Tunnel Problem from New ASA to Working ASA

Similar Messages

• HT4623 I updated my ipad to IOS7 and have had a variety of problems from the keyboard not working to my programs skipping from one to the next although i do not touch my screen

  I updated my ipad to IOS7.04 and have had a variety of problems from a sticky keyboard to my programs/apps skipping from program/app to program/app without my touching my screen.
  I tried to restore my ipad to the factory setting and that did not resolve the problem. Due to the upgrade i cannot use my ipad as a funtional unit, how can i get my ipad to function properly again?

  First thing to try is to reset your device. Press and hold the Home and Sleep buttons simultaneously until the Apple logo appears. Let go of the buttons and let the device restart. See if that fixes your problem.

• Downloaded new version of itunes lost my library now itunes won't save my library have to install my library everytime i turn computer off itunes store will not open either have tried a few ways to solve problem from community members nothing works

  downloaded new version of itunes lost my library now itunes won't save my library have to install it everytime i turn my computer off  itunes store won't open either with almost 16,000 songs this is getting unbearable if someone wants to download new version it's a nightmare

  I had the same problem on my iphone 5s, and this fixed it. http://support.apple.com/kb/TS5335

• Push Notification Problems in new Update dont work

  Anyone else have this problem with hotmail?
  Really terrrible, needs to be fixed yesterday

  If some push notification apps do produce sounds and badges, and other apps don't, this is due to the particular app server, not the phone. Not all apps actually have sounds and badges, even though they have settings for them.
  If you know that a particular app does use these (i.e. they work on another iPhone), you can try deleting and reinstalling the apps, reseting your phone, reseting all settings, restoring from a backup and restoring as a new iphone.

• Same SMTP Relay problem but new reasons. Works with most but not with few

  I am writing a mail server. My applications sends mail directly to the SMTP server of recipient using MX Record. I find out the MX Record of the recipients and then using Java Mail send mail to that MX Record.This application is working fine and it has worked for thousand or so SMTP Server successfully.
  There are couple of servers (SMTP of recipients) those reject the mail saying SMTP Relaying Prohibited by the Administrator and further says Invalid Mail Address Destination. I am wondering that the recipients belong to that same domain (MX record). I am able to mail them from yahoo or hotmail. I am not trying to use that SMTP for relaying, infact that mail account is registered in that particular SMTP Server.If that server is using SMTP Authentication, how come yahoo or hotmail authenticate for sending mail to their user.
  I am sending all genunine parameters like senders mail address etc. I have tried setting various. Can anyone help me where I am missing?

  My applications sends mail directly to the SMTPserver of recipient
  using MX RecordYou don't send mail to the SMTP server you send it to
  the pop3 server, anyway...
  Nopes, you do send mail to the POP3 server. POP (Post Office Protocol) is used for fetching mails. Se RFC 1939 http://www.faqs.org/rfcs/rfc1939.html for more detailed information. Usually the mail agent contacts the local SMTP server and it queues it for delivery to other SMTP server that it can find via the MX record, trying the one with the highest priority first which incendently is the one with the lowest number.
  If that server is using SMTP Authentication, howcome yahoo or
  hotmail authenticate for sending mail to theiruser.
  Hotmails' SMTP server will let you send to anybody,
  most other private SMTP servers generally will
  restrict the domains you can send to.
  I'm a little confused as to what your problem is you
  are connection to SMTP servers to send individuals
  emails? why not just use on SMTP server to send to all
  He is making a SMTP server.
  Back to the original question:
  Since you are checking the MX record for the address it should not be considered to be a relay of mail. The only reason this should happen is if the RCPT is set to something wierd like
  <@HOSTA.ARPA,@HOSTB.ARPA:[email protected]>See RFC 0821 for more information. I am not sure if RFC 0821 is obsoleted, but this should still apply.
  Regards,
  Peter Norell

• Spry/Slide Show problems from new host

  Recently I moved my site from TDS to godaddy.  Everything worked well on TDS, now people get 4 error merssages before the site loads through Godaddy.  These are:1) SpryPannelSet.js requires SpryWidget.js! Then 2) SpryFadingPanel.js requires SpryPannelSet.js! Then 3) SpryImageSlideShow.js requires Spry Widget.js! Then 4)  SpryPanAndZoomPlugin.js requires Spry Immage Slide Show.js!  Most of my pages have slide shows downloaded from the widget browser.  When I moved the site, I didn't move the site from TDS, I just loaded the site up from my computer.  Is there something I can do to allow people to get on my index page without having to click these error messages.  My site is www.tailgatershandbook.com.

  SpryWidget.js is corrupt. Try re-uploading and if that does not work try linking to the Adobe JS as per
  <script src="http://labs.adobe.com/technologies/spry/ui/includes/SpryWidget.js"></script>
  Gramps

• PSE 10 RAW file problems from new camera

  Does anyone know what version of Camera Raw is on the new PSE 12. To support my new Canon 70D I need version 8.2 according to my research. Anyone confirm this?
  Thanks
  Alan

  Yes camera raw 8.2 is compatible with pse 12 after running Help>Updates to download and install it.
  Pse 12 comes with camera raw version 8.0
  Just be aware that if your using windows xp or windows vista, you won't be able to update the camera raw plugin in pse 12, at least not using the Help>Update function.
  For future reference there is a photoshop elements forum
  (you posted in the forum for the full photoshop cs6/cc)
  http://forums.adobe.com/community/photoshop_elements?view=discussions

• File system check recs on new ASAs

  Just curious if anyone knows why I'd be seeing these on a new ASAs. The last two I received had these fsck records:
  f-monona-1# sh flash
  --#--  --length--  -----date/time------  path  182  16275456    Dec 13 2010 16:46:02  asa821-k8.bin  223  15962112    Feb 01 2011 16:40:15  asa832-k8.bin  183  49152       Jan 01 1980 00:00:00  FSCK0000.REC   13  2048        Dec 13 2010 16:47:20  coredumpinfo   14  43          Feb 01 2011 16:47:11  coredumpinfo/coredump.cfg  184  11348300    Dec 13 2010 16:47:54  asdm-621.bin    3  2048        Dec 13 2010 16:51:36  log   12  2048        Dec 13 2010 16:51:44  crypto_archive  224  15841428    Feb 01 2011 16:43:34  asdm-641.bin  186  2048        Jan 01 1980 00:00:00  FSCK0001.REC  187  12105313    Dec 13 2010 16:52:00  csd_3.5.841-k9.pkg  188  2048        Dec 13 2010 16:52:02  sdesktop  225  0           Dec 13 2010 16:52:02  sdesktop/data.xml  189  2857568     Dec 13 2010 16:52:02  anyconnect-wince-ARMv4I-2.4.1012-k9.pkg  190  3203909     Dec 13 2010 16:52:04  anyconnect-win-2.4.1012-k9.pkg  191  4832344     Dec 13 2010 16:52:06  anyconnect-macosx-i386-2.4.1012-k9.pkg  192  5209423     Dec 13 2010 16:52:08  anyconnect-linux-2.4.1012-k9.pkg  193  2048        Jan 01 1980 00:00:00  FSCK0002.REC  194  2048        Jan 01 1980 00:00:00  FSCK0003.REC  195  92160       Jan 01 1980 00:00:00  FSCK0004.REC  196  2048        Jan 01 1980 00:00:00  FSCK0005.REC  197  2048        Jan 01 1980 00:00:00  FSCK0006.REC  198  2048        Jan 01 1980 00:00:00  FSCK0007.REC  199  675840      Jan 01 1980 00:00:00  FSCK0008.REC  200  2048        Jan 01 1980 00:00:00  FSCK0009.REC  201  677888      Jan 01 1980 00:00:00  FSCK0010.REC  202  30720       Jan 01 1980 00:00:00  FSCK0011.REC  203  30720       Jan 01 1980 00:00:00  FSCK0012.REC  204  2048        Jan 01 1980 00:00:00  FSCK0013.REC  205  2048        Jan 01 1980 00:00:00  FSCK0014.REC  206  4096        Jan 01 1980 00:00:00  FSCK0015.REC  207  4096        Jan 01 1980 00:00:00  FSCK0016.REC  208  4096        Jan 01 1980 00:00:00  FSCK0017.REC  209  4096        Jan 01 1980 00:00:00  FSCK0018.REC  210  6144        Jan 01 1980 00:00:00  FSCK0019.REC  211  6144        Jan 01 1980 00:00:00  FSCK0020.REC  212  6144        Jan 01 1980 00:00:00  FSCK0021.REC  213  22528       Jan 01 1980 00:00:00  FSCK0022.REC  214  38912       Jan 01 1980 00:00:00  FSCK0023.REC  215  34816       Jan 01 1980 00:00:00  FSCK0024.REC  216  43008       Jan 01 1980 00:00:00  FSCK0025.REC  217  2048        Jan 01 1980 00:00:00  FSCK0026.REC  218  26624       Jan 01 1980 00:00:00  FSCK0027.REC  219  2048        Jan 01 1980 00:00:00  FSCK0028.REC  220  26624       Jan 01 1980 00:00:00  FSCK0029.REC  221  2048        Jan 01 1980 00:00:00  FSCK0030.REC

  I have seen the same issues on many multiple NEW ASA's and DON'T think this is a problem with the received ASA's flash card or file structure. I have deleted and reformatted many of these flash cards and not experienced any new FSCK files. The flash cards from new ASA's have all passed.
  This leads me to belive that the master flash card used in manufacturing, that was used for the creation of the imaged flash cards, in final production had corruption at times.  And these FSCK files that were on the master used for duplicating, were then copied with its FSCK files, to the flash of the shipping ASA's.

• Blocking spam from new TLD like .ninja

  I have spam problems from new tld like .ninja. Seems spam filter not work with this new domains, any suggestion on how to solve this problem?
  Thanks, Andrea

  the thing is not that I don't want to use captchas, it is
  just that it doesn't work. Also I think that registering scares
  people off. There MUST be a way how to do this. However, I have
  been trying to find one for almost 5 days now and I always end up
  with the same result (confer above). Does any body see where the
  code-error lies?

• Causing some network problem after connecting the new ASA to my network

  Hi everyone,
  Hope you can help on this issue.... It is strange to me...but may not be to you
  Currently, I have a subnet connects to my primary network. All the internet travel thru a router there in turn thru a pair of ASA failover firewall (ie Subet -> router -> Subnet ASA -> Pirmary network ASA -> Primary network router -> Internet).
  Now we try to setup a internet pipe so the subnet can go to internet by its own. So...for security purpose, we put another new ASA in between.the subnet and the new internet. This will be the first, and the old path to Interent would be the back up route.
  NOW
  I have not even make any route cahgnes on the router yet. What I did was to connect the new ASA to the subnet. Again, I do not change any routes, or any gateway settings on all the computers yet in the subnet!! I just connect the asa. That is it...please remember this.
  However, problem happens. I have a application server in the same subnet.... that keeps kick out users. I also have continuous ping to it... I saw that the server has requesdted time out...it did not come back up until about 10 to 20 seconds later. The server, in fact, is a cluster server. Although I can ping the physical server, I cannot ping the virutal server.
  In order to fix the problem, I really need to unplug the new ASA from the network, and reload the cluster server. Then it starts to work.
  ANother symptom is that...people complaint the log on is obviously slower than usual.
  May I ask why the new ASA will cuase this trouble?? Again, no routes on the router have been change. And all PCs in the subnet are still using old gateway, and did not nkow about the new ASA.
  Any ideas would be great!! Very strange to me. Thank you very much for your help.
  Riderfaiz

  First guest would be proxy ARP.
  Proxy ARP is enabled by default on the ASA. The new ASA might be proxy ARPing for whatever reason.
  OR the new ASA might have been configured with an ip address that belongs to another device by mistake.

• ASA ssh,telnet.jar smart tunnels problems

  Hi
  From my asa I'm trying to gain access to some servers Linux (no local firewalls on them) from the clientless session using the ssh,telnet jar plugin.
  The plugin starts and shows the login prompt and then I enter the correct user name and passwords and then I'm left with a black square.
  Any suggestions for debugging?
  ASA runnig 9.1, the problem is to both Linux boxes and a IOS router.

  On testing the above even further, I seem to have an issue...
  With the following configuration loaded...
  aaa-server TLS-ACS5 protocol tacacs+
  aaa-server TLS-ACS5 (inside) host 10.0.20.200
  key passme123
  aaa authentication ssh console TLS-ACS5 LOCAL
  aaa authentication telnet console TLS-ACS5 LOCAL
  aaa authentication ssh console TLS-ACS5 LOCAL
  aaa authentication telnet console TLS-ACS5 LOCAL
  aaa authentication enable console TLS-ACS5 LOCAL
  With the PIX in communication with the ACS the above works well, with me successfully logging in with credentials added to the ACS.
  On testing this further I have taken the link down between the PIX and the ACS (to recreate a failure scenario).  I can still login using the internal (LOCAL) username & password.  This seems to work fine, however if I try to access the exec-privilege mode (i.e. enable) the PIX does not except the enable password added to the configuration moreover it prefers the same password used for creating the initial user.
  username admin-user password adminpass123 encrypted
  enable password enablepass123 encrypted
  For example; with the above lines in the running configuration of the PIX , I can login into PIX using admin-user and enter the password adminpass123. However, if I try and then go onto access exec-privilege mode (i.e. enable) the PIX does not except the password "enablepass123" put does except "adminpass123"... this is even with "aaa authentication enable console TLS-ACS5 LOCAL" added to the running configuration.
  Has anyone else seen this issue on a PIX/FW. Am I missing something from my configuration? Does anyone know of a workaround to this issue or is it just something I have to live with?

• Upgrade from 8.2 to 8.6 for new ASA 5515X

  Hello,
  My customer has a rather complex configuration on an ASA 5510 running version 8.2
  They are migrating to new ASA 5515X models which of course only version support 8.6
  How can i convert the configuration from 8.2 to 8.6 since the new ASA's do not support the earlier versions?
  The X series seems to be a great option for new deployments but what about replacements of existing older models?
  Thanks for any ideas everyone!
  Chris

  Hello,
  I would say go to 8.4 From there you will have the same syntax.
  There will be new commands and features on 8.6... That for sure but you are going to be on the same path.
  Any other question..Sure ..Just remember to rate all of the helpul posts
  Julio

• Move configure from old ASA to new ASA 5515x?

  Dear All,
  Could you let me know how can i move my configuration from ASA 5510 v.8.0 to the new ASA 5515-x V9.1.1?
  i used copy running to TFTP and apply to the new ASA but it has some error like nat and Certificate.
  could i export my certificate the old ASA and import to the new ASA, that are different version. Does has any solution without donwtime ?
  Best Regards,
  Rechard

  Rechard
  I do not believe that there is a way to do the transition from old ASA running 8.0 to new ASA running 9.1 without some downtime. But is is possible to minimize the downtime. I have recently done a transition like that and it was not an easy one. As you have discovered if you attempt to copy the old config to the new ASA it will reject as invalid syntax much of the access lists and all of the nat.
  The easier way to do the transition is to have an ASA running the old code with the old config and to upgrade that ASA to 9.1. In this process the 9.1 code should read the config from startup and will do a conversion to the new syntax. I have done this going from 8.0 to 8.4 and see no reason why 9.1 would be different. You then only need to check the accuracy of the conversion. And then you can take the converted config and load it on the new ASA. In my recent conversion we did not have an extra ASA with old code, the new ASA does not support the old version, and the downtime to do this on the existing ASA was not acceptable. So I took the access lists and nat and did a manual translation from old to new. I loaded the modified config on the new ASA and did some checking. We then just switched connections from old ASA to new ASA and the downtime was minimal.
  HTH
  Rick

• ASDM not working on new ASA

  Hi Everyone,
  I am setting up new ASA for testing purposes.
  So far it has single interface Active which is management.
  I can ssh to ASA  fine but ASDM is not working.
  sh run http shows
  sh run http
  http server enable
  http 172.31.20.0 255.255.255.0 management
  sh run ssh
  ssh 172.31.20.0 255.255.255.0 management.
  Regards
  MAhesh

  Hi Julio,
  sh run ssl foed not sjow any output
  show flash | include asdm
    111  16280544    Jun 29 2011 12:10:58  asdm-645.bin
  sh run asdm
  no asdm history enable
  sh ver shows
  up 2 days 2 hours
  Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
  Internal ATA Compact Flash, 256MB
  BIOS Flash M50FW016 @ 0xfff00000, 2048KB
  Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                               Boot microcode        : CN1000-MC-BOOT-2.00
                               SSL/IKE microcode     : CNLite-MC-SSLm-PLUS-2.03
                               IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.06
                               Number of accelerators: 1
  0: Ext: GigabitEthernet0/0  : address is e8b7.483d.0d68, irq 9
  1: Ext: GigabitEthernet0/1  : address is e8b7.483d.0d69, irq 9
  2: Ext: GigabitEthernet0/2  : address is e8b7.483d.0d6a, irq 9
  3: Ext: GigabitEthernet0/3  : address is e8b7.483d.0d6b, irq 9
  4: Ext: Management0/0       : address is e8b7.483d.0d6c, irq 11
  5: Int: Not used            : irq 11
  6: Int: Not used            : irq 5
  Licensed features for this platform:
  Maximum Physical Interfaces       : Unlimited      perpetual
  Maximum VLANs                     : 150            perpetual
  Inside Hosts                      : Unlimited      perpetual
  Failover                          : Active/Active  perpetual
  VPN-DES                           : Enabled        perpetual
  VPN-3DES-AES                      : Enabled        perpetual
  Security Contexts                 : 2              perpetual
  GTP/GPRS                          : Disabled       perpetual
  AnyConnect Premium Peers          : 2              perpetual
  AnyConnect Essentials             : Disabled       perpetual
  Other VPN Peers                   : 750            perpetual
  Total VPN Peers                   : 750            perpetual
  Shared License                    : Disabled       perpetual
  AnyConnect for Mobile             : Disabled       perpetual
  AnyConnect for Cisco VPN Phone    : Disabled       perpetual
  Advanced Endpoint Assessment      : Disabled       perpetual
  UC Phone Proxy Sessions           : 2              perpetual
  Total UC Proxy Sessions           : 2              perpetual
  Botnet Traffic Filter             : Disabled       perpetual
  Intercompany Media Engine         : Disabled       perpetual
  This platform has an ASA 5520 VPN Plus license.
  Regards
  MAhesh

• I got new iphone it had a problem of sleep/off button not working i replaced from care. now the replaced product had a problem that home button not working properly now what i want to do

  Igot new iphone it had a problem of sleep/off button not working i replaced from care. now the replaced product had a problem that home button not working properly now what i want to do

  Hello, krishna kumar.j. 
  Thank you for visiting Apple Support Communities.  
  I understand that you are experiencing and issue with your Home button.  Here are the troubleshooting steps when experiencing this.  
  Get help with buttons and switches on your iPhone, iPad, or iPod touch
  http://support.apple.com/en-us/HT203017
  Cheers, 
  Jason H.