VPN Issue Urgent help
guys the scenario is i have a client and i tried to install cisco 2851 router (via FR) with other peer router .....i coudnt get IPSEC running......the VPN never establish i have took a debug statement can someone please help me and tell me what i sthe problem as i tried my best
Hi person,
This forum is focused in to discuss questions about PCI Compliance. By this way, post the same question in the VPN Forum (http://forum.cisco.com/eforum/servlet/NetProf?page=Virtual_Private_Networks_discussion), when i will to answer with pleasure.
At this moment, that i say to help is: verify parameter og ISAKMP, like ttl, encryption, peer, and so on. This behavior is typicaly seem in enviroments with misconfigured parameter.
At end, verify conectivity between boths peers.
Regards,
BHS.
Similar Messages
-
Guys i have a problem bit strange one can someone please help me out .....i have a sites in which i have pix firewall (515E). Now i have already 3 Vpns site to site established.......(without NAT) now i want to establish fourth VPN....now th eporblem is that my service provider has given me an ip adress that he shd get the VPN request for that IP adress (i shd do nating to translate my internal ip to his ip) i tried to put few things but it doesnt work.....even i m failed to estalblish IKE pjase 1 ......on the otehr hand the device is VPN conc 3000......i have checked all the policies transform set but i m failed to even get working the first bit (IKE 1)....i have treid to debug it but my router doesnt even consider as an intersting traffic and it just send it through to default gateway....can some please hlep me out
Hello,
Can you give me an example as to what you are trying to do. I dont understand what you are trying to do.
What is the current IP address on the inside of the PIX firewall?
What is the current IP address on the outside of the firewall?
What does the ISP want the IP address to be on the outside?
What do you like to do after that?
Thanks
Gilbert -
Wlan Security Issue urgent help needed
Dear Community,
i have a wlc 5500 with two ssids for employees and contractors
both ssids with layer2 security WPA+WPA2 and auth key mgmt 802.1x are authenticated with ACS 5.0 (active directory) for users access and are working fine after windows adapter setting
but my question is, can i do some thing like
authentication with acs 5.0 (active directory) for users access but without windows adapter seting????
i mean without changing any setting on windows adapter ( leave it as default).
if i can then how i can???
or i cann't do that i mean there is not any option to do that?
plz give me your seggustions i need urgent help on this topic.thanks for your reply George
it seems only for 802.1x authentication key methode needs windows adaptor changing as per you.
is there any other option to configure wlan scurity with acs (MS active Dir) user authentication like
let me tell you something
i want when any client will try to connect any wlan he ll just prompted to use his username and password(of active directory) without doing any changes in window adapter setting???
i don't care layer 2 security will be whatever like wpa+wpa2 with 802.1x OR something else
can i do that or no ??
if yes i can than what type of security?
please don't tell me about webauthentication i already know about that and i ll use that mothed for GUSET-Wlan.
kindly reply me soon
Thanks -
Hi all, we have recently set up a remote access vpn using vpn client, this terminates on a asa5520, I am getting issues now where my clients connect fine to the vpn, and get a dhcp address etc, but then cant see anywhere inside my lan, it works fine from broadband etc at home, but I tried to access it via a vodaphone 3g card, and other users from other companies say they are now having this issue also, what could the problem be as routing surely is fine as they can get the vpn connected, please can anyone help ??
cheersThis allows vpn clients to have esp packets encapsulated in udp over port 4500. This is necessary for ipsec to pass through nat/pat devices.
Most likely, the clients you are not having problems with are not behind nat/pat devices.
http://cisco.com/en/US/docs/security/asa/asa72/command/reference/c5_72.html#wp2068300 -
VPN issue please help???
Hi,
I am trying to connect vpn client (Win XP) and its works just fine. It is also communicating with radius server and internal network no issues in that. However, when using vpn client on Win 7 it does not connect. I can see from the debug in firewall that phase 2 is complete, but the client does not connect and I can see the error 809 in Win 7 (32 bit and 64 bit) clients. I would really appreciate if anyone can just guide me in right direction. Please see below the code that is working fine for XP.
nat (inside,outside) source static obj-172.16.0.0-nonat obj-172.16.0.0-nonat destination static obj-192.168.0.0-nonat obj-192.168.0.0-nonat no-proxy-arp route-lookup
aaa-server int-radius-group protocol radius
aaa-server int-radius-group (inside) host 172.16.5.100
key ***
radius-common-pw ***
crypto ipsec ikev1 transform-set RA-VPN-Set-3desmd5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-3desmd5 mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-aes128sha esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-aes128sha mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-aes256sha esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-aes256sha mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-aes256md5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-aes256md5 mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-dessha esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-dessha mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-3dessha esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-3dessha mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-desmd5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-desmd5 mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-aes192md5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-aes192md5 mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-aes192sha esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-aes192sha mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-aesmd5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-aesmd5 mode transport
crypto dynamic-map dyn-ra-vpn 65000 set ikev1 transform-set RA-VPN-Set-3desmd5 RA-VPN-Set-aes128sha RA-VPN-Set-aes256s-dessha RA-VPN-Set-3dessha RA-VPN-Set-desmd5 RA-VPN-Set-aes192md5 RA-VPN-Set-aes192sha RA-VPN-Set-aesmd5
crypto dynamic-map dyn-ra-vpn 65000 set reverse-route
crypto map ASA-VPN-SITE 65000 ipsec-isakmp dynamic dyn-ra-vpn
crypto map ASA-VPN-SITE interface outside
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto ikev1 policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
group-policy RA-VPN-GP internal
group-policy RA-VPN-GP attributes
dns-server value 172.16.5.31 172.16.5.32
vpn-tunnel-protocol ikev1 l2tp-ipsec
default-domain value mydomain.com
intercept-dhcp enable
client-firewall none
tunnel-group DefaultRAGroup general-attributes
address-pool ra-vpn-ippool
authentication-server-group int-radius-group
default-group-policy RA-VPN-GP
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
Thanks & Regards
RohitWe are using VPN client v5.0.05.0290 without a problem. Here is a link that I found initially when testing with Windows 7 and the VPN client...maybe it will help you resolve your issue.
http://weblogs.asp.net/bhouse/archive/2009/01/15/how-to-successfully-install-cisco-vpn-client-on-windows-7.aspx
I didn't have to use this procedure on windows 7 pro 32bit.
On a different note, can you pass traffic to hosts on your internal LAN by IP address or hostname? I found an issue using the AnyConnect client - I didn't configure the connection profile to tell the connecting client what our internal domain name was...so my clients weren't able to make connections inbound withougt manually appending the domain name to the end of the hostname...shot in the dark...
Good Luck!!
"please rate me if post helpful" -
ERD Design Issue Urgent help needed .
Hi ,
I'm designing a movie theatre system . I was drawing the ERD Diagram but I'm stuck .
One theatre can have many movies and One movie can be run on many shows .So I have created seperate Theatre and Movie tables and another associative table containing only MovieID and Theatre ID .
Now number of shows in a theatre are fixed .. Morning ,Evening and Night .
The problem comes when I want to find which movie is running on which theatre and what is the show timimg . If I create another table as show table having theatre id and showid (say 1 is Morning and so on ) then how to relate that with movie .I tried a lot but not being able to find out .
How will I design the tables so that they are in 3rd Normal form .Its a bit urgent.
Please help me out .
Regards,
Rahul .Hi Rahul
If I were you, then to make it flexible i would have tables for
1) Theatre
2) Movie
3) Show
4) movie_show_theatre_mapping
And according to your design it should be
1) Theatre
2) Movie
3) Show table with foreign key to theatre
4) Show_movie_mapping
Here you can find the movie timing at a particular theatre by quering
show_movie_mapping and show table where theatre id is a foreign key in show table.
Regards -
SAML configuration issue-Urgent Help required!!!
I have configured SAML using the following article guidelines http://www.oracle.com/technology/pub/articles/dev2arch/2006/12/sso-with-saml.html
but I 'm unable to login to Application A itself which is SAML source site.Please Help me to understand where am i going wrong!!!!!Hi George,
The issue is I wanted to download few app from google play on Cisco DX 650 example office suite whic helps to open an attachment like word pdf etc on the phone.In order to do that we require a google play store app on the phone which I am able to see on few phones and on few phones it is missing.
I have checked the CUCM config for all the phone and I can see allow application from android market is enabled.
still I am not able to see the play store Icon
Rgds,
Ajith -
Direct Deposit Issues Urgent Help needed
We recently switched to DD. We had a new employee come in and give us incorrect account info. So when payroll was run, this employee did not get money in his account. It went to a different account.
I need help asap on how you all handle this situation? Is there any way for us to generate a NACHA file to do a debit to the incorrect account? If not, how do you handle this at your company? We have even opened a SR and they are telling us the application can't do this. There has to be a way to correct errors and we don't know what this is.
Please help us and let me know how you all handle DD errors like this. We are needing to find a solution to this as quickly as possible.
thanks
Ronnie
[email protected]Yep, you are in a tough situation there. Trying to take money out of an account is a whole different story from putting money into an account. Technically you need the approval of the account owner to do a debit to the incorrect account. My suggestion - contact your bank and ask them how best to recover this money from the account that it went to. I am surprised that the receiving bank accepted the deposit. Surely you are including the employee name in the ACH detail, correct? Normally such an error would come back as a reject. You would void the payment and issue a new payment (either check or ACH).
What we do here is that the first week we do a prenote entry for an employee. No dollars. You are not required to do a prenote, but it can save you a lot of problems. We also ask the employee to provide a blank (voided) check from their checking account. That helps avoid getting bad information from an employee. Anyway, if the employee gives you bad information, the pre-note should come back with a reject, you would go back to the employee and get the right data, reset the prenote process and do another pre-note, and once good, start doing the ACH payment.
So I suggest - 1) Find out why this payment was not rejected but accepted into the wrong account, 2) Do a prenote process, and 3) Have employees submit a check (voided) with their ACH request form. Do steps 2 and 3 and you should not have errors. But do ask your bank what they recommend doing if a payment does get accepted to the wrong account.
John Dickey -
Forms Personalization Issues / Urgent help
Hello Oracle Gurus,
I have an issue while customizing the Customer Standard Form in Oracle Applications using Forms Personalization.
Issue descritption:
1) In Customer Standard Form (ARXCUDCI), at Bill-to Site level i need to disable the buttons NEW and OPEN for a custom responsibility.
I have written code in Trigger Event "WHEN-NEW-FORM-INSTANCE" and in actions i mentioned as
1. Property - Object Type as Item
Target Object as CTRL.ADDR_SU_NEW
Property Name as Enabled
Value as False
2. Property - Object Type as Item
Target Object as CTRL.ADDR_SU_OPEN
Property Name as Enabled
Value as False
When i check, it is working for the NEW button (i.e. NEW button getting disabled) but the same is not working for OPEN button.
Am i missing any thing else.........Any suggestions are highly appreciated.
Thanks & Regards,
Lakshmi Kalyan Vara Prasad.I would guess that the problem with the Open button is that there is existing standard code within the form that runs after the WHEN-NEW-FORMS-INSTANCE trigger that enables/disables the Open button based on some other condition.
Apart from opening up the form in Forms Builder and working through the code to work out what standard code is doing this (which can be an extremely painful process), I would suggest that you try moving your personalisation to a later event, such as WHEN-NEW-BLOCK-INSTANCE. -
Performance Issues - Urgent Help Required.
Hi All,
I have some performance problems on the application that is running on WLS 6.1
SP2.
1. I have a UI (jsp), in which the user can select either single or multiple product
IDs. If the user just selects one product ID and then submit the request to the
server the response is faster. However when the user submits multiple product
IDs, all these are submitted to the server and it takes a longer response time.
I was just thinking of generating multiple requests in batches (say 5) to optimise
the performance. If I submit multiple requests, how will i be able to manage the
response and display in the presentation layer. Any comments / suggestions are
welcome.
2. In my application, I have data access objects which fetches the data from the
Database. After the rows are fetched, these data is processed by business process
which converts them to java objects and returns them to clients. The business
process of converting the data fetched from Database to java objects is slow.
We need to improve the response time. What do we need to do?.
3. Is there any performance benchmarking info / comparision available between
WeblogicServer 6.1 and WebLogicServer 7 or any higher versions?.
Will appreciate any help to address the above problem.
Regards,
RengaTo Really figure whats going on, you need to get some performance numbers,
more specifically where things are slowing down. It could be anywhere from a
sql query thats doing a full table scan verses using index, or some method
somewhere slowing things down, or even something slow on the network. You
might want to try something like JProbe or OptimizeIt that can profile your
application and give you slow methods/modules of your application.
Haider
"Renganathan" <[email protected]> wrote in message
news:[email protected]..
>
Hi All,
I have some performance problems on the application that is running on WLS6.1
SP2.
1. I have a UI (jsp), in which the user can select either single ormultiple product
IDs. If the user just selects one product ID and then submit the requestto the
server the response is faster. However when the user submits multipleproduct
IDs, all these are submitted to the server and it takes a longer responsetime.
I was just thinking of generating multiple requests in batches (say 5) tooptimise
the performance. If I submit multiple requests, how will i be able tomanage the
response and display in the presentation layer. Any comments / suggestionsare
welcome.
2. In my application, I have data access objects which fetches the datafrom the
Database. After the rows are fetched, these data is processed by businessprocess
which converts them to java objects and returns them to clients. Thebusiness
process of converting the data fetched from Database to java objects isslow.
We need to improve the response time. What do we need to do?.
3. Is there any performance benchmarking info / comparision availablebetween
WeblogicServer 6.1 and WebLogicServer 7 or any higher versions?.
Will appreciate any help to address the above problem.
Regards,
Renga -
HFM 3.5 to HFM 9.3.1 issues Urgent help needed
Dear All:
i am on an upgrade Scenario
Upgrading HFM 3.5 and Hyperion Reports 7.0 to System 931
Environemt details : Windows 2003 sp2, SQL 2000 sp3a
PROD HFM Server version : 3.5.1 sp2
PROD HR Version 7.0
Server 1: HFM Full Server
Server 2: HFM App Server
Server 3: HFM Web Server
Server 4: SQL / HReports 7.0 (HFM DB=100+GB Size)
Task : Upgrade/Migrate the HFM 3.5.1 to System 9.3.1 on a different environment, (different domain).
I'm not sure if i cant use the HFMCopyApplication.exe utility for two reason... HFM DB is huge and botht the servers are in two domains.
What would be the suggested or best method to do this migration/upgradation ? I have the HFM DB backup from PROD Server....
Edited by: SRIRAM Kalyanaraman on Apr 10, 2009 10:50 PMHi,
Can you define "diffrent domains" for me? Are they diffrent phisyical machines? What type of database server are you using?
-Tony -
Oracle 9i OMS Login issues - URGENT help needed !
Hi,
I am a new user for ORACLE 9i (windows 2003 server ) and I am in deep trouble! I need to take backup of an existing database in our production server but I cannot login to the OEM as I do not know the sysdba ( userid & Password). The worst part is that no one knows the Admin userid & password.
I can login to the standalone database using the sys password.
Question1 : Is there any other way to login in the OMS ???
Question2: Is there any other way of taking backup of the Database ???
Message was edited by:
PC5Question1 : Is there any other way to login in the OMS ???
Use system user login , Also once you can login as sysdba on sqlplus
you change password as well
Alter user sys identified by <password> ;
Alter user system identified by <password> ;
Question2: Is there any other way of taking backup of the Database ???Yes you can take backup manually as well but,
What kind of backup you want to take logical or physical backup ?
Virag -
Licence Issue --urgent help needed
Hi all,
I'm working on a configuration management for a OWB data warehouse environment.
The client is going to buy two iDS package for two developers involved in OWB development.
Can anyone answer two outstanding questions from the DBA who is going to implement the configuration stuff?
Q1: Do we need additional licence of iDS on QA server and Production server? Or we can install iDS on more than one server but limit the use to these two developers?
Q2: Do we need to buy extra licence ($1200 for each named user) for the schemas created when using OWB, including: owb (Build Repository),
rtr( Run Time Owner),
rtu( Run Time Access User)
two target schema (one for staging, one for data warehouse schema).
If yes, do we need to buy for all the servers(Development, QA, Production).This is realy painful to ask client to buy just because we choose to use OWB.
Besides, there is another owbrt_sys created by OWB. Licence also needed for this one?
You may suggest me talk to the Local Oracle representative. Yes, the DBA did. And DBA got different answers from different guy like:
Answer 1: You don't need to buy iDS on QA and Prod servers as you can just copy your schemas (exp/imp) from Development to QA and Production where you can just run your ETL script generated from OWB.
(I'm surprised for this)
Answer 2: Install Runtime repository on Servers where you don't have OWB installed by doing a remote installation. So we don't need OWB(iDS licence for thise servers).
Sounds good idea and smart. But I failed to do that. The error message shows like :
INS0034: The Database Server needs to be configured by
Running Runtime Repository option locally. Please run
The Runtime Assistant on the Server where the database
Is located.
But I can do the remote install of runtime repository after install OWB on the server.
Thanks for anything about this from your experience or knowledge.
DamingDamming,
iDS is licensed per developer - if you have 2 developers, you need to buy 2 licenses, if 3, 3 licenses etc. There is no license for the runtime.
You need to have an Enterprise edition Oracle DB license though.
Regards:
Igor -
We have configured all the devices to be accessesd via SSH only, but today we can't SSH on any off our devices, all the devices andnetwork connections are fine.
Any idea why this could be.Did you add a domain name and generated an rsa key after that?
Some hints:
- Your hostname should not be the default name "Router"
- First add a domain-name (needed to generate the key)
my-router(config)#ip domain name mydomain
- Then generate a crypto key. I used 1024 bits in this example
my-router(config)#crypto key generate rsa
The name for the keys will be: my-router.mydomain
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
#############: %SSH-5-ENABLED: SSH 1.99 has been enabled
my-router(config)# -
Urgent help needed; Database shutdown issues.
Urgent help needed; Database shutdown issues.
Hi all,
I am trying to shutdown my SAP database and am facing the issues below, can someone please suggest how I can go about resolving this issue and restart the database?
SQL> shutdown immediate
ORA-24324: service handle not initialized
ORA-24323: value not allowed
ORA-01089: immediate shutdown in progress - no operations are permitted
SQL> shutdown abort
ORA-01031: insufficient privileges
Thanks and regards,
IqbalHi,
check SAP Note 700548 - FAQ: Oracle authorizations
also check Note 834917 - Oracle Database 10g: New database role SAPCONN
regards,
kaushal
Maybe you are looking for
-
Can you help me delete photo library & duplicate photo library
Hi, I don't know what I did, but I somehow copied 44 of my daughter's music images into my photo library and then created a duplicate with 43 images. These 87 images are taking up room and there is no obvious way to delete them. Here's what happens
-
PLz any body suggest me i had hanged up with my computer for last 3 day but couldn't solved it.
-
I just want to recover my bookmarks ... please help.
-
Keyword Tags with Vietnamese Letters
Hi all of you! I am new in the forum. I am using Organizer in PSE 12. I have many Vietnamese friends and their names are something like Nguyễn Văn Tuấn or Đặng Bằng Kiều and so on. Try tagging the photos with their names, but Keyword Tags using th
-
HELP PLEASE - media test failure - check cable
Hi - I have a toshiba satellite 1955-s801. It crashed on me some time ago and I am now trying to fix it. The message I receive when I turn it on : " For Realtek RTL8139 (A/B/C)/,RTL8130 PC/Fast Ethernet Controller V2.12 (010425) PXE-E61 media test f