VPN 3005 with 3002 Hardware Client

I have a VPN3002 Hardware Client (172.16.1.x) that is accessing a VPN3005 Concentrator (192.168.x.x) in Network Extension Mode. On the VPN3005, I have a LAN-to-LAN connection to another VPN device. I can access addresses in all scenarios except for from devices behind the Hardware Client through the LAN-to-LAN tunnel. In other words, addresses behind the Hardware Client (172.16.1.x) cannot access addresses through the LAN-to-LAN.
Devices on the network behind the Concentrator (192.168.x.x) CAN access addresses through the LAN-to-LAN and there is bi-directional communication between the network behind the 3005 and behind the 3002 client.
Can anyone help? Thank you.

The 3000 is only going to send traffic over the L2L tunnel that is sourced from the Local Network and going to the Remote Network. Trafic from behind the 3002 is NOT going to match this based on the fact you're NAT'ing all the locla traffic to some other address.
I presume you have done this NAT'ing on some device before the 3000, in wihch case there's no way to get the 3002 traffic to also be NAT'd since it is going to come in and go straight back out the Public interface of the 3000.
You will have to add another line to your Local Network list that defines the traffic behind the 3002. Similarly, the remote end is going to have to add this same network to their Remote network list. Unless you do that, or find some way to NAT the 3002 traffic to the same address, the 3005 is NOT going to send it over the tunnel because you haven't told it to.

Similar Messages

Can log into Yosemite server (4.0) VPN service with a Mavericks client, but not Yosemite client

Sever Info:
Yosemite Server 4.0 running on a late 2009 Mac Mini with 8 GB RAM with vpnd service enabled
The server was upgraded to Yosemite - not clean install - this may not matter (see below)
Airport extreme router with standard VPN UDP ports for L2TP forwarded to server (500, 1701, 4500)
Client info:
MB Air 13" early 2014 with 8 GB RAM
Yosemite
Mavericks 10.9.5 running as a Parallels virtual machine (don't ask - I need it to run an app for work that is not yet compatible with Yosemite)
OD service is NOT running - no VPN connections ever occurred from ANY client with this service running - OD is not needed in my case fortunately
With the OD service off, I can connect via the Mavericks virtual machine just fine, but not with Yosemite. With Yosemite, the ppp connection appears to occur, but server config requests appear to fall on deaf ears (client side doesn't appear to respond) until the connection times out. Can't figure out what triggers the client response to a server config request. Client side complains about no route to host and IP addresses don't get assigned to the connection.
The connection happens successfully in an eyeblink with the Mavericks client. Same username/password/shared secret in both instances.
Tried a generated .vpnconfig from the server, this also did not work.
It's possible that it is an auth problem, but can't figure out how the process occurs or what may be going wrong. There does not seem to be an obvious way to increase the granularity of the logging such that it might give other hints - at least that I can find. I found plenty of references to VPN issues when people upgraded from Mountain Lion to Mavericks as well as work arounds for this. I tried the most promising looking of those - no love. I reverted everything back to stock install since I could at least connect with Mavericks.
If log entries would be helpful, they are included below. I've stared at them long enough - perhaps a new set of eyes can provide a hint.
In addition, I can find no documentation regarding the VPN service in Yosemite server so as to get a clue as to whether there have been changes in racoon since Mavericks.
Thanks in advance for any suggestions. I would be glad to supply any other info needed for an accurate diagnosis .
Pat
==
Regarding the Yosemite client connection in the Yosemite server VPN Service log:
2014-10-21 12:18:30 MDT
Incoming call... Address given to client = 192.168.1.228
Tue Oct 21 12:18:30 2014 : Directory Services Authentication plugin initialized
Tue Oct 21 12:18:30 2014 : Directory Services Authorization plugin initialized
Tue Oct 21 12:18:30 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:18:30 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:18:30 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:18:30 2014 : L2TP incoming call in progress from 'my.dotted.quad.address'...
Tue Oct 21 12:18:30 2014 : L2TP received SCCRQ
Tue Oct 21 12:18:30 2014 : L2TP sent SCCRP
Tue Oct 21 12:18:30 2014 : L2TP received SCCCN
Tue Oct 21 12:18:30 2014 : L2TP received ICRQ
Tue Oct 21 12:18:30 2014 : L2TP sent ICRP
Tue Oct 21 12:18:30 2014 : L2TP received ICCN
Tue Oct 21 12:18:30 2014 : L2TP connection established.
Tue Oct 21 12:18:30 2014 : using link 0
Tue Oct 21 12:18:30 2014 : Using interface ppp0
Tue Oct 21 12:18:30 2014 : Connect: ppp0 <--> socket[34:18]
Tue Oct 21 12:18:30 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:33 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:36 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:39 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:42 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:45 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:48 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:51 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:54 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:57 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:19:00 2014 : LCP: timeout sending Config-Requests
Tue Oct 21 12:19:00 2014 : Connection terminated.
Tue Oct 21 12:19:00 2014 : L2TP disconnecting...
Tue Oct 21 12:19:00 2014 : L2TP sent CDN
Tue Oct 21 12:19:00 2014 : L2TP sent StopCCN
Tue Oct 21 12:19:00 2014 : L2TP disconnected
2014-10-21 12:19:00 MDT
   --> Client with address = 192.168.1.228 has hungup
==
Client side log for this connection using the Yosemite client:
Tue Oct 21 14:32:08 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 14:32:08 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 14:32:08 2014 : L2TP connecting to server 'myserver.com' (my.dotted.quad.address)...
Tue Oct 21 14:32:08 2014 : IPSec connection started
Tue Oct 21 14:32:09 2014 : IPSec connection established
Tue Oct 21 14:32:10 2014 : L2TP connection established.
Tue Oct 21 14:32:10 2014 : L2TP set port-mapping for en0, interface: 4, protocol: 0, privatePort: 0
Tue Oct 21 14:32:10 2014 : Using interface ppp0
Tue Oct 21 14:32:10 2014 : Connect: ppp0 <--> socket[34:18]
Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0, interfaceIndex: 0, Protocol: None, Private Port: 0, Public Address: 3fe4b3e8, Public Port: 0, TTL: 0.
Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0 inconsistent. is Connected: 1, Previous interface: 4, Current interface 0
Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0 initialized. is Connected: 1, Previous publicAddress: (0), Current publicAddress 3fe4b3e8
Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0 fully initialized. Flagging up
Tue Oct 21 14:32:25 2014 : write: No route to host
Tue Oct 21 14:32:25 2014 : write: Host is down
Tue Oct 21 14:32:28 2014 : write: Host is down
Tue Oct 21 14:32:28 2014 : write: Host is down
Tue Oct 21 14:32:31 2014 : write: Host is down
Tue Oct 21 14:32:31 2014 : write: Host is down
Tue Oct 21 14:32:34 2014 : write: Host is down
Tue Oct 21 14:32:34 2014 : write: Host is down
Tue Oct 21 14:32:37 2014 : write: Host is down
Tue Oct 21 14:32:37 2014 : write: Host is down
Tue Oct 21 14:32:40 2014 : LCP: timeout sending Config-Requests
Tue Oct 21 14:32:40 2014 : Connection terminated.
Tue Oct 21 14:32:40 2014 : L2TP disconnecting...
Tue Oct 21 14:32:40 2014 : L2TP error sending CDN (Host is down)
Tue Oct 21 14:32:40 2014 : L2TP clearing port-mapping for en0
Tue Oct 21 14:32:40 2014 : L2TP disconnected
==
Pertinent client side log for connection of Mavericks client to Yosemite server:
Tue Oct 21 13:29:13 2014 : Connect: ppp0 <--> socket[34:18]
Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0, interfaceIndex: 0, Protocol: None, Private Port: 0, Public Address: 3fe4b3e8, Public Port: 0, TTL: 0.
Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0 inconsistent. is Connected: 1, Previous interface: 4, Current interface 0
Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0 initialized. is Connected: 1, Previous publicAddress: (0), Current publicAddress 3fe4b3e8
Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0 fully initialized. Flagging up
Tue Oct 21 13:29:21 2014 : local IP address 192.168.1.229
Tue Oct 21 13:29:21 2014 : remote IP address 192.168.1.2
Tue Oct 21 13:29:21 2014 : primary   DNS address 192.168.1.2
Tue Oct 21 13:29:21 2014 : secondary DNS address 8.8.8.8
Tue Oct 21 13:29:21 2014 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 10.0.1.38), current interface setting (name: ppp0, family: PPP, address: 192.168.1.229, subnet: 255.255.255.0, destination: 192.168.1.2).
Tue Oct 21 13:29:21 2014 : Committed PPP store
Tue Oct 21 13:29:21 2014 : Committed PPP store
Tue Oct 21 13:52:32 2014 : [DISCONNECT]
Tue Oct 21 13:52:32 2014 : Hangup (SIGHUP)
Tue Oct 21 13:52:32 2014 : Connection terminated.
Tue Oct 21 13:52:32 2014 : Connect time 23.4 minutes.
Tue Oct 21 13:52:32 2014 : Sent 2674664 bytes, received 10680854 bytes.
Tue Oct 21 13:52:32 2014 : L2TP disconnecting...
Tue Oct 21 13:52:32 2014 : L2TP clearing port-mapping for en0
Tue Oct 21 13:52:32 2014 : L2TP disconnected
==
Regarding the Mavericks client connection in the Yosemite server VPN Service log:
2014-10-21 12:09:48 MDT Incoming call... Address given to client = 192.168.1.226
Tue Oct 21 12:09:48 2014 : Directory Services Authentication plugin initialized
Tue Oct 21 12:09:48 2014 : Directory Services Authorization plugin initialized
Tue Oct 21 12:09:48 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:09:48 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:09:48 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:09:48 2014 : L2TP incoming call in progress from ‘my.dotted.quad.address’…
Tue Oct 21 12:09:48 2014 : L2TP received SCCRQ
Tue Oct 21 12:09:48 2014 : L2TP sent SCCRP
Tue Oct 21 12:09:48 2014 : L2TP received SCCCN
Tue Oct 21 12:09:48 2014 : L2TP received ICRQ
Tue Oct 21 12:09:48 2014 : L2TP sent ICRP
Tue Oct 21 12:09:49 2014 : L2TP received ICCN
Tue Oct 21 12:09:49 2014 : L2TP connection established.
Tue Oct 21 12:09:49 2014 : using link 0
Tue Oct 21 12:09:49 2014 : Using interface ppp0
Tue Oct 21 12:09:49 2014 : Connect: ppp0 <--> socket[34:18]
Tue Oct 21 12:09:49 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4bc40d9f> <pcomp> <accomp>]
Tue Oct 21 12:09:49 2014 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x71598937> <pcomp> <accomp>]
Tue Oct 21 12:09:49 2014 : lcp_reqci: returning CONFACK.
Tue Oct 21 12:09:49 2014 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x71598937> <pcomp> <accomp>]
Tue Oct 21 12:09:49 2014 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4bc40d9f> <pcomp> <accomp>]
Tue Oct 21 12:09:49 2014 : sent [LCP EchoReq id=0x0 magic=0x4bc40d9f]
Tue Oct 21 12:09:49 2014 : sent [CHAP Challenge id=0x73 <074a110a5e0620296b1937345c34090e>, name = “myserver.private”]
Tue Oct 21 12:09:49 2014 : rcvd [LCP EchoReq id=0x0 magic=0x71598937]
Tue Oct 21 12:09:49 2014 : sent [LCP EchoRep id=0x0 magic=0x4bc40d9f]
Tue Oct 21 12:09:49 2014 : rcvd [LCP EchoRep id=0x0 magic=0x71598937]
Tue Oct 21 12:09:49 2014 : rcvd [CHAP Response id=0x73 <dfed1e41e1fb8c1132387c3d7792b1880000000000000000b2b163259cbe410aae792093680ba7 a89da3b46737c0d8d200>, name = "somelocaluser"]
Tue Oct 21 12:09:54 2014 : sent [CHAP Success id=0x73 "S=00EDB07933CE697641E2263A2A76386389512329 M=Access granted"]
Tue Oct 21 12:09:54 2014 : CHAP peer authentication succeeded for somelocaluser
Tue Oct 21 12:09:54 2014 : DSAccessControl plugin: User 'somelocaluser' authorized for access
Tue Oct 21 12:09:54 2014 : sent [IPCP ConfReq id=0x1 <addr 192.168.1.2>]
Tue Oct 21 12:09:54 2014 : sent [ACSCP ConfReq id=0x1]
Tue Oct 21 12:09:54 2014 : rcvd [CHAP Response id=0x73 <dfed1e41e1fb8c1132387c3d7792b1880000000000000000b2b163259cbe410aae792093680ba7 a89da3b46737c0d8d200>, name = "somelocaluser"]
Tue Oct 21 12:09:54 2014 : sent [CHAP Success id=0x73 "S=00EDB07933CE697641E2263A2A76386389512329 M=Access granted"]
Tue Oct 21 12:09:54 2014 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Tue Oct 21 12:09:54 2014 : ipcp: returning Configure-NAK
Tue Oct 21 12:09:54 2014 : sent [IPCP ConfNak id=0x1 <addr 192.168.1.226> <ms-dns1 192.168.1.2> <ms-dns3 8.8.8.8>]
Tue Oct 21 12:09:54 2014 : rcvd [IPV6CP ConfReq id=0x1 <addr fe80::021c:42ff:febf:bf66>]
Tue Oct 21 12:09:54 2014 : Unsupported protocol 0x8057 received
Tue Oct 21 12:09:54 2014 : sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 02 1c 42 ff fe bf bf 66]
Tue Oct 21 12:09:54 2014 : rcvd [ACSCP ConfReq id=0x1 <route vers 16777216> <domain vers 16777216>]
Tue Oct 21 12:09:54 2014 : sent [ACSCP ConfRej id=0x1 <route vers 16777216>]
Tue Oct 21 12:09:54 2014 : rcvd [IPCP ConfAck id=0x1 <addr 192.168.1.2>]
Tue Oct 21 12:09:54 2014 : rcvd [ACSCP ConfAck id=0x1]
Tue Oct 21 12:09:54 2014 : rcvd [IPCP ConfReq id=0x2 <addr 192.168.1.226> <ms-dns1 192.168.1.2> <ms-dns3 8.8.8.8>]
Tue Oct 21 12:09:54 2014 : ipcp: returning Configure-ACK
Tue Oct 21 12:09:54 2014 : sent [IPCP ConfAck id=0x2 <addr 192.168.1.226> <ms-dns1 192.168.1.2> <ms-dns3 8.8.8.8>]
Tue Oct 21 12:09:54 2014 : ipcp: up
Tue Oct 21 12:09:54 2014 : found interface en0 for proxy arp
Tue Oct 21 12:09:54 2014 : local IP address 192.168.1.2
Tue Oct 21 12:09:54 2014 : remote IP address 192.168.1.226
Tue Oct 21 12:09:54 2014 : Received acsp/dhcp dictionaries
Tue Oct 21 12:09:54 2014 : Received acsp/dhcp dictionaries
Tue Oct 21 12:09:54 2014 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 192.168.1.2), current interface setting (name: ppp0, family: PPP, address: 192.168.1.2, subnet: 255.255.255.0, destination: 192.168.1.226).
Tue Oct 21 12:09:54 2014 : rcvd [ACSCP ConfReq id=0x2 <domain vers 16777216>]
Tue Oct 21 12:09:54 2014 : sent [ACSCP ConfAck id=0x2 <domain vers 16777216>]
Tue Oct 21 12:09:54 2014 : Received protocol dictionaries
Tue Oct 21 12:09:54 2014 : Committed PPP store
Tue Oct 21 12:09:54 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
    <domain: name private>
    <domain: name local>]
Tue Oct 21 12:09:54 2014 : rcvd [IP data <src addr 192.168.1.226> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Tue Oct 21 12:09:54 2014 : sent [IP data <src addr 192.168.1.2> <dst addr 192.168.1.226> <BOOTP Reply> <type ACK> <server id 0xc0a80102> <domain name "local">]
Tue Oct 21 12:09:57 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
    <domain: name private>
    <domain: name local>]
Tue Oct 21 12:10:00 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
    <domain: name private>
    <domain: name local>]
Tue Oct 21 12:10:03 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
    <domain: name private>
    <domain: name local>]
Tue Oct 21 12:10:06 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
    <domain: name private>
    <domain: name local>]
Tue Oct 21 12:10:09 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
    <domain: name private>
    <domain: name local>]
Tue Oct 21 12:10:09 2014 : rcvd [LCP TermReq id=0x2 "User request"]
Tue Oct 21 12:10:09 2014 : LCP terminated by peer (User request)
Tue Oct 21 12:10:09 2014 : ipcp: down
Tue Oct 21 12:10:09 2014 : sent [LCP TermAck id=0x2]
Tue Oct 21 12:10:09 2014 : l2tp_wait_input: Address deleted. previous interface setting (name: en0, address: 192.168.1.2), deleted interface setting (name: ppp0, family: PPP, address: 192.168.1.2, subnet: 255.255.255.0, destination: 192.168.1.226).
Tue Oct 21 12:10:09 2014 : L2TP received CDN
Tue Oct 21 12:10:09 2014 : Connection terminated.
Tue Oct 21 12:10:09 2014 : Connect time 0.4 minutes.
Tue Oct 21 12:10:09 2014 : Sent 1003 bytes, received 646 bytes.
Tue Oct 21 12:10:09 2014 : L2TP disconnecting...
Tue Oct 21 12:10:09 2014 : L2TP disconnected
2014-10-21 12:10:09 MDT   --> Client with address = 192.168.1.226 has hungup

1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
You may not be able to understand the script yourself. But variations of the script have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message.
Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
4. Here's a summary of what you need to do, if you choose to proceed:
☞ Copy a line of text in this window to the Clipboard.
☞ Paste into the window of another application.
☞ Wait for the test to run. It usually takes a few minutes.
☞ Paste the results, which will have been copied automatically, back into a reply on this page.
The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
5. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
Triple-click anywhere in the line of text below on this page to select it:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' com.clark.\* \*dropbox \*genieo\* \*GoogleDr\* \*k.AutoCAD\* \*k.Maya\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 "` route -n get default|awk '/e:/{print $2}' `" 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB com.apple.AirPortBaseStationAgent 464843899 51 5120 files );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^$[0-9]+$ /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { print "'${p[41]}'";if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$|'${p[41]}'/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/^root$/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1100) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { print "'${p[41]}'.plist\t'${p[42]}'";if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/{next};/%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";p="uniq -c|sed -E '"'s/ +\$[0-9]+\$\$.+\$/\\\2 x\\\1/;s/x1$//'"'";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1|p;b=b$1;} END { close(p);if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n   "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n   [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|(Bo|PO).+ sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n   ...and %s more line(s)\n",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' ' /^find: /d;p;' "`S0 44 45`" ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */   /;' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test osascript\ -e );c2=(com.apple.loginwindow\ LoginHook '" /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'|tr , \\\n" 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. $ -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 $' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|corru|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA$|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:|suhel| VALI|xpma' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cght] ! -name .?\* ! -name \*ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true $ -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '/S*/*/Ca*/*xpc* >&- ||echo No' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,Ex}* {/,}L*/{A*d,Ca*/*/Ex,Co{mpon,reM},Ex,In{p,ter},iTu*/*P,Keyb,Mail/B,Pr*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -path \\*s/Resources -prune -o -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,mach_i*/*,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' '+c0 -i4TCP:0-1023' com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' "+c0 -l|awk '{print(\$1,\$3)}'|sort|uniq -c|sort -n|tail -1|awk '{print(\$2,\$3,\$1)}'" );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents XPC\ cache Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA Descriptors );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v"|sed -E "$s";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "${s[63]}"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 0 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;D20 0 $((N1+1)) 2;D10 0 $N1 1;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 35 49 61 51;D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D23 14 1 62 42;D12 34 43 53 44;D12 22 20 32 25;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D13 37 2 48 43;D13 4 5 32 1;D13 4 3 60 5;D12 26 48 49 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D22 4 4 50 0;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
Copy the selected text to the Clipboard by pressing the key combination command-C.
8. Launch the built-in Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
exec bash
and press return. Then paste the script again.
10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return three times at the password prompt. Again, the script will still run.
If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
[Process completed]
to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report what happened. No harm will be done.
12. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

Unable to HTTPS to 3002 Hrdwr Client

About a month ago I upgraded our 3002 hardware clients (3) and our primary 3005 concentrator to software release 4.1.7.B. I had been able to access them remotely (either through the tunnel or over a public IP) using https, even after the upgrade. Now I cannot access them this way.
I get the browser security alert for the certificate and can view the certificate and tell it to install. However, after I tell it to use the certificate, I get a browser "Bad Request" error and the page cannot be displayed. I can access the client via HTTP.
Anybody know what the problem is and how to resovle it?
Thanks,
Michael H.
System Administrator
Sopris West Educational Services

P.S. I have reinstalled the software image and rebuilt the configuration. Still having this problem.

Issue with Verizon Aircards passing traffic past VPN 3005

We have a Cisco VPN 3005 as our endpoint. Clients connection using the Cisco 4.7 client. Currently here is the basic config on the device:
Pub Interface 65.xxx.xxx.xxx
Private Interface 172.22.0.3/16
VPN Addy Pool 172.31.1.0/28
Static routing is used to route traffic as necessary.
Clients can connect via wireless broadband or broadband and ping past the VPN Private interface and open up Outlook using an online exhcange profile. But clients connecting over an EVDO or 3G cellular modem cannot open Outlook. They can ping by IP but not DNS.
I have tried using different transports ie , IPSEC/UDP , IPSEC/TCP , and straight IPSEC. No joy. All the clients have allow local LAN access checked and the VPN Group is set to tunnel traffic in that network only. Any clues??

Issue has been resolved. Clearing DNS with an ipconfig /flushdns , ipconfig /registerdns while on aircards on VPN resolved it.

Mavericks VPN dropouts with native VPN client and Cisco IPSec

Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
I am connecting via a WIFI router to a remote VPN server
The conenction is good for a while but eventually it drops out.
I had Zero issues in mountain lion and only have issues since the update to 10.9
I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
My thoughts are:
1 -issue with mavericks ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
2- Issue with cisco router compaitibility or timing with Cisco IPSEC
3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
Any thousuggestions?

Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
I am connecting via a WIFI router to a remote VPN server
The conenction is good for a while but eventually it drops out.
I had Zero issues in mountain lion and only have issues since the update to 10.9
I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
My thoughts are:
1 -issue with mavericks ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
2- Issue with cisco router compaitibility or timing with Cisco IPSEC
3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
Any thousuggestions?

AnyConnect VPN with Built-in Client Firewall on Windows 7

Hi
I've searched the forums and documentation and can't seem to find a definitive answer to my scenario.
We have an ASA5510 with SecPlus running 8.3.2
We currently use VPN client on XP to invoke the built-in firewall to prevent incoming connections to the PC when the tunnel is established – the Cisco built-in client is not supported on Win7.
We’re looking to provide similar functionality with the AnyConnect client, i.e.
Full network access over the AnyConnect client (connection can be established manually)
AnyConnect client enforcing a local policy on the PC preventing incoming connections when the tunnel is established
No clientless requirements
No mobile requirements (apple, android etc)
No secure desktop requirements
I’d like to ascertain if:-
Does the AnyConnect client include a firewall that is supported on Windows 7 (32 and 64 bit)?
Will the Essential licence give me the functionality I require, or do I need a Premium?
Thanks

Hi Prashanth,
I think you can only use per-app VPN with SSL VPN.
Hope this helps,
Julien

VPN 3005 and Microsoft AD authentication

I would like to use Microsoft Active
Directory (AD) to authenticate
remote access users connecting to the
VPN3005 concentrator. Everything is
working fine but I want the VPN3k to use
microsoft ds (tcp port 445) instead of
netbios (tcp port 139) when it communicates with the AD server.
In the vpn 3005 I specified port 445
as the communication port between vpn3k
and the AD server but in my tcpdump,
i see this:
[Expert@cp]# tcpdump -i eth1 -n host 192.168.1.4
tcpdump: listening on eth1
14:41:54.664335 192.168.1.4.1034 > 10.250.97.29.netbios-ssn: S 1464837366:1464837366(0) win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp 732419 0>
14:41:54.666758 192.168.1.4.1034 > 10.250.97.29.netbios-ssn: . ack 2621223901 win 8192 <nop,nop,timestamp 732419 0>
14:41:54.669135 192.168.1.4.1034 > 10.250.97.29.netbios-ssn: P 0:72(72) ack 1 win 8192 <nop,nop,timestamp 732419 0>NBT Packet
14:41:54.671835 192.168.1.4.1034 > 10.250.97.29.netbios-ssn: P 72:240(168) ack 5 win 8192 <nop,nop,timestamp 732419 579729>NBT Packet
14:41:54.700474 192.168.1.4.1034 > 10.250.97.29.netbios-ssn: P 240:371(131) ack 110 win 8192 <nop,nop,timestamp 732419 579729>NBT Packet
14:41:54.704467 192.168.1.4.1034 > 10.250.97.29.netbios-ssn: P 371:414(43) ack 223 win 8192 <nop,nop,timestamp 732419 579729>NBT Packet
14:41:54.706526 192.168.1.4.1034 > 10.250.97.29.netbios-ssn: F 414:414(0) ack 262 win 8192 <nop,nop,timestamp 732419 579729>
14:41:54.715653 192.168.1.4.1034 > 10.250.97.29.netbios-ssn: . ack 263 win 8192 <nop,nop,timestamp 732419 579729>
obviously, it is using port 139 instead
of port 445.
How can I fix this on the vpn3k? Thanks.

Hi Kevin, I've looked at this message to see any replies for a while and I don't know if you have already resolved this issue.. I used vpn3005 as well but use different method of authentication which is RADIUS from our Windows AD, I tend to believe this may be more of a PPTP client netbios setup and not the VPN , where? I don't know but clearly the tcpdump the client is initiating netbios session and even though vpn is setup for port 445 it still forwards netbios port... well just a thought .
Rgds
Jorge

VPN 3005 - Reroute Internet traffic out local connection

We have a VPN 3005 concentrator that connects to our backbone switch. We have about 6 sites who have the following subnet:
site A: 172.16.x.x
site B: 172.17.x.x (etc)
When a user is at home, hotel, or directly connected to the Internet and they connect with the VPN client to our network we want all Internet traffic (cnn, google, etc) to route through their local connection and not through our network through our internal Internet connection. How can I setup the VPN Concentrator to allow all internal traffic and reroute all other traffic out their local Internet connection?

split tunneling needs to be configured on the concentrator.
firstly, create a network list.
go configuration>policy management>traffic management>network lists. then put the private lan ip behind concentrator on to the list.
go configuration>user management>groups>client config
you will see "split tunneling policy" and "split tunneling network list"
with option "split tunneling policy", choose "only tunnel networks on the list". with option "split tunneling network list", choose the network list you just created.

Unable to access gateway and DNS via VPN (L2TP) with Snow Leopard Server

Summary:
After rebooting my VPN server, i am able to establish a VPN (L2TP) connection from outside my private network. I am able to connect (ping, SSH, …) the gateway only until the first client disconnects. Then i can perfectly access all the other computers of the private network, but i cannot access the private IP address of the gateway.
Additionally, during my first VPN connection, my DNS server, which is on the same server, is not working properly with VPN. I can access it with the public IP address of my gateway. I can access it from inside my private network. A port scan indicates me that the port 53 is open, but a dig returns me a timeout.
Configuration:
Cluster of 19 Xserve3.1 - Snow Leopard Server 10.6.2
Private network 192.168.1.0/255.255.255.0 -> domain name: cluster
-> 1 controller, which act as a gateway for the cluster private network, with the following services activated:
DHCP, DNS, firewall (allowing all incoming traffic for each groups for test purposes), NAT, VPN, OpenDirectory, web, software update, AFP, NFS and Xgrid controller.
en0: fixed public IP address -> controller.example.com
en1: 192.168.1.254 -> controller.cluster
-> 18 agents with AFP and Xgrid agent activated:
en1: 192.168.1.x -> nodex.cluster with x between 1 and 18
VPN (L2TP) server distributes IP addresses between 192.168.1.201 and 192.168.1.210 (-> vpn1.cluster to vpn10.cluster). Client informations contain the private network DNS server informations (192.168.1.254, search domain: cluster).
_*Detailed problem description:*_
After rebooting the Xserve, my VPN server works fine except for the DNS. My client receives the correct informations:
Configure IPv4: Using PPP
IPv4 address: 192.168.1.201
Subnet Mask:
Router: 192.168.1.254
DNS: 192.168.1.254
Search domain: cluster
From my VPN client, i can ping all the Xserve of my cluster (192.168.1.1 to 18 and 192.168.1.254). If i have a look in Server Admin > Settings > Network, i have three interfaces listed: en0, en1 and ppp0 of family IPv4 with address 192.168.1.254 and DNS name controller.cluster.
The DNS server returns me timeouts when i try to do a dig from my VPN client even if i am able to access it directly from a computer inside or outside my private network.
After i disconnect, i can see in Server Admin that the IP address of my ppp0 interface has switch to my public IP address.
Then i can always establish a VPN (L2TP) connection, but the client receives the following informations:
Configure IPv4: Using PPP
IPv4 address: 192.168.1.202
Subnet Mask:
Router: (Public IP address of my VPN server)
DNS: 192.168.1.254
Search domain: cluster
From my VPN client, i can access all the other computers of my network (192.168.1.1 to 192.168.1.18) but when i ping my gateway (192.168.1.254), it returns me timeouts.
I have two "lazy" solutions to this problem: 1) Configure VPN and DNS servers on two differents Xserve, 2) Put the public IP address of my gateway as DNS server address, but none of these solutions are acceptable for me…
Any help is welcome!!!

I would suggest taking a look at:
server admin:vpn:settings:client information:network route definitions.
as I understand your setup it should be something like
192.168.1.0 255.255.255.0 private.
at least as a start. I just got done troubleshooting a similar issue but via two subnets:
http://discussions.apple.com/thread.jspa?threadID=2292827&tstart=0

Use of WebLogic in a thin hardware client environment?

We are currently evaluating the use of a thin hardware client (something like the Sun Microsystems Sun Ray 2FS - http://www.sun.com/sunray/sunray2fs/) for a new JEE development effort. I was wondering if anyone could share their experiences using WebLogic in this environment with either Solaris or Linux (i.e. problems, lessons learned, configuration, etc...).
Thank You,
--Dan

We are currently evaluating the use of a thin hardware client (something like the Sun Microsystems Sun Ray 2FS - http://www.sun.com/sunray/sunray2fs/) for a new JEE development effort. I was wondering if anyone could share their experiences using WebLogic in this environment with either Solaris or Linux (i.e. problems, lessons learned, configuration, etc...).
Thank You,
--Dan

Static Policy NAT in VPN conflicts with Static NAT

I have a situation where I need to create a site-to-site VPN between an ASA 5505 using IOS 7.2 and a Sonicwall NSA4500. The problem arises in that the LAN behind the Cisco ASA has the same subnet as a currently existing VPN created on the Sonicwall. Since the Sonicwall can't have two VPNs both going to the same subnet, the solution is to use policy NAT on the ASA so that to the Sonicwall, the new VPN appears to have a different subnet.
The current subnet behind the ASA is 192.168.10.0/24 (The Sonicwall already has a VPN created to a different client with that same subnet). I am trying to translate that to 192.168.24.0/24. The peer LAN (behind the Sonicwall) is 10.159.0.0/24. The pertinent configuration of the ASA is:
interface Vlan1
ip address 192.168.10.1 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.24.0 255.255.255.0 10.159.0.0 255.255.255.0
access-list VPN extended permit ip 192.168.10.0 255.255.255.0 10.159.0.0 255.255.255.0
static (inside,outside) 192.168.24.0 access-list VPN
crypto map outside_map 1 match address outside_1_cryptomap
In addition to this, there are other static NAT statements and their associated ACLs that allow certain traffic through the firewall to the server, e.g.:
static (inside,outside) tcp interface smtp SERVER smtp netmask 255.255.255.255
The problem is this: When I enter the static policy NAT statement, I get the message "Warning: real-address conflict with existing static" and then it refers to each of the static NAT statements that translate the outside address to the server. I thought about this, and it seemed to me that the problem was that the policy NAT statement needed to be the first NAT statement (it is last) so that it would be handled first and all traffic destined for the VPN tunnel to the Sonicwall (destination 10.159.0.0/24) would be correctly handled. If I left it as the last statement, then the other static NAT statements would prevent some traffic destined for the 10.159.0.0/24 network from being correctly routed through the VPN.
So I tried first to move my policy NAT statement up in the ASDM GUI. However, moving that statement was not permitted. Then I tried deleting the five static NAT statements that point to the server (one example is above) and then recreating them, hoping that would then move the policy NAT statement to the top. This also failed.
What am I missing?

Hi,
To be honest it should work in the way I mentioned. I am not sure why it would change the order of the NAT configurations. I have run into this situation on some ASA firewalls running the older software (older than 8.2) and the reordering of the configurations has always worked.
So I am not sure are we looking at some bug or what the problem is.
I was wondering if one solution would be to configure all of the Static NAT / Static PAT as Static Policy NAT/PAT
I have gotten a bit rusty on the older (8.2 and older) NAT configuration format as over 90% of our customer firewalls are running 8.3+ software.
I was thinking of this kind of "static" configuration for the existing Static PAT configurations if you want to try
access-list STATICPAT-SMTP permit tcp host eq smtp any
static (inside,outside) tcp interface smtp access-list STATICPAT-SMTP
access-list STATICPAT-HTTPS permit tcp host eq https any
static (inside,outside) tcp interface https access-list STATICPAT-HTTPS
access-list STATICPAT-RDP permit tcp host eq 3389 any
static (inside,outside) tcp interface 3389 access-list STATICPAT-RDP
access-list STATICPAT-TCP4125 permit tcp host eq 4125 any
static (inside,outside) tcp interface 4125 access-list STATICPAT-TCP4125
access-list STATICPAT-POP3 permit tcp host eq pop3 any
static (inside,outside) tcp interface pop3 access-list STATICPAT-POP3
Naturally you would add the Static Policy NAT for the VPN first.
Again I have to say that I am not 100% sure if this was is the correct format maybe you can test it with a single service that has a Static PAT. For example the Static PAT for RDP (TCP/3389). First entering the Static Policy NAT then removing the Static PAT and then entering the Static Policy PAT.
Remember that you should be able to test the translations with the "packet-tracer" command
For example
packet-tracer input outside tcp 1.1.1.1 12345
- Jouni

OS X 10.4 VPN: no response to L2TP client?

OS X 10.4 VPN: no response to L2TP client?
Hi. I have an OS X Server 10.4.7. I've set it up as a VPN server using L2TP with a shared IPSec secret. The server is behind a D-Link DI-808HV router. The router has IPSec passthrough enabled, and I have UDP ports 500, 1701, and 4500 open.
When I try to connect with an OS X Tiger client, I get a "Connecting to VPN Server" message for a while, then "Server did not respond." In the VPN server log, there is no sign that anything occurred - no log entries at all for the attempted connection.
Where else should I look to troubleshoot this?
I've tried PPTP, which at least makes a connection but the fails at the negotiation with the error "Wed Sep 13 13:50:28 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xe9f24d50> <pcomp> <accomp>]" in the log.
Thanks
David

Hi Leif -
In my case, strictly for pptp, I am able to connect, and get assigned an ip number, but the authentication always fails. The log looks like this:
2006-09-14 23:29:04 PDT Incoming call... Address given to client = 192.168.0.251
Thu Sep 14 23:29:04 2006 : Directory Services Authentication plugin initialized
Thu Sep 14 23:29:04 2006 : Directory Services Authorization plugin initialized
Thu Sep 14 23:29:04 2006 : PPTP incoming call in progress from '71.204.113.243'...
Thu Sep 14 23:29:05 2006 : PPTP connection established.
Thu Sep 14 23:29:05 2006 : using link 0
Thu Sep 14 23:29:05 2006 : Using interface ppp0
Thu Sep 14 23:29:05 2006 : Connect: ppp0 <--> socket[34:17]
Thu Sep 14 23:29:05 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:08 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:11 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:14 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:17 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:20 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:23 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:26 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:29 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:32 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:35 2006 : LCP: timeout sending Config-Requests
Thu Sep 14 23:29:35 2006 : Connection terminated.
Thu Sep 14 23:29:35 2006 : PPTP disconnecting...
Thu Sep 14 23:29:35 2006 : PPTP disconnected
2006-09-14 23:29:35 PDT --> Client with address = 192.168.0.251 has hungup
I have done almost everything I know to do - The mac is behind a netgear router, and is set up as the "DMZ". I can access file sharing, ARD, Web Services, FTP directly to the server fine, and have set this type of configuration up several times with no problems.
The only difference here is that this is the first time I have set up OSX Server 10.4.7 on an Intel Mac.
Any ideas you have would be appreciated as I have spent countless hours changing settings - from standalone server, to OD Master, etc. - to try to eliminate that error.
Thanks - Bob
Mac Mini 1.66ghz Mac OS X (10.4.7) Universal 10.4.7 OSX Server

How can I enable VPN passtrough with 881-K9 Security Router?

Hi Space!
I need help, because I really cannot find the error in my configuration.
What I want to do is, to enable simple VPN passtrough with a 881 K9 Security Router.
So all VPN traffice travells directly from the internet trough the router (I don't need any inspection or else of this traffic) to a Windows Server behind (and back to the client of course).
[ Internet -> Cisco 889 router -> Windows Server ]
Enclosed you will find my configuration.
The VPN connection cannot be established and the clients are getting connection error 800 most of the time.
Thanks for any hint!
Kind regards,
Chris

ActiveX is proprietary to IE and Firefox has never supported ActiveX.

Install 10.5 server on new MacMini with 10.6 client

Hi, own 10.5 Server. Trying to update hardware. Picked up new Mac Mini 2.4 which comes with 10.6 client. 10.5 Server disc will not boot. There is no upgrade option once booted into 10.6 client, and inserting disc. Remote install also hangs.
How can I install my 10.5 Server on this Mac Mini?

Use Mac OS X 10.6 Server instead, and update it to the current version immediately afterwards. If you somehow get 10.5 installed, you may find that some of the hardware isn't accessible.
(56742)

VPN 3005 sessions

hi
I have a 3005 with 64mb RAM running ver 3.6.7B. maximum session it is displaying as 100
- can i increase the no of max sessions by anyway
- what will happen if 101th user connecting to VPN 3005, however i can see total cummulative session is 118. Does this mean this supports more than 100 sessio also..
can someone help me here ..
Thanks,
Shiva

This model can support up to 200 simultaneous Ipsec sessions.
See data sheet models
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5743/ps5749/ps2284/product_data_sheet09186a00801d3b56.html

VPN 3005 with 3002 Hardware Client

Similar Messages

Maybe you are looking for