BBC that we are not in the country and, therefore, cannot access the site.  Any suggestions?

  Have a look at System Preferences, Accessibility, VoiceOver.
  (Command - F5).
  charlie

• Clientless VPN and Java not working correctly

  In a recent discovery we found that the newest version of java will not work with our Cisco SSLVPN setup
  We are using an ASA5510 with 8.0.4 IOS version and 6.1.3 ADSM version and most users use an mstsc.exe smart tunnel to rdp into our terminal server farm.
  Our laptops are being imaged with Java 6 update 3 (this works fine) then upgraded to Java 6 update 11, after which the smart tunnel appears to launch but a connection cannot be established. Reinstalling the older version of Java resolves the problem.
  I was wondering if anyone else has encountered a similar problem and found a workaround. Currently, company equipment is not being upgraded to the latest version of Java but personal equipment is a different story.

  To get the old downloader back follow the directions below.
  # In the [[Location bar autocomplete|Location bar]], type '''about:config''' and press '''Enter'''. The about:config "''This might void your warranty!''" warning page may appear.
  # Click '''I'll be careful, I promise!''', to continue to the about:config page.
  # Filter '''browser.download.useToolkitIT'''.
  # Double click and '''make sure it says true.'''
  # You now have the classic downloader back! Yay!
  Any issues or confused?
  * http://kb.mozillazine.org/About:config

• Zone Base Forewall for VPN connections does not work after IOS upgrade

  Hi all,
  We use cisco router 2911 as corporate gateway - there is Zone Based Firewall implemented - I upgraded IOS to last version (15.2(2)T1) - originaly version 15.1(4)M1 - to solve issue with Anyconnect connections (bug CSCtx38806) but I found that after upgrade the VPN users are not able to communicate with sources in other zones.
  More specific
  WebVPN use this virtual template interface
  interface Virtual-Template100
  description Template for SSLVPN
  ip unnumbered GigabitEthernet0/1.100
  zone-member security INSIDE
  There are other zones VOICE, LAB, ...
  In the policy any connection is allowed (used inspection of icmp, tcp and udp) from INSIDE zone to VOICE or LAB zone
  After VPN connection I am able to reach resources in INSIDE zone (which is the most important), but not in other zones. Before upgrade it worked.
  Once I changed zone in Virtual-Template interface to VOICE, I was able to reach sources in VOICE zone but not in any other. I searched more and found the stateful firewall is not working for connections from VPN as ping is blocked by policy on returning way - it means by policy VOICE->INSIDE, once I allowed communication from "destination" zone to INSIDE zone - the connections started to work, but of cause it is not something I want to setup.
  Does anybody has the same experiance?
  Regards
  Pavel

  It seems to me I should add one importatant note - if client is connected directly in INSIDE zone, he can reach resources in other zones without any issue - so the problem is only when the client is connected by VPN - not in ZBF policy setup.
  Pavel

• RV082 - SRP527W - VPN behind NAT not working

  Hello,
  I've really strange behaviors with my routers. We managed to get things running but once a week, the VPN link is down.
  The connection is not restart, both routers shows "connected" but are not, and we had to click on "disconnect" to get the link back.
  That was before an update in our infrastructure. Now, both routers are behind routers, so both NAT.
  Now, the connection works for some time, but once a week, the link disconnected but i'm unable to get it back ! NOTHING works.
  Last time, i spent 2Hours to configure the link again, setting the same parameters almost 10 time, and suddenly by magic, the 11st time it worked again. I read many people have troubles with RVXXX firmware so i don't know what to think.
  Anyway, my BIG concern now, is that the link is down again, and it has been 6hours since we can't got it back. I restarted the routers many times, i've made some changes in the configuration, but if it worked, why should i modify it ?????? Why is it not working anymore ?
  The log for the RV082 is almost empty about the link. Here's a snippet :
  Feb 10 19:01:52 2014
  VPN Log
  (g2gips0) #8: initiating Main Mode
  Feb 10 19:01:52 2014
  VPN Log
  (g2gips0) #8: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
  Feb 10 19:01:52 2014
  VPN Log
  (g2gips0) #8: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
  Feb 10 19:01:52 2014
  System Log
  gateway_to_gateway.htm is changed.
  Feb 10 19:09:08 2014
  VPN Log
  (g2gips0): deleting connection
  Feb 10 19:09:08 2014
  VPN Log
  (g2gips0) #8: deleting state (STATE_MAIN_I1)
  Feb 10 19:09:08 2014
  VPN Log
  added connection description (g2gips0)
  Feb 10 19:09:08 2014
  VPN Log
  listening for IKE messages
  Feb 10 19:09:08 2014
  VPN Log
  forgetting secrets
  Feb 10 19:09:08 2014
  VPN Log
  loading secrets from '/etc/ipsec.d/ipsec.secrets'
  Feb 10 19:09:09 2014
  System Log
  gateway_to_gateway.htm is changed.
  The log for the SRP527W is full of this :
  Dump pluto log message in syslog  : cat /var/log/messages |grep plutoJan  1 02:29:39 TLSR0254 authpriv.warn pluto[1156]: "G2" #187: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1Jan  1 02:29:39 TLSR0254 authpriv.warn pluto[1156]: "G2" #187: STATE_MAIN_R1: sent MR1, expecting MI2Jan  1 02:30:09 TLSR0254 authpriv.warn pluto[1156]: "G2" #186: max number of retransmissions (2) reached STATE_MAIN_R1Jan  1 02:30:19 TLSR0254 authpriv.warn pluto[1156]: packet from 37.1.XXX.XXX:500: received Vendor ID payload [RFC 3947] method set to=109 Jan  1 02:30:19 TLSR0254 authpriv.warn pluto[1156]: packet from 37.1.XXX.XXX:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109Jan  1 02:30:19 TLSR0254 authpriv.warn pluto[1156]: packet from 37.1.XXX.XXX:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109Jan  1 02:30:19 TLSR0254 authpriv.warn pluto[1156]: packet from 37.1.XXX.XXX:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]Jan  1 02:30:19 TLSR0254 authpriv.warn pluto[1156]: "G2" #188: responding to Main ModeJan  1 02:30:19 TLSR0254 authpriv.warn pluto[1156]: "G2" #188: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1Jan  1 02:30:19 TLSR0254 authpriv.warn pluto[1156]: "G2" #188: STATE_MAIN_R1: sent MR1, expecting MI2Jan  1 02:30:25 TLSR0254 authpriv.warn pluto[1156]: pending Quick Mode with 37.1.XXX.XXX "G2" took too long -- replacing phase 1Jan  1 02:30:25 TLSR0254 authpriv.warn pluto[1156]: "G2" #189: initiating Main Mode to replace #185Jan  1 02:30:49 TLSR0254 authpriv.warn pluto[1156]: "G2" #187: max number of retransmissions (2) reached STATE_MAIN_R1Jan  1 02:30:59 TLSR0254 authpriv.warn pluto[1156]: packet from 37.1.XXX.XXX:500: received Vendor ID payload [RFC 3947] method set to=109 Jan  1 02:30:59 TLSR0254 authpriv.warn pluto[1156]: packet from 37.1.XXX.XXX:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109Jan  1 02:30:59 TLSR0254 authpriv.warn pluto[1156]: packet from 37.1.XXX.XXX:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109Jan  1 02:30:59 TLSR0254 authpriv.warn pluto[1156]: packet from 37.1.XXX.XXX:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]Jan  1 02:30:59 TLSR0254 authpriv.warn pluto[1156]: "G2" #190: responding to Main Mode
  Please help me to get things sorted. I just don't understand why nothing is written in the log about the SRP trying to make a connection. I also don't understand why suddenly the link is broken, and without changing anything, it can't get it back normally !!
  Best Regards

  Hi again,
  Samir, i rebooted all the routers dozens of time when that happened, and it doesn't changed anything. Anyway, i called the Cisco Hotline. They could connect by VPN to RV082, but not the SRP, they didn't know why. Hardware or software failure.
  Anyway, i bought another router.
  Now i would like to use the SRP527W as a WIFI hotspot only. It doesn't work.
  My settings are :
  - Router defined as BRIDGE only (using Port lan 4 as Ethernet WAN)
  - WAN Interface is assigned 192.168.0.246 / 24
  - Gateway for the WAN interface is 192.168.0.254
  - Ethernet cable is plugged from LAN4/WAN to my new Modem/Router on LAN3.
  - Port LAN2 of SRP527W is defined with VLAN IP Address 192.168.15.254.
  When connected to the SRP527W on LAN2, from my computer (192.168.15.200), i can't ping 192.168.0.246 neither 0.254 (gateway is set to 15.254)
  Still, when connected to the SRP527W and with the Ping Dagnosis interface, pinging "192.168.0.254" shows "timed out".
  I tried almost every configuration, none worked.
  Please note that when connected from my computer directly to my new modem/router on port LAN3, with IP Address 192.168.0.200, i can access internet and ping everything. When set as DHCP too, i can grab an IP Address from my DHCP Windows Server.
  So, why is the SRP527W unable to work in this configuration ? it seems nothing pass through WAN port.
  If i'm right, there is only the WAN port that should be plugged to my modem router. With this settings, SSID should go directly to Internet, and for the other SSID, my LAN (through the modem/router). However, it doesn't work.
  Could you help me please ? Thank you

• Move jsp code into servlet, not work!!

  Hi:
  I am new in servlet and java, I can use jdom to read xml file
  into a jsp file, but whan I move jsp code into servlet, they are not work
  have any ideals?
  Thank!

  Hi:
  my.jsp
  <%@ page contentType="text/html"%>
  <%@ page import="java.io.File,
  java.util.*,
  org.jdom.*,
  org.jdom.input.SAXBuilder,
  org.jdom.output.*" %>
  <%
  String Records = "c:/XMl/Quotes.xml";
  SAXBuilder builder = new SAXBuilder("org.apache.xerces.parsers.SAXParser");
  Document l_doc = builder.build(new File(Records));
  my servlet
  import java.io.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import org.jdom.*;
  import org.jdom.input.*;
  import org.jdom.input.SAXBuilder;
  import org.jdom.output.*;
  public class XmlJdom extends HttpServlet
  String Records = "c:/xml/Quotes.xml";
  SAXBuilder builder = null;
  Element Author = null;
  Element Text = null;
  Element Date = null;
  * Initializes the servlet.
  public void init(ServletConfig config) throws ServletException
  super.init(config); //pass ServletConfig to parent
  try
  // JDOM can build JDOM trees from a variety of input sources. One
  // of those input sources is a SAX parser.
  SAXBuilder builder = new SAXBuilder("org.apache.xerces.parsers.SAXParser");
  catch ( org.jdom.JDOMEXception e)
  public void doGet(
  HttpServletRequest request,
  HttpServletResponse response)
       throws IOException, ServletException
       PrintWriter out = null;
       out = response.getWriter();
       try{                
       Document l_doc = builder.build(new File(Records));
  Element root = l_doc.getRootElement();
  //get a list of all recode in my XML document
  String l_pages = root.getChild("quote");
  String Iterator e = l_pages.iterator();
  while ( e.hasNext())
  Element l_quote= (Element) e.next();
       Element l_Author = l_quote.getChild("Date").getChild("Text");
  XMLOutputter l_format = new XMLOutputter();
  String ls_result = l_format.outputString(l_doc);
  out.println(ls_result);
  catch( org.jdom.JDOMException e )
       finally
            if( out != null)
                 out.close();
  Please tell me, what is wrong!!!
  Element root = l_doc.getRootElement();
  /* get a list of all the links in our XML document */
  List l_pages = root.getChildren("quote");
  Iterator Myloop = l_pages.iterator();
  while ( Myloop.hasNext())
  Element l_quote= (Element) Myloop.next();
       Element l_Author = l_quote.getChild("Date").getChild("Text");
  XMLOutputter l_format = new XMLOutputter();
  String ls_result = l_format.outputString(l_doc);
  ls_result = l_format.outputString(l_doc);
  %>
  <html><head><title></title></head>
       <body>
            <pre>
            <%=ls_result%>
            </pre>
       </body>
  </html>

• Loading external swf into Fla. not working

  I have created a Flash page that loads an external swf into
  it when you click a button. The swf loads but the actionscript
  assigned to the swf which scrolls images across does not work. When
  i open the swf in a browser window with the direct link to it the
  scroll works but inside the fla file the swf loads but the scroll
  buttons are not working at all. Would this be something in the
  actionscripting in the swf or fla file. Any advice would be greatly
  appreciated, thank you.

  var imageRequest:URLRequest = new URLRequest("my_gallery.swf");
  var imageLoader:Loader = new Loader();
  imageLoader.load(imageRequest);
  addChild(imageLoader);
  is as3 code.  that won't work in your as2 project.
  here's the equivalent in as2:
  this.createEmptyMovieClip("targetMC",this.getNextHighestDepth());
  targetMC.loadMovie("my_gallery.swf");

• CRIO: Unflatten from string into lvclass not working in deployment

  Hello,
  I am working on a problem for some hours now and I need some help.
  I am using a cRIO-9022. I need to do some tasks, and I created a couple of classes which contain the parameters and the methods. They contain using dynamic dispatch VIs. I have an array of these classes (all derived from a parent class) which is my "configuration". I am using "flatten to string" and saving those file on disk. "Unflatten from string" is working fine. These file is created on a LV WIndows Application.
  I need to use this file on my cRIO: Unflatten from string, and then work with the array of my classes. When running the cRIO Main VI it's working fine. But when building the application and deploying it as startup, it's not working. I am getting:
  Error 1403 occurred at Unflatten From String in Gantry CommEngine.vi->RT Main.vi
  Possible reason(s):
  LabVIEW:  Attempted to read flattened data of a LabVIEW class. The data is corrupt. LabVIEW could not interpret the data as any valid flattened LabVIEW class.
  What I tried so far:
  - Added the whole lvlib containing the classes and also every single class to "Source files / always included".
  - Created constants of the array (containing the classes) to the VI (forcing LV to include the classes?)
  - Loaded the file from cRIOs flash and also by shared variable
  What else can I do?
  Thanks a lot for support!

  I tried to reproduce the matter, but couldn't. 
  I attached my example to the post. 
  What it does:
  It creates a class with only a string a bool and a number. This class oblect is saved to C:/somename.xml. The number is a random number.
  In the second case the same file is read and the number broadcasted to a variable.
  It worked quite fine building it as a startupexe.
  Nothing else was necessary. Does it work for you?
  Attachments:
  class exe.zip ‏45 KB

• VPN Split-Tunneling not working

  Hello,
  First off - thanks to all who post here.  I often browse the forums and search for help on here and its very useful, so a great pat on the back for everyone who contributes.  My first time posting so here goes.....
  I have my ASA 5505 v8.2 configured to allow AnyConnect. This is working.  Client can connect and access the remote systems through VPN.  What is causing me a massive headache is that the client loses internet connectivity.  I have played around with my config somewhat so what I am about to post I know for certain is incorrect but any help is greatly appreciated.
  Notes
  1.  The Router was set up for a standard site-to-site VPN which is no longer functional but as you can see all the settings are still in the router.
  2.  The router also has a DMZ setup to allow some clients access to the internet through it using the DMZ
  CONFIGURATION:
  ASA Version 8.2(5)
  hostname MYHOST
  enable password mUUvr2NINofYuSh2 encrypted
  passwd UNDrnIuGV0tAPtz2 encrypted
  names
  name x.x.x.x AIME-SD
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  switchport access vlan 7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.101.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address x.x.x.x 255.255.0.0
  interface Vlan7
  no forward interface Vlan1
  nameif DMZ
  security-level 20
  ip address 137.57.183.1 255.255.255.0
  ftp mode passive
  clock timezone MST -7
  object-group network obj_any_dmz
  access-list 10 extended permit ip 192.168.25.0 255.255.255.0 192.168.6.0 255.255                                                                                        .255.0
  access-list no_nat extended permit ip host x.x.x.x 192.168.25.0 255.255.25                                                                                        5.0
  access-list split-tunneling standard permit 192.168.101.0 255.255.255.0
  access-list nonat extended permit ip 192.168.101.0 255.255.255.0 any
  pager lines 24
  logging enable
  logging buffered debugging
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  mtu DMZ 1500
  ip local pool Internal_Range 192.168.101.125-192.168.101.130 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 10 interface
  nat (inside) 0 access-list no_nat
  nat (inside) 1 access-list nonat
  nat (DMZ) 10 137.57.183.0 255.255.255.0
  route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
  route inside 192.168.8.0 255.255.255.0 192.168.101.2 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication ssh console LOCAL
  http server enable 64000
  http 0.0.0.0 0.0.0.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set batus esp-aes-256 esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto map batus 100 match address 10
  crypto map batus 100 set peer AIME-SD
  crypto map batus 100 set transform-set batus
  crypto map batus interface outside
  crypto ca trustpoint ASDM_TrustPoint1
  enrollment self
  subject-name CN=MYHOST
  keypair ClientX_cert
  crl configure
  crypto ca certificate chain ASDM_TrustPoint1
  certificate 0f817951
      308201e7 30820150 a0030201 0202040f 81795130 0d06092a 864886f7 0d010105
      05003038 31173015 06035504 03130e41 494d452d 56504e2d 42415455 53311d30
      1b06092a 864886f7 0d010902 160e4149 4d452d56 504e2d42 41545553 301e170d
      31333036 32373137 32393335 5a170d32 33303632 35313732 3933355a 30383117
      30150603 55040313 0e41494d 452d5650 4e2d4241 54555331 1d301b06 092a8648
      86f70d01 0902160e 41494d45 2d56504e 2d424154 55533081 9f300d06 092a8648
      86f70d01 01010500 03818d00 30818902 818100c9 ff840bf4 cfb8d394 2c940430
      1887f25a 49038aa0 1299cf10 bda2a436 227dcdbf f1c5566b c35c2f19 8b3514d3
      4e24f5b1 c8840e8c 60e2b39d bdc0082f 08cce525 97ffefba d42bb087 81b9adb9
      db0a8b2f b643e651 d17cd6f8 f67297f2 d785ef46 c3acbb39 615e1ef1 23db072c
      783fe112 acd6dc80 dc38e94b 6e56fe94 d59d5d02 03010001 300d0609 2a864886
      f70d0101 05050003 8181007e 29e90ea0 e337976e 9006bc02 402fd58a a1d30fe8
      b2c1ab49 a1828ee0 488d1d2f 1dc5d150 3ed85f09 54f099b2 064cd622 dc3d3821
      fca46c69 62231fd2 6e396cd1 7ef586f9 f41205af c2199174 3c5ee887 42b684c9
      7f4d2045 4742adb5 d70c3805 4ad13191 8d802bbc b2bcd8c7 8eec111b 761d89f3
      63ebd49d 30dd06f4 e0fa25
    quit
  crypto isakmp enable outside
  crypto isakmp policy 40
  authentication pre-share
  encryption aes-256
  hash sha
  group 5
  lifetime 86400
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 inside
  ssh 0.0.0.0 0.0.0.0 DMZ
  ssh timeout 10
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ssl encryption rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
  ssl trust-point ASDM_TrustPoint1 outside
  webvpn
  enable outside
  svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
  svc enable
  group-policy ClientX_access internal
  group-policy ClientX_access attributes
  vpn-tunnel-protocol svc
  split-tunnel-network-list value split-tunneling
  default-domain value access.local
  address-pools value Internal_Range
  ipv6-address-pools none
  webvpn
    svc mtu 1406
    svc rekey time none
    svc rekey method ssl
  username ClientX password ykAxQ227nzontdIh encrypted privilege 15
  username ClientX attributes
  vpn-group-policy ClientX_access
  service-type admin
  tunnel-group x.x.x.x type ipsec-l2l
  tunnel-group x.x.x.x ipsec-attributes
  pre-shared-key *****
  tunnel-group ClientX type remote-access
  tunnel-group ClientX general-attributes
  address-pool Internal_Range
  default-group-policy ClientX_access
  tunnel-group SSLClientProfile type remote-access
  tunnel-group SSLClientProfile general-attributes
  default-group-policy ClientX_access
  tunnel-group ClientX_access type remote-access
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:e7d92a387d1c5f07e14b3c894d159ec1
  : end
  Thank you for any help!!

  Karsten!
  That fixed my internet access problem.  Yippee!
  Unfortunately it seems to have broken my access to the internal network.  Boo!
  I can no longer access/ping anything on the internal IP range (192.168.101.x). 
  I assume this is a nat issue somewhere along the line.  Posting the top half of my config for any assistance and the info requested by Raj (although VPN is connecting fine).  Thank you both for your very prompt replies!!!
  Short Config
  object-group network obj_any_dmz
  access-list 10 extended permit ip 192.168.25.0 255.255.255.0 192.168.6.0 255.255.255.0
  access-list no_nat extended permit ip host x.x.x.x 192.168.25.0 255.255.255.0
  access-list split-tunneling standard permit 192.168.101.0 255.255.255.0
  access-list nonat extended permit ip 192.168.101.0 255.255.255.0 any
  pager lines 24
  logging enable
  logging buffered debugging
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  mtu DMZ 1500
  ip local pool Internal_Range 192.168.101.125-192.168.101.130 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 10 interface
  nat (inside) 0 access-list no_nat
  nat (inside) 1 access-list nonat
  nat (DMZ) 10 137.57.183.0 255.255.255.0
  route outside 0.0.0.0 0.0.0.0 207.229.2.129 1
  route inside 192.168.8.0 255.255.255.0 192.168.101.2 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  Show vpn-sessiondb svc
  Session Type: SVC
  Username     : ClientX                 Index        : 9
  Assigned IP  : 192.168.101.125        Public IP    : x.x.x.x
  Protocol     : Clientless SSL-Tunnel DTLS-Tunnel
  License      : SSL VPN
  Encryption   : RC4 AES128             Hashing      : MD5 SHA1
  Bytes Tx     : 11662                  Bytes Rx     : 62930
  Group Policy : ClientX_access          Tunnel Group : DefaultWEBVPNGroup
  Login Time   : 22:40:56 MST Mon Jul 1 2013
  Duration     : 0h:11m:08s
  Inactivity   : 0h:00m:00s
  NAC Result   : Unknown
  VLAN Mapping : N/A                    VLAN         : none

• Anyconnect VPN Certificate-matching not working

  Cisco Adaptive Security Appliance Software Version 9.1(4); Device Manager Version 7.1(5)100; anyconnect-win-3.1.05152-k9.pkg
  Hello, I am trying to implement Certificate Matching for certain client profiles. However 'certificate matching' does not seem to work- another certificate is always selected instead for Anyconnect SSL VPN authentication.
  For example the client has two client-certificates installed: masin2 and masin3. I have configured the client-profile certificate-matching to use masin2 for authentication, but Anyconnect still chooses masin3 instead.
  The client-profile looks like this:
  <CertificateMatch>
              <KeyUsage>
                  <MatchKey>Key_Encipherment</MatchKey>
                  <MatchKey>Digital_Signature</MatchKey>
              </KeyUsage>
              <ExtendedKeyUsage>
                  <ExtendedMatchKey>ClientAuth</ExtendedMatchKey>
              </ExtendedKeyUsage>
              <DistinguishedName>
                  <DistinguishedNameDefinition Operator="Equal" Wildcard="Disabled" MatchCase="Disabled">
                      <Name>CN</Name>
                      <Pattern>masin2</Pattern>
                  </DistinguishedNameDefinition>
              </DistinguishedName>
          </CertificateMatch>
  Any suggestions/ideas? thanks for any input,
  heiki.

  enabling wildcard did not help. also tried disabling/enabling automatic certificate selection- no luck.
  I have also tried with and without different keyusage and extendedkeyusage- no difference.
  The Client Profile is correctly updated on the client PC every time a change in made, but it seems like Anyconnect is not evaluating the Certificate Matching fields at all. And it seems like the problem is only with the CertificateMatch fields, because other fields are used as configured (for example: certificatestore, retainvpnonlogoff, usestartbeforelogon and so on).
  I even upgraded Anyconnect to the latest version 3.1.05160 and still- anyconnect completely ignores certificatematch configuration in client-profile.

• Select Into code not working in Trigger

  Hello there,
  I was hoping somebody could give me the solution to this problem ,
  I have a scenarior in which I was trying to insert into table B if an insert occurs on Table A by the use of a trigger on table A .
  Here is the code:
  BEGIN
  IF INSERTING THEN
  select MAX(Val1),MAX(Val2)
  INTO localVar_1 ,localVar_2
  from tableC,tableD
  where <<some join condition>>
  INSERT INTO TABLEB(col1 ,
  col2,
  col3,
  col4,
  col5,
  col6,
  col7,
  col8,
  col9)
  VALUES(:new.someValue1,
  :new.someValue2,
  :new.someValue3,
  localVar_1,
  localVar_2,
  :new.someValue4,
  :new.someValue5,
  :new.someValue6,
  :new.someValue7);
  END IF;
  The Error I get is ORA-01400 "Cannot Insert Null Into" "Schema"."Table"."Column" . I suspect my localVar_1 to be nulled out ,which brings into question the SELECT INTO prior to this which is supposed to assign a value to these variables , If I do just a SELECT that seems to work but SELECT INTO seems to be having problems . Any suggestions?

  Check the NOT NULL constraint in TABLEB, and if you find any columns having it, try to insert a fixed value and see it it works.
  thanks

• Count into variable not working in procedure

  I'm writing a simple procedure in a package. Based on Record count I'm inserting record into other table.
  count(fielname) alwways returns zero. But the same SQL statement works fine when I just execute sql statement out side of procedure in SQL window.
  supplierid, userid fields are varchar(20)
  L_CNTSUPP NUMBER;
  SELECT count(SUPPLIERID)
  INTO L_CNTSUPP
  FROM TBLSEQUENCE TS, TBLUSER TU
  WHERE ltrim(rtrim(TS.SUPPLIERID)) = ltrim(rtrim(TU.INFO_1))
  AND ltrim(rtrim(TU.USERID)) = ltrim(rtrim(L_USERID));
  DBMS_OUTPUT.put_line(L_CNTSUPP);
  Please advice.

  Hello,
  Try this:
  SELECT count(*)
  INTO L_CNTSUPP
  FROM TBLSEQUENCE TS, TBLUSER TU
  WHERE ltrim(TS.SUPPLIERID) = ltrim(TU.INFO_1)
  AND ltrim(TU.USERID) = ltrim(L_USERID);
  DBMS_OUTPUT.put_line(L_CNTSUPP);A few points: you do not need an RTRIM when using VARCHAR since it's automatically RTRIMmed, but you should be using VARCHAR2 in Oracle - VARCHAR is for Oracle's own internal use and may change without notice. You only need LTRIM if you've spaces to the left of the data.

• "Automatically Write Changes Into XMP" Not Working for DNG Files

  Hello,
  I am needing to update DNG/JPG file pairs with keywords that I add  in lightroom.  The following is the problem that I am encountering. 
  When the image consists of only a JPEG file (ie. I had my DSLR only snap a jpeg and not an associated DNG), and I add one or more keywords to the file in Lightroom, these are written / saved immediately in Lightroom and are visible immediately in the 'tags' column for that image in windows explorer.  Very useful and important functionality for my workflow.
  However, when the image consists of both a JPEG and a sister DNG (i.e.,snapped simultaneously by my DSLR), and I try to add keywords to these (treated at this point as a single image by lightroom) then Lightroom does not record the keywords into either of the two files and consequently no tags are visible in windows explorer.  I have confirmed this apparent problem with a seperate image metadata utility software, and am hoping that it's just something simple that I am missing.
  Also "Automatically Write Changes Into XMP" is selected and I have also  tried manually both: "right click," "metadata," "write metadata to file;"  and  "right click" "update DNG preview and metadata" and the problem  persists.
  Hopefully someone has encountered something similar and can point me in the right direction.
  Thanks in advance.

  @Eric: hitting cntrl+s works but can be tedeous on large galleries. I've been doing this but it can be a pain.
  @Jeannine: different topic than this thread but to answer anyways... Lightroom automatically saves all changes into your catalogue. You never need to dave your changes (here's the kicker though) as long as you do not move the original file. If you
  move the file than lightroom won't know that it's the same image as the one you've edited. Once you are done editing your image you will need to "export" the image to a new file (you don't wan to overwrite the original). If you don't export than only lightroom will have your edits. Lightroom is "non-destructive" Which means that it doesn't touch your original photo. Lightroom keeps a text file containing the instructions on what you did to make the edited version. Since your changes are just text inatryxtions you have to "export" the image to get your final image in a version you can put online, print, etc. But to answer your original question, I think you prob moves the original image. If not, could you give us more info?

• Merge Data Files into Spreadsheet not working

  HELP! I created the form files in Adobe Acrobat Pro XI, saved as Reader Extended PDF, have a submit button that emails me, and I download them to a folder on my desktop. When I try to "Merge Data Files into Spreadsheet" all I get back is the file name. I've tried with 10 files and only one file and it STILL won't work so it is not that the fields don't line up.
  What do I do now?

  It's hard to say without looking at one of the files. If you can't post one somewhere, I'd be happy to take a look if you're free to email me: acroscript at gmail dot com

• Typing web address into browser not working

  I type into browser box the web address I want to go to and then press enter. Firefox browser does not go to the web address, it does not respond. I type www.wsj.com and then press "enter" on keyboard or cursor link on the arrow and Firefox browser does not go to that web address. It remains motionless. I have to type the web address into a search engine box in order to get to the web address I want to go to.

  Try the Firefox SafeMode to see how it works there. <br />
  ''A troubleshooting mode, which disables most Add-ons.'' <br />
  ''(If you're not using it, switch to the Default Theme.)''
  * You can open the Firefox 4.0+ SafeMode by holding the '''Shft''' key when you use the Firefox desktop or Start menu shortcut.
  * Or use the Help menu item, click on '''Restart with Add-ons Disabled...''' while Firefox is running. <br />
  ''Don't select anything right now, just use "Continue in SafeMode."''
  ''To exit the Firefox Safe Mode, just close Firefox and wait a few seconds before using the Firefox shortcut (without the Shft key) to open it again.''
  '''''If it is good in the Firefox SafeMode''''', your problem is probably caused by an extension, and you need to figure out which one. <br />
  http://support.mozilla.com/en-US/kb/troubleshooting+extensions+and+themes
  ''When you figure out what is causing that, please let us know. It might help other user's who have that problem.''