Vpn issues urgent

Hi all, we have recently set up a remote access vpn using vpn client, this terminates on a asa5520, I am getting issues now where my clients connect fine to the vpn, and get a dhcp address etc, but then cant see anywhere inside my lan, it works fine from broadband etc at home, but I tried to access it via a vodaphone 3g card, and other users from other companies say they are now having this issue also, what could the problem be as routing surely is fine as they can get the vpn connected, please can anyone help ??
cheers

This allows vpn clients to have esp packets encapsulated in udp over port 4500. This is necessary for ipsec to pass through nat/pat devices.
Most likely, the clients you are not having problems with are not behind nat/pat devices.
http://cisco.com/en/US/docs/security/asa/asa72/command/reference/c5_72.html#wp2068300

Similar Messages

  • VPN Issue urgent Help needed

    Guys i have a problem bit strange one can someone please help me out .....i have a sites in which i have pix firewall (515E). Now i have already 3 Vpns site to site established.......(without NAT) now i want to establish fourth VPN....now th eporblem is that my service provider has given me an ip adress that he shd get the VPN request for that IP adress (i shd do nating to translate my internal ip to his ip) i tried to put few things but it doesnt work.....even i m failed to estalblish IKE pjase 1 ......on the otehr hand the device is VPN conc 3000......i have checked all the policies transform set but i m failed to even get working the first bit (IKE 1)....i have treid to debug it but my router doesnt even consider as an intersting traffic and it just send it through to default gateway....can some please hlep me out

    Hello,
    Can you give me an example as to what you are trying to do. I dont understand what you are trying to do.
    What is the current IP address on the inside of the PIX firewall?
    What is the current IP address on the outside of the firewall?
    What does the ISP want the IP address to be on the outside?
    What do you like to do after that?
    Thanks
    Gilbert

  • VPN Issue Urgent help

    guys the scenario is i have a client and i tried to install cisco 2851 router (via FR) with other peer router .....i coudnt get IPSEC running......the VPN never establish i have took a debug statement can someone please help me and tell me what i sthe problem as i tried my best

    Hi person,
    This forum is focused in to discuss questions about PCI Compliance. By this way, post the same question in the VPN Forum (http://forum.cisco.com/eforum/servlet/NetProf?page=Virtual_Private_Networks_discussion), when i will to answer with pleasure.
    At this moment, that i say to help is: verify parameter og ISAKMP, like ttl, encryption, peer, and so on. This behavior is typicaly seem in enviroments with misconfigured parameter.
    At end, verify conectivity between boths peers.
    Regards,
    BHS.

  • Remote access Vpn issue

    Dear All,
    I have configured remote access vpn without using split tunnel.Everything is working fine.I can access all the inside network which is allowed in acl.
    I am facing strange issue now. I have created a pool for remote access vpn with a range 192.168.5.8/29.I can access my internal subnets 10.10.0.0/16.
    I have below acess-list for acl-in.
    access-list acl-in extended permit ip object-group vpnclients 192.168.5.8 255.255.255.248
    object-group network vpnclients
    network-object host 10.110.100.26
    network-object host 10.106.100.15
    network-object host 10.10.10.6
    network-object host 10.10.20.82
    network-object host 10.110.100.48
    network-object host 10.10.20.53
    network-object host 10.10.20.54
    network-object host 10.60.100.1
    network-object host 10.10.10.75
    network-object host 10.10.20.100
    network-object host 10.10.130.136
    network-object host 10.106.100.16
    network-object host 10.106.100.9
    network-object host 10.170.100.1
    network-object host 10.170.100.2
    network-object host 10.170.100.21
    network-object host 10.101.100.20
    network-object host 10.170.100.25
    So whichever IPs i have called in vpnclient group is able to access via RA vpn.Issue is when i try to access internal network of 192.168.198.0/24, i am able to access it without adding in vpnclient group. Even for 192.168.197.0/24,192.168.197.0/24 the same. But for 10.10.0.0/16 we can access only after adding in vpnclient group. Any one has face this issue before. Is this because of same network i mean 192.168.0.0 something like that.There is no other staement in acl-in for 192.168.0.0
    Regards
    -Danesh Ahammad

    Hi,
    If i read correctly you made the RA vpn "without"  split tunnel, correct? if that is the case, all of the traffic will traverse the vpn connection (tunnel all) , the access-list "acl-in" is of no use to it.
    try converting it to use split tunnel, i am sure that way you can not access resources that are not mentioned in the list.
    ~Harry

  • Any ideas how to better troubleshoot VPN issue?

    Hi,
    I've recently upgraded my WLAN router to a brand new AVM FRITZ!Box WLAN 7390, in part for its VPN capabilities.
    So far, I've been unable to create a working connection.
    AVM's VPN is based on Cisco IPSec, and they provide a step-by-step procedure on how configure a Mac-based VPN connection (http://www.avm.de/de/Service/Service-Portale/Service-Portal/VPN_Interoperabilita et/16206.php - unfortunately only available in German, sorry). Following it, I still can't get it to work. Contacting their support I got first the same procedure and after pointing out I already followed it a "we don't support other vendors".
    Funny enough, I got a second VPN connection to my work's VPN server just fine, though admittedly there we have a true Cisco box.
    My initial setup was based on a 192.x.x.x net on my AVM, I could establish a VPN connection but coudn't ping/ssh/http/you-name-the-protocol in either direction. Our companies net is a 10.x.x.x net so, and as I have also VMware fusion running on my Mac with DHCP enabled on a different 192.x.x.x net plus a third 192.x.x.x net from my Wifi access I decided to reconfigure my AVM net to a 172.x.x.x net and stop VMware services for the tests (ie simplify as much as I could to help troubleshoot).
    Alas, instead of being able to establish a non-working VPN connection, now I ain't able to get the tunnel up. IKE Phase 1 completes but Phase 2 doesn't.
    Here's the relevant section from kernel.log:
    Dec 30 11:47:57 jupiter configd[16]: IPSec connecting to server <myservernameismybusiness>.dyndns.info
    Dec 30 11:47:57 jupiter configd[16]: SCNC: start, triggered by SystemUIServer, type IPSec, status 0
    Dec 30 11:47:57 jupiter configd[16]: IPSec Phase1 starting.
    Dec 30 11:47:57 jupiter racoon[1910]: IPSec connecting to server 77.x.x.x
    Dec 30 11:47:57 jupiter racoon[1910]: Connecting.
    Dec 30 11:47:57 jupiter racoon[1910]: IPSec Phase1 started (Initiated by me).
    Dec 30 11:47:57 jupiter racoon[1910]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
    Dec 30 11:47:58 jupiter racoon[1910]: IKEv1 Phase1 AUTH: success. (Initiator, Aggressive-Mode Message 2).
    Dec 30 11:47:58 jupiter racoon[1910]: IKE Packet: receive success. (Initiator, Aggressive-Mode message 2).
    Dec 30 11:47:58 jupiter racoon[1910]: IKEv1 Phase1 Initiator: success. (Initiator, Aggressive-Mode).
    Dec 30 11:47:58 jupiter racoon[1910]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 3).
    Dec 30 11:47:58 jupiter racoon[1910]: IKE Packet: transmit success. (Information message).
    Dec 30 11:47:58 jupiter racoon[1910]: IKEv1 Information-Notice: transmit success. (ISAKMP-SA).
    Dec 30 11:47:58 jupiter racoon[1910]: IPSec Phase1 established (Initiated by me).
    Dec 30 11:47:58 jupiter racoon[1910]: IPSec Extended Authentication requested.
    Dec 30 11:47:58 jupiter configd[16]: IPSec requesting Extended Authentication.
    Dec 30 11:48:01 jupiter configd[16]: IPSec sending Extended Authentication.
    Dec 30 11:48:01 jupiter racoon[1910]: IKE Packet: transmit success. (Mode-Config message).
    Dec 30 11:48:01 jupiter racoon[1910]: IPSec Extended Authentication sent.
    Dec 30 11:48:02 jupiter racoon[1910]: IKEv1 XAUTH: success. (XAUTH Status is OK).
    Dec 30 11:48:02 jupiter racoon[1910]: IPSec Extended Authentication Passed.
    Dec 30 11:48:02 jupiter racoon[1910]: IKE Packet: transmit success. (Mode-Config message).
    Dec 30 11:48:02 jupiter racoon[1910]: IKEv1 Config: retransmited. (Mode-Config retransmit).
    Dec 30 11:48:02 jupiter racoon[1910]: IPSec Network Configuration requested.
    Dec 30 11:48:03 jupiter racoon[1910]: IPSec Network Configuration established.
    Dec 30 11:48:03 jupiter racoon[1910]: IKE Packet: receive success. (MODE-Config).
    Dec 30 11:48:03 jupiter configd[16]: IPSec Network Configuration started.
    Dec 30 11:48:03 jupiter configd[16]: IPSec Network Configuration: INTERNAL-IP4-ADDRESS = 172.77.7.14.
    Dec 30 11:48:03 jupiter configd[16]: IPSec Network Configuration: SAVE-PASSWORD = 1.
    Dec 30 11:48:03 jupiter configd[16]: IPSec Network Configuration: DEFAULT-ROUTE = local-address 172.77.7.14/32.
    Dec 30 11:48:03 jupiter configd[16]: host_gateway: write routing socket failed, command 2, No such process
    Dec 30 11:48:03 jupiter configd[16]: IPSec Phase2 starting.
    Dec 30 11:48:03 jupiter configd[16]: IPSec Network Configuration established.
    Dec 30 11:48:03 jupiter configd[16]: IPSec Phase1 established.
    Dec 30 11:48:03 jupiter configd[16]: event_callback: Address added. previous interface setting (name: en1, address: 192.168.43.242), current interface setting (name: utun0, family: 1001, address: 172.77.7.14, subnet: 255.255.255.255, destination: 172.77.7.14).
    Dec 30 11:48:03 jupiter racoon[1910]: IPSec Phase2 started (Initiated by me).
    Dec 30 11:48:03 jupiter racoon[1910]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1).
    Dec 30 11:48:03 jupiter configd[16]: network configuration changed.
    Dec 30 11:48:03 jupiter configd[16]: IPSec port-mapping update for en1 ignored: VPN is the Primary interface. Public Address: ac4d070e, Protocol: None, Private Port: 0, Public Port: 0
    Dec 30 11:48:03 jupiter configd[16]:
    Dec 30 11:48:03 jupiter configd[16]: setting hostname to "jupiter.local"
    Dec 30 11:48:03 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
    Dec 30 11:48:06 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
    Dec 30 11:48:07 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
    Dec 30 11:48:09 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
    Dec 30 11:48:09 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
    Dec 30 11:48:12 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
    Dec 30 11:48:13 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
    Dec 30 11:48:15 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
    Dec 30 11:48:15 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
    Dec 30 11:48:18 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
    Dec 30 11:48:18 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
    Dec 30 11:48:21 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
    Dec 30 11:48:21 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
    Dec 30 11:48:24 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
    Dec 30 11:48:25 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
    Dec 30 11:48:27 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
    Dec 30 11:48:27 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
    Dec 30 11:48:30 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
    Dec 30 11:48:30 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
    Dec 30 11:48:33 jupiter configd[16]: IPSec disconnecting from server 77.x.x.x
    Dec 30 11:48:33 jupiter racoon[1910]: IPSec disconnecting from server 77.x.x.x
    Dec 30 11:48:33 jupiter racoon[1910]: IKE Packet: transmit success. (Information message).
    Dec 30 11:48:33 jupiter racoon[1910]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).
    Dec 30 11:48:33 jupiter configd[16]: SCNC Controller: service_ending_verify_primaryservice, waiting for PrimaryService. status = 1
    Dec 30 11:48:33 jupiter configd[16]:
    Dec 30 11:48:33 jupiter configd[16]: network configuration changed.
    Dec 30 11:48:33 jupiter configd[16]: SCNC Controller: ipv4_state_changed, done waiting for ServiceID.
    Dec 30 11:48:33 jupiter configd[16]:
    Dec 30 11:48:33 jupiter configd[16]: setting hostname to "jupiter"
    When connecting to my work-place it looks like:
    Dec 30 12:33:14 jupiter configd[16]: IPSec connecting to server <mycompanyismybusiness>.ch
    Dec 30 12:33:14 jupiter configd[16]: SCNC: start, triggered by SystemUIServer, type IPSec, status 0
    Dec 30 12:33:14 jupiter configd[16]: IPSec Phase1 starting.
    Dec 30 12:33:14 jupiter racoon[1976]: IPSec connecting to server 62.x.x.x
    Dec 30 12:33:14 jupiter racoon[1976]: Connecting.
    Dec 30 12:33:14 jupiter racoon[1976]: IPSec Phase1 started (Initiated by me).
    Dec 30 12:33:14 jupiter racoon[1976]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
    Dec 30 12:33:14 jupiter racoon[1976]: IKEv1 Phase1 AUTH: success. (Initiator, Aggressive-Mode Message 2).
    Dec 30 12:33:14 jupiter racoon[1976]: IKE Packet: receive success. (Initiator, Aggressive-Mode message 2).
    Dec 30 12:33:14 jupiter racoon[1976]: IKEv1 Phase1 Initiator: success. (Initiator, Aggressive-Mode).
    Dec 30 12:33:14 jupiter racoon[1976]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 3).
    Dec 30 12:33:14 jupiter racoon[1976]: IPSec Phase1 established (Initiated by me).
    Dec 30 12:33:15 jupiter racoon[1976]: IPSec Extended Authentication requested.
    Dec 30 12:33:15 jupiter configd[16]: IPSec requesting Extended Authentication.
    Dec 30 12:33:21 jupiter configd[16]: IPSec sending Extended Authentication.
    Dec 30 12:33:21 jupiter racoon[1976]: IKE Packet: transmit success. (Mode-Config message).
    Dec 30 12:33:21 jupiter racoon[1976]: IPSec Extended Authentication sent.
    Dec 30 12:33:21 jupiter racoon[1976]: IKEv1 XAUTH: success. (XAUTH Status is OK).
    Dec 30 12:33:21 jupiter racoon[1976]: IPSec Extended Authentication Passed.
    Dec 30 12:33:21 jupiter racoon[1976]: IKE Packet: transmit success. (Mode-Config message).
    Dec 30 12:33:21 jupiter racoon[1976]: IKEv1 Config: retransmited. (Mode-Config retransmit).
    Dec 30 12:33:21 jupiter racoon[1976]: IPSec Network Configuration requested.
    Dec 30 12:33:21 jupiter racoon[1976]: IPSec Network Configuration established.
    Dec 30 12:33:21 jupiter racoon[1976]: IKE Packet: receive success. (MODE-Config).
    Dec 30 12:33:21 jupiter configd[16]: IPSec Network Configuration started.
    Dec 30 12:33:21 jupiter configd[16]: IPSec Network Configuration: INTERNAL-IP4-ADDRESS = 10.100.1.18.
    Dec 30 12:33:21 jupiter configd[16]: IPSec Network Configuration: INTERNAL-IP4-MASK = 255.255.255.0.
    Dec 30 12:33:21 jupiter configd[16]: IPSec Network Configuration: SAVE-PASSWORD = 1.
    Dec 30 12:33:21 jupiter configd[16]: IPSec Network Configuration: INTERNAL-IP4-DNS = 10.100.1.129.
    Dec 30 12:33:21 jupiter configd[16]: IPSec Network Configuration: SPLIT-INCLUDE.
    Dec 30 12:33:21 jupiter configd[16]: IPSec Network Configuration: DEF-DOMAIN = iw.local.
    Dec 30 12:33:21 jupiter configd[16]: host_gateway: write routing socket failed, command 2, No such process
    Dec 30 12:33:21 jupiter configd[16]: installed route: (address 10.100.1.0, gateway 10.100.1.18)
    Dec 30 12:33:21 jupiter configd[16]: IPSec Phase2 starting.
    Dec 30 12:33:21 jupiter racoon[1976]: IPSec Phase2 started (Initiated by me).
    Dec 30 12:33:21 jupiter racoon[1976]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1).
    Dec 30 12:33:21 jupiter configd[16]: IPSec Network Configuration established.
    Dec 30 12:33:21 jupiter configd[16]: IPSec Phase1 established.
    Dec 30 12:33:21 jupiter configd[16]: event_callback: Address added. previous interface setting (name: en1, address: 192.168.43.242), current interface setting (name: utun0, family: 1001, address: 10.100.1.18, subnet: 255.255.255.0, destination: 10.100.1.18).
    Dec 30 12:33:21 jupiter configd[16]: network configuration changed.
    Dec 30 12:33:21 jupiter racoon[1976]: IKE Packet: receive success. (Initiator, Quick-Mode message 2).
    Dec 30 12:33:21 jupiter racoon[1976]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3).
    Dec 30 12:33:21 jupiter racoon[1976]: IKEv1 Phase2 Initiator: success. (Initiator, Quick-Mode).
    Dec 30 12:33:21 jupiter racoon[1976]: IPSec Phase2 established (Initiated by me).
    Dec 30 12:33:21 jupiter configd[16]: IPSec Phase2 established.
    An earlies test in a Starbucks around here had the same result, during looking at the netstat -nr output I found I got onto a 10.x.x.x net on the Wifi and still could connect to the (different) 10.x.x.x net at work.
    My TCP/IP Networking course was around 2000, but the default route seen in the non-working log section looks like bullsh*t to me anyhow: DEFAULT-ROUTE = local-address 172.77.7.14/32
    On the other hand, the Phase 2 message seem to indicate a different mode for Phase 2 between the working and the non-working one.
    This is from the exported config of my AVM box:
    **** CFGFILE:vpn.cfg
    * /var/flash/vpn.cfg
    * Wed Dec 28 16:01:09 2011
    vpncfg {
            connections {
                    enabled = yes;
                    conn_type = conntype_user;
                    name = "[email protected]";
                    always_renew = no;
                    reject_not_encrypted = no;
                    dont_filter_netbios = yes;
                    localip = 0.0.0.0;
                    local_virtualip = 0.0.0.0;
                    remoteip = 0.0.0.0;
                    remote_virtualip = 172.77.7.14;
                    remoteid {
                            key_id = "<mykeyismybusiness>";
                    mode = phase1_mode_aggressive;
                    phase1ss = "all/all/all";
                    keytype = connkeytype_pre_shared;
                    key = "<mykeyismybusiness>";
                    cert_do_server_auth = no;
                    use_nat_t = no;
                    use_xauth = yes;
                    xauth {
                            valid = yes;
                            username = "<myuserismybusiness>";
                            passwd = "<mypasswordismybusiness>";
                    use_cfgmode = no;
                    phase2localid {
                            ipnet {
                                    ipaddr = 0.0.0.0;
                                    mask = 0.0.0.0;
                    phase2remoteid {
                            ipaddr = 172.22.7.14;
                    phase2ss = "esp-all-all/ah-none/comp-all/no-pfs";
                    accesslist =
                                 "permit ip 172.22.7.0 255.255.255.240 172.22.7.14 255.255.255.255";
            ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
                                "udp 0.0.0.0:4500 0.0.0.0:4500";
    // EOF
    **** END OF FILE ****
    I also noticed an extra "IPSec port-mapping update for en1 ignored" message in the non-working log section, but I'm not sure a) how significant that might be, and b) how to find out what the ignored update might have been to decide whether not ignoring it would help.
    A quick test with the AnyConnect Client from Cisco didn't help either, apparently it establishes an https connection first as I got a window which certificate details from my QNAP behind the AVM Box (I got a port forward for https to it)
    So I'm looking for any ideas how to better troubleshoot this VPN issue...
    Many thanks in advance!
    BR,
    Alex

    Ok, found a small typo in my config (had at one point a 172.77.7.14 instead of the 172.22.7.14), no I can also connect from the 172.x.x.x net but still no ping etc. The relevant section of the log looks now like this:
    Dec 30 16:44:27 jupiter configd[16]: IPSec connecting to server <myservernameismybusiness>.dyndns.info
    Dec 30 16:44:27 jupiter configd[16]: SCNC: start, triggered by SystemUIServer, type IPSec, status 0
    Dec 30 16:44:28 jupiter configd[16]: IPSec Phase1 starting.
    Dec 30 16:44:28 jupiter racoon[2183]: IPSec connecting to server 77.x.x.x
    Dec 30 16:44:28 jupiter racoon[2183]: Connecting.
    Dec 30 16:44:28 jupiter racoon[2183]: IPSec Phase1 started (Initiated by me).
    Dec 30 16:44:28 jupiter racoon[2183]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
    Dec 30 16:44:28 jupiter racoon[2183]: IKEv1 Phase1 AUTH: success. (Initiator, Aggressive-Mode Message 2).
    Dec 30 16:44:28 jupiter racoon[2183]: IKE Packet: receive success. (Initiator, Aggressive-Mode message 2).
    Dec 30 16:44:28 jupiter racoon[2183]: IKEv1 Phase1 Initiator: success. (Initiator, Aggressive-Mode).
    Dec 30 16:44:28 jupiter racoon[2183]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 3).
    Dec 30 16:44:28 jupiter racoon[2183]: IKE Packet: transmit success. (Information message).
    Dec 30 16:44:28 jupiter racoon[2183]: IKEv1 Information-Notice: transmit success. (ISAKMP-SA).
    Dec 30 16:44:28 jupiter racoon[2183]: IPSec Phase1 established (Initiated by me).
    Dec 30 16:44:28 jupiter racoon[2183]: IPSec Extended Authentication requested.
    Dec 30 16:44:28 jupiter configd[16]: IPSec requesting Extended Authentication.
    Dec 30 16:44:31 jupiter configd[16]: IPSec sending Extended Authentication.
    Dec 30 16:44:31 jupiter racoon[2183]: IKE Packet: transmit success. (Mode-Config message).
    Dec 30 16:44:31 jupiter racoon[2183]: IPSec Extended Authentication sent.
    Dec 30 16:44:32 jupiter racoon[2183]: IKEv1 XAUTH: success. (XAUTH Status is OK).
    Dec 30 16:44:32 jupiter racoon[2183]: IPSec Extended Authentication Passed.
    Dec 30 16:44:32 jupiter racoon[2183]: IKE Packet: transmit success. (Mode-Config message).
    Dec 30 16:44:32 jupiter racoon[2183]: IKEv1 Config: retransmited. (Mode-Config retransmit).
    Dec 30 16:44:32 jupiter racoon[2183]: IPSec Network Configuration requested.
    Dec 30 16:44:33 jupiter racoon[2183]: IPSec Network Configuration established.
    Dec 30 16:44:33 jupiter racoon[2183]: IKE Packet: receive success. (MODE-Config).
    Dec 30 16:44:33 jupiter configd[16]: IPSec Network Configuration started.
    Dec 30 16:44:33 jupiter configd[16]: IPSec Network Configuration: INTERNAL-IP4-ADDRESS = 172.22.7.14.
    Dec 30 16:44:33 jupiter configd[16]: IPSec Network Configuration: SAVE-PASSWORD = 1.
    Dec 30 16:44:33 jupiter configd[16]: IPSec Network Configuration: INTERNAL-IP4-DNS = 172.22.7.1.
    Dec 30 16:44:33 jupiter configd[16]: IPSec Network Configuration: DEFAULT-ROUTE = local-address 172.22.7.14/32.
    Dec 30 16:44:33 jupiter configd[16]: host_gateway: write routing socket failed, command 2, No such process
    Dec 30 16:44:33 jupiter configd[16]: IPSec Phase2 starting.
    Dec 30 16:44:33 jupiter racoon[2183]: IPSec Phase2 started (Initiated by me).
    Dec 30 16:44:33 jupiter racoon[2183]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1).
    Dec 30 16:44:33 jupiter configd[16]: IPSec Network Configuration established.
    Dec 30 16:44:33 jupiter configd[16]: IPSec Phase1 established.
    Dec 30 16:44:33 jupiter configd[16]: event_callback: Address added. previous interface setting (name: en1, address: 192.168.43.242), current interface setting (name: utun0, family: 1001, address: 172.22.7.14, subnet: 255.255.255.255, destination: 172.22.7.14).
    Dec 30 16:44:33 jupiter configd[16]: network configuration changed.
    Dec 30 16:44:33 jupiter racoon[2183]: IKE Packet: receive success. (Initiator, Quick-Mode message 2).
    Dec 30 16:44:33 jupiter racoon[2183]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3).
    Dec 30 16:44:33 jupiter racoon[2183]: IKEv1 Phase2 Initiator: success. (Initiator, Quick-Mode).
    Dec 30 16:44:33 jupiter racoon[2183]: IPSec Phase2 established (Initiated by me).
    Dec 30 16:44:33 jupiter configd[16]: IPSec Phase2 established.
    Dec 30 16:44:43 jupiter racoon[2183]: IKE Packet: receive failed. (MODE-Config).
    Dec 30 16:44:48 jupiter racoon[2183]: IKE Packet: transmit success. (Information message).
    Dec 30 16:44:48 jupiter racoon[2183]: IKEv1 Information-Notice: transmit success. (R-U-THERE?).
    Dec 30 16:44:48 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: request transmitted. (Initiator DPD Request).
    Dec 30 16:44:48 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: response received. (Initiator DPD Response).
    Dec 30 16:44:48 jupiter racoon[2183]: IKE Packet: receive success. (Information message).
    Dec 30 16:45:03 jupiter configd[16]: setting hostname to "jupiter.local"
    followed by lots of:
    Dec 30 16:45:03 jupiter racoon[2183]: IKE Packet: receive failed. (MODE-Config).
    Dec 30 16:45:08 jupiter racoon[2183]: IKE Packet: transmit success. (Information message).
    Dec 30 16:45:08 jupiter racoon[2183]: IKEv1 Information-Notice: transmit success. (R-U-THERE?).
    Dec 30 16:45:08 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: request transmitted. (Initiator DPD Request).
    Dec 30 16:45:08 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: response received. (Initiator DPD Response).
    Dec 30 16:45:08 jupiter racoon[2183]: IKE Packet: receive success. (Information message).
    Dec 30 16:45:28 jupiter racoon[2183]: IKE Packet: transmit success. (Information message).
    Dec 30 16:45:28 jupiter racoon[2183]: IKEv1 Information-Notice: transmit success. (R-U-THERE?).
    Dec 30 16:45:28 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: request transmitted. (Initiator DPD Request).
    Dec 30 16:45:29 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: response received. (Initiator DPD Response).
    Dec 30 16:45:29 jupiter racoon[2183]: IKE Packet: receive success. (Information message).
    Dec 30 16:45:49 jupiter racoon[2183]: IKE Packet: transmit success. (Information message).
    Dec 30 16:45:49 jupiter racoon[2183]: IKEv1 Information-Notice: transmit success. (R-U-THERE?).
    Dec 30 16:45:49 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: request transmitted. (Initiator DPD Request).
    Dec 30 16:45:50 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: response received. (Initiator DPD Response).
    Dec 30 16:45:50 jupiter racoon[2183]: IKE Packet: receive success. (Information message).
    Dec 30 16:46:10 jupiter racoon[2183]: IKE Packet: transmit success. (Information message).
    Dec 30 16:46:10 jupiter racoon[2183]: IKEv1 Information-Notice: transmit success. (R-U-THERE?).
    Dec 30 16:46:10 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: request transmitted. (Initiator DPD Request).
    Dec 30 16:46:10 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: response received. (Initiator DPD Response).
    Dec 30 16:46:10 jupiter racoon[2183]: IKE Packet: receive success. (Information message).
    Dec 30 16:46:30 jupiter racoon[2183]: IKE Packet: transmit success. (Information message).
    Dec 30 16:46:30 jupiter racoon[2183]: IKEv1 Information-Notice: transmit success. (R-U-THERE?).
    Dec 30 16:46:30 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: request transmitted. (Initiator DPD Request).
    Dec 30 16:46:30 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: response received. (Initiator DPD Response).
    Dec 30 16:46:30 jupiter racoon[2183]: IKE Packet: receive success. (Information message).

  • SAPGUI Java 7.20 Rev 6 download and VPN issue

    Dear SAP friends please help.
    We are trying to connect to SAP via a Mac running Lion and a VPN with SAPGUI for Java Rev 5. We get the logon successfully but never get further than the licence message. We have updated to the latest Java and also tried it in 32 bitz mode. We are unable to download the latest Rev 6 (due to my user authorisation) but we still think this is a VPN issue. Can you please help? I enclose the trace which shows the point at which is stops.
    Many thanks
    Andrew
    16.11. 17:36:05.118 CALL:     <CONTROL SHELLID="101">
    16.11. 17:36:05.118 CALL:       <PROPERTY VALUE="0" NAME="120"/>
    16.11. 17:36:05.118 CALL:       <PROPERTY VALUE="0" NAME="300"/>
    16.11. 17:36:05.118 CALL:     </CONTROL>
    16.11. 17:36:05.118 CALL:   </CONTROLS>
    16.11. 17:36:05.118 CALL:   <COPY id="copy">
    16.11. 17:36:05.118 CALL:     <GUI id="gui">
    16.11. 17:36:05.118 CALL:       <METRICS id="metrics" X3="1440" X2="7" X1="7" X0="283" Y3="900" Y2="20" Y1="12" Y0="283"/>
    16.11. 17:36:05.118 CALL:     </GUI>
    16.11. 17:36:05.118 CALL:   </COPY>
    16.11. 17:36:05.118 CALL: </DATAMANAGER>
    16.11. 17:36:05.119 CALL: Call 1042: #3#.setMoreDataIndicator(true);
    16.11. 17:36:05.122 CON: GuiNiNetConnection: sending DIAG data to writer thread for modus 0
    ERROR #############################
    16.11. 17:37:10.018 ERROR: GuiNiReaderThread: read failed: Error: connection to partner '172.23.200.109:3200' broken
    16.11. 17:37:10.018 ERROR: 
    16.11. 17:37:10.018 ERROR: Wed Nov 16 17:37:10 2011
    16.11. 17:37:10.018 ERROR: Release 720
    16.11. 17:37:10.018 ERROR: Component NI (network interface), version 40
    16.11. 17:37:10.018 ERROR: rc = -6, module nixxi.cpp, line 5087
    16.11. 17:37:10.018 ERROR: Detail NiIRead: P=172.23.200.109:3200; L=10.64.10.112:53387
    16.11. 17:37:10.018 ERROR: System Call recv
    16.11. 17:37:10.018 ERROR: Error No 60
    16.11. 17:37:10.018 ERROR: 'Operation timed out'
    ERROR #############################
    16.11. 17:37:10.018 CON: -
    16.11. 17:37:10.018 CON: GuiNiNetConnection: sending DIAG data to connection for modus -1
    ERROR #############################
    16.11. 17:37:10.234 ERROR: GuiConnection: Connection closed
    16.11. 17:37:10.234 ERROR: Error: connection to partner '172.23.200.109:3200' broken
    16.11. 17:37:10.234 ERROR: 
    16.11. 17:37:10.234 ERROR: Wed Nov 16 17:37:10 2011
    16.11. 17:37:10.234 ERROR: Release 720
    16.11. 17:37:10.234 ERROR: Component NI (network interface), version 40
    16.11. 17:37:10.234 ERROR: rc = -6, module nixxi.cpp, line 5087
    16.11. 17:37:10.234 ERROR: Detail NiIRead: P=172.23.200.109:3200; L=10.64.10.112:53387
    16.11. 17:37:10.234 ERROR: System Call recv
    16.11. 17:37:10.234 ERROR: Error No 60
    16.11. 17:37:10.234 ERROR: 'Operation timed out'
    ERROR #############################
    ERROR #############################

    Hello Andrew,
    some version of the VPN client on Lion seems to have a known issue according to SAP internal discussions.
    I found someone telling, that with F5 SSL VPN Plugin 7000.2011.0907.01, it is working again.
    It seems to be available from https://connectfp.sap.com.
    For uninstalling old F5 version, see http://support.f5.com/kb/en-us/solutions/public/3000/800/sol3826.html
    (many "seems", because I am still on Snow Leopard and can not talk about this issue from my own experience)
    Regarding user authorization for downloading software in Service MarketPlace, please refer to [note 1037574|https://service.sap.com/sap/support/notes/1037574].
    Best regards
    Rolf-Martin

  • Installation issue -urgent

    Hai frnds
    I have got a new dell studio 15 laptop.iam much interested in oracle applications and for the purpose of learning oracle applications i got it.when i tried to install redhat enterprise linux 4 replacing windows xp on my machine it throws the error message as driver not found and the installation does not proceed.when i asked the computer dealers they said that i have to go for some newer rhel version for installing linux in my laptop since its a new brand.
    before few days i tried to install oracle applications 11.5.10.2 on rhel 5 but i got a lot of errors and the oracle forums advised me to go for rhel 4 for installing oracle applications 11.5.10.2.now iam confused and dont know wat to do .
    my aim is install oracle applications 11.5.10.2 on some newer version other than rhel 4 which supports my dell laptop
    i want to know whether installation of oracle applications 11.5.10.2 is possible on rhel 8 or rhel 9.will the installation goes properly.
    Thanks and Regards
    Parithi.A.

    Hi,
    Please see your other thread.
    install issue -urgent
    install issue -urgent
    Regards,
    Hussein

  • Airport Extreme 802.11n New Firmware Release (VPN ISSUE)

    The info accompanying the release of today's firmware upgrade makes no mention of a fix to the VPN problems. Does anyone know if the new firmware had any effect on the problem?
    Mac Pro   Mac OS X (10.4.9)   4 GB Ram

    Our VPN is now working (checkpoint)
    For me the firmware update initially seemed to fix the VPN issue, but after closer inspection there still seems to be something wrong with it. (We are using CheckPoint.) My Wintel-box that has been provided by my employee is still having issues with connecting to our exchange server and the network drives do not seem to be working all that realiable. Probably a configuration issue, but do you have any ideas on where to start looking for a solution?
    br,
    -Joose

  • ASA 5505 VPN Issue

    We have a Cisco 515 as a headend firewall with ~30 VPN connections to remote sites. The existing remote sites are using Cisco 506 firewalls and work fine. I am trying to setup an ASA 5505 as a rmote firewall as a future replacement for the PIX 506's. I am able to get the site to site tunnels up just fine. The issue is that once the tunnels are up I am not able to ping the inside interface of the remote ASA from the headend LAN. I am able to telnet to the ASA and run the ASDM but no ping. I am also not able to ping from the ASA to the headend LAN but I can ping from a device on the remote ASA LAN to the headend LAN. I have rebuilt the configs manually and with the ASDM with the same results. The remote Ipsec rules prtect the outside interface to headend LAN just like I do on the 506's. It is almost like the ASA will not build a tunnel from the outside interface to the remote LAN. Can anyone tell me what I am missing or what is different about the ASA over the PIX? Any help appreciated.

    Thanks for your reply. This is already set allong with the following.
    icmp permit any inside
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    When looking at the logs it looks like it builds an inbound connection and tears it down. On the PIX's it builds the inbound and outbound connection and then tears them down.
    When I do an inspect on the ping packets from the remote LAN I get an interesting result.
    Result:
    input-interface: outside
    input-status: up
    input-line-status: up
    output-interface: NP Identity Ifc
    output-status: up
    output-line-status: up
    Action: drop
    Drop-reason: (ipsec-spoof) IPSEC Spoof detected

  • Remote access vpn issues

    Hi all, I have been having issues with my remote access vpn, I can connect but cannot ping anywhere, I have enabled ipsec over nat-t, but still does not work, I noticed that when I did an ipconfig on my machine, I get the ip address assigned by my asa, 10.120.50.2 /32
    but the default gateway is showing as 10.112.50.3, is this correct, I thought it should be the same as the interface address ?

    Hi Carl,
    Can you make sure you have the following in your config:
    isakmp nat-traversal
    Can you also ensure your internal network has routing in place to cover your VPN client pool.

  • Remote access VPN issues using Pix 501

    We have taken over a network where there was little to no documentation. I have a remote access VPN terminated on a Pix 501 that is having a connectivity issue. I can connect using Cisco VPN Client. There is a server on the inside network that is used for mail etc. It has an IP of 192.168.0.4. I cannot ping it from my VPN session but from the Pix itself, I can ping it. There are different source IP's as the IP pool for the VPN session is 172.16.x.x and the inside network is 192.168.x.x. I can ping other hosts on the same inside network that are in the ARP table of the Pix. I have attached the configuration of the Pix 501. After researching, I cannot figure out what the issue is. I was assuming it was the route inside 172.16.x.x was set incorrectly but I can ping some hosts on the 192.168.x.x network. Thanks

    Aru,
    Hi. Thanks for responding. I did try and remove that route inside command and I still could not ping the server. I also tried removing those static translations and did a clear xlate but still no luck. This one has me puzzled. Especially since I can ping other hosts on that network and also ping the server but only from the Pix. The source on the Pix would be different 192.168.0.x than when I am connected using the VPN 172.16.1.x. That is the biggest difference. If it was routing, I would assume I could not ping any host on the 192.168.0.x network from the VPN session. I did remove that route inside as all of the other config examples did not have a specific route statement for the local pool even though it is not on the inside network. I have limited knowledge of their network as we just were told to manage it. Thanks again.

  • L2L VPN Issue - one subnet not reachable

    Hi Folks,
    I have a strange issue with a new VPN connection and would appreciate any help.
    I have a pair of Cisco asa 5540s configured as a failover pair (code version 8.2(5)).   
    I have recently added 2 new L2L VPNs - both these VPNs are sourced from the same interface on my ASA (called isp), and both are to the same customer, but they terminate on different firewalls on the cusomter end, and encrypt traffic from different customer subnets.    There's a basic network diagram attached.
    VPN 1 - is for traffic from the customer subnet 10.2.1.0/24.    Devices in this subnet should be able to access 2 subnets on my network - DMZ 211 (192.168.211.0./24) and DMZ 144 (192.168.144.0/24).    This VPN works correctly.
    VPN 2 - is for traffic from the customer subnet 192.168.1.0/24.    Devices in  this subnet should be able to access the same 2 subnets on my network - DMZ 211  (192.168.211.0./24) and DMZ 144 (192.168.144.0/24).    This VPN is not working correctly - the customer can access DMZ 144, but not DMZ 211.
    There are isakmp and ipsec SAs for both VPNs.    I've noticed that the packets encaps/decaps counter does not increment when the customer sends test traffic to DMZ 211.  This counter does increment when they send test traffic to DMZ144.   I can also see traffic sent to DMZ 144 from the customer subnet 192.168.1.0/24 in packet captures on the DMZ 144 interface of the ASA.   I cannot see similar traffic in captures on the DMZ211 interface (although I can see traffic sent to DMZ211 if it is sourced from 10.2.1.0/24 - ie when it uses VPN1)
    Nat exemption is configured for both 192.168.1.0/24 and 10.2.1.0/24.
    There is a route to both customer subnets via the same next hop.
    There is nothing in the logs toindicate that traffic from 192.168.1.0/24 is being dropped
    I suspect that this may be an issue on the customer end, but I'd like to be able to prove that.   Specifically, I would really like to be able to capture traffic destined to DMZ 211 on the isp interface of the firewall after it has been decrypted - I don't know if this can be done however, and I haven'treally found a good way to prove or disprove that VPN traffic from 192.168.1.0/24 to DMZ211 is arriving at the isp interface of my ASA, and to show what's happening to that traffic after it arrives.
    Here is the relevant vpn configuration:
    crypto map MY_CRYPTO_MAP 90 match address VPN_2
    crypto map MY_CRYPTO_MAP 90 set peer 217.154.147.221
    crypto map MY_CRYPTO_MAP 90 set transform-set 3dessha
    crypto map MY_CRYPTO_MAP 90 set security-association lifetime seconds 86400
    crypto map MY_CRYPTO_MAP 100 match address VPN_1
    crypto map MY_CRYPTO_MAP 100 set peer 193.108.169.48
    crypto map MY_CRYPTO_MAP 100 set transform-set 3dessha
    crypto map MY_CRYPTO_MAP 100 set security-association lifetime seconds 86400
    crypto map MY_CRYPTO_MAP interface isp
    ASA# sh access-list VPN_2
    access-list VPN_2; 6 elements; name hash: 0xa902d2f4
    access-list VPN_2 line 1 extended permit ip object-group VPN_2_NETS 192.168.1.0 255.255.255.0 0x56c7fb8f
      access-list VPN_2 line 1 extended permit ip 192.168.144.0 255.255.255.0 192.168.1.0 255.255.255.0 (hitcnt=45) 0x93b6dc21
      access-list VPN_2 line 1 extended permit ip 192.168.211.0 255.255.255.0 192.168.1.0 255.255.255.0 (hitcnt=6) 0x0abf7bb9
      access-list VPN_2 line 1 extended permit ip host 192.168.146.29 192.168.1.0 255.255.255.0 (hitcnt=8) 0xcc48a56e
    ASA# sh access-list VPN_1
    access-list VPN_1; 3 elements; name hash: 0x30168cce
    access-list VPN_1 line 1 extended permit ip 192.168.144.0 255.255.252.0 10.2.1.0 255.255.255.0 (hitcnt=6) 0x61759554
    access-list VPN_1 line 2 extended permit ip 192.168.211.0 255.255.255.0 10.2.1.0 255.255.255.0 (hitcnt=3) 0xa602c97c
    access-list VPN_1 line 3 extended permit ip host 192.168.146.29 10.2.1.0 255.255.255.0 (hitcnt=0) 0x7b9f32e3
    nat (dmz144) 0 access-list nonatdmz144
    nat (dmz211) 0 access-list nonatdmz211
    ASA# sh access-list nonatdmz144
    access-list nonatdmz144; 5 elements; name hash: 0xbf28538e
    access-list nonatdmz144 line 1 extended permit ip 192.168.144.0 255.255.255.0 192.168.0.0 255.255.0.0 (hitcnt=0) 0x20121683
    access-list nonatdmz144 line 2 extended permit ip 192.168.144.0 255.255.255.0 172.28.2.0 255.255.254.0 (hitcnt=0) 0xbc8ab4f1
    access-list nonatdmz144 line 3 extended permit ip 192.168.144.0 255.255.255.0 194.97.141.160 255.255.255.224 (hitcnt=0) 0xce869e1e
    access-list nonatdmz144 line 4 extended permit ip 192.168.144.0 255.255.255.0 172.30.0.0 255.255.240.0 (hitcnt=0) 0xd3ec5035
    access-list nonatdmz144 line 5 extended permit ip 192.168.144.0 255.255.255.0 10.2.1.0 255.255.255.0 (hitcnt=0) 0x4c9cc781
    ASA# sh access-list nonatdmz211 | in 192.168\.1\.
    access-list nonatdmz1 line 3 extended permit ip 192.168.211.0 255.255.255.0 192.168.1.0 255.255.255.0 (hitcnt=0) 0x2bbfcfdd
    ASA# sh access-list nonatdmz211 | in 10.2.1.
    access-list nonatdmz1 line 4 extended permit ip 192.168.211.0 255.255.255.0 10.2.1.0 255.255.255.0 (hitcnt=0) 0x8a836d91
    route isp 192.168.1.0 255.255.255.0 137.191.234.33 1
    route isp 10.2.1.0 255.255.255.0 137.191.234.33 1
    Thanks in advance to anyone who gets this far!

    Darragh
    Clearing the counters was a good idea. If the counter is not incrementing and if ping from the remote side is not causing the VPN to come up it certainly confirms that something is not working right.
    It might be interesting to wait till the SAs time out and go inactive and then test again with the ping from the remote subnet that is not working. Turn on debug for ISAKMP and see if there is any attempt to negotiate. Especially if you do not receive any attempt to initiate ISAKMP from then then that would be one way to show that there is a problem on the remote side.
    Certainly the ASA does have the ability to do packet capture. I have used that capability and it can be quite helpful. I have not tried to do a capture on the outside interface for incoming VPN traffic and so am not sure whether you would be capturing the encrypted packet or the de-encrypted packet. You can configure an access list to identify traffic to capture and I guess that you could write an access list that included both the peer addresses as source and destination to capture the encrypted traffic and entries that were the un-encrypted source and destination subnets to capture traffic after de-encryption.
    HTH
    Rick

  • Mac Mini Server VPN Issues - Driving me insane

    Mac Mini Late 2012
    Late 2012
    Software  OS X 10.8.2 (12C2034)
    Server Version 2.2(166)
    Previous Issues experiencing: Before i rang apple support and spoke with enterprise support i had no luck at all for weeks getting the VPN connected.
    After calling support it seemed to have something to do with my useraccount - Guided through the process of creating new dummy account and trying to connect then. Which sssucceeded..!!!
    However. Back on my main account and deleting other user accounts im facing great difficulty setting up a VPN for the purpose of a VPN.
    The issue now is: Once i get connected to my mac successfully from my iPhone using the VPN server all is good to go.
    However. WHen i restart my computer (For testing purposes this was done) When the MacOS boots up again I have to relog into the Server app. Resign into the program, THen try and reconnect my VPN (WHich will be impossible to do if im out of the country). But it doesnt end there. I keep having to reisue a new Shared Password. FOr testing i Used 1234abcd. Got a good connection - Proceeded with restart and then had to change 12345abcd.
    So i have tested this well over 50 times. Trying to find a solution.
    In summary: Everytime i use the MAC Mini Server, I have to.
    1 Auto login.
    2 Repopen the Server.app even though i have enabled it to autostart.
    3. Log into the server app (Not another networks Server)
    4 Change my shared password
    5 Try and reconnect and pray it works.
    Whats the quick fix for this. Its driving me insain and honestly making this a 1000$ peice of junk. Its hopeless regarding a server. I want it to be completely operational when i leave the country. My server is designed to Shut on and off between down times (Night Times) when i wake up i jsut want to be able to reconnect via a VPN and no issues, be on my way with life. Not having to wory about remote logging into the PC to then reset up the server.
    Any help please!

    I sometimes get this same message window or a VPN Not Authorized window after rebooting my server. I have the Mac Mini late-2012 base model running OS X Server. When I do, I just try reconnecting and after no more than 3 attempts a connection is made either by my rMBP or my iPhone5.
    I leave my server running 24/7 and I rarely get either of the two messages mentioned above.
    You shouldn't need to open the Server.app unless you need to manage services. The Server services you configured should start everytime you restart. I have the Server.app icon on my Dock, but I do not launch it automatically. I manually click to launch it when I need to manage the Server, Accounts or Services.

  • SQL Query Group By Issues - Urgent

    I currently have an issue writing a pl\sql report, I can get part of the way to the results I want but the group by clause is causing problems, because I have to add more columns to the group by, dispersing the figures further, I have tried it with coalesce for each of the task types but I still get the same results, I am getting close to the results I need but not quite there yet. I would really appreciate it if someone could take at look at this for me as it is an urgent requirement.
    The report is based on the tables similar to the following:
    TASKS, ORGANISATIONS, POSITIONS
    A position is a member of an organisation.
    A task has a position assigned to it.
    The SQL for the tables and to insert the data that would produce the report is detailed below:
    CREATE TABLE TASKS
    (     TASK_ID NUMBER NOT NULL ENABLE,
         TASK_TYPE VARCHAR2 (15 BYTE) NOT NULL ENABLE,
         STATUS VARCHAR2 (15 BYTE) NOT NULL ENABLE,
         POS_ID NUMBER NOT NULL ENABLE,
         CONSTRAINT TASKS_PK PRIMARY KEY (TASK_ID));
    CREATE TABLE ORGANISATIONS
    (     ORG_ID NUMBER NOT NULL ENABLE,
         ORG_NAME VARCHAR2 (15 BYTE) NOT NULL ENABLE,
         CONSTRAINT ORGANISATIONS_PK PRIMARY KEY (ORG_ID));
    CREATE TABLE POSITIONS
    (     POS_ID NUMBER NOT NULL ENABLE,
         POS_NAME VARCHAR2 (25 BYTE) NOT NULL ENABLE,
         ORG_ID NUMBER NOT NULL ENABLE,
         CONSTRAINT POSITIONS_PK PRIMARY KEY (POS_ID));
    INSERT INTO ORGANISATIONS (ORG_ID, ORG_NAME) VALUES (1,'ABC');
    INSERT INTO ORGANISATIONS (ORG_ID, ORG_NAME) VALUES (2,'DEF');
    INSERT INTO ORGANISATIONS (ORG_ID, ORG_NAME) VALUES (3,'EFG');
    INSERT INTO POSITIONS (POS_ID, POS_NAME, ORG_ID) VALUES (1,'ABC-1', 1);
    INSERT INTO POSITIONS (POS_ID, POS_NAME, ORG_ID) VALUES (3,'ABC-2', 1);
    INSERT INTO POSITIONS (POS_ID, POS_NAME, ORG_ID) VALUES (2,'ABC-3', 1);
    INSERT INTO POSITIONS (POS_ID, POS_NAME, ORG_ID) VALUES (5,'DEF-2', 2);
    INSERT INTO POSITIONS (POS_ID, POS_NAME, ORG_ID) VALUES (4,'DEF-1', 2);
    INSERT INTO POSITIONS (POS_ID, POS_NAME, ORG_ID) VALUES (7,'EFG-1', 3);
    INSERT INTO TASKS (TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (12,'TASK_TYPE_3','LIVE',3);
    INSERT INTO TASKS (TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (11,'TASK_TYPE_2','LIVE',3);
    INSERT INTO TASKS (TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (10,'TASK_TYPE_2','LIVE',2);
    INSERT INTO TASKS (TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (9,'TASK_TYPE_2','LIVE',2);
    INSERT INTO TASKS (TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (8,'TASK_TYPE_1','LIVE',3);
    INSERT INTO TASKS (TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (7,'TASK_TYPE_1','LIVE',3);
    INSERT INTO TASKS (TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (6,'TASK_TYPE_1','LIVE',3);
    INSERT INTO TASKS (TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (5,'TASK_TYPE_1','LIVE',3);
    INSERT INTO TASKS (TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (4,'TASK_TYPE_1','LIVE',2);
    INSERT INTO TASKS (TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (3,'TASK_TYPE_3','LIVE',1);
    INSERT INTO TASKS (TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (2,'TASK_TYPE_1','LIVE',1);
    INSERT INTO TASKS (TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (1,'TASK_TYPE_1','LIVE',1);
    INSERT INTO TASKS (TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (13,'TASK_TYPE_3','LIVE',3);
    The report should detail the following information based on the information in the tables:
    1st Column
    Organisation
    ABC
    DEF
    EFG
    2nd Column
    No. of Positions in Organsiation
    3
    2
    1
    With total of the number of people in all of the organisation 6
    3rd Column
    Number of tasks assigned to the organisation of task type1
    2
    1
    4
    4th Column
    Number of tasks assigned to the organisation of task type 2
    0
    2
    1
    5th Column
    Number of tasks assigned to the organisation of task type 3
    1
    0
    2
    Total no of tasks assigned to the Organisation
    3
    3
    7
    Message was edited by:
    Suzy_r_82
    Message was edited by:
    Suzy_r_82

    Hi,
    Apologies, my insert statements where incorrect, if you try the data below instead it should give you output I was expecting
    INSERT INTO TASKS( TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (1,'TASK_TYPE_1', 'LIVE',1);
    INSERT INTO TASKS( TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (2,'TASK_TYPE_1', 'LIVE',2);
    INSERT INTO TASKS( TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (3,'TASK_TYPE_1', 'LIVE',5);
    INSERT INTO TASKS( TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (4,'TASK_TYPE_1', 'LIVE',7);
    INSERT INTO TASKS( TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (5,'TASK_TYPE_1', 'LIVE',7);
    INSERT INTO TASKS( TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (6,'TASK_TYPE_1', 'LIVE',7);
    INSERT INTO TASKS( TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (7,'TASK_TYPE_1', 'LIVE',7);
    INSERT INTO TASKS( TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (8,'TASK_TYPE_2', 'LIVE',4);
    INSERT INTO TASKS( TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (9,'TASK_TYPE_2', 'LIVE',5);
    INSERT INTO TASKS( TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (10,'TASK_TYPE_3', 'LIVE',1);
    INSERT INTO TASKS( TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (11,'TASK_TYPE_3', 'LIVE',7);
    INSERT INTO TASKS( TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (12,'TASK_TYPE_2', 'LIVE',7);
    INSERT INTO TASKS( TASK_ID, TASK_TYPE, STATUS, POS_ID) VALUES (13,'TASK_TYPE_3', 'LIVE',7);
    The results I would like are
    ORG    No. of Pos     No of Task    No of Task     No of Task     Total no
               In Org           Type1 for      Type2 for        Type3 for       of Tasks
                                   Org             Org                Org               for Org
    ABC        3                   2                 0                   1                   3
    DEF        2                   1                 2                   0                   3
    EFG        1                   4                 1                   2                   7
    Total        6The results I get are multiple lines for each organisation, I would like to rollup these lines so I can have one line per organisation.
    Hope this helps a bit more, I appreciate the help, let me know if you need more information
    Thanks
    Suzy

  • F3507g mobile broadband driver - Windows 7 - and Cisco Vpn issue

    Hi All,
    After 3 days trying to install / update latest drivers on my X200/ Windows 7 / 32b, it seems now that my F3507g is now installed correctly…
    I can go the a connection over internet and ping some servers BUT when I initiate my Cisco Vpn, ( working perfectly with my Ethernet connection and my Wifi 5300 AGN ) the connection is ok but no incoming or outgoing traffic !!!
    Any idea on how to solve that issue ?

    Yes, this is a problem with the IPSEC VPN NDIS driver binding your Mobile Broadband driver. You need to read this article and it is explains why and how to work around this issue:
    http://www.customsoftwareframeworks.com/blog/fix-vpn-problems-cellular-win7
    Good luck 

Maybe you are looking for

  • How to change the column order in OVS - NOT USING Enhancement Pack 1

    Hi Guys, we are currently using NWDS 7.1. I cannot seem to chang the order of the columns when the OVS pops up.  We have tried to change the order of the fileds of the custom SAP BAPI that is used for this OVS but no success. Please advise on possibl

  • RMAN-06908

    Hi All! DB version 10.2.0.4 (Standard edition) on Windows 2008 64-bit I'm testing RMAN configuration & using the following script: run allocate channel ch1 device type disk format = 'E:\rman\backup\%U'; allocate channel ch2 device type disk format =

  • Printing out of CS5 on Epson R3000 prints light cyan and grey background

    I have an Imac with Mountain Lion, CS5 and have just replaced my Epson R2400 with an R3000. Now the white background round the image is covered in small cyan and light grey dots. If the image fills the paper, then the margin is affected. But when try

  • Highlight all Textarea text

    Hi Guys I have several text areas in a VBox called documentContainer. Now, what I want to do is when a user presses the "a" button the text in all the textareas is selected. I have managed to get it to partially work in that it'll select all the text

  • Keithley pci pio 24 conversion LV 5.0 - 2010

    Hey, Could someone convert the libraries in the attachment from Labview 5.0 to Labview 2010? Thanks, Rob Attachments: Keithley PCI PIO 24.zip ‏3777 KB