Tiger VPN (PPTP) connection issues

Similar Messages

• WRV200 dropping VPN/PPTP connections

  I replaced an aging router with a WRV200 on recommendation from two sources. Everything is working nicely except inbound PPTP connections on port 1723. TCP1723 is forwarded to the correct IP address internally. Everything is wired with wireless disabled. When a client connects, they get dropped after about 3 or 4 minutes. Clients are also unable to connect if their local Windows Firewall (XP Pro SP2) is enabled. Our previous router didn't have this problem, and if I swap the routers again, the problem goes away. This is with the latest firmware. Please help, my remote users are panicking!

  Disable all other firewalls ..... reset the router & reconfigure it ...
  See if still it shows the same error ...

• Site to site VPN re-connection issue

  Hi I done site -to -site VPN between two UC 560 and I am able to make call too. Both site I am using DDNS FQDN. Now I am facing these problems,
  1. When ever any of the site gone down , it is taking around 45 minute to get reconnect the VPN. 
  2. With in 2 minute Dialer interface is getting WAN  IP address from service provider and it is updating with Dyndns also. But while checking crypto session details from my local UC I can see the peer address is not changing or showing none.
  please help me to overcome this issue
  I tested by restarting ROUTER-A  UC560
  Please find the status of remote site:
  ROUTER-B#sh crypto isa sa
  IPv4 Crypto ISAKMP SA
  dst             src             state          conn-id status
  2.50.37.13      86.99.72.10     MM_NO_STATE       2004 ACTIVE (deleted)
  ROUTER-B#sh crypto isa saIPv4 Crypto ISAKMP SA
  dst             src             state          conn-id status
  ROUTER-A#sh crypto isa sa
  IPv4 Crypto ISAKMP SA
  dst             src             state          conn-id status
  ROUTER-B#sho crypto session detail
  Crypto session current status
  Code: C - IKE Configuration mode, D - Dead Peer Detection
  K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
  X - IKE Extended Authentication, F - IKE Fragmentation
  Interface: Dialer0
  Session status: UP-NO-IKE
  Peer: 86.99.72.10 port 500 fvrf: (none) ivrf: (none)
        Desc: (none)
        Phase1_id: (none)
    IPSEC FLOW: permit ip 192.168.10.0/255.255.255.0 192.168.50.0/255.255.255.0
          Active SAs: 2, origin: crypto map
          Inbound:  #pkts dec'ed 12452 drop 0 life (KB/Sec) 4477633/1050
          Outbound: #pkts enc'ed 15625 drop 228 life (KB/Sec) 4477628/1050
  ROUTER-A# sho crypto session det
  Crypto session current status
  Code: C - IKE Configuration mode, D - Dead Peer Detection
  K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
  X - IKE Extended Authentication, F - IKE Fragmentation
  Interface: Virtual-Access2
  Session status: DOWN
  Peer:  port 500 fvrf: (none) ivrf: (none)
        Desc: (none)
        Phase1_id: (none)
    IPSEC FLOW: permit ip 192.168.50.0/255.255.255.0 192.168.10.0/255.255.255.0
          Active SAs: 0, origin: crypto map
          Inbound:  #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
          Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
  Interface: Dialer0
  Session status: DOWN
  Peer:  port 500 fvrf: (none) ivrf: (none)
        Desc: (none)
        Phase1_id: (none)
    IPSEC FLOW: permit ip 192.168.50.0/255.255.255.0 192.168.10.0/255.255.255.0
          Active SAs: 0, origin: crypto map
          Inbound:  #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
          Outbound: #pkts enc'ed 0 drop 23 life (KB/Sec) 0/0
  **** Here I can see the peer IP is 86.99.72.10, but address had been changed to  92.98.211.242 in ROUTER-A
  Please see the debug crypto isakpm
  ROUTER-A#debug crypto isakmp
  Crypto ISAKMP debugging is on
  ROUTER-A#terminal monitor
  000103: Aug  6 18:40:48.083: ISAKMP:(0): SA request profile is (NULL)
  000104: Aug  6 18:40:48.083: ISAKMP: Created a peer struct for , peer port 500
  000105: Aug  6 18:40:48.083: ISAKMP: New peer created peer = 0x86682AAC peer_handle = 0x80000031
  000106: Aug  6 18:40:48.083: ISAKMP: Locking peer struct 0x86682AAC, refcount 1 for isakmp_initiator
  000107: Aug  6 18:40:48.083: ISAKMP: local port 500, remote port 500
  000108: Aug  6 18:40:48.083: ISAKMP: set new node 0 to QM_IDLE
  000109: Aug  6 18:40:48.083: ISAKMP:(0):insert sa successfully sa = 8B4EBE04
  000110: Aug  6 18:40:48.083: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
  000111: Aug  6 18:40:48.083: ISAKMP:(0):No pre-shared key with !
  000112: Aug  6 18:40:48.083: ISAKMP:(0): No Cert or pre-shared address key.
  000113: Aug  6 18:40:48.083: ISAKMP:(0): construct_initial_message: Can not start Main mode
  000114: Aug  6 18:40:48.083: ISAKMP: Unlocking peer struct 0x86682AAC for isadb_unlock_peer_delete_sa(), count 0
  000115: Aug  6 18:40:48.083: ISAKMP: Deleting peer node by peer_reap for : 86682AAC
  000116: Aug  6 18:40:48.083: ISAKMP:(0):purging SA., sa=8B4EBE04, delme=8B4EBE04
  000117: Aug  6 18:40:48.083: ISAKMP:(0):purging node 2113438140
  000118: Aug  6 18:40:48.083: ISAKMP: Error while processing SA request: Failed to initialize SA
  000119: Aug  6 18:40:48.083: ISAKMP: Error while processing KMI message 0, error 2.
  000120: Aug  6 18:41:18.083: ISAKMP:(0): SA request profile is (NULL)
  000121: Aug  6 18:41:18.083: ISAKMP: Created a peer struct for , peer port 500
  000122: Aug  6 18:41:18.083: ISAKMP: New peer created peer = 0x8668106C peer_handle = 0x80000032
  000123: Aug  6 18:41:18.083: ISAKMP: Locking peer struct 0x8668106C, refcount 1 for isakmp_initiator
  000124: Aug  6 18:41:18.083: ISAKMP: local port 500, remote port 500
  000125: Aug  6 18:41:18.083: ISAKMP: set new node 0 to QM_IDLE
  000126: Aug  6 18:41:18.083: ISAKMP:(0):insert sa successfully sa = 86685DFC
  000127: Aug  6 18:41:18.083: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
  000128: Aug  6 18:41:18.083: ISAKMP:(0):No pre-shared key with !
  000129: Aug  6 18:41:18.083: ISAKMP:(0): No Cert or pre-shared address key.
  000130: Aug  6 18:41:18.083: ISAKMP:(0): construct_initial_message: Can not start Main mode
  000131: Aug  6 18:41:18.083: ISAKMP: Unlocking peer struct 0x8668106C for isadb_unlock_peer_delete_sa(), count 0
  000132: Aug  6 18:41:18.083: ISAKMP: Deleting peer node by peer_reap for : 8668106C
  000133: Aug  6 18:41:18.083: ISAKMP:(0):purging SA., sa=86685DFC, delme=86685DFC
  000134: Aug  6 18:41:18.083: ISAKMP:(0):purging node 379490091
  000135: Aug  6 18:41:18.083: ISAKMP: Error while processing SA request: Failed to initialize SA
  000136: Aug  6 18:41:18.083: ISAKMP: Error while processing KMI message 0, error 2.
  000137: Aug  6 18:42:48.083: ISAKMP:(0): SA request profile is (NULL)
  000138: Aug  6 18:42:48.083: ISAKMP: Created a peer struct for , peer port 500
  000139: Aug  6 18:42:48.083: ISAKMP: New peer created peer = 0x86691200 peer_handle = 0x80000033
  000140: Aug  6 18:42:48.083: ISAKMP: Locking peer struct 0x86691200, refcount 1for isakmp_initiator
  000141: Aug  6 18:42:48.083: ISAKMP: local port 500, remote port 500
  000142: Aug  6 18:42:48.083: ISAKMP: set new node 0 to QM_IDLE
  000143: Aug  6 18:42:48.083: ISAKMP:(0):insert sa successfully sa = 866E1758
  000144: Aug  6 18:42:48.083: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
  000145: Aug  6 18:42:48.083: ISAKMP:(0):No pre-shared key with !
  000146: Aug  6 18:42:48.083: ISAKMP:(0): No Cert or pre-shared address key.
  000147: Aug  6 18:42:48.083: ISAKMP:(0): construct_initial_message: Can not start Main mode
  000148: Aug  6 18:42:48.083: ISAKMP: Unlocking peer struct 0x86691200 for isadb_unlock_peer_delete_sa(), count 0
  000149: Aug  6 18:42:48.083: ISAKMP: Deleting peer node by peer_reap for : 86691200
  000150: Aug  6 18:42:48.083: ISAKMP:(0):purging SA., sa=866E1758, delme=866E1758
  000151: Aug  6 18:42:48.083: ISAKMP:(0):purging node -309783810
  000152: Aug  6 18:42:48.083: ISAKMP: Error while processing SA request: Failed to initialize SA
  000153: Aug  6 18:42:48.083: ISAKMP: Error while processing KMI message 0, error 2.
  000154: Aug  6 18:43:18.083: ISAKMP:(0): SA request profile is (NULL)
  000155: Aug  6 18:43:18.083: ISAKMP: Created a peer struct for , peer port 500
  000156: Aug  6 18:43:18.083: ISAKMP: New peer created peer = 0x8668106C peer_handle = 0x80000034
  000157: Aug  6 18:43:18.083: ISAKMP: Locking peer struct 0x8668106C, refcount 1 for isakmp_initiator
  000158: Aug  6 18:43:18.083: ISAKMP: local port 500, remote port 500
  000159: Aug  6 18:43:18.083: ISAKMP: set new node 0 to QM_IDLE
  000160: Aug  6 18:43:18.083: ISAKMP:(0):insert sa successfully sa = 8B4AB780
  000161: Aug  6 18:43:18.083: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
  000162: Aug  6 18:43:18.083: ISAKMP:(0):No pre-shared key with !
  000163: Aug  6 18:43:18.083: ISAKMP:(0): No Cert or pre-shared address key.
  000164: Aug  6 18:43:18.083: ISAKMP:(0): construct_initial_message: Can not start Main mode
  000165: Aug  6 18:43:18.083: ISAKMP: Unlocking peer struct 0x8668106C for isadb _unlock_peer_delete_sa(), count 0
  000166: Aug  6 18:43:18.083: ISAKMP: Deleting peer node by peer_reap for : 8668106C
  000167: Aug  6 18:43:18.083: ISAKMP:(0):purging SA., sa=8B4AB780, delme=8B4AB78 0
  000168: Aug  6 18:43:18.083: ISAKMP:(0):purging node 461611358
  000169: Aug  6 18:43:18.083: ISAKMP: Error while processing SA request: Failed to initialize SA
  000170: Aug  6 18:43:18.083: ISAKMP: Error while processing KMI message 0, erro r 2.
  000171: Aug  6 18:44:48.083: ISAKMP:(0): SA request profile is (NULL)
  000172: Aug  6 18:44:48.083: ISAKMP: Created a peer struct for , peer port 500
  000173: Aug  6 18:44:48.083: ISAKMP: New peer created peer = 0x8B4A25C8 peer_handle = 0x80000035
  000174: Aug  6 18:44:48.083: ISAKMP: Locking peer struct 0x8B4A25C8, refcount 1 for isakmp_initiator
  000175: Aug  6 18:44:48.083: ISAKMP: local port 500, remote port 500
  000176: Aug  6 18:44:48.083: ISAKMP: set new node 0 to QM_IDLE
  000177: Aug  6 18:44:48.083: ISAKMP:(0):insert sa successfully sa = 8B4EC7E8
  000178: Aug  6 18:44:48.083: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
  000179: Aug  6 18:44:48.083: ISAKMP:(0):No pre-shared key with !
  000180: Aug  6 18:44:48.083: ISAKMP:(0): No Cert or pre-shared address key.
  000181: Aug  6 18:44:48.083: ISAKMP:(0): construct_initial_message: Can not start Main mode
  000182: Aug  6 18:44:48.083: ISAKMP: Unlocking peer struct 0x8B4A25C8 for isadb_unlock_peer_delete_sa(), count 0
  000183: Aug  6 18:44:48.083: ISAKMP: Deleting peer node by peer_reap for : 8B4A25C8
  000184: Aug  6 18:44:48.083: ISAKMP:(0):purging SA., sa=8B4EC7E8, delme=8B4EC7E8
  000185: Aug  6 18:44:48.083: ISAKMP:(0):purging node -1902909277
  000186: Aug  6 18:44:48.083: ISAKMP: Error while processing SA request: Failed to initialize SA
  000187: Aug  6 18:44:48.083: ISAKMP: Error while processing KMI message 0, error 2.
  000188: Aug  6 18:45:18.083: ISAKMP:(0): SA request profile is (NULL)
  000189: Aug  6 18:45:18.083: ISAKMP: Created a peer struct for , peer port 500
  000190: Aug  6 18:45:18.083: ISAKMP: New peer created peer = 0x8668106C peer_handle = 0x80000036
  000191: Aug  6 18:45:18.083: ISAKMP: Locking peer struct 0x8668106C, refcount 1 for isakmp_initiator
  000192: Aug  6 18:45:18.083: ISAKMP: local port 500, remote port 500
  000193: Aug  6 18:45:18.083: ISAKMP: set new node 0 to QM_IDLE
  000194: Aug  6 18:45:18.083: ISAKMP:(0):insert sa successfully sa = 86685DFC
  000195: Aug  6 18:45:18.083: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
  000196: Aug  6 18:45:18.083: ISAKMP:(0):No pre-shared key with !
  000197: Aug  6 18:45:18.083: ISAKMP:(0): No Cert or pre-shared address key.
  000198: Aug  6 18:45:18.083: ISAKMP:(0): construct_initial_message: Can not start Main mode
  000199: Aug  6 18:45:18.083: ISAKMP: Unlocking peer struct 0x8668106C for isadb_unlock_peer_delete_sa(), count 0
  000200: Aug  6 18:45:18.083: ISAKMP: Deleting peer node by peer_reap for : 8668106C
  000201: Aug  6 18:45:18.083: ISAKMP:(0):purging SA., sa=86685DFC, delme=86685DFC
  000202: Aug  6 18:45:18.083: ISAKMP:(0):purging node 1093064733
  000203: Aug  6 18:45:18.083: ISAKMP: Error while processing SA request: Failed to initialize SA
  000204: Aug  6 18:45:18.083: ISAKMP: Error while processing KMI message 0, error 2.
  000205: Aug  6 18:46:48.083: ISAKMP:(0): SA request profile is (NULL)
  000206: Aug  6 18:46:48.083: ISAKMP: Created a peer struct for , peer port 500
  000207: Aug  6 18:46:48.083: ISAKMP: New peer created peer = 0x86682BE0 peer_handle = 0x80000037
  000208: Aug  6 18:46:48.083: ISAKMP: Locking peer struct 0x86682BE0, refcount 1 for isakmp_initiator
  000209: Aug  6 18:46:48.083: ISAKMP: local port 500, remote port 500
  000210: Aug  6 18:46:48.083: ISAKMP: set new node 0 to QM_IDLE
  000211: Aug  6 18:46:48.083: ISAKMP:(0):insert sa successfully sa = 866E1758
  000212: Aug  6 18:46:48.083: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
  000213: Aug  6 18:46:48.083: ISAKMP:(0):No pre-shared key with !
  000214: Aug  6 18:46:48.083: ISAKMP:(0): No Cert or pre-shared address key.
  000215: Aug  6 18:46:48.083: ISAKMP:(0): construct_initial_message: Can not start Main mode
  000216: Aug  6 18:46:48.083: ISAKMP: Unlocking peer struct 0x86682BE0 for isadb_unlock_peer_delete_sa(), count 0
  000217: Aug  6 18:46:48.083: ISAKMP: Deleting peer node by peer_reap for : 86682BE0
  000218: Aug  6 18:46:48.083: ISAKMP:(0):purging SA., sa=866E1758, delme=866E1758
  000219: Aug  6 18:46:48.083: ISAKMP:(0):purging node -1521272284
  000220: Aug  6 18:46:48.083: ISAKMP: Error while processing SA request: Failed to initialize SA
  000221: Aug  6 18:46:48.083: ISAKMP: Error while processing KMI message 0, error 2.
  000222: Aug  6 18:47:03.131: ISAKMP (0): received packet from 2.50.37.13 dport 500 sport 500 Global (N) NEW SA
  000223: Aug  6 18:47:03.131: ISAKMP: Created a peer struct for 2.50.37.13, peer port 500
  000224: Aug  6 18:47:03.131: ISAKMP: New peer created peer = 0x8668106C peer_handle = 0x80000038
  000225: Aug  6 18:47:03.131: ISAKMP: Locking peer struct 0x8668106C, refcount 1 for crypto_isakmp_process_block
  000226: Aug  6 18:47:03.131: ISAKMP: local port 500, remote port 500
  000227: Aug  6 18:47:03.131: ISAKMP:(0):insert sa successfully sa = 8B4C1924
  000228: Aug  6 18:47:03.131: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
  000229: Aug  6 18:47:03.131: ISAKMP:(0):Old State = IKE_READY  New State = IKE_R_MM1
  000230: Aug  6 18:47:03.131: ISAKMP:(0): processing SA payload. message ID = 0
  000231: Aug  6 18:47:03.131: ISAKMP:(0): processing vendor id payload
  000232: Aug  6 18:47:03.131: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
  000233: Aug  6 18:47:03.131: ISAKMP (0): vendor ID is NAT-T RFC 3947
  000234: Aug  6 18:47:03.131: ISAKMP:(0): processing vendor id payload
  000235: Aug  6 18:47:03.131: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismatch
  000236: Aug  6 18:47:03.131: ISAKMP (0): vendor ID is NAT-T v7
  000237: Aug  6 18:47:03.131: ISAKMP:(0): processing vendor id payload
  000238: Aug  6 18:47:03.131: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch
  000239: Aug  6 18:47:03.131: ISAKMP:(0): vendor ID is NAT-T v3
  000240: Aug  6 18:47:03.131: ISAKMP:(0): processing vendor id payload
  000241: Aug  6 18:47:03.131: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
  000242: Aug  6 18:47:03.131: ISAKMP:(0): vendor ID is NAT-T v2
  000243: Aug  6 18:47:03.131: ISAKMP:(0):found peer pre-shared key matching 2.50.37.13
  000244: Aug  6 18:47:03.131: ISAKMP:(0): local preshared key found
  000245: Aug  6 18:47:03.131: ISAKMP : Scanning profiles for xauth ... sdm-ike-profile-1
  000246: Aug  6 18:47:03.131: ISAKMP:(0): Authentication by xauth preshared
  000247: Aug  6 18:47:03.131: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
  000248: Aug  6 18:47:03.131: ISAKMP:      encryption 3DES-CBC
  000249: Aug  6 18:47:03.131: ISAKMP:      hash SHA
  000250: Aug  6 18:47:03.131: ISAKMP:      default group 2
  000251: Aug  6 18:47:03.131: ISAKMP:      auth pre-share
  000252: Aug  6 18:47:03.131: ISAKMP:      life type in seconds
  000253: Aug  6 18:47:03.131: ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80
  000254: Aug  6 18:47:03.135: ISAKMP:(0):atts are acceptable. Next payload is 0
  000255: Aug  6 18:47:03.135: ISAKMP:(0):Acceptable atts:actual life: 1800
  000256: Aug  6 18:47:03.135: ISAKMP:(0):Acceptable atts:life: 0
  000257: Aug  6 18:47:03.135: ISAKMP:(0):Fill atts in sa vpi_length:4
  000258: Aug  6 18:47:03.135: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
  000259: Aug  6 18:47:03.135: ISAKMP:(0):Returning Actual lifetime: 1800
  000260: Aug  6 18:47:03.135: ISAKMP:(0)::Started lifetime timer: 1800.
  000261: Aug  6 18:47:03.135: ISAKMP:(0): processing vendor id payload
  000262: Aug  6 18:47:03.135: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
  000263: Aug  6 18:47:03.135: ISAKMP (0): vendor ID is NAT-T RFC 3947
  000264: Aug  6 18:47:03.135: ISAKMP:(0): processing vendor id payload
  000265: Aug  6 18:47:03.135: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismatch
  000266: Aug  6 18:47:03.135: ISAKMP (0): vendor ID is NAT-T v7
  000267: Aug  6 18:47:03.135: ISAKMP:(0): processing vendor id payload
  000268: Aug  6 18:47:03.135: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch
  000269: Aug  6 18:47:03.135: ISAKMP:(0): vendor ID is NAT-T v3
  000270: Aug  6 18:47:03.135: ISAKMP:(0): processing vendor id payload
  000271: Aug  6 18:47:03.135: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
  000272: Aug  6 18:47:03.135: ISAKMP:(0): vendor ID is NAT-T v2
  000273: Aug  6 18:47:03.135: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
  000274: Aug  6 18:47:03.135: ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_R_MM1
  000275: Aug  6 18:47:03.135: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
  000276: Aug  6 18:47:03.135: ISAKMP:(0): sending packet to 2.50.37.13 my_port 500 peer_port 500 (R) MM_SA_SETUP
  000277: Aug  6 18:47:03.135: ISAKMP:(0):Sending an IKE IPv4 Packet.
  000278: Aug  6 18:47:03.135: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
  000279: Aug  6 18:47:03.135: ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_R_MM2
  000280: Aug  6 18:47:03.191: ISAKMP (0): received packet from 2.50.37.13 dport 500 sport 500 Global (R) MM_SA_SETUP
  000281: Aug  6 18:47:03.191: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
  000282: Aug  6 18:47:03.191: ISAKMP:(0):Old State = IKE_R_MM2  New State = IKE_R_MM3
  000283: Aug  6 18:47:03.191: ISAKMP:(0): processing KE payload. message ID = 0
  000284: Aug  6 18:47:03.199: ISAKMP:(0): processing NONCE payload. message ID = 0
  000285: Aug  6 18:47:03.203: ISAKMP:(0):found peer pre-shared key matching 2.50.37.13
  000286: Aug  6 18:47:03.203: ISAKMP:(2001): processing vendor id payload
  000287: Aug  6 18:47:03.203: ISAKMP:(2001): vendor ID is DPD
  000288: Aug  6 18:47:03.203: ISAKMP:(2001): processing vendor id payload
  000289: Aug  6 18:47:03.203: ISAKMP:(2001): speaking to another IOS box!
  000290: Aug  6 18:47:03.203: ISAKMP:(2001): processing vendor id payload
  000291: Aug  6 18:47:03.203: ISAKMP:(2001): vendor ID seems Unity/DPD but major 223 mismatch
  000292: Aug  6 18:47:03.203: ISAKMP:(2001): vendor ID is XAUTH
  000293: Aug  6 18:47:03.203: ISAKMP:received payload type 20
  000294: Aug  6 18:47:03.203: ISAKMP (2001): His hash no match - this node outside NAT
  000295: Aug  6 18:47:03.203: ISAKMP:received payload type 20
  000296: Aug  6 18:47:03.203: ISAKMP (2001): No NAT Found for self or peer
  000297: Aug  6 18:47:03.203: ISAKMP:(2001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
  000298: Aug  6 18:47:03.203: ISAKMP:(2001):Old State = IKE_R_MM3  New State = IKE_R_MM3
  000299: Aug  6 18:47:03.203: ISAKMP:(2001): sending packet to 2.50.37.13 my_port 500 peer_port 500 (R) MM_KEY_EXCH
  000300: Aug  6 18:47:03.203: ISAKMP:(2001):Sending an IKE IPv4 Packet.
  000301: Aug  6 18:47:03.203: ISAKMP:(2001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
  000302: Aug  6 18:47:03.203: ISAKMP:(2001):Old State = IKE_R_MM3  New State = IKE_R_MM4
  000303: Aug  6 18:47:03.295: ISAKMP (2001): received packet from 2.50.37.13 dport 500 sport 500 Global (R) MM_KEY_EXCH
  000304: Aug  6 18:47:03.295: ISAKMP:(2001):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
  000305: Aug  6 18:47:03.295: ISAKMP:(2001):Old State = IKE_R_MM4  New State = IKE_R_MM5
  000306: Aug  6 18:47:03.295: ISAKMP:(2001): processing ID payload. message ID = 0
  000307: Aug  6 18:47:03.295: ISAKMP (2001): ID payload
          next-payload : 8
          type         : 1
          address      : 2.50.37.13
          protocol     : 17
          port         : 500
          length       : 12
  000308: Aug  6 18:47:03.295: ISAKMP:(0):: peer matches *none* of the profiles
  000309: Aug  6 18:47:03.295: ISAKMP:(2001): processing HASH payload. message ID = 0
  000310: Aug  6 18:47:03.295: ISAKMP:(2001): processing NOTIFY INITIAL_CONTACT protocol 1
          spi 0, message ID = 0, sa = 0x8B4C1924
  000311: Aug  6 18:47:03.295: ISAKMP:(2001):SA authentication status:
          authenticated
  000312: Aug  6 18:47:03.295: ISAKMP:(2001):SA has been authenticated with 2.50.37.13
  000313: Aug  6 18:47:03.295: ISAKMP:(2001):SA authentication status:
          authenticated
  000314: Aug  6 18:47:03.295: ISAKMP:(2001): Process initial contact,
  bring down existing phase 1 and 2 SA's with local 92.98.211.242 remote 2.50.37.13 remote port 500
  000315: Aug  6 18:47:03.295: ISAKMP: Trying to insert a peer 92.98.211.242/2.50.37.13/500/,  and inserted successfully 8668106C.
  000316: Aug  6 18:47:03.295: ISAKMP:(2001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
  000317: Aug  6 18:47:03.295: ISAKMP:(2001):Old State = IKE_R_MM5  New State = IKE_R_MM5
  000318: Aug  6 18:47:03.295: ISAKMP:(2001):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
  000319: Aug  6 18:47:03.295: ISAKMP (2001): ID payload
          next-payload : 8
          type         : 1
          address      : 92.98.211.242
          protocol     : 17
          port         : 500
          length       : 12
  000320: Aug  6 18:47:03.295: ISAKMP:(2001):Total payload length: 12
  000321: Aug  6 18:47:03.295: ISAKMP:(2001): sending packet to 2.50.37.13 my_port 500 peer_port 500 (R) MM_KEY_EXCH
  000322: Aug  6 18:47:03.295: ISAKMP:(2001):Sending an IKE IPv4 Packet.
  000323: Aug  6 18:47:03.295: ISAKMP:(2001):Returning Actual lifetime: 1800
  000324: Aug  6 18:47:03.299: ISAKMP: set new node -1235582904 to QM_IDLE
  000325: Aug  6 18:47:03.299: ISAKMP:(2001):Sending NOTIFY RESPONDER_LIFETIME protocol 1
          spi 2291695856, message ID = 3059384392
  000326: Aug  6 18:47:03.299: ISAKMP:(2001): sending packet to 2.50.37.13 my_port 500 peer_port 500 (R) MM_KEY_EXCH
  000327: Aug  6 18:47:03.299: ISAKMP:(2001):Sending an IKE IPv4 Packet.
  000328: Aug  6 18:47:03.299: ISAKMP:(2001):purging node -1235582904
  000329: Aug  6 18:47:03.299: ISAKMP: Sending phase 1 responder lifetime 1800
  000330: Aug  6 18:47:03.299: ISAKMP:(2001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
  000331: Aug  6 18:47:03.299: ISAKMP:(2001):Old State = IKE_R_MM5  New State = IKE_P1_COMPLETE
  000332: Aug  6 18:47:03.299: ISAKMP:(2001):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
  000333: Aug  6 18:47:03.299: ISAKMP:(2001):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
  000334: Aug  6 18:47:03.307: ISAKMP (2001): received packet from 2.50.37.13 dport 500 sport 500 Global (R) QM_IDLE
  000335: Aug  6 18:47:03.307: ISAKMP: set new node -687536412 to QM_IDLE
  000336: Aug  6 18:47:03.307: ISAKMP:(2001): processing HASH payload. message ID = 3607430884
  000337: Aug  6 18:47:03.307: ISAKMP:(2001): processing SA payload. message ID = 3607430884
  000338: Aug  6 18:47:03.307: ISAKMP:(2001):Checking IPSec proposal 1
  000339: Aug  6 18:47:03.307: ISAKMP: transform 1, ESP_3DES
  000340: Aug  6 18:47:03.307: ISAKMP:   attributes in transform:
  000341: Aug  6 18:47:03.307: ISAKMP:      encaps is 1 (Tunnel)
  000342: Aug  6 18:47:03.307: ISAKMP:      SA life type in seconds
  000343: Aug  6 18:47:03.307: ISAKMP:      SA life duration (basic) of 3600
  000344: Aug  6 18:47:03.307: ISAKMP:      SA life type in kilobytes
  000345: Aug  6 18:47:03.307: ISAKMP:      SA life duration (VPI) of  0x0 0x46 0x50 0x0
  000346: Aug  6 18:47:03.307: ISAKMP:      authenticator is HMAC-SHA
  000347: Aug  6 18:47:03.307: ISAKMP:(2001):atts are acceptable.
  000348: Aug  6 18:47:03.307: ISAKMP:(2001): processing NONCE payload. message ID = 3607430884
  000349: Aug  6 18:47:03.311: ISAKMP:(2001): processing ID payload. message ID = 3607430884
  000350: Aug  6 18:47:03.311: ISAKMP:(2001): processing ID payload. message ID = 3607430884
  000351: Aug  6 18:47:03.311: ISAKMP:(2001):QM Responder gets spi
  000352: Aug  6 18:47:03.311: ISAKMP:(2001):Node 3607430884, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
  000353: Aug  6 18:47:03.311: ISAKMP:(2001):Old State = IKE_QM_READY  New State = IKE_QM_SPI_STARVE
  000354: Aug  6 18:47:03.311: ISAKMP:(2001): Creating IPSec SAs
  000355: Aug  6 18:47:03.311:         inbound SA from 2.50.37.13 to 92.98.211.242 (f/i)  0/ 0
          (proxy 192.168.10.0 to 192.168.50.0)
  000356: Aug  6 18:47:03.311:         has spi 0x4C5A127C and conn_id 0
  000357: Aug  6 18:47:03.311:         lifetime of 3600 seconds
  000358: Aug  6 18:47:03.311:         lifetime of 4608000 kilobytes
  000359: Aug  6 18:47:03.311:         outbound SA from 92.98.211.242 to 2.50.37.13 (f/i) 0/0
          (proxy 192.168.50.0 to 192.168.10.0)
  000360: Aug  6 18:47:03.311:         has spi  0x1E83EC91 and conn_id 0
  000361: Aug  6 18:47:03.311:         lifetime of 3600 seconds
  000362: Aug  6 18:47:03.311:         lifetime of 4608000 kilobytes
  000363: Aug  6 18:47:03.311: ISAKMP:(2001): sending packet to 2.50.37.13 my_port 500 peer_port 500 (R) QM_IDLE
  000364: Aug  6 18:47:03.311: ISAKMP:(2001):Sending an IKE IPv4 Packet.
  000365: Aug  6 18:47:03.311: ISAKMP:(2001):Node 3607430884, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI
  000366: Aug  6 18:47:03.311: ISAKMP:(2001):Old State = IKE_QM_SPI_STARVE  New State = IKE_QM_R_QM2
  000367: Aug  6 18:47:03.323: ISAKMP (2001): received packet from 2.50.37.13 dport 500 sport 500 Global (R) QM_IDLE
  000368: Aug  6 18:47:03.323: ISAKMP:(2001):deleting node -687536412 error FALSE reason "QM done (await)"
  000369: Aug  6 18:47:03.323: ISAKMP:(2001):Node 3607430884, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
  000370: Aug  6 18:47:03.323: ISAKMP:(2001):Old State = IKE_QM_R_QM2  New State = IKE_QM_PHASE2_COMPLETE
  000371: Aug  6 18:47:53.323: ISAKMP:(2001):purging node -687536412
  ROUTER-A# sho crypto isa sa
  IPv4 Crypto ISAKMP SA
  dst             src             state          conn-id status
  92.98.211.242   2.50.37.13      QM_IDLE           2001 ACTIVE
  RUNNING CONFIGURATION OF ROUTER-A
  Building configuration...
  Current configuration : 29089 bytes
  ! Last configuration change at 21:31:11 PST Tue Aug 7 2012 by administrator
  version 15.1
  parser config cache interface
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  service internal
  service compress-config
  service sequence-numbers
  hostname xxxxxxxxxxXX
  boot-start-marker
  boot-end-marker
  enable secret 4 LcV6aBcc/53FoCJjXQMd7rBUDEpeevrK8V5jQVoJEhU
  aaa new-model
  aaa authentication login default local
  aaa authentication login Foxtrot_sdm_easyvpn_xauth_ml_1 local
  aaa authorization network Foxtrot_sdm_easyvpn_group_ml_1 local
  aaa session-id common
  clock timezone ZP4 4 0
  clock summer-time PST recurring
  crypto pki token default removal timeout 0
  crypto pki trustpoint TP-self-signed-4070447007
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-4070447007
  revocation-check none
  rsakeypair TP-self-signed-4070447007
  crypto pki certificate chain TP-self-signed-4070447007
  certificate self-signed 01
    3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 34303730 34343730 3037301E 170D3132 30373331 30353139
    30375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30373034
    34373030 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100BBA6 F2C9A163 B7EAB25D 6C538A5B 29832F58 6B95D2C0 1FBE0E72 BD4E9585
    6230CAD1 8DA4E337 5A11332C 36EAFF86 02D8C977 6CD2AA50 D76FB97F 52AE73AD
    E777194B 011C95EB E2A588B4 3A7D618E F1D03E3F EF1A60FB 26372B63 9395002D
    38126CC5 EA79E23C 40E0F331 76E7731E D03E2CE8 F1A0B5E9 B83AA780 D566A679
    599F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
    551D2304 18301680 14C8BC47 90602FB0 18A8821A 85A3444F 874E2292 27301D06
    03551D0E 04160414 C8BC4790 602FB018 A8821A85 A3444F87 4E229227 300D0609
    2A864886 F70D0101 05050003 8181001B D0EA74FE 7EDD03FE 68733D87 6434D20B
    80481807 DD4A488E FFEFA631 245F396F 5CADF523 1438A70B CA113994 9798483D
    F59221EA 09EDB8FC 6D1DBBAE FE7FE4B9 E79F064F E930F347 B1CAD19B 01F5989A
    8BCFDB1D 906163A4 C467E809 E988B610 FE613177 A815DFB0 97839F92 4A682E8F
    43F08787 E08CBE70 E98DEBE7 BCD8B8
              quit
  dot11 syslog
  ip source-route
  ip cef
  ip dhcp relay information trust-all
  ip dhcp excluded-address 10.1.1.1 10.1.1.9
  ip dhcp excluded-address 10.1.1.241 10.1.1.255
  ip dhcp excluded-address 192.168.50.1 192.168.50.9
  ip dhcp excluded-address 192.168.50.241 192.168.50.255
  ip dhcp pool phone
  network 10.1.1.0 255.255.255.0
  default-router 10.1.1.1
  option 150 ip 10.1.1.1
  ip dhcp pool data
  import all
  network 192.168.50.0 255.255.255.0
  default-router 192.168.50.1
  ip inspect WAAS flush-timeout 10
  ip inspect name SDM_LOW dns
  ip inspect name SDM_LOW ftp
  ip inspect name SDM_LOW h323
  ip inspect name SDM_LOW https
  ip inspect name SDM_LOW icmp
  ip inspect name SDM_LOW imap
  ip inspect name SDM_LOW pop3
  ip inspect name SDM_LOW netshow
  ip inspect name SDM_LOW rcmd
  ip inspect name SDM_LOW realaudio
  ip inspect name SDM_LOW rtsp
  ip inspect name SDM_LOW esmtp
  ip inspect name SDM_LOW sqlnet
  ip inspect name SDM_LOW streamworks
  ip inspect name SDM_LOW tftp
  ip inspect name SDM_LOW tcp router-traffic
  ip inspect name SDM_LOW udp router-traffic
  ip inspect name SDM_LOW vdolive
  ip ddns update method sdm_ddns1
  HTTP
    add http://xxxxxxxs:[email protected]/nic/update?system=dyndns&[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
    remove http://xxxxxxx:[email protected]/nic/update?system=dyndns&[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
  interval maximum 2 0 0 0
  interval minimum 1 0 0 0
  no ipv6 cef
  multilink bundle-name authenticated
  stcapp ccm-group 1
  stcapp
  trunk group ALL_FXO
  max-retry 5
  voice-class cause-code 1
  hunt-scheme longest-idle
  voice call send-alert
  voice rtp send-recv
  voice service voip
  allow-connections h323 to h323
  allow-connections h323 to sip
  allow-connections sip to h323
  allow-connections sip to sip
  no supplementary-service h450.2
  no supplementary-service h450.3
  supplementary-service h450.12
  sip
    no update-callerid
  voice class codec 1
  codec preference 1 g711ulaw
  codec preference 2 g729r8
  voice class h323 1
    call start slow
  voice class cause-code 1
  no-circuit
  voice register global
  mode cme
  source-address 10.1.1.1 port 5060
  load 9971 sip9971.9-2-2
  load 9951 sip9951.9-2-2
  load 8961 sip8961.9-2-2
  voice translation-rule 1000
  rule 1 /.*/ //
  voice translation-rule 1112
  rule 1 /^9/ //
  voice translation-rule 1113
  rule 1 /^82\(...\)/ /\1/
  voice translation-rule 1114
  rule 1 /\(^...$\)/ /82\1/
  voice translation-rule 2002
  rule 1 /^6/ //
  voice translation-rule 2222
  rule 1 /^91900......./ //
  rule 2 /^91976......./ //
  voice translation-profile CALLER_ID_TRANSLATION_PROFILE
  translate calling 1111
  voice translation-profile CallBlocking
  translate called 2222
  voice translation-profile OUTGOING_TRANSLATION_PROFILE
  translate called 1112
  voice translation-profile XFER_TO_VM_PROFILE
  translate redirect-called 2002
  voice translation-profile multisiteInbound
  translate called 1113
  voice translation-profile multisiteOutbound
  translate calling 1114
  voice translation-profile nondialable
  translate called 1000
  voice-card 0
  dspfarm
  dsp services dspfarm
  fax interface-type fax-mail
  license udi pid UC560-FXO-K9 sn FHK1445F43M
  archive
  log config
    logging enable
    logging size 600
    hidekeys
  username administrator privilege 15 secret 4 LcV6aBcc/53FoCJjXQMd7rBUDEpeevrK8V5jQVoJEhU
  username pingerID password 7 06505D771B185F
  ip tftp source-interface Vlan90
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  lifetime 1800
  crypto isakmp key xxxxxxx address 0.0.0.0 0.0.0.0
  crypto isakmp client configuration group EZVPN_GROUP_1
  key xxxxxxx
  dns 213.42.20.20
  pool SDM_POOL_1
  save-password
  max-users 20
  crypto isakmp profile sdm-ike-profile-1
     match identity group EZVPN_GROUP_1
     client authentication list Foxtrot_sdm_easyvpn_xauth_ml_1
     isakmp authorization list Foxtrot_sdm_easyvpn_group_ml_1
     client configuration address respond
     virtual-template 1
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec profile SDM_Profile1
  set transform-set ESP-3DES-SHA
  set isakmp-profile sdm-ike-profile-1
  crypto map multisite 1 ipsec-isakmp
  description XXXXXXX
  set peer xxxxxxxxxx.dyndns.biz dynamic
  set transform-set ESP-3DES-SHA
  match address 105
  qos pre-classify
  interface GigabitEthernet0/0
  description $ETH-WAN$
  no ip address
  ip virtual-reassembly in
  load-interval 30
  duplex auto
  speed auto
  pppoe enable group global
  pppoe-client dial-pool-number 1
  interface Integrated-Service-Engine0/0
  description Interface used to manage integrated application modulecue is initialized with default IMAP group
  ip unnumbered Vlan90
  ip nat inside
  ip virtual-reassembly in
  service-module ip address 10.1.10.1 255.255.255.252
  service-module ip default-gateway 10.1.10.2
  interface GigabitEthernet0/1/0
  switchport mode trunk
  switchport voice vlan 100
  no ip address
  macro description cisco-switch
  interface GigabitEthernet0/1/1
  switchport voice vlan 100
  no ip address
  macro description cisco-phone
  spanning-tree portfast
  interface GigabitEthernet0/1/2
  no ip address
  macro description cisco-desktop
  spanning-tree portfast
  interface GigabitEthernet0/1/3
  description Interface used to communicate with integrated service module
  switchport access vlan 90
  no ip address
  service-module ip address 10.1.10.1 255.255.255.252
  service-module ip default-gateway 10.1.10.2
  interface Virtual-Template1 type tunnel
  ip unnumbered Vlan1
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile SDM_Profile1
  interface Vlan1
  description $FW_INSIDE$
  ip address 192.168.50.1 255.255.255.0
  ip access-group 101 in
  ip nat inside
  ip virtual-reassembly in
  ip tcp adjust-mss 1412
  h323-gateway voip bind srcaddr 192.168.50.1
  interface Vlan90
  description $FW_INSIDE$
  ip address 10.1.10.2 255.255.255.252
  ip access-group 103 in
  ip nat inside
  ip virtual-reassembly in
  ip tcp adjust-mss 1412
  interface Vlan100
  description $FW_INSIDE$
  ip address 10.1.1.1 255.255.255.0
  ip access-group 102 in
  ip nat inside
  ip virtual-reassembly in
  ip tcp adjust-mss 1412
  interface Dialer0
  description $FW_OUTSIDE$
  mtu 1492
  ip ddns update hostname xxxxxxxxxx.dyndns.biz
  ip ddns update sdm_ddns1
  ip address negotiated
  ip access-group 104 in
  ip mtu 1452
  ip nat outside
  ip inspect SDM_LOW out
  ip virtual-reassembly in
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication chap pap callin
  ppp chap hostname CCCCCC
  ppp chap password 7 071739545611015445
  ppp pap sent-username CCCCC password 7 122356324SDFDBDB
  ppp ipcp dns request
  ppp ipcp route default
  crypto map multisite
  ip local pool SDM_POOL_1 192.168.50.150 192.168.50.160
  ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  ip http path flash:/gui
  ip dns server
  ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
  ip route 0.0.0.0 0.0.0.0 Dialer0
  ip route 10.1.10.1 255.255.255.255 Vlan90
  access-list 100 remark auto generated by SDM firewall configuration
  access-list 100 remark SDM_ACL Category=1
  access-list 100 permit ip 192.168.10.0 0.0.0.255 any
  access-list 100 permit ip host 255.255.255.255 any
  access-list 100 permit ip 127.0.0.0 0.255.255.255 any
  access-list 100 permit ip any any
  access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_5##
  access-list 101 remark SDM_ACL Category=1
  access-list 101 permit udp any host 192.168.50.1 eq non500-isakmp
  access-list 101 permit udp any host 192.168.50.1 eq isakmp
  access-list 101 permit esp any host 192.168.50.1
  access-list 101 permit ahp any host 192.168.50.1
  access-list 101 permit ip 192.168.10.0 0.0.0.255 any
  access-list 101 permit ip any any
  access-list 101 permit ip 10.1.10.0 0.0.0.3 any
  access-list 101 permit ip 10.1.1.0 0.0.0.255 any
  access-list 101 permit ip host 255.255.255.255 any
  access-list 101 permit ip 127.0.0.0 0.255.255.255 any
  access-list 102 remark auto generated by SDM firewall configuration##NO_ACES_7##
  access-list 102 remark SDM_ACL Category=1
  access-list 102 permit udp any host 10.1.1.1 eq non500-isakmp
  access-list 102 permit udp any host 10.1.1.1 eq isakmp
  access-list 102 permit esp any host 10.1.1.1
  access-list 102 permit ahp any host 10.1.1.1
  access-list 102 permit ip any any
  access-list 102 permit tcp 10.1.10.0 0.0.0.3 any eq 2000
  access-list 102 permit udp 10.1.10.0 0.0.0.3 any eq 2000
  access-list 102 permit ip 192.168.50.0 0.0.0.255 any
  access-list 102 permit ip 10.1.10.0 0.0.0.3 any
  access-list 102 permit ip host 255.255.255.255 any
  access-list 102 permit ip 127.0.0.0 0.255.255.255 any
  access-list 103 remark auto generated by SDM firewall configuration##NO_ACES_7##
  access-list 103 remark SDM_ACL Category=1
  access-list 103 permit udp any host 10.1.10.2 eq non500-isakmp
  access-list 103 permit udp any host 10.1.10.2 eq isakmp
  access-list 103 permit esp any host 10.1.10.2
  access-list 103 permit ahp any host 10.1.10.2
  access-list 103 permit tcp 10.1.1.0 0.0.0.255 eq 2000 any
  access-list 103 permit udp 10.1.1.0 0.0.0.255 eq 2000 any
  access-list 103 permit ip 192.168.50.0 0.0.0.255 any
  access-list 103 permit ip 10.1.1.0 0.0.0.255 any
  access-list 103 permit ip host 255.255.255.255 any
  access-list 103 permit ip 127.0.0.0 0.255.255.255 any
  access-list 103 permit ip any any
  access-list 104 remark auto generated by SDM firewall configuration##NO_ACES_13##
  access-list 104 remark SDM_ACL Category=1
  access-list 104 permit ip 192.168.10.0 0.0.0.255 192.168.50.0 0.0.0.255
  access-list 104 permit udp any any eq non500-isakmp
  access-list 104 permit udp any any eq isakmp
  access-list 104 permit esp any any
  access-list 104 permit ahp any any
  access-list 104 permit ip any any
  access-list 104 permit ip 192.168.50.0 0.0.0.255 any
  access-list 104 permit ip 10.1.10.0 0.0.0.3 any
  access-list 104 permit ip 10.1.1.0 0.0.0.255 any
  access-list 104 permit icmp any any echo-reply
  access-list 104 permit icmp any any time-exceeded
  access-list 104 permit icmp any any unreachable
  access-list 104 permit ip 10.0.0.0 0.255.255.255 any
  access-list 104 permit ip 172.16.0.0 0.15.255.255 any
  access-list 104 permit ip 192.168.0.0 0.0.255.255 any
  access-list 104 permit ip 127.0.0.0 0.255.255.255 any
  access-list 104 permit ip host 255.255.255.255 any
  access-list 104 permit ip host 0.0.0.0 any
  access-list 105 remark CryptoACL for xxxxxxxxxx
  access-list 105 remark SDM_ACL Category=4
  access-list 105 permit ip 192.168.50.0 0.0.0.255 192.168.10.0 0.0.0.255
  access-list 106 remark SDM_ACL Category=2
  access-list 106 deny   ip 192.168.50.0 0.0.0.255 192.168.10.0 0.0.0.255
  access-list 106 permit ip 10.1.10.0 0.0.0.3 any
  access-list 106 permit ip 192.168.50.0 0.0.0.255 any
  access-list 106 permit ip 10.1.1.0 0.0.0.255 any
  dialer-list 1 protocol ip permit
  route-map SDM_RMAP_1 permit 1
  match ip address 106
  snmp-server community public RO
  tftp-server flash:/phones/521_524/cp524g-8-1-17.bin alias cp524g-8-1-17.bin
  tftp-server flash:/ringtones/Analog1.raw alias Analog1.raw
  tftp-server flash:/ringtones/Analog2.raw alias Analog2.raw
  tftp-server flash:/ringtones/AreYouThere.raw alias AreYouThere.raw
  tftp-server flash:/ringtones/DistinctiveRingList.xml alias DistinctiveRingList.xml
  tftp-server flash:/ringtones/RingList.xml alias RingList.xml
  tftp-server flash:/ringtones/AreYouThereF.raw alias AreYouThereF.raw
  tftp-server flash:/ringtones/Bass.raw alias Bass.raw
  tftp-server flash:/ringtones/CallBack.raw alias CallBack.raw
  tftp-server flash:/ringtones/Chime.raw alias Chime.raw
  tftp-server flash:/ringtones/Classic1.raw alias Classic1.raw
  tftp-server flash:/ringtones/Classic2.raw alias Classic2.raw
  tftp-server flash:/ringtones/ClockShop.raw alias ClockShop.raw
  tftp-server flash:/ringtones/Drums1.raw alias Drums1.raw
  tftp-server flash:/ringtones/Drums2.raw alias Drums2.raw
  tftp-server flash:/ringtones/FilmScore.raw alias FilmScore.raw
  tftp-server flash:/ringtones/HarpSynth.raw alias HarpSynth.raw
  tftp-server flash:/ringtones/Jamaica.raw alias Jamaica.raw
  tftp-server flash:/ringtones/KotoEffect.raw alias KotoEffect.raw
  tftp-server flash:/ringtones/MusicBox.raw alias MusicBox.raw
  tftp-server flash:/ringtones/Piano1.raw alias Piano1.raw
  tftp-server flash:/ringtones/Piano2.raw alias Piano2.raw
  tftp-server flash:/ringtones/Pop.raw alias Pop.raw
  tftp-server flash:/ringtones/Pulse1.raw alias Pulse1.raw
  tftp-server flash:/ringtones/Ring1.raw alias Ring1.raw
  tftp-server flash:/ringtones/Ring2.raw alias Ring2.raw
  tftp-server flash:/ringtones/Ring3.raw alias Ring3.raw
  tftp-server flash:/ringtones/Ring4.raw alias Ring4.raw
  tftp-server flash:/ringtones/Ring5.raw alias Ring5.raw
  tftp-server flash:/ringtones/Ring6.raw alias Ring6.raw
  tftp-server flash:/ringtones/Ring7.raw alias Ring7.raw
  tftp-server flash:/ringtones/Sax1.raw alias Sax1.raw
  tftp-server flash:/ringtones/Sax2.raw alias Sax2.raw
  tftp-server flash:/ringtones/Vibe.raw alias Vibe.raw
  tftp-server flash:/Desktops/CampusNight.png
  tftp-server flash:/Desktops/TN-CampusNight.png
  tftp-server flash:/Desktops/CiscoFountain.png
  tftp-server flash:/Desktops/TN-CiscoFountain.png
  tftp-server flash:/Desktops/CiscoLogo.png
  tftp-server flash:/Desktops/TN-CiscoLogo.png
  tftp-server flash:/Desktops/Fountain.png
  tftp-server flash:/Desktops/TN-Fountain.png
  tftp-server flash:/Desktops/MorroRock.png
  tftp-server flash:/Desktops/TN-MorroRock.png
  tftp-server flash:/Desktops/NantucketFlowers.png
  tftp-server flash:/Desktops/TN-NantucketFlowers.png
  tftp-server flash:Desktops/320x212x16/List.xml
  tftp-server flash:Desktops/320x212x12/List.xml
  tftp-server flash:Desktops/320x216x16/List.xml
  tftp-server flash:/bacdprompts/en_bacd_allagentsbusy.au alias en_bacd_allagentsbusy.au
  tftp-server flash:/bacdprompts/en_bacd_disconnect.au alias en_bacd_disconnect.au
  tftp-server flash:/bacdprompts/en_bacd_enter_dest.au alias en_bacd_enter_dest.au
  tftp-server flash:/bacdprompts/en_bacd_invalidoption.au alias en_bacd_invalidoption.au
  tftp-server flash:/bacdprompts/en_bacd_music_on_hold.au alias en_bacd_music_on_hold.au
  tftp-server flash:/bacdprompts/en_bacd_options_menu.au alias en_bacd_options_menu.au
  tftp-server flash:/bacdprompts/en_bacd_welcome.au alias en_bacd_welcome.au
  tftp-server flash:/bacdprompts/en_bacd_xferto_operator.au alias en_bacd_xferto_operator.au
  radius-server attribute 31 send nas-port-detail
  control-plane
  voice-port 0/0/0
  station-id number 401
  caller-id enable
  voice-port 0/0/1
  station-id number 402
  caller-id enable
  voice-port 0/0/2
  station-id number 403
  caller-id enable
  voice-port 0/0/3
  station-id number 404
  caller-id enable
  voice-port 0/1/0
  trunk-group ALL_FXO 64
  connection plar opx 201
  description Configured by CCA 4 FXO-0/1/0-OP
  caller-id enable
  voice-port 0/1/1
  trunk-group ALL_FXO 64
  connection plar opx 201
  description Configured by CCA 4 FXO-0/1/1-OP
  caller-id enable
  voice-port 0/1/2
  trunk-group ALL_FXO 64
  connection plar opx 201
  description Configured by CCA 4 FXO-0/1/2-OP
  caller-id enable
  voice-port 0/1/3
  trunk-group ALL_FXO 64
  connection plar opx 201
  description Configured by CCA 4 FXO-0/1/3-OP
  caller-id enable
  voice-port 0/4/0
  auto-cut-through
  signal immediate
  input gain auto-control -15
  description Music On Hold Port
  sccp local Vlan90
  sccp ccm 10.1.1.1 identifier 1 version 4.0
  sccp
  sccp ccm group 1
  associate ccm 1 priority 1
  associate profile 2 register mtpd0d0fd057a40
  dspfarm profile 2 transcode 
  description CCA transcoding for SIP Trunk Multisite Only
  codec g729abr8
  codec g729ar8
  codec g711alaw
  codec g711ulaw
  maximum sessions 10
  associate application SCCP
  dial-peer cor custom
  name internal
  name local
  name local-plus
  name international
  name national
  name national-plus
  name emergency
  name toll-free
  dial-peer cor list call-internal
  member internal
  dial-peer cor list call-local
  member local
  dial-peer cor list call-local-plus
  member local-plus
  dial-peer cor list call-national
  member national
  dial-peer cor list call-national-plus
  member national-plus
  dial-peer cor list call-international
  member international
  dial-peer cor list call-emergency
  member emergency
  dial-peer cor list call-toll-free
  member toll-free
  dial-peer cor list user-internal
  member internal
  member emergency
  dial-peer cor list user-local
  member internal
  member local
  member emergency
  member toll-free
  dial-peer cor list user-local-plus
  member internal
  member local
  member local-plus
  member emergency
  member toll-free
  dial-peer cor list user-national
  member internal
  member local
  member local-plus
  member national
  member emergency
  member toll-free
  dial-peer cor list user-national-plus
  member internal
  member local
  member local-plus
  member national
  member national-plus
  member emergency
  member toll-free
  dial-peer cor list user-international
  member internal
  member local
  member local-plus
  member international
  member national
  member national-plus
  member emergency
  member toll-free
  dial-peer voice 1 pots
  destination-pattern 401
  port 0/0/0
  no sip-register
  dial-peer voice 2 pots
  destination-pattern 402
  port 0/0/1
  no sip-register
  dial-peer voice 3 pots
  destination-pattern 403
  port 0/0/2
  no sip-register
  dial-peer voice 4 pots
  destination-pattern 404
  port 0/0/3
  no sip-register
  dial-peer voice 5 pots
  description ** MOH Port **
  destination-pattern ABC
  port 0/4/0
  no sip-register
  dial-peer voice 6 pots
  description ôcatch all dial peer for BRI/PRIö
  translation-profile incoming nondialable
  incoming called-number .%
  direct-inward-dial
  dial-peer voice 50 pots
  description ** incoming dial peer **
  incoming called-number .%
  port 0/1/0
  dial-peer voice 51 pots
  description ** incoming dial peer **
  incoming called-number .%
  port 0/1/1
  dial-peer voice 52 pots
  description ** incoming dial peer **
  incoming called-number .%
  port 0/1/2
  dial-peer voice 53 pots
  description ** incoming dial peer **
  incoming called-number .%
  port 0/1/3
  dial-peer voice 54 pots
  description ** FXO pots dial-peer **
  destination-pattern A0
  port 0/1/0
  no sip-register
  dial-peer voice 55 pots
  description ** FXO pots dial-peer **
  destination-pattern A1
  port 0/1/1
  no sip-register
  dial-peer voice 56 pots
  description ** FXO pots dial-peer **
  destination-pattern A2
  port 0/1/2
  no sip-register
  dial-peer voice 57 pots
  description ** FXO pots dial-peer **
  destination-pattern A3
  port 0/1/3
  no sip-register
  dial-peer voice 2000 voip
  description ** cue voicemail pilot number **
  translation-profile outgoing XFER_TO_VM_PROFILE
  destination-pattern 399
  b2bua
  session protocol sipv2
  session target ipv4:10.1.10.1
  voice-class sip outbound-proxy ipv4:10.1.10.1 
  dtmf-relay rtp-nte
  codec g711ulaw
  no vad
  dial-peer voice 58 pots
  trunkgroup ALL_FXO
  corlist outgoing call-emergency
  description **CCA*North American-7-Digit*Emergency**
  translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
  preference 5
  destination-pattern 9911
  forward-digits all
  no sip-register
  dial-peer voice 59 pots
  trunkgroup ALL_FXO
  corlist outgoing call-emergency
  description **CCA*North American-7-Digit*Emergency**
  preference 5
  destination-pattern 911
  forward-digits all
  no sip-register
  dial-peer voice 60 pots
  trunkgroup ALL_FXO
  corlist outgoing call-local
  description **CCA*North American-7-Digit*7-Digit Local**
  translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
  preference 5
  destination-pattern 9[2-9]......
  forward-digits all
  no sip-register
  dial-peer voice 61 pots
  trunkgroup ALL_FXO
  corlist outgoing call-local
  description **CCA*North American-7-Digit*Service Numbers**
  translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
  preference 5
  destination-pattern 9[2-9]11
  forward-digits all
  no sip-register
  dial-peer voice 62 pots
  trunkgroup ALL_FXO
  corlist outgoing call-national
  description **CCA*North American-7-Digit*Long Distance**
  translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
  preference 5
  destination-pattern 91[2-9]..[2-9]......
  forward-digits all
  no sip-register
  dial-peer voice 63 pots
  trunkgroup ALL_FXO
  corlist outgoing call-international
  description **CCA*North American-7-Digit*International**
  translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
  preference 5
  destination-pattern 9011T
  forward-digits all
  no sip-register
  dial-peer voice 64 pots
  trunkgroup ALL_FXO
  corlist outgoing call-toll-free
  description **CCA*North American-7-Digit*Toll-Free**
  translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
  preference 5
  destination-pattern 91800.......
  forward-digits all
  no sip-register
  dial-peer voice 65 pots
  trunkgroup ALL_FXO
  corlist outgoing call-toll-free
  description **CCA*North American-7-Digit*Toll-Free**
  translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
  preference 5
  destination-pattern 91888.......
  forward-digits all
  no sip-register
  dial-peer voice 66 pots
  trunkgroup ALL_FXO
  corlist outgoing call-toll-free
  description **CCA*North American-7-Digit*Toll-Free**
  translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
  preference 5
  destination-pattern 91877.......
  forward-digits all
  no sip-register
  dial-peer voice 67 pots
  trunkgroup ALL_FXO
  corlist outgoing call-toll-free
  description **CCA*North American-7-Digit*Toll-Free**
  translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
  preference 5
  destination-pattern 91866.......
  forward-digits all
  no sip-register
  dial-peer voice 68 pots
  trunkgroup ALL_FXO
  corlist outgoing call-toll-free
  description **CCA*North American-7-Digit*Toll-Free**
  translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
  preference 5
  destination-pattern 91855.......
  forward-digits all
  no sip-register
  dial-peer voice 2100 voip
  corlist incoming call-internal
  description **CCA*INTERSITE inbound call to xxxxxxxxxx
  translation-profile incoming multisiteInbound
  incoming called-number 82...
  voice-class h323 1
  dtmf-relay h245-alphanumeric
  fax protocol cisco
  no vad
  dial-peer voice 2101 voip
  corlist incoming call-internal
  description **CCA*INTERSITE outbound calls to xxxxxxxxxx
  translation-profile outgoing multisiteOutbound
  destination-pattern 81...
  session target ipv4:192.168.10.1
  voice-class h323 1
  dtmf-relay h245-alphanumeric
  fax protocol cisco
  no vad
  no dial-peer outbound status-check pots
  telephony-service
  sdspfarm units 5
  sdspfarm transcode sessions 10
  sdspfarm tag 2 mtpd0d0fd057a40
  video
  fxo hook-flash
  max-ephones 138
  max-dn 600
  ip source-address 10.1.1.1 port 2000
  auto assign 1 to 1 type bri
  calling-number initiator
  service phone videoCapability 1
  service phone ehookenable 1
  service dnis overlay
  service dnis dir-lookup
  service dss
  timeouts interdigit 5
  system message Cisco Small Business
  url services http://10.1.10.1/voiceview/common/login.do
  url authentication http://10.1.10.1/voiceview/authentication/authenticate

  On 12/01/12 12:06, JebediahShapnacker wrote:
  >
  > Hello.
  >
  > I would like to setup a site to site VPN between 2 of our site. We have
  > Bordermanager .7 on one end and IPCop on the other.
  i'm not familiar with Bordermanager version but be sure you're using 3.9
  with sp2 and sp2_it1 applied.
  There are not specific documents that i'm aware that explains conf
  between ipcop and bm but if ipcop behaves as standard ipsec device, you
  can use as a guideline some of the docs that explains how to configure
  bm with third party firewalls.
  - AppNote: CISCO IOS 12.2(11) T with NBM 3.8 Server
  Novell Cool Solutions: AppNote
  By Upendra Gopu
  - BorderManager and Novell Security Manager Site-to-Site VPN
  Novell Cool Solutions: Feature
  By Jenn Bitondo
  - Setting Up an IPSec VPN Tunnel between Nortel and an NBM 3.8.4 Server
  Author Info
  8 November 2006 - 7:37pm
  Submitted by: kchendil
  - AppNote: NBM to Openswan: Site-to-site VPN Made Easy
  Novell Cool Solutions: AppNote
  By Gaurav Vaidya
  - AppNote: Interoperability of Cisco PIX 500 and NBM 3.8 VPN
  Novell Cool Solutions: AppNote
  By Sreekanth Settipalli
  Digg This - Slashdot This
  Posted: 28 Oct 2004
  etc

• WLC 5508 7.0.98.0 has vpn client connection issues

  Hi
  my guest ssid is set to L2 security none and L3 Web policy and authentication local. clients that need to connect to some vpn server (internet) are reporting disconnection issues with the vpn session but not the wireless network. as soon as they get connected via another wireless internet connection the vpn connection gets stable. that makes me thing is in deed the my wireless network the one causing issues.  is there a know issues with the web authentication WLAN and vpn clients?  no firewall in the middle.
  Exclusionlist.................................... Disabled
  Session Timeout.................................. Infinity
  CHD per WLAN..................................... Enabled
  Webauth DHCP exclusion........................... Disabled
  Interface........................................ xxxxxxxxxxxxxxxx
  WLAN ACL......................................... unconfigured
  DHCP Server...................................... Default
  DHCP Address Assignment Required................. Disabled
  --More or (q)uit current module or <ctrl-z> to abort
  Quality of Service............................... Bronze (background)
  Scan Defer Priority.............................. 4,5,6
  Scan Defer Time.................................. 100 milliseconds
  WMM.............................................. Allowed
  Media Stream Multicast-direct.................... Disabled
  CCX - AironetIe Support.......................... Enabled
  CCX - Gratuitous ProbeResponse (GPR)............. Disabled
  CCX - Diagnostics Channel Capability............. Disabled
  Dot11-Phone Mode (7920).......................... Disabled
  Wired Protocol................................... None
  IPv6 Support..................................... Disabled
  Passive Client Feature........................... Disabled
  Peer-to-Peer Blocking Action..................... Disabled
  Radio Policy..................................... All
  DTIM period for 802.11a radio.................... 1
  DTIM period for 802.11b radio.................... 1
  Radius Servers
     Authentication................................ Disabled
     Accounting.................................... Disabled
     Dynamic Interface............................. Disabled
  Local EAP Authentication......................... Disabled
  Security
     802.11 Authentication:........................ Open System
     Static WEP Keys............................... Disabled
     802.1X........................................ Disabled
     Wi-Fi Protected Access (WPA/WPA2)............. Disabled
     CKIP ......................................... Disabled
     Web Based Authentication...................... Enabled
          ACL............................................. Unconfigured
          Web Authentication server precedence:
          1............................................... local
     Web-Passthrough............................... Disabled
     Conditional Web Redirect...................... Disabled
     Splash-Page Web Redirect...................... Disabled
     Auto Anchor................................... Disabled
     H-REAP Local Switching........................ Disabled
     H-REAP Learn IP Address....................... Enabled
     Client MFP.................................... Optional but inactive (WPA2 not configured)
     Tkip MIC Countermeasure Hold-down Timer....... 60
  Call Snooping.................................... Disabled
  Roamed Call Re-Anchor Policy..................... Disabled
  Band Select...................................... Disabled
  Load Balancing................................... Disabled

  Thanks Scott,
  We have two controllers and all the APs (50) are associated with the primary Controller,what is the best path to follow for the upgrade.
  we don't have Field recoversy image installed on our controller, do we have to do the FSU upgrade?
  (Cisco Controller) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.0.98.0
  Bootloader Version............................... 1.0.1
  Field Recovery Image Version..................... N/A
  Firmware Version................................. FPGA 1.3, Env 1.6, USB console                                                        1.27
  Build Type....................................... DATA + WPS
  System Name...................................... Airespace_01
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
  IP Address....................................... 10.0.0.201
  Last Reset....................................... Power on reset
  System Up Time................................... 9 days 2 hrs 57 mins 21 secs
  System Timezone Location......................... (GMT -6:00) Central Time (US and Canada)
  Current Boot License Level....................... base
  Current Boot License Type........................ Permanent
  Next Boot License Level.......................... base
  Next Boot License Type........................... Permanent
  Configured Country............................... Multiple Countries:US,CN,DE,TW,HK
  Is the below Upgrade Path make sense ?
  1. Upgrade the Primary controller and reboot- wait till all APs associate with primary controller and download the new image
  2. Upgrade the secondary controller and reboot
  3. Failover the APs to secondary controller and test
  Siddhartha

• VPN PPTP Connects but doesn't work

  Hello,
      I'm new in mac...but last week when Im connected to my work by pptp VPN, i could not  access to the resources of this network (servers, pc, etc.)...but few weeks ago I can do it as ussual. I didnt install anythink and if I send all packets to the vpn works, but i can't get internet..
  I think some route preference change automatically but i don't how to fix it. any helps?
  thanks in advance.
  Regards,
  Dario.

  OK - this is how you can fix the problem.
  make a backup copy of your network id pref list, perhaps using the command line as below from a terminal window.
  cp /Library/Preferences/SystemConfiguration/com.apple.network.idenfication.plist /Library/Preferences/SystemConfiguration/com.apple.network.idenfication.plist.o ld
  open Library/Preferences/SystemConfiguration/com.apple.network.idenfication.plist using a TEXT editor or something similar.
  Open the network settings screen where your VPN is listed (under System Preferences) and make a note of your VPN settings. Then delete the VPN using the "-" button and click Apply.
  In the com.apple.network.idenfication.plist you will see the the defintion for the VPN settings a little like thus:
  <dict>
  <key>Signatures</key>
  <array>
  <dict>
  <key>Identifier</key>
  <string>VPN.RemoteAddress=myvpn.domain.com</string>
  <key>Services</key>
  then lots of settings info, and ending with the definition of a new service
  </array>
  <key>Signature</key>
  <string>VPN.RemoteAddress=myvpn.domain.com</string>
  <key>Timestamp</key>
  <date>2009-09-01T06:42:53Z</date>
  </dict>
  <dict>
  <key>Identifier</key>
  Delete everything and including between the <dict> and </dict> for this Identifier and this will remove the VPN settings and leave all the others intact.
  Save the file.
  Now go back to your network settings screen and re add the you VPN and it will work once again as it did before.

• Hardware 3002 VPN desktop connection issue

  Customer using a windows xp workstation fails to connect to the domain through the VPN tunnel. appears that the IP traffic is not flowing until a ping is initiated form the host end of the tunnel. The 3002 tunnel connects to the 3015 without any issues, all traffic is tunneled. This is an ethernet connection to an ISP. After the workstation is pinged from the host end the user can then logoff and logon then has domain autthetication and can then get to domain resources.

  disable the ip inspect command on the inside interface and then try again it will work

• Slow VPN PPTP Transfer Speeds vs. Windows XP

  I recently switched my father to a new unibody MacBook after years of Windows XP heartache. He uses a VPN (PPTP) connection to access files on the Windows 2003 server at work.
  *On the Mac (10.5.5), the file transfer speed over VPN is so slow that it is unusable.* Leopard can connect to the SMB server easily enough but clicking on a volume shows nothing until, after a 2-3 minute wait, the file list finally populates. The old Windows XP machine loads the volumes far quicker and is noticeably faster.
  We are using the same credentials and settings as on the old machine, but nothing we do will speed up the connection so that it is actually usable.
  Any thoughts or suggestions? At this stage I am extremely disappointed in the Mac's ability to integrate with enterprise. I was so sure the transition would be seamless but Leopard is making basic tasks much more difficult. It's egg on my face!
  Help would be much appreciated!
  Thanks, jd.
  P.S. My apologies if this has already been discussed. Searching didn't give me many relevant results...

  Hi Joe,
  College networks can have a lot of unusual security monitoring systems in place, so it's conceivable that they limit non-PC speed, but as you said, you've checked that.
  There is a known issue with some Gigabit Ethernet capable Macintosh systems and some switches. This problem can be fixed by software configuration, so it's possible Windows automatically does it, but MacOS doesn't. Have a look at the instructions specified in this Apple article and see if it helps: http://docs.info.apple.com/article.html?artnum=303660

• VPN (PPTP) Authentication Failed

  Hi,
  I am trying to Connect to my work network. Work uses a Secure Computing SG560.
  The setup at work on the SG560 is as follows:
  PPTP VPN Server
  Authentication Scheme: Weakly Encrypted Authentication (CHAP)
  Encryption: Strong Encryption (MPPE 128 Bit)
  On my mac, I have setup a new VPN (PPTP) Connection
  Given it the Internet Address
  My Account Name
  Encryption Auto (And tried Maximum)
  Authentication Settings is password with my password set on the SG560.
  Pressing Connection I get a prompt saying Authentication failed
  In my console I have this (obviously some settings omitted)
  6/12/10 06/12/10 - 9:06:48 PM pppd[1825] pppd 2.4.2 (Apple version 412.3) started by wt9bind, uid 501
  6/12/10 06/12/10 - 9:06:48 PM pppd[1825] PPTP connecting to server 'x.x.x.x' (x.x.x.x)...
  6/12/10 06/12/10 - 9:06:48 PM pppd[1825] PPTP connection established.
  6/12/10 06/12/10 - 9:06:48 PM pppd[1825] Connect: ppp0 <--> socket[34:17]
  6/12/10 06/12/10 - 9:06:48 PM pppd[1825] MS-CHAP authentication failed:
  6/12/10 06/12/10 - 9:06:48 PM pppd[1825] Connection terminated.
  6/12/10 06/12/10 - 9:06:48 PM pppd[1825] PPTP disconnecting...
  6/12/10 06/12/10 - 9:06:48 PM pppd[1825] PPTP disconnected
  The only way to get this working is to change the Authentication Scheme in the SG560 to No Auth
  If I do this, it connects perfectly with the following:
  6/12/10 06/12/10 - 9:09:15 PM kernel utunctlconnect: creating interface utun0
  6/12/10 06/12/10 - 9:09:16 PM pppd[1839] pppd 2.4.2 (Apple version 412.3) started by wt9bind, uid 501
  6/12/10 06/12/10 - 9:09:16 PM pppd[1839] PPTP connecting to server 'x.x.x.x' (x.x.x.x)...
  6/12/10 06/12/10 - 9:09:16 PM pppd[1839] PPTP connection established.
  6/12/10 06/12/10 - 9:09:16 PM pppd[1839] Connect: ppp0 <--> socket[34:17]
  6/12/10 06/12/10 - 9:09:17 PM pppd[1839] local IP address x.x.x.x
  6/12/10 06/12/10 - 9:09:17 PM pppd[1839] remote IP address x.x.x.x
  6/12/10 06/12/10 - 9:09:17 PM pppd[1839] primary DNS address x.x.x.x
  6/12/10 06/12/10 - 9:09:17 PM pppd[1839] secondary DNS address x.x.x.x
  6/12/10 06/12/10 - 9:09:17 PM configd[14] network configuration changed.
  6/12/10 06/12/10 - 9:09:17 PM pppd[1839] pptpwaitinput: Address added. previous interface setting (name: en0, address: 192.168.1.9), current interface setting (name: ppp0, family: PPP, address: x.x.x.x, subnet: 255.255.0.0, destination: x.x.x.x).
  6/12/10 06/12/10 - 9:09:17 PM configd[14] network configuration changed.
  6/12/10 06/12/10 - 9:09:17 PM vmnet-bridge[234] Dynamic store changed
  6/12/10 06/12/10 - 9:09:17 PM vmnet-bridge[234] Could not retrieve media for interface ppp0: Operation not supported on socket.
  6/12/10 06/12/10 - 9:09:17 PM kernel vmnet: VMNetDisconnect called for port 0xf8f9f00
  6/12/10 06/12/10 - 9:09:17 PM kernel vmnet: Invalidating peer info for hub: 0, port: 0
  6/12/10 06/12/10 - 9:09:17 PM kernel vmnet: bridge-en0: filter detached
  6/12/10 06/12/10 - 9:09:17 PM kernel vmnet: bridge-en0: down
  6/12/10 06/12/10 - 9:09:17 PM kernel vmnet: bridge-en0: detached
  6/12/10 06/12/10 - 9:09:17 PM kernel vmnet: Freeing hub at 0xe45a000.
  Now obviously running no auth is totally unacceptable.
  The options in the SG560 for Authentication Scheme is:
  PAP
  CHAP
  MS-CHAP
  MS-CHAPV2
  Required Encryption:
  No Encryption
  Basic Encryption MPPE 40Bit
  Strong Encryption MPPE 128Bit
  Can somebody tell me why my client on my mac will not connect as soon as the encryption level is changed on the SG560? It works perfectly from Windows.
  Thanks

  Can anybody help me on this?

• IPad2, Verizon 3G, VPN Connectivity Issues

  Greetings all. I am the systems administrator for my corporation and have seen an issue that I wish to present to the community for discussion.
  For those enterprise users that have an iPad2 with Verizons 3G, are you experiencing connectivity issues while trying to connect to your VPNs from the 3G network? If so, have you found any work around to allow connectivity or does it work fine for you?
  Here's a summary of my issues:
  We have a VPN server built on Debian Linux that has been in operation for over four years. It handles remote VPN connections from Windows, Linux,  Android, OS X, iOS, and from many different devices including multiple flavors of Apple products (iMacs, Minis, MacBooks, iPads, etc.). To date, it has performed flawlessly with assorted devices connecting to it through broadband and assorted 3G networks.
  Recently I purchased an iPad2 with Verizon 3G. I was able to set up the VPN connection using PPTP and connect using a Wi-Fi connection. When I turned off the Wi-Fi and attempted the same connection via Verizon 3G, it fails. I then took an associates iPad1 using AT&T 3G, set up the same connection, and was able to connect. I don't have access to an iPad2 on AT&T 3G so, I can't speak for that.
  Here's the logs from the VPN server while connecting from my iPad2:
  Wi-Fi
  Jul 27 05:20:43 localhost pppd[31694]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
  Jul 27 05:20:43 localhost pppd[31694]: pptpd-logwtmp: $Version$
  Jul 27 05:20:43 localhost pppd[31694]: pppd 2.4.4 started by root, uid 0
  Jul 27 05:20:43 localhost pppd[31694]: Using interface ppp2
  Jul 27 05:20:43 localhost pppd[31694]: Connect: ppp2 <--> /dev/pts/4
  Jul 27 05:20:46 localhost pppd[31694]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received
  Jul 27 05:20:46 localhost pppd[31694]: found interface eth1 for proxy arp
  Jul 27 05:20:46 localhost pppd[31694]: local  IP address 192.168.1.69
  Jul 27 05:20:46 localhost pppd[31694]: remote IP address 192.168.1.82
  Jul 27 05:20:46 localhost pppd[31694]: pptpd-logwtmp.so ip-up ppp2 scott XXX.XXX.XXX.XXX (removed external IP for security reasons)
  Quick connect, able to utilize VPN connection normally. No issues.
  Verizon 3G
  Jul 27 05:20:29 localhost pppd[31682]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
  Jul 27 05:20:29 localhost pppd[31682]: pptpd-logwtmp: $Version$
  Jul 27 05:20:29 localhost pppd[31682]: pppd 2.4.4 started by root, uid 0
  Jul 27 05:20:29 localhost pppd[31682]: Using interface ppp2
  Jul 27 05:20:29 localhost pppd[31682]: Connect: ppp2 <--> /dev/pts/4
  Jul 27 05:20:32 localhost pppd[31682]: peer refused to authenticate: terminating link
  Jul 27 05:20:33 localhost pppd[31682]: Connection terminated.
  Jul 27 05:20:33 localhost pppd[31682]: Exit.
  As you can see, the peer refuses to authenticate causing the link to be terminated while attempting to connect using Verizons network. This is with the same VPN connection settings on the iPad2 that just worked with WiFi connection from the same device.
  Here's what I can verify with regards to 3G networks:
  Older (<4) iPhones and iPad1 using AT&T can connect
  Windows and OS X based laptops using Sprint 3G can connect
  Android based smart phones using Sprint 3G can connect
  I have not called Verizon or Apple Support yet but, that's next when I have the time. My initial conclusion is that there is something with Verizons 3G services that is causing the issue. It may be that Verizon is using some sort of data compression process that is problematic with VPN transmission. While the log shows an unsupported IPv6 protocol when connecting via Wi-Fi, it still negotiates a successful connection and I don't think that's the root cause for the disconnect. Thoughts?

  Hi Alexander,
  I am running in to the exact same issue (although not with Linux).  Did you ever find a fix for this?  I have some support tickets open with my VAR's, but found your post and thought I would check.  If I find anything I will post.
  Thanks
  Stu

• AirPort Extreme Crash during PPTP connect using VPN on demand

  I can reproduce this crash consistently every time.
  My AEBSn is running 7.4.2. My MBP is running 10.6.2.
  I set up a PPTP connection, tick "send all traffic over VPN connection" in the advanced options.
  I add a domain to the "VPN on Demand" list and apply changes.
  I click connect, and the AEBS light immediately goes amber. A few seconds later, it's back to green and everything is groovy...unless I try to connect again.
  The problem is solved by simply removing the domain from "VPN on Demand."
  Here's the relevant snippet from ppp.log:
  Sat Jan 30 00:22:36 2010 : PPTP connecting to server 'xxxx.xxxx.xxx' (xx.xxx.xx.xx)...
  Sat Jan 30 00:22:37 2010 : PPTP connection established.
  Sat Jan 30 00:22:37 2010 : Using interface ppp0
  Sat Jan 30 00:22:37 2010 : Connect: ppp0 <--> socket[34:17]
  Sat Jan 30 00:22:40 2010 : pptpwaitinput: Address deleted. previous interface setting (name: en0, address: 10.0.1.14), deleted interface setting (name: en0, family: Ether, address: 10.0.1.14, subnet: 255.0.0.0, destination: 10.0.1.255).
  Sat Jan 30 00:22:40 2010 : linked service found: Setup:/Network/Service/C1126C24-140A-4AE4-A35D-553148185E2F/Interface
  Sat Jan 30 00:22:40 2010 : starting wait-interface timer for pptp: 20 secs
  Sat Jan 30 00:22:51 2010 : pptpwaitinput: Address deleted. previous interface setting (name: en0, address: 10.0.1.14), deleted interface setting (name: en1, family: Ether, address: 10.0.1.5, subnet: 255.0.0.0, destination: 10.0.1.255).
  Sat Jan 30 00:23:00 2010 : pptpwait_interfacetimeout: 20 secs TIMEOUT waiting for interface to be reconfigured. previous setting (name: en0, address: 10.0.1.14).
  Sat Jan 30 00:23:00 2010 : PPTP has detected change in the network and lost connection with the server.
  Sat Jan 30 00:23:00 2010 : Connection terminated.
  Sat Jan 30 00:23:00 2010 : PPTP disconnecting...
  Sat Jan 30 00:23:00 2010 : PPTP disconnected
  Funny, huh?

  Hi
  I have had this problem with my Airport Extreme since day 1 and it is extremely irritating. Using Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2003 I can crash the router any time I like (or more to the point, really really dislike) by simply initiating a PPTP VPN from any client (wired or wireless) behind the Airport Extreme. The device flashes orange, drops everyone's internet connection and then about a minute later, comes back up again.
  Whenever I have to connect to another site using VPN, I need to use NextG internet connection instead of my home cable connection. Any help with this would be gold because other than this really annoying problem (oh and the 'must reboot everytime you make a minor modification to configuration' requirement) I find it a great rock solid wireless access point.

• PPTP connection stall, but still "connected"

  Hi,
  I just bought new iMac 2 wks ago. It comes with Lion 10.7.2.
  Got problem on PPTP connection to my work.
  Basically, I can create a PPTP setup (VPN) and make connection work. However, it won't last for long, at most 15-20 min, all web request just hang and existing ssh connection will be kicked out with "broken pipe" message.
  I use PPTP with Max 128bit encryption.  And also have a "Domain\Username" format login ID and a password as credential. I also let all my network flow go through this VPN.
  Please help on this issue. Hope there is someone having the same problem and share the solution .

  I have the same problem with my iMac 24 & iMAc 27, both with Lion 10.7.2.
  I use PPTP with out encryption.
  I don't find any solution

• 4.1.5B Breaks PPTP connection

  Hello All - I have a VPN 3005 and W2K and XP clients connecting via MS VPN PPTP that was working with firmware version 4.0.5.A and bootrev 2.5 just fine. Updated firmware to 4.1.5.B and my users can authenticate (radius) but can neither ping nor resolve DNS. ipconfig info looks fine on the client. I downgraded to 4.0.5.B and it works fine again. Is there a problem with the 4.1.5.B firmware and the boot rev on this particular concentrator? I saw a note concerning the boot rev 2.5 and concentrators with serial#'s starting with CAM. Something about MAC Addresses being incorrectly reported. Or is it an incompatibility between MS VPN and rev 4.1.5.B? Need to setup and test WEbVPN. Any suggestions appreciated.
  Thank in advance,
  JAP

  I had the exact same issue with VPN 3015 after upgrading to 4.1.5.B. It forced all our users to ipsec. I'd be interested to see if you find a solution.
  Todd

• VPN PPTP SBS2003 LCP: timeout sending Config-Requests

  When using a 3rd party app (DigiTunnel), I can connect to my office network (Windows Small Business Server Premium 2003R2).
  Using Internet Connect in 10.4.11, it worked a few times then stopped.
  Here's the connection log:
  PPTP connection established.
  Using interface ppp0
  Connect: ppp0 <--> socket[34:17]
  sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x368b037d> <pcomp> <accomp>]
  *LCP: timeout sending Config-Requests*
  Connection terminated.
  PPTP disconnecting...
  PPTP disconnected
  Any suggestions? TIA

  VPN has been a continuing issue in or organisation. There could be more than one issue problem causing the issues we have, however we have found that our Netgear router appears to have issues. After a bit of research on other forums I found other people who had flagged other Netgear routers as having similar issues and that VPN connections could be reestablished buy turning on and off settings with in the control panel for the router. Doing so jogs it working again for no apparent reason, even when the resulting settings are exactly the same as before.
  It is because of this reason and other issues I have had with other Netgear routers that I have decided that I cant fully fix our issues with VPN until we have replaced our router with something more suitable.

• PPTP authentication issues

  I tried to set up pptp on a MacMini to connect to a linux server at my
  house running pptp. This same VPN configuration works fine on my G4
  Powerbook. Every once in a long while the connection succeeds.
  Here's the log of the connection when it succeeds:
  Sat Feb 10 23:27:18 2007 : PPTP connecting to server 'xx.xx.xx.xx' (xx.xx.xx.xx)...
  Sat Feb 10 23:27:19 2007 : PPTP connection established.
  Sat Feb 10 23:27:19 2007 : using link 0
  Sat Feb 10 23:27:19 2007 : Using interface ppp0
  Sat Feb 10 23:27:19 2007 : Connect: ppp0 <--> socket[34:17]
  Sat Feb 10 23:27:19 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x11aba650> <pcomp> <accomp>]
  Sat Feb 10 23:27:19 2007 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x9adfafe1> <pcomp> <accomp>]
  Sat Feb 10 23:27:19 2007 : lcp_reqci: returning CONFACK.
  Sat Feb 10 23:27:19 2007 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x9adfafe1> <pcomp> <accomp>]
  Sat Feb 10 23:27:19 2007 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x11aba650> <pcomp> <accomp>]
  Sat Feb 10 23:27:19 2007 : sent [LCP EchoReq id=0x0 magic=0x11aba650]
  Sat Feb 10 23:27:19 2007 : rcvd [CHAP Challenge id=0x73 <c88137881cb59bac516854f3154ccff5>, name = "pptpd"]
  Sat Feb 10 23:27:19 2007 : sent [CHAP Response id=0x73 <4aa5ab85913ba888fd22ae16ee7c472b0000000000000000c82ccf4438df2016fd51c5a3b7e639 d2e988a463654db37300>, name = "bob"]
  Sat Feb 10 23:27:19 2007 : rcvd [LCP EchoRep id=0x0 magic=0x9adfafe1]
  Sat Feb 10 23:27:19 2007 : rcvd [CHAP Success id=0x73 "S=1350C89A5384FBC3F10E4818E0E78966CE7D17F0 M=Access granted"]
  Sat Feb 10 23:27:19 2007 : sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
  Sat Feb 10 23:27:19 2007 : rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
  Sat Feb 10 23:27:19 2007 : sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
  Sat Feb 10 23:27:19 2007 : rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
  Sat Feb 10 23:27:19 2007 : MPPE 128-bit stateless compression enabled
  [etc...]
  Here's the log when it fails:
  Sat Feb 10 23:30:47 2007 : PPTP connecting to server 'xx.xx.xx.xx' (xx.xx.xx.xx)...
  Sat Feb 10 23:30:47 2007 : PPTP connection established.
  Sat Feb 10 23:30:47 2007 : using link 0
  Sat Feb 10 23:30:47 2007 : Using interface ppp0
  Sat Feb 10 23:30:47 2007 : Connect: ppp0 <--> socket[34:17]
  Sat Feb 10 23:30:47 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x56feadec> <pcomp> <accomp>]
  Sat Feb 10 23:30:47 2007 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x56feadec> <pcomp> <accomp>]
  Sat Feb 10 23:30:50 2007 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4fbbd715> <pcomp> <accomp>]
  Sat Feb 10 23:30:50 2007 : lcp_reqci: returning CONFACK.
  Sat Feb 10 23:30:50 2007 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4fbbd715> <pcomp> <accomp>]
  Sat Feb 10 23:30:50 2007 : sent [LCP EchoReq id=0x0 magic=0x56feadec]
  Sat Feb 10 23:30:53 2007 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4fbbd715> <pcomp> <accomp>]
  Sat Feb 10 23:30:53 2007 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4fbbd715> <pcomp> <accomp>]
  Sat Feb 10 23:30:53 2007 : rcvd [CHAP Challenge id=0x7c <d3dbd510fdbb9fdc48d5c6ec2ae9b726>, name = "pptpd"]
  Sat Feb 10 23:30:53 2007 : sent [CHAP Response id=0x7c <b3ddb8c252822b088253279b29a0265d000000000000000020e5b6e4417533d980b85418c48519 38f13c3691a9e7419600>, name = "bob"]
  Sat Feb 10 23:30:53 2007 : rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
  Sat Feb 10 23:30:56 2007 : rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
  Sat Feb 10 23:30:59 2007 : rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
  [after this there's a bunch of LCP echo requests and things eventually times out...]
  In the first exchange, the CHAP challenge is received, the response is
  sent, and "success" is received. In the failing exchange, the CHAP
  challenge is received, the response is sent, but the "success" packet
  is not received.
  So I thought this might just be a dropped packet issue (which doesn't make
  sense, because the control layer for PPTP runs on TCP, right?). Anyway, I
  dumped a packet trace, like so:
  % sudo tcpdump proto GRE
  23:54:11.605636 IP ppp-xx-xx-xx-xx.dsl.snfc21.pacbell.net > 192.168.0.10: GREv1, call 970, seq 4, ack 6, length 44: CHAP, Challenge (0x01), id 55, Value 52723489cdb36003e56b2584c9a68ae2, Name pptpd
  23:54:11.606476 IP 192.168.0.10 > ppp-xx-xx-xx-xx.dsl.snfc21.pacbell.net: GREv1, call 384, seq 7, ack 4, length 81: CHAP, Response (0x02), id 55, Value a5711c08010bf9a69c9b61b3f253d889000000000000000096c4db533c3b2f58417b4323909829[ |chap]
  23:54:11.663239 IP ppp-xx-xx-xx-xx.dsl.snfc21.pacbell.net > 192.168.0.10: GREv1, call 970, seq 6, length 24: unknown ctrl-proto (0x80fd), Conf-Request (0x01), id 1, length 12
  23:54:11.663828 IP ppp-xx-xx-xx-xx.dsl.snfc21.pacbell.net > 192.168.0.10: GREv1, call 970, seq 5, ack 7, length 81: CHAP, Success (0x03), id 55, Msg S=F214BEAB9C39E00A3B7A5E5BE6BD0C8B277DF2[|chap]
  So this means that the client machine is receiving the "Success" packet.
  But somehow it's not being handled by /usr/sbin/pppd??
  Note that the negotiation succeeds maybe once in ~20 tries or so.
  Unfortunately, I have no solution to this issue. Some people suggest using
  L2TP instead of PPTP, but I only have PPTP working on the server side.
  I'd file a bug for this, but I can't seem to find anywhere to do that. Did
  that change at some point? (I could have sworn I filed a bug once upon
  a time.)
  Thanks!
  -Eric
  Palo Alto, CA
  Mac Mini   Mac OS X (10.4.8)  

  Hi Eric,
  It's been a long time since I've dealt with ppp type issues, and
  I remember how difficult they can be to solve. Sometimes it's
  just a matter of the order the packets are received. Good luck.
  I did notice one thing, on the trace that was failing, there are
  two conf req packets sent from the linux point. Your mini claims
  to have answered them both, but I wonder if that's the problem.
  Since the CHAP response was sent, I would guess that pptp was
  waiting for something else. Although I have no idea what that
  would be, the only thing I could think of was that it was waiting
  to send out another conf req in response to the one it got.
  Weird. Definitely sounds like a pptp bug to me. Good luck
  finding out where to report this one.
  -Phil
  Powerbook G4, iMac (Intel), and tons of hardware sitting in the closet   Mac OS X (10.4.8)  

• VPN (PPTP) and Password

  I have configured a PPTP connection to my mail server and it works fine. But when I go into Settings > General > Network > VPN and set the password, I notice that it says "Ask every time". I enter the correct password for my user and it connects just fine.
  But when I try to go in later and start the VPN connection, it asks me for a password. But it only gives me the number pad (like a phone number pad). So I can't enter the special characters that I have set for my password for the user. It will only allow the entry of numbers and some symbols.
  Is there a way to not have to enter a password every time?

  Made some progress, created a third userid (already had 2 created for myself) and it worked! Will investigate password length and complexity later.
  Am now having an issue where the Remote Gateway is not responding, however I can happily ping the router WAN address, and have enabled ICMP echo response, even created a new rule to this effect, still the same issue.
  Seriously, why is this utility so poor in it's error messages? They mean very little and leave you clueless. It seems that there are many problems with this QuickVPN s/w - if it works you are lucky, if problematic then you have issues.
  I have attempted the Safe mode option - same result, disabled anti-virus, created custom rule for invbound ICMP, disabled firewall(makes no difference)
  I have tried suggestions from other posts by adding the Path variable c:\windows\system32 but still get the same error - "remote gateway not responding". At this stage the RV082 is goiung back to the supplier as it is not fit for purpose - so much wasted time already spent on such a simple connection!
  What other options exist?
  Question: is there any other method of connecting to this routers "VPN Client Access" without using the Cisco QuickVPN s/w?
  Many thanks and good luck if you have a problem.
  Regards
  Duncan