VPN connection works, but can't ping or access any other device on remote network

Similar Messages

• I downloaded a movie on one of my computers, and yet I can't see it in my purchases and I can't download it on any other devices. Any suggestions?

  I downloaded a movie on one of my computers, and yet I can't see it in my purchases and I can't download it on any other devices. Any suggestions?

  Films will only show in your library if you've downloaded it on that computer or copied it from another computer. You checked the Purchased link under Quicklinks on the right-hand side of the store homepage to see if it shows there for redownloading on that computer
  If it doesn't show there then you can copy it over from the computer that you downloaded it on e.g. via home sharing : http://support.apple.com/kb/HT4527 (that page refers specifally to music, but it works for other content types as well).
  Or you can right-clidck (control-click on a Mac) on the film in the iTunes library that it is on and select 'show in explorer' ('show in finder') and copy it to, for example, a flashdrive, and use that to copy it onto the other computer's iTunes library (File > Add To Library)

• VPN client connected to VPN but can't ping or access to server

  HI ,
  i need help urgently, had been troubleshooting for a day, but have no ideal what wrong with the config.
  Basically there is 2 set of VPN configured, one is site to site IPSEC VPN and another one is connect via VPN client software coexist in same router.
  This recently we having problem on client can't access or ping to internal server which is 192.168.6.3 from VPN client software.
  VPN client will connect to VPN ip pool as10.20.1.0 to 10.20.1.100
  Software itself shown connected but request time out when ping.
  Below is the config. Some of the command might be extra as when i did some test, but end up didn't work.
  aaa new-model
  aaa authentication login userauthen local
  aaa authorization network adminmap group VPNClient
  aaa authorization network groupauthor local
  aaa authorization network map-singapore local
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp key emptyspace address 203.142.83.218 no-xauth
  crypto isakmp keepalive 15 periodic
  crypto isakmp client configuration address-pool local ippool
  crypto isakmp client configuration group map-singapore
  key cisco123
  dns 192.168.6.3
  domain cisco.com
  pool ippool
  acl 102
  crypto isakmp profile VPNclient
     match identity address 27.54.43.210 255.255.255.255
     match identity group vpnclient
     client authentication list userauthen
     client configuration address respond
  crypto ipsec security-association idle-time 86400
  crypto ipsec transform-set REMSET esp-3des esp-md5-hmac
  crypto ipsec transform-set DYNSET esp-aes esp-md5-hmac
  crypto ipsec transform-set esp-3des-sha esp-3des esp-sha-hmac
  crypto dynamic-map dynmap 10
  set transform-set DYNSET
  set isakmp-profile VPNclient
  reverse-route
  crypto map VPNMAP client authentication list userauthen
  crypto map VPNMAP isakmp authorization list map-singapore
  crypto map VPNMAP client configuration address respond
  crypto map VPNMAP 10 ipsec-isakmp dynamic dynmap
  crypto map VPNMAP 11 ipsec-isakmp
  description VPN to ASA5520
  set peer 203.142.83.218
  set security-association lifetime kilobytes 14608000
  set security-association lifetime seconds 86400
  set transform-set REMSET
  match address 100
  interface GigabitEthernet0/0
  ip address 27.54.43.210 255.255.255.240
  ip nat outside
  no ip virtual-reassembly
  duplex full
  speed 100
  crypto map VPNMAP
  interface GigabitEthernet0/1
  ip address 192.168.6.1 255.255.255.0
  ip nat inside
  no ip virtual-reassembly
  duplex full
  speed 100
  interface GigabitEthernet0/2
  description $ES_LAN$
  no ip address
  shutdown
  duplex auto
  speed auto
  ip local pool ippool 10.20.1.0 10.20.1.100
  ip forward-protocol nd
  ip pim bidir-enable
  no ip http server
  ip http authentication local
  no ip http secure-server
  ip nat inside source list 1 interface GigabitEthernet0/0 overload
  ip nat inside source list 101 interface GigabitEthernet0/0 overload
  ip nat inside source route-map nonat interface GigabitEthernet0/0 overload
  ip nat inside source static 192.168.6.3 27.54.43.212
  ip route 0.0.0.0 0.0.0.0 27.54.43.209
  ip route 192.168.1.0 255.255.255.0 27.54.43.209
  ip route 192.168.151.0 255.255.255.0 192.168.6.151
  ip route 192.168.208.0 255.255.255.0 27.54.43.209
  ip access-list extended RA_SING
  permit ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.6.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 10.0.0.0 0.255.255.255 192.168.6.0 0.0.0.255
  permit ip 192.168.6.0 0.0.0.255 192.168.208.0 0.0.0.255
  permit ip 10.20.1.1 0.0.0.100 192.168.6.0 0.0.0.255
  permit ip 10.20.1.0 0.0.0.255 10.0.0.0 0.255.255.255
  deny   ip any any log
  access-list 1 remark Local Network
  access-list 1 permit 192.168.6.0 0.0.0.255
  access-list 1 permit 192.168.102.0 0.0.0.255
  access-list 1 permit 192.168.151.0 0.0.0.255
  access-list 2 remark VPNClient-range
  access-list 2 permit 10.0.0.0 0.255.255.255
  access-list 10 permit 192.168.6.0 0.0.0.255
  access-list 10 permit 192.168.102.0 0.0.0.255
  access-list 10 permit 192.168.151.0 0.0.0.255
  access-list 10 permit 10.0.0.0 0.255.255.255
  access-list 100 permit ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255
  access-list 100 permit ip 192.168.102.0 0.0.0.255 192.168.1.0 0.0.0.255
  access-list 100 permit ip 192.168.6.0 0.0.0.255 192.168.208.0 0.0.0.255
  access-list 100 permit ip host 192.168.6.7 host 192.168.208.48
  access-list 101 deny   ip 192.168.6.0 0.0.0.255 10.0.0.0 0.255.255.255
  access-list 101 permit ip 10.0.0.0 0.255.255.255 any
  access-list 101 permit ip 192.168.6.0 0.0.0.255 any
  access-list 102 permit ip 10.0.0.0 0.255.255.255 any
  access-list 120 deny   ip any any log
  access-list 120 deny   ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255 log
  access-list 120 deny   ip 192.168.6.0 0.0.0.255 10.0.0.0 0.255.255.255
  access-list 120 deny   ip 192.168.6.0 0.0.0.255 192.168.208.0 0.0.0.255
  no cdp run
  route-map nonat permit 10
  match ip address 120
  control-plane
  alias isakmp-profile sh crypto isakmp sa
  alias exec ipsec sh crypto ipsec sa
  banner motd ^CC^C

  I did not try to ping 4.2.2.2. I just know I can not ping comcasts dns servers. I have updated the firmware on the router and it did not work. The computer was able to access the internet until about a week ago, I don't understand what could have changed that I would now need a static DNS.

• Wireless nearly working, but can't ping

  I've been trying to get wireless to work on my laptop using wpa_supplicant. I seem I be connected to the network, but I'm unable to ping google. Here's some info:
  bash-3.2# wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf
  Trying to associate with 00:1a:1e:8d:1d:20 (SSID='Northwestern' freq=2462 MHz)
  Associated with 00:1a:1e:8d:1d:20
  CTRL-EVENT-EAP-STARTED EAP authentication started
  CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
  OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)
  EAP-MSCHAPV2: Authentication succeeded
  EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
  CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
  WPA: Key negotiation completed with 00:1a:1e:8d:1d:20 [PTK=CCMP GTK=CCMP]
  CTRL-EVENT-CONNECTED - Connection to 00:1a:1e:8d:1d:20 completed (auth) [id=0 id_str=]
  bash-3.2# dhcpcd wlan0
  wlan0: dhcpcd 4.0.12 starting
  wlan0: broadcasting for a lease
  wlan0: offered 165.124.136.34 from 129.105.49.10
  wlan0: acknowledged 165.124.136.34 from 129.105.49.10
  wlan0: checking 165.124.136.34 is available on attached networks
  wlan0: leased 165.124.136.34 for 1800 seconds
  bash-3.2# ifconfig wlan0
  wlan0 Link encap:Ethernet HWaddr 00:1F:3B:27:C4:15
  inet addr:165.124.136.34 Bcast:165.124.136.255 Mask:255.255.255.0
  inet6 addr: fe80::21f:3bff:fe27:c415/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  RX packets:21 errors:0 dropped:0 overruns:0 frame:0
  TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:3977 (3.8 Kb) TX bytes:2952 (2.8 Kb)

  Hi, the wireless link seems to be done successfully because you can obtain an IP on the network.
  What error message does the ping google.com command give ?
  Also can you ping 129.105.49.10, the dhcp server which gives you an ip ?
  After the dhcp setup, what default gateway shows the route command ?

• VPN connection works but VPN traffic is blocked

  I have an 881w in a central site which remote users VPN into with desktop client then initiate RDP connection to machines at central site. I configured this mostly with the Easy VPN tool since I am a complete novice with Cisco equipment. We just upgraded to this from Linksys running DD-WRT since we were running the CPU on it at 100%.
  Details
  Remote clients can ping the gateway but nothing else and can't RDP to machines.
  Clients cannot be pinged from central site. 
  Configuration Professional shows active connections. 
  The network at the central site is 192.168.10.0/24.
  The network at the remote sites is unknown, but it is not the same as the central site. 
  Can someone help me figure out what I'm doing wrong?
  Thank you for looking. The config is posted below.
  version 15.0
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname 881w01
  boot-start-marker
  boot-end-marker
  security authentication failure rate 3 log
  security passwords min-length 6
  logging buffered 51200
  logging console critical
  enable secret 5 $1$j49H$gGfj5TWFFbg/fc0sAc1rN/
  aaa new-model
  aaa authentication login default local
  aaa authentication login ciscocp_vpn_xauth_ml_1 local
  aaa authentication login ciscocp_vpn_xauth_ml_2 local
  aaa authorization exec default local
  aaa authorization network ciscocp_vpn_group_ml_1 local
  aaa authorization network ciscocp_vpn_group_ml_2 local
  aaa session-id common
  memory-size iomem 10
  clock timezone PCTime -6
  clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
  crypto pki trustpoint TP-self-signed-2923777556
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-2923777556
  revocation-check none
  rsakeypair TP-self-signed-2923777556
  crypto pki certificate chain TP-self-signed-2923777556
  certificate self-signed 01
  EDITED OUT
        quit
  no ip source-route
  ip dhcp excluded-address 192.168.10.1 192.168.10.200
  ip dhcp excluded-address 192.168.10.251 192.168.10.254
  ip dhcp pool ccp-pool1
     import all
     network 192.168.10.0 255.255.255.0
     dns-server 208.67.222.222 208.67.220.220
     default-router 192.168.10.2
     domain-name EDITED OUT
  ip cef
  no ip bootp server
  ip domain name EDITED OUT
  ip name-server 208.67.222.222
  ip name-server 208.67.220.220
  ip ddns update method ccp_ddns1
  HTTP
    add http://EDITED [email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
    remove http://EDITED [email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
  no ipv6 cef
  license udi pid CISCO881W-GN-A-K9 sn FTX162683LX
  username EDITED OUT privilege 15 secret 5 $1$BK.5$K7ODMYoskU8zBrozUoXj..
  username EDITED OUT secret 5 $1$pG2b$aAEaz1JagmxNQHmqTMEBe0
  username EDITED OUT secret 5 $1$ySKe$rqvLbt.LeSu83HKmCdaSN1
  username EDITED OUT secret 5 $1$btT6$P24XxPBSQRrGD4BtvYJbo0
  ip tcp synwait-time 10
  ip ssh time-out 60
  ip ssh authentication-retries 2
  class-map type inspect match-any SDM_BOOTPC
  match access-group name SDM_BOOTPC
  class-map type inspect match-any SDM_DHCP_CLIENT_PT
  match class-map SDM_BOOTPC
  class-map type inspect match-any SDM_AH
  match access-group name SDM_AH
  class-map type inspect match-any sdm-cls-bootps
  match protocol bootps
  class-map type inspect match-any ccp-cls-insp-traffic
  match protocol cuseeme
  match protocol dns
  match protocol ftp
  match protocol h323
  match protocol https
  match protocol icmp
  match protocol imap
  match protocol pop3
  match protocol netshow
  match protocol shell
  match protocol realmedia
  match protocol rtsp
  match protocol smtp
  match protocol sql-net
  match protocol streamworks
  match protocol tftp
  match protocol vdolive
  match protocol tcp
  match protocol udp
  class-map type inspect match-all ccp-insp-traffic
  match class-map ccp-cls-insp-traffic
  class-map type inspect match-any SDM_IP
  match access-group name SDM_IP
  class-map type inspect match-any SDM_ESP
  match access-group name SDM_ESP
  class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
  match protocol isakmp
  match protocol ipsec-msft
  match class-map SDM_AH
  match class-map SDM_ESP
  class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
  match class-map SDM_EASY_VPN_SERVER_TRAFFIC
  class-map type inspect match-any ccp-cls-icmp-access
  match protocol icmp
  match protocol tcp
  match protocol udp
  class-map type inspect match-all ccp-icmp-access
  match class-map ccp-cls-icmp-access
  class-map type inspect match-all ccp-invalid-src
  match access-group 100
  class-map type inspect match-all ccp-protocol-http
  match protocol http
  policy-map type inspect ccp-permit-icmpreply
  class type inspect sdm-cls-bootps
    pass
  class type inspect ccp-icmp-access
    inspect
  class class-default
    pass
  policy-map type inspect ccp-inspect
  class type inspect ccp-invalid-src
    drop log
  class type inspect ccp-protocol-http
    inspect
  class type inspect ccp-insp-traffic
    inspect
  class class-default
    drop
  policy-map type inspect ccp-permit
  class type inspect SDM_EASY_VPN_SERVER_PT
    pass
  class type inspect SDM_DHCP_CLIENT_PT
    pass
  class class-default
    drop
  policy-map type inspect sdm-permit-ip
  class type inspect SDM_IP
    pass
  class class-default
    drop log
  zone security out-zone
  zone security in-zone
  zone security ezvpn-zone
  zone-pair security ccp-zp-self-out source self destination out-zone
  service-policy type inspect ccp-permit-icmpreply
  zone-pair security ccp-zp-in-out source in-zone destination out-zone
  service-policy type inspect ccp-inspect
  zone-pair security ccp-zp-out-self source out-zone destination self
  service-policy type inspect ccp-permit
  zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
  service-policy type inspect sdm-permit-ip
  zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
  service-policy type inspect sdm-permit-ip
  zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
  service-policy type inspect sdm-permit-ip
  zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
  service-policy type inspect sdm-permit-ip
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp client configuration group EDITED OUT
  key EDITED OUT
  dns 208.67.222.222 208.67.220.220
  domain accnet.com
  pool SDM_POOL_2
  acl 102
  save-password
  max-logins 5
  crypto isakmp profile ciscocp-ike-profile-1
     match identity group EZVPNGroup
     client authentication list ciscocp_vpn_xauth_ml_2
     isakmp authorization list ciscocp_vpn_group_ml_2
     client configuration address respond
     virtual-template 1
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
  crypto ipsec profile CiscoCP_Profile1
  set transform-set ESP-3DES-SHA1
  set isakmp-profile ciscocp-ike-profile-1
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  description WAN link$FW_OUTSIDE$$ES_WAN$$ETH-WAN$
  ip address dhcp client-id FastEthernet4
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip nat outside
  ip virtual-reassembly
  zone-member security out-zone
  duplex auto
  speed auto
  interface Virtual-Template1 type tunnel
  description VPN virtual interface
  ip unnumbered FastEthernet4
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile CiscoCP_Profile1
  interface wlan-ap0
  description Service module interface to manage the embedded AP
  ip unnumbered Vlan1
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  arp timeout 0
  interface Wlan-GigabitEthernet0
  description Internal switch interface connecting to the embedded AP
  switchport mode trunk
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
  ip address 192.168.10.2 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip nat inside
  ip virtual-reassembly
  zone-member security in-zone
  ip tcp adjust-mss 1452
  ip local pool SDM_POOL_1 30.30.30.10 30.30.30.30
  ip local pool SDM_POOL_2 192.168.10.10 192.168.10.29
  ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip nat inside source list 1 interface FastEthernet4 overload
  ip access-list extended SDM_AH
  remark CCP_ACL Category=1
  permit ahp any any
  ip access-list extended SDM_BOOTPC
  remark CCP_ACL Category=0
  permit udp any any eq bootpc
  ip access-list extended SDM_ESP
  remark CCP_ACL Category=1
  permit esp any any
  ip access-list extended SDM_IP
  remark CCP_ACL Category=1
  permit ip any any
  logging trap debugging
  access-list 1 remark INSIDE_IF=Vlan1
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 192.168.10.0 0.0.0.255
  access-list 100 remark CCP_ACL Category=128
  access-list 100 permit ip host 255.255.255.255 any
  access-list 100 permit ip 127.0.0.0 0.255.255.255 any
  access-list 101 remark CCP_ACL Category=4
  access-list 101 permit ip 192.168.10.0 0.0.0.255 any
  access-list 102 remark CCP_ACL Category=4
  access-list 102 permit ip 192.168.10.0 0.0.0.255 any
  no cdp run
  control-plane
  banner exec ^C
  % Password expiration warning.
  Cisco Configuration Professional (Cisco CP) is installed on this device
  and it provides the default username "cisco" for  one-time use. If you have
  already used the username "cisco" to login to the router and your IOS image
  supports the "one-time" user option, then this username has already expired.
  You will not be able to login to the router with this username after you exit
  this session.
  It is strongly suggested that you create a new username with a privilege level
  of 15 using the following command.
  username <myuser> privilege 15 secret 0 <mypassword>
  Replace <myuser> and <mypassword> with the username and password you
  want to use.
  ^C
  banner login ^CAuthorized access only!
  Disconnect IMMEDIATELY if you are not an authorized user!^C
  line con 0
  no modem enable
  transport output telnet
  line aux 0
  transport output telnet
  line 2
  no activation-character
  no exec
  transport preferred none
  transport input all
  line vty 0 4
  transport input telnet ssh
  scheduler max-task-time 5000
  scheduler allocate 4000 1000
  scheduler interval 500

  Thank you for the respnse Jennifer. I have made the suggested changes, but no change in behavior on either end.
  Does anything else stand out as a potential problem? The current running-config is below:
  I'll take a stab at what I think the problem could be, but this is an uneducated guess.
  I think I need acl 150 instead of acl 102 under
  "crypto isakmp client configuration group EZVPNGroup"
  I also think I can get rid of SDM_POOL_1 since it appears to not be used, but I don't think this is actually causing any issue.
  Building configuration...
  Current configuration : 11362 bytes
  ! Last configuration change at 09:07:22 PCTime Sun Aug 5 2012 by 881wmin
  version 15.0
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname 881w01
  boot-start-marker
  boot-end-marker
  security authentication failure rate 3 log
  security passwords min-length 6
  logging buffered 51200
  logging console critical
  enable secret 5 EDITED
  aaa new-model
  aaa authentication login default local
  aaa authentication login ciscocp_vpn_xauth_ml_1 local
  aaa authentication login ciscocp_vpn_xauth_ml_2 local
  aaa authorization exec default local
  aaa authorization network ciscocp_vpn_group_ml_1 local
  aaa authorization network ciscocp_vpn_group_ml_2 local
  aaa session-id common
  memory-size iomem 10
  clock timezone PCTime -6
  clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
  crypto pki trustpoint TP-self-signed-EDITED
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-EDITED
  revocation-check none
  rsakeypair TP-self-signed-EDITED
  crypto pki certificate chain TP-self-signed-EDITED
  certificate self-signed 01
    EDITED
        quit
  no ip source-route
  ip dhcp excluded-address 192.168.10.1 192.168.10.200
  ip dhcp excluded-address 192.168.10.251 192.168.10.254
  ip dhcp pool ccp-pool1
     import all
     network 192.168.10.0 255.255.255.0
     dns-server 208.67.222.222 208.67.220.220
     default-router 192.168.10.2
     domain-name EDITED
  ip cef
  no ip bootp server
  ip domain name EDITED
  ip name-server 208.67.222.222
  ip name-server 208.67.220.220
  ip ddns update method ccp_ddns1
  HTTP
    add http:/[email protected]/nic/update?system=dyndns&hostname=&myip=
    remove http://[email protected]/nic/update?system=dyndns&hostname=&myip=
  no ipv6 cef
  license udi pid CISCO881W-GN-A-K9 sn FTX162683LX
  username EDITED
  ip tcp synwait-time 10
  ip ssh time-out 60
  ip ssh authentication-retries 2
  class-map type inspect match-any SDM_BOOTPC
  match access-group name SDM_BOOTPC
  class-map type inspect match-any SDM_DHCP_CLIENT_PT
  match class-map SDM_BOOTPC
  class-map type inspect match-any SDM_AH
  match access-group name SDM_AH
  class-map type inspect match-any sdm-cls-bootps
  match protocol bootps
  class-map type inspect match-any ccp-cls-insp-traffic
  match protocol cuseeme
  match protocol dns
  match protocol ftp
  match protocol h323
  match protocol https
  match protocol icmp
  match protocol imap
  match protocol pop3
  match protocol netshow
  match protocol shell
  match protocol realmedia
  match protocol rtsp
  match protocol smtp
  match protocol sql-net
  match protocol streamworks
  match protocol tftp
  match protocol vdolive
  match protocol tcp
  match protocol udp
  class-map type inspect match-all ccp-insp-traffic
  match class-map ccp-cls-insp-traffic
  class-map type inspect match-any SDM_IP
  match access-group name SDM_IP
  class-map type inspect match-any SDM_ESP
  match access-group name SDM_ESP
  class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
  match protocol isakmp
  match protocol ipsec-msft
  match class-map SDM_AH
  match class-map SDM_ESP
  class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
  match class-map SDM_EASY_VPN_SERVER_TRAFFIC
  class-map type inspect match-any ccp-cls-icmp-access
  match protocol icmp
  match protocol tcp
  match protocol udp
  class-map type inspect match-all ccp-icmp-access
  match class-map ccp-cls-icmp-access
  class-map type inspect match-all ccp-invalid-src
  match access-group 100
  class-map type inspect match-all ccp-protocol-http
  match protocol http
  policy-map type inspect ccp-permit-icmpreply
  class type inspect sdm-cls-bootps
    pass
  class type inspect ccp-icmp-access
    inspect
  class class-default
    pass
  policy-map type inspect ccp-inspect
  class type inspect ccp-invalid-src
    drop log
  class type inspect ccp-protocol-http
    inspect
  class type inspect ccp-insp-traffic
    inspect
  class class-default
    drop
  policy-map type inspect ccp-permit
  class type inspect SDM_EASY_VPN_SERVER_PT
    pass
  class type inspect SDM_DHCP_CLIENT_PT
    pass
  class class-default
    drop
  policy-map type inspect sdm-permit-ip
  class type inspect SDM_IP
    pass
  class class-default
    drop log
  zone security out-zone
  zone security in-zone
  zone security ezvpn-zone
  zone-pair security ccp-zp-self-out source self destination out-zone
  service-policy type inspect ccp-permit-icmpreply
  zone-pair security ccp-zp-in-out source in-zone destination out-zone
  service-policy type inspect ccp-inspect
  zone-pair security ccp-zp-out-self source out-zone destination self
  service-policy type inspect ccp-permit
  zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
  service-policy type inspect sdm-permit-ip
  zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
  service-policy type inspect sdm-permit-ip
  zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
  service-policy type inspect sdm-permit-ip
  zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
  service-policy type inspect sdm-permit-ip
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp client configuration group EZVPNGroup
  key EDITED
  dns 208.67.222.222 208.67.220.220
  domain EDITED
  pool SDM_POOL_2
  acl 102
  save-password
  max-users 20
  max-logins 5
  crypto isakmp profile ciscocp-ike-profile-1
     match identity group EZVPNGroup
     client authentication list ciscocp_vpn_xauth_ml_2
     isakmp authorization list ciscocp_vpn_group_ml_2
     client configuration address respond
     virtual-template 1
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
  crypto ipsec profile CiscoCP_Profile1
  set transform-set ESP-3DES-SHA1
  set isakmp-profile ciscocp-ike-profile-1
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  description WAN link$FW_OUTSIDE$$ES_WAN$$ETH-WAN$
  ip address dhcp client-id FastEthernet4
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip nat outside
  ip virtual-reassembly
  zone-member security out-zone
  duplex auto
  speed auto
  interface Virtual-Template1 type tunnel
  description VPN virtual interface
  ip unnumbered FastEthernet4
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile CiscoCP_Profile1
  interface wlan-ap0
  description Service module interface to manage the embedded AP
  ip unnumbered Vlan1
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  arp timeout 0
  interface Wlan-GigabitEthernet0
  description Internal switch interface connecting to the embedded AP
  switchport mode trunk
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
  ip address 192.168.10.2 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip nat inside
  ip virtual-reassembly
  zone-member security in-zone
  ip tcp adjust-mss 1452
  ip local pool SDM_POOL_1 30.30.30.10 30.30.30.30
  ip local pool SDM_POOL_2 192.168.80.10 192.168.80.29
  ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip nat inside source list 150 interface FastEthernet4 overload
  ip access-list extended SDM_AH
  remark CCP_ACL Category=1
  permit ahp any any
  ip access-list extended SDM_BOOTPC
  remark CCP_ACL Category=0
  permit udp any any eq bootpc
  ip access-list extended SDM_ESP
  remark CCP_ACL Category=1
  permit esp any any
  ip access-list extended SDM_IP
  remark CCP_ACL Category=1
  permit ip any any
  logging trap debugging
  access-list 1 remark INSIDE_IF=Vlan1
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 192.168.10.0 0.0.0.255
  access-list 100 remark CCP_ACL Category=128
  access-list 100 permit ip host 255.255.255.255 any
  access-list 100 permit ip 127.0.0.0 0.255.255.255 any
  access-list 101 remark CCP_ACL Category=4
  access-list 101 permit ip 192.168.10.0 0.0.0.255 any
  access-list 102 remark CCP_ACL Category=4
  access-list 102 permit ip 192.168.10.0 0.0.0.255 any
  access-list 150 deny   ip 192.168.10.0 0.0.0.255 192.168.80.0 0.0.0.255
  access-list 150 permit ip 192.168.10.0 0.0.0.255 any
  no cdp run
  control-plane
  banner exec ^C
  % Password expiration warning.
  Cisco Configuration Professional (Cisco CP) is installed on this device
  and it provides the default username "cisco" for  one-time use. If you have
  already used the username "cisco" to login to the router and your IOS image
  supports the "one-time" user option, then this username has already expired.
  You will not be able to login to the router with this username after you exit
  this session.
  It is strongly suggested that you create a new username with a privilege level
  of 15 using the following command.
  username privilege 15 secret 0
  Replace and with the username and password you
  want to use.
  ^C
  banner login ^CAuthorized access only!
  Disconnect IMMEDIATELY if you are not an authorized user!^C
  line con 0
  no modem enable
  transport output telnet
  line aux 0
  transport output telnet
  line 2
  no activation-character
  no exec
  transport preferred none
  transport input all
  line vty 0 4
  transport input telnet ssh
  scheduler max-task-time 5000
  scheduler allocate 4000 1000
  scheduler interval 500
  end

• Digitally signing using Acrobat XI and Mac OS 10.9.2- won't let me type signature- the box appears but can't adjust font or any other aspect of text.

  I just purchased Acrobat XI pro for Mac. I have OS 10.9.2   When I got to digitally sign, it only allows me to sign using certificate- which does not render a legible name- and is an apple authorization certificate. Or if I go to "type text" the only type showing in the box is Helvetica 12. I can't adjust that. then I put my name in and that's it. It does not look like a signature. I was hoping to insert an image
  or at least have it look like a signature.
  What can fix this?
  Darcy

  When I click "place signature" I only have one option.
  It asks me "How would you like to create your signature?
  The only option available to me is "use a certificate- When I attempt to use another option there are some but they are not available to me."use an image" draw my signature, or type my signature
  are not available.
  For that reason I went to preferences to see what I could do to change the settings- and all I could do was manage the certificate signature- so that it looks better than it did.
  As an aside- after doing that- the document went on and the person couldn't sign because it had an "open password" If you also know about that- that would be great.
  This is the only reason I purchased the Adobe XI so I could draw my signature or type it and have it appear as a signature.

• I have a new ipad and everything works but can't connect to the app store. Itunes works and the wifi seems to be working but i get a blank white screen when i open the appstore.Nothing will load unter the features or charts tab. Any Suggestions?

  I have a new ipad and everything works but can't connect to the app store. Itunes works and the wifi seems to be working but i get a blank white screen when i open the appstore. Nothing will load unter the features or charts tab so i cant download any apps. Purchased and updates tab loads fine. Any suggestions?

  You would get better response from the iTunes community forum.
  Have a nice day!

• I just got a new Mac yesterday and I am trying to connect my Logitech headset for work but can't!  I plug it into the USB but nothing pops up and I can't find where I go to look to see if it's connected.  HELP!

  I just got a new Mac yesterday and I am trying to connect my Logitech headset for work but can't!  I plug it into the USB but nothing pops up and I can't find where I go to look to see if it's connected.  HELP!

  Ask the Verizon store to exchange your iPhone for a different iPhone 4.
  UPDATE - Sure, try ckuan's solution first.  Then use mine if that fails.
  Message was edited by: sberman

• I am having trouble with exchange account connection .the vpn connects fine but the exchange account is still showing the yellow light .can anyone help?

  i am having trouble with exchange account connection .the vpn connects fine but the exchange account is still showing the yellow light .can anyone help?

  I had a similar problem.  Here is how I resolved the issue.
  1.  Remove Network Connect
  2. Run Terminal and remove /usr/local/juniper and everything within the juniper directory.
  3. Reboot the machine and reinstall Network Connect
  4. Test if you can now connect.
  During removal, you may encounter permission denied error, you will need to change the permission to 777.  For example "sudo chmod 777 nc".

• I purchased a new router and now can't connect my Iphone 4S to it.  All my other devices work fine.  How do I get the phone to connect.  It finds the router but wants IP address: CHCP/BootP/STATIC.  I am confused!!

  I purchased a new router and can not connect my IPHONE 4S to it.  All my other devices connect fine including my IPAD.  HELP!  I am not a techie!! I am a newbie

  My guess is that when you see the router on your phone, you press the blue arrow on the right - thats why you see all the IP stuff.   Don't press the blue arrow.  Press further to the left. You should be prompted for a password then.

• Almost got VPN to work, but Auth failing?

  Hi,
  I almost got VPN to work, but I have one last error. Here is, what I did so far:
  1.) Configured VPN via Server app
  2.) Enabled PPTP like described in Apple support doc
  3.) VPN Server is reachable within my home network
  4.) VPN Server is reachable from outside my home network
  I'd be more than happy if anyone could provide me with some hints on how to fix either of the following two errors
  When I try to connect via L2TP (From in- or outside the network), I get the following error:
  Aug 29 22:42:17 server racoon[164]: Connecting.
  Aug 29 22:42:17 server racoon[164]: IPSec Phase1 started (Initiated by peer).
  Aug 29 22:42:17 server racoon[164]: IKE Packet: receive success. (Responder, Main-Mode message 1).
  Aug 29 22:42:17 server racoon[164]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
  Aug 29 22:42:17 server racoon[164]: IKE Packet: receive success. (Responder, Main-Mode message 3).
  Aug 29 22:42:17 server racoon[164]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
  Aug 29 22:42:17 server racoon[164]: IKE Packet: receive failed. (Responder, Main-Mode Message 5).
  Aug 29 22:42:20 server racoon[164]: IKE Packet: transmit success. (Phase1 Retransmit).
  Aug 29 22:42:20 server racoon[164]: IKE Packet: receive failed. (Responder, Main-Mode Message 5).
  Aug 29 22:42:23: --- last message repeated 1 time ---
  Aug 29 22:42:23 server racoon[164]: IKE Packet: transmit success. (Phase1 Retransmit).
  Aug 29 22:42:23 server racoon[164]: IKE Packet: receive failed. (Responder, Main-Mode Message 5).
  Aug 29 22:42:26: --- last message repeated 1 time ---
  Aug 29 22:42:26 server racoon[164]: IKE Packet: transmit success. (Phase1 Retransmit).
  Aug 29 22:42:26 server racoon[164]: IKE Packet: receive failed. (Responder, Main-Mode Message 5).
  Aug 29 22:42:38: --- last message repeated 1 time ---
  Aug 29 22:42:38 server racoon[164]: IKE Packet: transmit success. (Phase1 Retransmit).
  Aug 29 22:42:38 server racoon[164]: IKE Packet: receive failed. (Responder, Main-Mode Message 5).
  However, when I try to connect via PPTP (no matter if from in- or outside my network), I see the following error:
  Aug 29 22:27:18 server pppd[16843]: The remote system is required to authenticate itself
  Aug 29 22:27:18 server pppd[16843]: but I couldn't find any suitable secret (password) for it to use to do so.
  Aug 29 22:27:18 server vpnd[16413]:    --> Client with address = 192.168.1.226 has hungup

  I have not yet tried the VPN server in Lion, but I would normally associate IKE traffic with L2TP style VPN connections and not PPTP connections. This might indicate the remote client is trying to make an L2TP connection and you have not yet setup that properly with the same shared secret password at both ends (this different the actual users login password).
  Or of course you can correct the remote client and set it to use PPTP.

• I bought an external hard drive for backups to use with Time Machine, but however when I try to connect it with the other windows laptop it doesn't work ? intact it doesn't work on any other device except my MAC ?

  I bought an external hard drive for backups to use with Time Machine, but however when I try to connect it with the other windows laptop it doesn't work ? intact it doesn't work on any other device except my MAC ?

  Do not worry about it.
  Time Machine needs that your external drive is formatted in HFS+, or better known as "Mac OS Extended (Journaled)". This filesystem is used by Apple on Macs and Windows cannot read or write drives formatted with this filesystem, being this the reason why all your devices do not read the external drive except your Mac.
  You can only use your external drive to make Time Machine drives. If you store anything different, you may damage the Time Machine structure, so it is better not to use it as a drive to store other data. Instead, get another external drive to do it or create a second partition on the external drive formatted in FAT32 by using Disk Utility > http://pondini.org/OSX/DU3.html FAT32 can be read by Windows PCs

• DW CS3: test connection works, but local pages won't upload.

  My MacBook Pro died, can'taccess files or apps and I don't have the CS3  install disks,  so I moved DW over from my Mac Pro.The test connection works, but local pages won't upload.I re-entered all the site info, confirmed I ahd all the correct FTP settings from my sertver tech guys. I even created a new site duplicating all the original info. BTW I have ALWAYS had this problem on the Mac Pro...Never been able to upload from that computer. All the other apps in CS3 work fine.
  jackhatfield

  FileZilla worked. Thanks so much. Still wish I could figure out why
  Dreamweaver won¹t transfer files, it would be easier than editing in DW and
  then having to use Filezilla to transfer them. DW never transferred files on
  the Mac Pro I had it installed on either (that¹s where I got it from when I
  moved apps to my new MacBook Pro).
  jack

• HT1595 When I connect with my wifi it comes up as connected to wifi but not the Internet and all my other devices work except the Apple TV and I'm not sure what to do

  At first my Apple TV was stuck so I unplugged it and re plugged it so everything disappeared all my apps everything then when I tried hooking up to my Internet it said connected to wifi but cannot connect to the Internet so I'm not sure what that means or how to fix it

  GH
  When you say everything disappeared do you still have Computers and Settings icons?  Try rebooting the router  and apple tv with all cables out for 30 seconds.  Does it work eathernet connected if you can try that too?
  Jules

• I downloaded iOS 7 onto my iPhone 4 and updated the iTunes on my PC, WiFi connection works but somewhow it won't do anything when I plug the iPhone.

  I downloaded iOS 7 onto my iPhone 4 and updated the iTunes on my PC, WiFi connection works but somewhow it won't do anything when I plug the iPhone. Now, I got frustrated that neither iTunes nor my iPhone do anything. I need my iPhone to get it back to work regardless if it's back to the last version of iOS.

  I just encountered this problem for the first time and stumbled upon this forum to find a solution.  I played around with it a bit and it seems that if you slide your finger from the bottom up, you will come upon that new screen that will allow you to do various functions with your phone (put it in airport mode, lock, etc.), you can select your Airport from this screen and play your music wirelessly from your phone; at least this was my experience. Hope this helps!