VPN not working after adding subinterface - ASA 5510

Similar Messages

• Autocomplete does not work after adding controller to LOV

  Hi experts ,
  Autocomplete does not work after adding controller to LOV Region, i have checked the fnd_compatialbe mode it is fine.validation proprty is also false, stilll it is not working.
  can anyone help me its very urgent
  regards
  vamsi

  Hi Tapash,
  This resolved the problem. Many thanks for your help with this it has been driving me mad for the last few days.
  I could not understand why the standard Apps LOV regions had controller's attached to them and the autocomplete would function but with my pages it would not.
  I actually raised a TAR about this and got nothing back so have updated it with the resolution.
  Thanks again.
  Regards,
  David

• VPN not working after upgrading to Mavericks

  After upgrading to OS X 10.9 Mavericks - VPN not working. I am able to connect to VPN server fron inside local network, but can't do the same from outside through the router (1. I have statis external IP 2. NAT port forwarding is OK 3. Other services on my server work fine through router & NAT using external IP).
  Tried:
  1. Downgrading JAVA from 7.0: https://discussions.apple.com/message/23673943#23673943  - doesn't help
  2. kern.ipc.maxsockbuf is big enough: https://discussions.apple.com/message/23525980#23525980
  Also, IMHO, Apple periodically delete messages from forum about this problem, does anyone else has teh same feeling?
  Any thoughts?

  After upgrading to OS X 10.9 Mavericks - VPN not working. I am able to connect to VPN server fron inside local network, but can't do the same from outside through the router (1. I have statis external IP 2. NAT port forwarding is OK 3. Other services on my server work fine through router & NAT using external IP).
  Tried:
  1. Downgrading JAVA from 7.0: https://discussions.apple.com/message/23673943#23673943  - doesn't help
  2. kern.ipc.maxsockbuf is big enough: https://discussions.apple.com/message/23525980#23525980
  Also, IMHO, Apple periodically delete messages from forum about this problem, does anyone else has teh same feeling?
  Any thoughts?

• [Solved] NetworkManager-pptp VPN not working after update to 0.9.10

  Hello,
  I have a PPTP VPN set up and it's been working for a long time.  However, after I updated last night to networkmanager-0.9.10, it is no longer able to connect to the remote network.  I can activate the VPN connection, enter my password, but after a short period of time, the connection reports:  "Error: Connection activation failed: the VPN service returned invalid configuration."  As I mentioned before, this VPN was working right before the update and I didn't change the configuration on either my computer or the destination network so I'm pretty sure that this is something to do with the update.  I'm wondering if anybody else has run into this problem and if they've been able to find a solution.  I've been searching all over these forums and the internet for some hours now and I haven't found anything yet.  I'm hoping that somebody might be able to point me in the right direction or maybe know of something that might have changed with the new update.
  Here is my VPN configuration (using NetworkManager-PPTP.  I've also obscured the public IP address):
  [connection]
  id=MyVPN
  uuid=fe6e6265-1a79-4a69-b6d1-8b47e9d4c948
  type=vpn
  permissions=user:greyseal96:;
  autoconnect=false
  timestamp=1408950986
  [vpn]
  service-type=org.freedesktop.NetworkManager.pptp
  gateway=192.168.146.114
  require-mppe=yes
  user=greyseal96
  password-flags=3
  [ipv6]
  method=auto
  [ipv4]
  method=auto
  route1=10.17.0.0/16,10.17.1.1,1
  never-default=true
  Here are my logs during the time that I tried to connect:
  Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> Starting VPN service 'pptp'...
  Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 1938
  Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' appeared; activating connections
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (ConnectInteractive) reply received.
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN plugin state changed: starting (3)
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: pppd started with pid 1945
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (Connect) reply received.
  Aug 24 23:44:21 MyArchBox pppd[1945]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
  Aug 24 23:44:21 MyArchBox pppd[1945]: pppd 2.4.6 started by root, uid 0
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
  Aug 24 23:44:21 MyArchBox pppd[1945]: Using interface ppp0
  Aug 24 23:44:21 MyArchBox pppd[1945]: Connect: ppp0 <--> /dev/pts/2
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: Using interface ppp0
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: Connect: ppp0 <--> /dev/pts/2
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 10)
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/9
  Aug 24 23:44:21 MyArchBox pptp[1947]: nm-pptp-service-1938 log[main:pptp.c:333]: The synchronous pptp option is NOT activated
  Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
  Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:758]: Received Start Control Connection Reply
  Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:792]: Client connection established.
  Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
  Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:877]: Received Outgoing Call Reply.
  Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:916]: Outgoing call established (call ID 0, peer's call ID 50048).
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 6 / phase 'authenticate'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (get_credentials): passwd-hook, requesting credentials...
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (get_credentials): got credentials from NetworkManager-pptp
  Aug 24 23:44:25 MyArchBox pppd[1945]: CHAP authentication succeeded
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: CHAP authentication succeeded
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 8 / phase 'network'
  Aug 24 23:44:25 MyArchBox pppd[1945]: MPPE 128-bit stateless compression enabled
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: MPPE 128-bit stateless compression enabled
  Aug 24 23:44:25 MyArchBox pppd[1945]: Cannot determine ethernet address for proxy ARP
  Aug 24 23:44:25 MyArchBox pppd[1945]: local  IP address 10.17.10.3
  Aug 24 23:44:25 MyArchBox pppd[1945]: remote IP address 10.17.10.1
  Aug 24 23:44:25 MyArchBox pppd[1945]: primary   DNS address 10.17.2.22
  Aug 24 23:44:25 MyArchBox pppd[1945]: secondary DNS address 10.17.2.23
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (IP4 Config Get) reply received from old-style plugin.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> VPN Gateway: 192.168.146.114
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Tunnel Device: ppp0
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> IPv4 configuration:
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal Address: 10.17.10.3
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal Prefix: 32
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal Point-to-Point Address: 10.17.10.1
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Maximum Segment Size (MSS): 0
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Static Route: 10.17.0.0/16   Next Hop: 10.17.1.1
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Forbid Default Route: yes
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal DNS: 10.17.2.22
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal DNS: 10.17.2.23
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   DNS Domain: '(none)'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> No IPv6 configuration
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.481618] [platform/nm-linux-platform.c:1716] add_object(): Netlink error adding 10.17.0.0/16 via 10.17.1.1 dev ppp0 metric 1 mss 0 src user: Unspecific failure
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <warn> VPN connection 'MyVPN' did not receive valid IP config information.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Cannot determine ethernet address for proxy ARP
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: local  IP address 10.17.10.3
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: remote IP address 10.17.10.1
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: primary   DNS address 10.17.2.22
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: secondary DNS address 10.17.2.23
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 9 / phase 'running'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_ip_up): ip-up event
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_ip_up): sending Ip4Config to NetworkManager-pptp...
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: PPTP service (IP Config Get) reply received.
  Aug 24 23:44:25 MyArchBox pppd[1945]: Terminating on signal 15
  Aug 24 23:44:25 MyArchBox pppd[1945]: Modem hangup
  Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[callmgr_main:pptp_callmgr.c:245]: Closing connection (unhandled)
  Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 12 'Call-Clear-Request'
  Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[call_callback:pptp_callmgr.c:84]: Closing connection (call state)
  Aug 24 23:44:25 MyArchBox pppd[1945]: Connect time 0.0 minutes.
  Aug 24 23:44:25 MyArchBox pppd[1945]: Sent 0 bytes, received 0 bytes.
  Aug 24 23:44:25 MyArchBox pppd[1945]: MPPE disabled
  Aug 24 23:44:25 MyArchBox pppd[1945]: Connection terminated.
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: inet 10.17.0.0/16 table main
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: priority 0x1 protocol static
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: nexthop via 10.17.1.1 dev 10
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.487073] [platform/nm-linux-platform.c:2252] link_change(): Netlink error changing link 10:  <DOWN> mtu 0 (1) driver 'unknown' udi '/sys/devices/virtual/net/ppp0': No such device
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.487153] [platform/nm-linux-platform.c:1777] delete_object(): Netlink error deleting 10.17.10.3/32 lft forever pref forever lifetime 1862-0[4294967295,4294967295] dev ppp0 src kernel: No such device (-31)
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: Terminated ppp daemon with PID 1945.
  Aug 24 23:44:25 MyArchBox kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Terminating on signal 15
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Modem hangup
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 8 / phase 'network'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Connect time 0.0 minutes.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Sent 0 bytes, received 0 bytes.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: MPPE disabled
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 10 / phase 'terminate'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Connection terminated.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
  Aug 24 23:44:25 MyArchBox pppd[1945]: Exit.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** (nm-pptp-service:1938): WARNING **: pppd exited with error code 16
  Aug 24 23:44:45 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' disappeared
  If you've gotten this far, thank you for taking the time to read through all this!  Any help that you can give would be much appreciated.
  Last edited by greyseal96 (2014-08-27 15:20:02)

  Hmm, not sure about the 3.16 series kernel, but I found that when I upgraded to kernel 3.18 the PPTP VPN also stopped working.  This time, though, it was because, for some reason, there was a change in kernel 3.18 where the firewall kernel modules necessary for the VPN don't get loaded so the firewall won't allow some of the PPTP traffic from the remote side back in.  Since the firewall is stateful, these modules need to be loaded so that the firewall can know that the incoming PPTP traffic from the remote side is part of an existing connection.  Here's what my network manager logs looked like:
  NetworkManager[619]: <info> Starting VPN service 'pptp'...
  NetworkManager[619]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 31139
  NetworkManager[619]: <info> VPN service 'pptp' appeared; activating connections
  NetworkManager[619]: <info> VPN connection 'MyVPN' (ConnectInteractive) reply received.
  NetworkManager[619]: <info> VPN plugin state changed: starting (3)
  NetworkManager[619]: ** Message: pppd started with pid 31148
  NetworkManager[619]: <info> VPN connection 'MyVPN' (Connect) reply received.
  pppd[31148]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
  NetworkManager[619]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
  pppd[31148]: pppd 2.4.7 started by root, uid 0
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
  pppd[31148]: Using interface ppp0
  pppd[31148]: Connect: ppp0 <--> /dev/pts/5
  NetworkManager[619]: Using interface ppp0
  NetworkManager[619]: Connect: ppp0 <--> /dev/pts/5
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
  NetworkManager[619]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 7)
  NetworkManager[619]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/6
  pptp[31150]: nm-pptp-service-31139 log[main:pptp.c:333]: The synchronous pptp option is NOT activated
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:758]: Received Start Control Connection Reply
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:792]: Client connection established.
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:877]: Received Outgoing Call Reply.
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:916]: Outgoing call established (call ID 0, peer's call ID 25344).
  pppd[31148]: LCP: timeout sending Config-Requests <===HERE IS WHERE THE CONNECTION FAILS BECAUSE THE MODULES AREN'T LOADED.
  pppd[31148]: Connection terminated.
  NetworkManager[619]: LCP: timeout sending Config-Requests
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
  NetworkManager[619]: Connection terminated.
  NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
  pppd[31148]: Modem hangup
  pppd[31148]: Exit.
  NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
  NetworkManager[619]: Modem hangup
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
  NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
  NetworkManager[619]: <info> VPN plugin state changed: stopped (6)
  NetworkManager[619]: <info> VPN plugin state change reason: unknown (0)
  NetworkManager[619]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
  NetworkManager[619]: ** (nm-pptp-service:31139): WARNING **: pppd exited with error code 16
  NetworkManager[619]: <info> VPN service 'pptp' disappeared
  To fix this, I had to add a file to the /etc/modules-load.d directory to have the modules loaded into the kernel at boot.  I just created a file called netfilter.conf and put the following in it:
  nf_nat_pptp
  nf_conntrack_pptp
  nf_conntrack_proto_gre
  Not sure if this addresses your problem or not, but maybe it's worth a look.

• VPN not working after Update from SLS to MLS

  Hi folks,
  last weekend I updated my Snow Leopard Server following the suggested procedure, installed first Mountain Lion and then OS X Server. Now I have a problem.
  Setup:
  - Macmini Server located  in my private LAN, running SLS as a virtual machine (VMware)
  - connected to the Internet via an AVM FritzBox 7270
  For HTTP (80) and VPN (500, 1701 and 4500) the ports are forwarded to the virtual machine - everything was working well before the update (access to Website & VPN from both internal and external). The VPN connection is used either with an iPhoen or with my Macbook pro.
  The website is still working like expected. VPN service is not working properly anymore. I can access it from internal, but not from external.
  So, to make it clear, nothing but the server OS changed in the setup.
  Any ideas? Changed ports from 10.6 to 10.8?
  Thanks in advance,
  Andre
  (err, and YES, I have a snapshot of 10.6. - if I revert it's working again, but this can't be the solution)

  Hi all,
  to point out the difference, this is what the logs say....
  Connecting from internal, VPN success:
  21.06.13 18:12:13,880
  racoon[226]
  IPSec Phase1 started (Initiated by peer).
  21.06.13 18:12:13,882
  racoon[226]
  IKE Packet: receive success. (Responder, Main-Mode message 1).
  21.06.13 18:12:13,883
  racoon[226]
  IKE Packet: transmit success. (Responder, Main-Mode message 2).
  21.06.13 18:12:13,921
  racoon[226]
  IKE Packet: receive success. (Responder, Main-Mode message 3).
  21.06.13 18:12:13,942
  racoon[226]
  IKE Packet: transmit success. (Responder, Main-Mode message 4).
  21.06.13 18:12:13,969
  racoon[226]
  IKEv1 Phase1 AUTH: success. (Responder, Main-Mode Message 5).
  21.06.13 18:12:13,969
  racoon[226]
  IKE Packet: receive success. (Responder, Main-Mode message 5).
  21.06.13 18:12:13,970
  racoon[226]
  IKEv1 Phase1 Responder: success. (Responder, Main-Mode).
  21.06.13 18:12:13,970
  racoon[226]
  IKE Packet: transmit success. (Responder, Main-Mode message 6).
  21.06.13 18:12:13,970
  racoon[226]
  IPSec Phase1 established (Initiated by peer).
  21.06.13 18:12:14,881
  racoon[226]
  IPSec Phase2 started (Initiated by peer).
  21.06.13 18:12:14,881
  racoon[226]
  IKE Packet: receive success. (Responder, Quick-Mode message 1).
  21.06.13 18:12:14,881
  racoon[226]
  IKE Packet: transmit success. (Responder, Quick-Mode message 2).
  21.06.13 18:12:14,885
  racoon[226]
  IKE Packet: receive success. (Responder, Quick-Mode message 3).
  21.06.13 18:12:14,886
  racoon[226]
  IKEv1 Phase2 Responder: success. (Responder, Quick-Mode).
  21.06.13 18:12:14,886
  racoon[226]
  IPSec Phase2 established (Initiated by peer).
  21.06.13 18:12:14,890
  vpnd[1210]
  Incoming call... Address given to client = 192.168.0.203
  21.06.13 18:12:14,918
  pppd[1371]
  pppd 2.4.2 (Apple version 596.13) started by root, uid 0
  21.06.13 18:12:14,923
  pppd[1371]
  L2TP incoming call in progress from '192.168.0.117'...
  21.06.13 18:12:14,931
  pppd[1371]
  L2TP connection established.
  21.06.13 18:12:14,935
  pppd[1371]
  Connect: ppp1 <--> socket[34:18]
  21.06.13 18:12:14,944
  UserEventAgent[17]
  Captive: [mySCCopyWiFiDevices:162] WiFi Device Name == NULL
  21.06.13 18:12:15,036
  pppd[1371]
  CHAP peer authentication succeeded for <username>
  21.06.13 18:12:15,042
  pppd[1371]
  DSAccessControl plugin: User '<username>' authorized for access
  21.06.13 18:12:15,052
  pppd[1371]
  Unsupported protocol 0x8057 received
  21.06.13 18:12:15,058
  pppd[1256]
  l2tp_wait_input: Address added. previous interface setting (name: en0, address: 192.168.0.103), current interface setting (name: ppp1, family: PPP, address: 192.168.0.103, subnet: 255.255.255.0, destination: 192.168.0.203).
  21.06.13 18:12:15,058
  pppd[1371]
  local  IP address 192.168.0.103
  21.06.13 18:12:15,059
  pppd[1371]
  remote IP address 192.168.0.203
  21.06.13 18:12:15,061
  pppd[1371]
  l2tp_wait_input: Address added. previous interface setting (name: en0, address: 192.168.0.103), current interface setting (name: ppp1, family: PPP, address: 192.168.0.103, subnet: 255.255.255.0, destination: 192.168.0.203).
  21.06.13 18:12:15,068
  configd[21]
  network changed: v4(en0:192.168.0.103, ppp0, ppp1+:192.168.0.103) DNS* Proxy SMB
  21.06.13 18:12:17,102
  apsd[466]
  Certificate not yet generated
  21.06.13 18:12:18,103
  apsd[466]
  Certificate not yet generated
  21.06.13 18:12:19,004
  apsd[466]
  Couldn't find cert in response dict
  21.06.13 18:12:19,006
  apsd[466]
  Failed to get client cert on attempt 11, will retry in 900 seconds
  21.06.13 18:12:19,066
  racoon[226]
  IKE Packet: transmit success. (Information message).
  21.06.13 18:12:19,067
  racoon[226]
  IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA).
  21.06.13 18:12:19,120
  apsd[466]
  Certificate not yet generated
  21.06.13 18:12:21,802
  pppd[1256]
  l2tp_wait_input: Address deleted. previous interface setting (name: en0, address: 192.168.0.103), deleted interface setting (name: ppp1, family: PPP, address: 192.168.0.103, subnet: 255.255.255.0, destination: 192.168.0.203).
  21.06.13 18:12:21,817
  pppd[1371]
  l2tp_wait_input: Address deleted. previous interface setting (name: en0, address: 192.168.0.103), deleted interface setting (name: ppp1, family: PPP, address: 192.168.0.103, subnet: 255.255.255.0, destination: 192.168.0.203).
  21.06.13 18:12:21,822
  configd[21]
  network changed: v4(en0:192.168.0.103, ppp0, ppp1-:192.168.0.103) DNS* Proxy SMB
  21.06.13 18:12:21,981
  pppd[1371]
  Fatal signal 6
  21.06.13 18:12:21,982
  racoon[226]
  IKE Packet: receive success. (Information message).
  21.06.13 18:12:22,011
  vpnd[1210]
     --> Client with address = 192.168.0.203 has hungup
  21.06.13 18:12:22,022
  UserEventAgent[17]
  Captive: [mySCCopyWiFiDevices:162] WiFi Device Name == NULL
  21.06.13 18:12:23,837
  apsd[466]
  Certificate not yet generated
  21.06.13 18:12:23,839
  apsd[466]
  Certificate not yet generated
  21.06.13 18:12:25,148
  apsd[466]
  Couldn't find cert in response dict
  21.06.13 18:12:25,148
  apsd[466]
  Failed to get client cert on attempt 12, will retry in 900 seconds
  21.06.13 18:12:25,845
  apsd[466]
  Certificate not yet generated
  Connecting from external, VPN fail:
  21.06.13 18:10:52,533
  racoon[226]
  Connecting.
  21.06.13 18:10:52,533
  racoon[226]
  IPSec Phase1 started (Initiated by peer).
  21.06.13 18:10:52,535
  racoon[226]
  IKE Packet: receive success. (Responder, Main-Mode message 1).
  21.06.13 18:10:52,536
  racoon[226]
  IKE Packet: transmit success. (Responder, Main-Mode message 2).
  21.06.13 18:10:52,692
  racoon[226]
  IKE Packet: receive success. (Responder, Main-Mode message 3).
  21.06.13 18:10:52,713
  racoon[226]
  IKE Packet: transmit success. (Responder, Main-Mode message 4).
  21.06.13 18:10:52,882
  racoon[226]
  IKEv1 Phase1 AUTH: success. (Responder, Main-Mode Message 5).
  21.06.13 18:10:52,882
  racoon[226]
  IKE Packet: receive success. (Responder, Main-Mode message 5).
  21.06.13 18:10:52,882
  racoon[226]
  IKEv1 Phase1 Responder: success. (Responder, Main-Mode).
  21.06.13 18:10:52,883
  racoon[226]
  IKE Packet: transmit success. (Responder, Main-Mode message 6).
  21.06.13 18:10:52,883
  racoon[226]
  IPSec Phase1 established (Initiated by peer).
  21.06.13 18:10:53,412
  racoon[226]
  Connecting.
  21.06.13 18:10:53,413
  racoon[226]
  IPSec Phase2 started (Initiated by peer).
  21.06.13 18:10:53,413
  racoon[226]
  IKE Packet: receive success. (Responder, Quick-Mode message 1).
  21.06.13 18:10:53,414
  racoon[226]
  IKE Packet: transmit success. (Responder, Quick-Mode message 2).
  21.06.13 18:10:53,531
  racoon[226]
  IKE Packet: receive success. (Responder, Quick-Mode message 3).
  21.06.13 18:10:53,532
  racoon[226]
  IKEv1 Phase2 Responder: success. (Responder, Quick-Mode).
  21.06.13 18:10:53,532
  racoon[226]
  IPSec Phase2 established (Initiated by peer).
  21.06.13 18:11:13,643
  racoon[226]
  IKE Packet: receive success. (Information message).
  21.06.13 18:11:13,671
  racoon[226]
  IKE Packet: receive success. (Information message).
  Hope you see more than me and can help... :-(

• Remote LAN Name Resolution on VPN not working after upgrading to iOS8

  Has anyone come across the problem since upgrading to iOS8 where remote LAN name resolution does not work when connected to the remote LAN with VPN.  Everything worked fine on iOS7 and continues to work okay on devices that have not been upgraded.
  If I'm connected with WiFi on the local network, I am able to resolve the FQDN to a local IP address.  The problem arises when I'm away from the office, on either LTE or another WiFi and I start a VPN connection to the office.  The VPN connects without any problems.  If I try to connect to a desktop with the FQDN it never connects.  I will work if I connect with the IP address.  If I try to do an nslookup of the FQDN, I don't get a response.  I am however able to get a response when performing an nslookup for google.com.
  The VPN we are using is PPTP to a Windows network.

  Has anyone come across the problem since upgrading to iOS8 where remote LAN name resolution does not work when connected to the remote LAN with VPN.  Everything worked fine on iOS7 and continues to work okay on devices that have not been upgraded.
  If I'm connected with WiFi on the local network, I am able to resolve the FQDN to a local IP address.  The problem arises when I'm away from the office, on either LTE or another WiFi and I start a VPN connection to the office.  The VPN connects without any problems.  If I try to connect to a desktop with the FQDN it never connects.  I will work if I connect with the IP address.  If I try to do an nslookup of the FQDN, I don't get a response.  I am however able to get a response when performing an nslookup for google.com.
  The VPN we are using is PPTP to a Windows network.

• ASA5510 VPN not working after upgrade from 8.2 to 8.3

  Hi,
  I have recently upgraded a customer ASA5510 to version 8.3.
  After upgrade web access etc is working fine however VPN is down.
  The config looks very different after the upgrade plus what looks to be duplicate entries.
  I suspect its an access list issue but I'm not sure.
  If anyone has any ideas based on the config below it would be greatly appreciated as I'm at a loss....?!
  hostname ciscoasa
  domain-name default.domain.invalid
  enable password NvZgxFP5WhDo0hQl encrypted
  passwd FNeDAwBbhVaOtVAu encrypted
  names
  dns-guard
  interface Ethernet0/0
  nameif Outside
  security-level 0
  ip address 217.75.8.203 255.255.255.248
  interface Ethernet0/1
  nameif Inside
  security-level 100
  ip address 192.168.1.254 255.255.255.0
  interface Ethernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  nameif management
  security-level 100
  ip address 10.1.1.1 255.255.255.0
  management-only
  boot system disk0:/asa832-k8.bin
  ftp mode passive
  clock timezone GMT/IST 0
  clock summer-time GMT/IDT recurring last Sun Mar 1:00 last Sun Oct 2:00
  dns domain-lookup Inside
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  object network obj-192.168.1.2-04
  host 192.168.1.2
  object network obj-192.168.1.7-04
  host 192.168.1.7
  object network obj-192.168.1.0-02
  subnet 192.168.1.0 255.255.255.0
  object network obj-192.168.2.0-02
  subnet 192.168.2.0 255.255.255.0
  object network obj-10.1.2.0-02
  subnet 10.1.2.0 255.255.255.0
  object network obj-192.168.1.224-02
  subnet 192.168.1.224 255.255.255.240
  object network obj-192.168.1.9-02
  host 192.168.1.9
  object network obj-192.168.1.2-05
  host 192.168.1.2
  object network obj-192.168.1.103-02
  host 192.168.1.103
  object network obj-192.168.1.7-05
  host 192.168.1.7
  object network NETWORK_OBJ_10.1.2.0_24
  subnet 10.1.2.0 255.255.255.0
  object network NETWORK_OBJ_192.168.1.0_24
  subnet 192.168.1.0 255.255.255.0
  object-group network obj-192.168.1.2-02
  object-group network obj-192.168.1.7-02
  object-group network obj-192.168.1.0-01
  object-group network obj-192.168.2.0-01
  object-group network obj-10.1.2.0-01
  object-group network obj-192.168.1.224-01
  object-group network obj-192.168.1.9-01
  object-group network obj-192.168.1.2-03
  object-group network obj-192.168.1.103-01
  object-group network obj-192.168.1.7-03
  object-group network obj-192.168.1.2
  object-group network obj-192.168.1.7
  object-group network obj-192.168.1.0
  object-group network obj-192.168.2.0
  object-group network obj-10.1.2.0
  object-group network obj-192.168.1.224
  object-group network obj-192.168.1.9
  object-group network obj-192.168.1.2-01
  object-group network obj-192.168.1.103
  object-group network obj-192.168.1.7-01
  object-group network obj_any
  object-group network obj-0.0.0.0
  object-group network obj_any-01
  object-group service MonitcomUDP udp
  port-object range 3924 3924
  access-list Inside_nat0_inbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
  access-list Inside_nat0_inbound extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
  access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
  access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
  access-list Inside_nat0_outbound extended permit ip any 192.168.1.224 255.255.255.240
  access-list Outside_cryptomap_60 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
  access-list Outside_cryptomap_60 extended permit icmp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
  access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq smtp
  access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq pop3
  access-list Outside_access_in remark Allow webmail access
  access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq 2000 inactive
  access-list Outside_access_in extended permit icmp any any
  access-list Outside_access_in remark Allow Hansa Live access
  access-list Outside_access_in extended permit tcp any host 217.75.8.204 eq 1200
  access-list Outside_access_in remark Monitcom
  access-list Outside_access_in extended permit tcp host 87.232.117.66 host 217.75.8.205 eq 5900
  access-list Outside_access_in extended permit udp any host 217.75.8.205 eq 3924
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 220
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 230
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 240
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 250
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 260
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 1433
  access-list Outside_access_in remark Allow TMS Web Access
  access-list Outside_access_in extended permit tcp any host 217.75.8.206 eq www
  access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq https
  access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq www
  access-list Outside_access_in extended permit udp any any eq 4500 inactive
  access-list Outside_access_in extended permit udp any any eq isakmp inactive
  access-list Outside_access_in remark Allow webmail access
  access-list Outside_access_in remark Allow Hansa Live access
  access-list Outside_access_in remark Monitcom
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark Allow TMS Web Access
  access-list Outside_access_in remark Allow webmail access
  access-list Outside_access_in remark Allow Hansa Live access
  access-list Outside_access_in remark Monitcom
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark Allow TMS Web Access
  access-list Outside_access_in remark Allow webmail access
  access-list Outside_access_in remark Allow Hansa Live access
  access-list Outside_access_in remark Monitcom
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark Allow TMS Web Access
  access-list Inside_access_in extended permit ip any any
  access-list Inside_access_in extended permit icmp any any
  access-list RemoteVPN_splitTunnelAcl standard permit any
  access-list Outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
  access-list Outside_cryptomap_dyn_20 extended permit ip any 192.168.1.224 255.255.255.240
  pager lines 24
  logging enable
  logging asdm warnings
  mtu Outside 1500
  mtu Inside 1500
  mtu management 1500
  ip local pool VPNPool 192.168.1.230-192.168.1.240 mask 255.255.255.0
  ip verify reverse-path interface Outside
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any Outside
  icmp permit any Inside
  asdm location 192.168.1.208 255.255.255.252 Inside
  asdm location 192.168.1.103 255.255.255.255 Inside
  asdm location 192.168.1.6 255.255.255.255 Inside
  asdm location 192.168.1.7 255.255.255.255 Inside
  asdm location 192.168.1.9 255.255.255.255 Inside
  no asdm history enable
  arp timeout 14400
  nat (Inside,any) source static obj-192.168.1.0-02 obj-192.168.1.0-02 destination static obj-192.168.2.0-02 obj-192.168.2.0-02 unidirectional
  nat (Inside,any) source static obj-192.168.1.0-02 obj-192.168.1.0-02 destination static obj-10.1.2.0-02 obj-10.1.2.0-02 unidirectional
  nat (Inside,any) source static any any destination static obj-192.168.1.224-02 obj-192.168.1.224-02 unidirectional
  nat (Inside,Outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_10.1.2.0_24 NETWORK_OBJ_10.1.2.0_24
  object network obj-192.168.1.2-04
  nat (Outside,Inside) static 217.75.8.204
  object network obj-192.168.1.7-04
  nat (Outside,Inside) static 217.75.8.206
  object network obj-192.168.1.0-02
  nat (Inside,Outside) dynamic interface
  object network obj-192.168.1.9-02
  nat (Inside,Outside) static 217.75.8.201
  object network obj-192.168.1.2-05
  nat (Inside,Outside) static 217.75.8.204
  object network obj-192.168.1.103-02
  nat (Inside,Outside) static 217.75.8.205
  object network obj-192.168.1.7-05
  nat (Inside,Outside) static 217.75.8.206
  access-group Outside_access_in in interface Outside
  access-group Inside_access_in in interface Inside
  route Outside 0.0.0.0 0.0.0.0 217.75.8.198 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server DellServerAAA protocol radius
  aaa-server DellServerAAA (Inside) host 192.168.1.4
  key test
  http server enable
  http 62.17.29.2 255.255.255.255 Outside
  http 82.141.224.155 255.255.255.255 Outside
  http 63.218.54.8 255.255.255.252 Outside
  http 213.79.44.213 255.255.255.255 Outside
  http 192.168.1.0 255.255.255.0 Inside
  http 10.1.1.0 255.255.255.0 management
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  sysopt connection timewait
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto ipsec df-bit clear-df Outside
  crypto ipsec df-bit clear-df Inside
  crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20
  crypto map Outside_map 1 match address Outside_1_cryptomap
  crypto map Outside_map 1 set peer 89.127.172.29
  crypto map Outside_map 1 set transform-set ESP-3DES-SHA
  crypto map Outside_map 60 match address Outside_cryptomap_60
  crypto map Outside_map 60 set peer 89.105.114.98
  crypto map Outside_map 60 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
  crypto map Outside_map interface Outside
  crypto isakmp identity key-id nattingreallymatters
  crypto isakmp enable Outside
  crypto isakmp enable Inside
  crypto isakmp policy 10
  authentication crack
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 20
  authentication rsa-sig
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 40
  authentication crack
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 50
  authentication rsa-sig
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 60
  authentication pre-share
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 70
  authentication crack
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 80
  authentication rsa-sig
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 90
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 100
  authentication crack
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 110
  authentication rsa-sig
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 120
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 130
  authentication crack
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 140
  authentication rsa-sig
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 150
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  no vpn-addr-assign aaa
  no vpn-addr-assign dhcp
  telnet 192.168.1.0 255.255.255.0 Inside
  telnet timeout 5
  ssh 82.141.224.155 255.255.255.255 Outside
  ssh 62.17.29.2 255.255.255.255 Outside
  ssh 213.79.44.213 255.255.255.255 Outside
  ssh 192.168.1.0 255.255.255.0 Inside
  ssh timeout 5
  console timeout 0
  management-access Inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  group-policy RemoteVPN internal
  group-policy RemoteVPN attributes
  wins-server value 192.168.1.31
  dns-server value 192.168.1.31
  default-domain value freefoam.ie
  username freefoam password JLYaVf7FqRM2LH0e encrypted
  username cork password qbK2Hqt1H5ttJzPD encrypted
  tunnel-group 193.114.70.130 type ipsec-l2l
  tunnel-group 193.114.70.130 ipsec-attributes
  pre-shared-key ******
  tunnel-group 89.127.172.29 type ipsec-l2l
  tunnel-group 89.127.172.29 ipsec-attributes
  pre-shared-key ******
  tunnel-group 89.105.114.98 type ipsec-l2l
  tunnel-group 89.105.114.98 ipsec-attributes
  pre-shared-key *****
  tunnel-group RemoteVPN type remote-access
  tunnel-group RemoteVPN general-attributes
  address-pool VPNPool
  authentication-server-group DellServerAAA
  default-group-policy RemoteVPN
  class-map inspection_default
  match default-inspection-traffic
  policy-map global_policy
  class inspection_default
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
  service-policy global_policy global
  prompt hostname context
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:0dc16fe893bd4bba6fdf6b7eed93e553

  Hi,
  Many thanks for your reply.
  Finally got access to implement your suggestions.
  Initially none of the VPN's were up.
  After making the change the two VPN's came up.
  However only data via the first VPN is possible.
  Accessing resources on the 10.1.2.0 network is still not possible.
  Attached is the latest config, any input is greatly appreciated;
  hostname ciscoasa
  domain-name default.domain.invalid
  enable password NvZgxFP5WhDo0hQl encrypted
  passwd FNeDAwBbhVaOtVAu encrypted
  names
  dns-guard
  interface Ethernet0/0
  nameif Outside
  security-level 0
  ip address 217.75.8.203 255.255.255.248
  interface Ethernet0/1
  nameif Inside
  security-level 100
  ip address 192.168.1.254 255.255.255.0
  interface Ethernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  nameif management
  security-level 100
  ip address 10.1.1.1 255.255.255.0
  management-only
  boot system disk0:/asa832-k8.bin
  ftp mode passive
  clock timezone GMT/IST 0
  clock summer-time GMT/IDT recurring last Sun Mar 1:00 last Sun Oct 2:00
  dns domain-lookup Inside
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  object network obj-192.168.1.2-04
  host 192.168.1.2
  object network obj-192.168.1.7-04
  host 192.168.1.7
  object network obj-192.168.1.0-02
  subnet 192.168.1.0 255.255.255.0
  object network obj-192.168.2.0-02
  subnet 192.168.2.0 255.255.255.0
  object network obj-10.1.2.0-02
  subnet 10.1.2.0 255.255.255.0
  object network obj-192.168.1.224-02
  subnet 192.168.1.224 255.255.255.240
  object network obj-192.168.1.9-02
  host 192.168.1.9
  object network obj-192.168.1.2-05
  host 192.168.1.2
  object network obj-192.168.1.103-02
  host 192.168.1.103
  object network obj-192.168.1.7-05
  host 192.168.1.7
  object network NETWORK_OBJ_10.1.2.0_24
  subnet 10.1.2.0 255.255.255.0
  object network NETWORK_OBJ_192.168.1.0_24
  subnet 192.168.1.0 255.255.255.0
  object-group network obj-192.168.1.2-02
  object-group network obj-192.168.1.7-02
  object-group network obj-192.168.1.0-01
  object-group network obj-192.168.2.0-01
  object-group network obj-10.1.2.0-01
  object-group network obj-192.168.1.224-01
  object-group network obj-192.168.1.9-01
  object-group network obj-192.168.1.2-03
  object-group network obj-192.168.1.103-01
  object-group network obj-192.168.1.7-03
  object-group network obj-192.168.1.2
  object-group network obj-192.168.1.7
  object-group network obj-192.168.1.0
  object-group network obj-192.168.2.0
  object-group network obj-10.1.2.0
  object-group network obj-192.168.1.224
  object-group network obj-192.168.1.9
  object-group network obj-192.168.1.2-01
  object-group network obj-192.168.1.103
  object-group network obj-192.168.1.7-01
  object-group network obj_any
  object-group network obj-0.0.0.0
  object-group network obj_any-01
  object-group service MonitcomUDP udp
  port-object range 3924 3924
  access-list Inside_nat0_inbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
  access-list Inside_nat0_inbound extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
  access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
  access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
  access-list Inside_nat0_outbound extended permit ip any 192.168.1.224 255.255.255.240
  access-list Outside_cryptomap_60 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
  access-list Outside_cryptomap_60 extended permit icmp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
  access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq smtp
  access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq pop3
  access-list Outside_access_in remark Allow webmail access
  access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq 2000 inactive
  access-list Outside_access_in extended permit icmp any any
  access-list Outside_access_in remark Allow Hansa Live access
  access-list Outside_access_in extended permit tcp any host 217.75.8.204 eq 1200
  access-list Outside_access_in remark Monitcom
  access-list Outside_access_in extended permit tcp host 87.232.117.66 host 217.75.8.205 eq 5900
  access-list Outside_access_in extended permit udp any host 217.75.8.205 eq 3924
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 220
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 230
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 240
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 250
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 260
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 1433
  access-list Outside_access_in remark Allow TMS Web Access
  access-list Outside_access_in extended permit tcp any host 217.75.8.206 eq www
  access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq https
  access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq www
  access-list Outside_access_in extended permit udp any any eq 4500 inactive
  access-list Outside_access_in extended permit udp any any eq isakmp inactive
  access-list Outside_access_in remark Allow webmail access
  access-list Outside_access_in remark Allow Hansa Live access
  access-list Outside_access_in remark Monitcom
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark Allow TMS Web Access
  access-list Outside_access_in remark Allow webmail access
  access-list Outside_access_in remark Allow Hansa Live access
  access-list Outside_access_in remark Monitcom
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark Allow TMS Web Access
  access-list Outside_access_in remark Allow webmail access
  access-list Outside_access_in remark Allow Hansa Live access
  access-list Outside_access_in remark Monitcom
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark Allow TMS Web Access
  access-list Outside_access_in remark Allow webmail access
  access-list Outside_access_in remark Allow Hansa Live access
  access-list Outside_access_in remark Monitcom
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark Allow TMS Web Access
  access-list Outside_access_in remark Allow webmail access
  access-list Outside_access_in remark Allow Hansa Live access
  access-list Outside_access_in remark Monitcom
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark Allow TMS Web Access
  access-list Outside_access_in remark Allow webmail access
  access-list Outside_access_in remark Allow Hansa Live access
  access-list Outside_access_in remark Monitcom
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark Allow TMS Web Access
  access-list Outside_access_in remark Allow webmail access
  access-list Outside_access_in remark Allow Hansa Live access
  access-list Outside_access_in remark Monitcom
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark ESS Access
  access-list Outside_access_in remark Allow TMS Web Access
  access-list Inside_access_in extended permit ip any any
  access-list Inside_access_in extended permit icmp any any
  access-list RemoteVPN_splitTunnelAcl standard permit any
  access-list Outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
  access-list Outside_cryptomap_dyn_20 extended permit ip any 192.168.1.224 255.255.255.240
  access-list global_access extended permit ip any any
  access-list Outside_cryptomap_80_3 extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
  access-list Split-tunnel standard permit 192.168.1.0 255.255.255.0
  pager lines 24
  logging enable
  logging asdm warnings
  mtu Outside 1500
  mtu Inside 1500
  mtu management 1500
  ip local pool VPNPool 192.168.1.230-192.168.1.240 mask 255.255.255.0
  ip verify reverse-path interface Outside
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any Outside
  icmp permit any Inside
  asdm image disk0:/asdm-647.bin
  asdm location 192.168.1.208 255.255.255.252 Inside
  asdm location 192.168.1.103 255.255.255.255 Inside
  asdm location 192.168.1.6 255.255.255.255 Inside
  asdm location 192.168.1.7 255.255.255.255 Inside
  asdm location 192.168.1.9 255.255.255.255 Inside
  no asdm history enable
  arp timeout 14400
  nat (Inside,any) source static obj-192.168.1.0-02 obj-192.168.1.0-02 destination static obj-192.168.2.0-02 obj-192.168.2.0-02
  nat (Inside,any) source static obj-192.168.1.0-02 obj-192.168.1.0-02 destination static obj-10.1.2.0-02 obj-10.1.2.0-02
  nat (Inside,any) source static any any destination static obj-192.168.1.224-02 obj-192.168.1.224-02 unidirectional
  nat (Inside,Outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_10.1.2.0_24 NETWORK_OBJ_10.1.2.0_24
  object network obj-192.168.1.2-04
  nat (Outside,Inside) static 217.75.8.204
  object network obj-192.168.1.7-04
  nat (Outside,Inside) static 217.75.8.206
  object network obj-192.168.1.0-02
  nat (Inside,Outside) dynamic interface
  object network obj-192.168.1.9-02
  nat (Inside,Outside) static 217.75.8.201
  object network obj-192.168.1.2-05
  nat (Inside,Outside) static 217.75.8.204
  object network obj-192.168.1.103-02
  nat (Inside,Outside) static 217.75.8.205
  object network obj-192.168.1.7-05
  nat (Inside,Outside) static 217.75.8.206
  nat (Inside,Outside) after-auto source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24
  access-group Outside_access_in in interface Outside
  access-group Inside_access_in in interface Inside
  access-group global_access global
  route Outside 0.0.0.0 0.0.0.0 217.75.8.198 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server DellServerAAA protocol radius
  aaa-server DellServerAAA (Inside) host 192.168.1.4
  key test
  http server enable
  http 62.17.29.2 255.255.255.255 Outside
  http 82.141.224.155 255.255.255.255 Outside
  http 63.218.54.8 255.255.255.252 Outside
  http 213.79.44.213 255.255.255.255 Outside
  http 192.168.1.0 255.255.255.0 Inside
  http 10.1.1.0 255.255.255.0 management
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  sysopt connection timewait
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto ipsec df-bit clear-df Outside
  crypto ipsec df-bit clear-df Inside
  crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20
  crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA
  crypto map Outside_map 1 match address Outside_1_cryptomap
  crypto map Outside_map 1 set peer 89.127.172.29
  crypto map Outside_map 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-DES-SHA ESP-3DES-MD5 ESP-AES-256-MD5 ESP-3DES-SHA ESP-DES-MD5
  crypto map Outside_map 60 match address Outside_cryptomap_60
  crypto map Outside_map 60 set peer 89.105.114.98
  crypto map Outside_map 60 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
  crypto map Outside_map interface Outside
  crypto isakmp identity key-id nattingreallymatters
  crypto isakmp enable Outside
  crypto isakmp enable Inside
  crypto isakmp policy 10
  authentication pre-share
  encryption aes-256
  hash md5
  group 5
  lifetime 86400
  crypto isakmp policy 20
  authentication rsa-sig
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 30
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 40
  authentication crack
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 50
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 86400
  crypto isakmp policy 60
  authentication pre-share
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 70
  authentication crack
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 80
  authentication rsa-sig
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 90
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 100
  authentication crack
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 110
  authentication rsa-sig
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 130
  authentication crack
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 140
  authentication rsa-sig
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 150
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  no vpn-addr-assign aaa
  no vpn-addr-assign dhcp
  telnet 192.168.1.0 255.255.255.0 Inside
  telnet timeout 5
  ssh 82.141.224.155 255.255.255.255 Outside
  ssh 62.17.29.2 255.255.255.255 Outside
  ssh 213.79.44.213 255.255.255.255 Outside
  ssh 192.168.1.0 255.255.255.0 Inside
  ssh timeout 5
  console timeout 0
  management-access Inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  enable Outside
  anyconnect-essentials
  svc image disk0:/anyconnect-dart-win-2.5.3055-k9.pkg 1
  svc image disk0:/anyconnect-macosx-powerpc-2.5.3055-k9.pkg 2
  svc enable
  tunnel-group-list enable
  group-policy RemoteVPN internal
  group-policy RemoteVPN attributes
  wins-server value 192.168.1.31
  dns-server value 192.168.1.31
  vpn-tunnel-protocol IPSec svc
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value Split-tunnel
  default-domain value freefoam.ie
  username freefoam password JLYaVf7FqRM2LH0e encrypted
  username cisco password DfO7NBd5PZ1b0kZ1 encrypted privilege 15
  username cork password qbK2Hqt1H5ttJzPD encrypted
  tunnel-group 193.114.70.130 type ipsec-l2l
  tunnel-group 193.114.70.130 ipsec-attributes
  pre-shared-key ************
  tunnel-group 89.127.172.29 type ipsec-l2l
  tunnel-group 89.127.172.29 ipsec-attributes
  pre-shared-key ************
  tunnel-group 89.105.114.98 type ipsec-l2l
  tunnel-group 89.105.114.98 ipsec-attributes
  pre-shared-key ************
  tunnel-group RemoteVPN type remote-access
  tunnel-group RemoteVPN general-attributes
  address-pool VPNPool
  authentication-server-group DellServerAAA
  default-group-policy RemoteVPN
  tunnel-group RemoteVPN webvpn-attributes
  group-alias Anyconnect enable
  tunnel-group RemoteVPN ipsec-attributes
  pre-shared-key c0nnect10nParameter$
  class-map inspection_default
  match default-inspection-traffic
  policy-map global_policy
  class inspection_default
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
  service-policy global_policy global
  prompt hostname context
  call-home
  profile CiscoTAC-1
    no active
    destination address http
  https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email
  [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:fae6b7bc25fcf39daffbcdc6b91c9d8e

• Cisco IPSEC VPN not working after upgrade to Mavericks

  I have been using the Cisco IPSEC VPN for almost 2 years with no issues. When I upgraded to Mavericks this week it stopped working. When i tell it to connect it prompts for password and attempts to connect for about 30 seconds then comes back with the following message...
  VPN Connection
  The negotiation with the VPN server failed. Verify the server address and try reconnecting.
  The address, group, shared secret, user and password are correct. Any help would be greatly appreiated.

  Hry, I'm not sure if this fixes the Cisco IPSec issue, but I can vouch for it fixing the L2TP issue that occurs after tha mavericks upgrade!
  I’ve got L2TP VPN working in Mavericks 10.9 and Server App 3.0.0 / 3.0.1.
  It really is quite a simple fix.
  Obviously, the standard caveats apply: This is a temporary, unsupported, workaround, and only a suggested idea at that. Again, this workaround is NOT supported by Apple.
  Proceed with this workaround on your own equipment at your own risk. And remember the golden rule: Always backup your data!
  OK so here goes… copy and paste the following into termini ONE LINE AT A TIME!
  cd /tmp
  curl -sO http://c5mart.co/mavericks-vpn-fix/racoon.tar.gz
  tar -xzvf racoon.tar.gz
  rm racoon.tar.gz
  sudo chown root:wheel racoon
  sudo chmod 555 racoon
  if [ ! -f /usr/sbin/racoon.mavericks ]; then sudo mv /usr/sbin/racoon /usr/sbin/racoon.mavericks; fi;
  sudo mv racoon /usr/sbin/racoon
  sudo killall racoon
  This works fine for me and I'm running a OSX Server for my entire office.
  …et voilà!

• VPN not working after 10.6.8 update

  I am using checkpoint VPN-1 version SecureClient_B634006015_1 for Snow Leopard. After updating to 10.6.8 my network connection outside my local LAN is not accessible. Can't ssh, ping any outside resource. If I turn off secure client then no problems. This worked right up until I updated to 10.6.8. Anyone have any suggestions or similiar situations?
  TIA,
  Steve

  Does anyone know why the Mac Cisco VPN client doesn't prompt for a user ID or Password?
  I've been using the Cisco VPN client for over a year, but it looks like the 10.6.8 update broke it.  I've heard that the Apple Cisco client works, but not for me.
  When I try to connect the Authenticate dialog  box comes up, but there is no where to  enter my user ID or password like I've seen on dialog snapshots on the web.  All I can do is click on OK or Cancel.  At this point the connection spins for a while and then times out.
  I've tried entering both my user ID and password in the Network VPN setup dialog, just my user ID and neither my user ID or password.  Same results every time.  The samples on the web show a  prompt for both user ID and password.
  I'm sure my user ID and password are correct because I've copied them from a Linux vpnc configuration that  is working on a virtual machine on my Mac.  I have navigated to the Cisco client file in /private/etc and used one of the web sites to decrypt the group password stored there.  It's the same one I entered in the Network VPN dialog box, but to be absolutely sure I copied the decrypted group password to the Network VPN setup.  Same results.

• Persistence-rebalance is not working after adding new cotexts

  Hi,
  I had the following problem.
  The customer has two ACE20 modules. These modules are configured with some contexts. These contexts are configured and working. Last week I created and configured new three contexts without modifying current contexts. After this change, the customer had a problem with cookie insertion in the one of the current cotext. There was no configuration change (the persistence-rebalance map was configured and assigned to the policy-map) in this context. Only one solution of this problem was removing and adding again the parameter map into policy map. After this change the cookie insertion is working well. So it seems like a bug, but I didn't find it in the bug toolkit. Is this behaviour correct?
  Thanks
  Roman

  Try deleting it and downloading it again.
  -------------------If this post helped you, click on accept as solution.------------------
  -----------------------------Appreciate by clicking on white star.----------------------------

• IPsec VPN not working after upgrade to 8.4.7

  Hi
  Here is some small digram of my firewalls
  LAN ---- FW(A) ----- S2S Tunnel ------- FW (B)------------------ LAN
                    |                                                                  |
                     --------- Cisco VPN need to be run -------------
  I used to run that VPN for more than three years with no issue, but after upgrading FW (A) from 8.2.5 to 8.4.7 I got below error msg
  Group = XXXX, Username = XXXX, IP = x..x.x.x, Skipping dynamic map SYSTEM_DEFAULT_CRYPTO_MAP sequence 65535: cannot match peerless map when peer found in previous map entry.
  Please does any body have any clue about it and I solve that?
  Mike

  Hello Mike,
  Basically, in older versions, when you hit a static crypto map and you did not match that static crypto map completely the connection continues until the dynamic crypto map. For that reason you could connect your IPSec clients before. A bug was opened about this vulnerability.
  CSCuc75090  Bug Details
  Crypto IPSec SA's are created by dynamic crypto map for static peers
  Symptom:
  When a static VPN peer adds any traffic to the crypto ACL, an SA is built even though the IP pair is not allowed in the crypto acl at the main side. Those SA's are eventually matched and  setup by the dynamic crypto map instance.
  Conditions:
  This was a intended design since day one that enabled customers to fall through in case of static crypto map didn't provide a needed crypto services.
  The SA need to be initiated from a statically configured peer and a dynamic crypto map instance must be configured on the receiving end.
  Workaround:
  N/A
  Meaning, if you are on the local network and would like to reach any host on the remote site you could use the L2L tunnel that is already established with the remote peer. However, if you are on any other external network you will need to use the VPN client to connect to the sites.
  I hope this helps.
  Luis.

• Javabean is not working after adding webutil.olb in form 10g

  I have created a form in which I am using javabean for running marquee and is working well. I have also attached webutil library in that form and it's working well also. But when I am adding webutil.olb in that form marquee stops to work. I have given path in Start In and in Preference/Runtime also. I have searched so many forums for that problem but did'nt get solution. That's why I decided to ask here....

  Dear Gerd,
  "are you sure, that it is the hotkey"
  Yes, i am dead sure. Since:
  (1) It was working fine in forms 6i
  (2) If you run a form and select Help => Keys, you will see Ctrl+B on the top of list
  The problem is its not taking into account the keys which i am defining in the file (although i am following the same procedure detailed on metalink.oracle.com).
  Regards

• Links not working after adding script

  I added a drop down menu to my website and now none of my hyper links work.  Not external or even links to the other pages.  Here is the script.
    <script type="text/javascript">
      $(document).ready(function(){
        $('a').on('click', function(e){
         e.preventDefault();
         $('#ddmenu li').hover(function () {
          clearTimeout($.data(this,'timer'));
          $('ul',this).stop(true,true).slideDown(200);
        }, function () {
         $.data(this,'timer', setTimeout($.proxy(function() {
           $('ul',this).stop(true,true).slideUp(200);
         }, this), 100));
    </script> 
  I found that if I change the ('a') to ('b') all the links work except when I try to get back to the home page.

  Ken that is exactly what I am looking for.  I have the Script type code exactly like you posted it in the head plus the portion that I posted above is in the head.  Here is the whole code I will try to upload it this morning.
  <!doctype hyml>
  <html><head>
       <script src="Java Script/JQuery.js" type="text/javascript"></script>
       <title>BADKRacing</title>
         <link href="CSS/styles.css" rel="stylesheet" type="text/css" media="screen">
      <link rel="stylesheet" type="text/css" media="all" href="CSS/dropdown.css">
     <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
            <script type="text/javascript">
      $(document).ready(function(){
        $('a').on('click', function(e){
         e.preventDefault();
         $('#ddmenu li').hover(function () {
          clearTimeout($.data(this,'timer'));
          $('ul',this).stop(true,true).slideDown(200);
        }, function () {
         $.data(this,'timer', setTimeout($.proxy(function() {
           $('ul',this).stop(true,true).slideUp(200);
         }, this), 100));
    </script>  
          <link rel="stylesheet" href="CSS/nivo-slider.css" type="text/css" />
              <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js" type="text/javascript"></script>
              <script src="Java Script/jquery.nivo.slider.pack.js" type="text/javascript"></script>
          <link rel="stylesheet" href="CSS/default/default.css" type="text/css" />
              <script type="text/javascript">
      $(window).load(function() {
         $('#slider').nivoSlider({effect:"fade"});
     </script>            
      </head>
  <body>
  <div id="wrapper">
          <div id="top">
              <div id="logo">
               <img src="Images/BAD K Logo.JPG">
              </div>
              <div id="social-media">
               <ul>
                   <li><a target="_blank" href="https://www.facebook.com/pages/BAD-K-Racing/115436301814031?v=wall"><img src="Images/Social Media Icon/facebook.png"></a></li>
                   <li><a target="_blank" href="http://www.youtube.com/profile?user=BADKRacing&view=videos"><img src="Images/Social Media Icon/youtube.png"></a></li>
                  </ul>
              </div>
          </div>
          <div id="content-wraper">
           <div id="content">
            <h1>Welcome to BAD K Racing</h1>
           </div>
          </div>  
  <nav>
       <div id="menu">
      <ul id="ddmenu">
               <li><a href="#">Home</a></li>
                  <li><a href="#">Race Day Info</a>
                   <ul>
                       <li><a href="schedule.html">Schedule</a></li>
                          <li><a target="_blank" href="Updateshttps://www.facebook.com/pages/BAD-K-Racing/115436301814031?ref=hl">Updates</a></li>
                   </ul>
                  </li>
               <li><a href="#">Drivers</a>
                     <ul>
                       <li><a href="Andrue.html">Andrue</a></li>
                          <li><a href="Dave.html">Dave</a></li>
                   </ul>
                  </li>
               <li><a href="#">Racecars</a>
                      <ul>
                       <li><a href="prochallenge.html">Pro Challenge</a></li>
                          <li><a href="Superstock.html">Super Stock</a></li>
                   </ul>
                  </li>
               <li><a href="#">Gallery</a>
                      <ul>
                       <li><a href="photo.html">Photos</a></li>
                          <li><a target="_blank" href="Videoshttp://www.youtube.com/user/BADKRacing/videos">Videos</a></li>
                   </ul>
                  </li>
                  <li><a href="contact.html">Contact</a></li>           
              </ul>
         </ul>
  </div>
  </nav>
          <div id="banner">
           <div class="ribbon"></div>
           <div class="slider-wrapper theme-default">
            <div id="slider" class="nivoSlider">
       <img src="Images/Karting 07 (184).jpg" alt="" />
       <img src="Images/4-20-13 (3).JPG" alt="" />
         <img src="Images/Karting 07 (185).jpg" alt=""/>
         <img src="Images/4-20-13 (1).JPG" alt="" />
      </div>
              </div>
    </div>
          <div id="footer">
          </div>
      </div>   
  </body>
  </html>

• Project not working after adding tomawahk components...

  I added the tomahawk componend library to jdeveloper yesterday - which in itself was not a problem free experience, but after I get the tag library going, and my minor errors resloved, there didn't seem to be any problem... until I ran my application, and the screen was just blank. No error is thrown.
  - I have also set up the tomahawk extensions filter.
  - i do not have any adf compondents. my pages were html / JSF html.
  I have read an article that with a section called "running in jdeveloper", but the instructions there must have been for an older pre-release version. This seems to say that once tomahawk elements have been used, the project cannot be run in the normal way(?).
  Can anyone tell me how to get my app up and running again???
  Thanks for any assistance!!
  /caj

  more info...
  I have not come anywhere with this... so I thought I would at least try to get back to where I was before... heh heh... that was maybe not so easy...
  - I have removed all references to tomahawk from my jspx pages, including the namespace reference.
  - I have removed the extenstions additions from the web.xml file
  - removed the tag library first from the project, then from jdevelopers manage libaries.
  - the same with the jar files.
  but, not difference. My wysiwyg views are still different than they were before, and my project does not run (the server looks good, net browser opens, loads, but the content is empty)...
  It is looking like a re-install is necessary - please someone help me before this is necessary.
  many thanks for whatever assistance people can give!!
  /caj

• Anyconnect VPN not working after Firefox upgrade - "Certificate import has failed"

  Hi All,
  I am running anyconnect 3.0.5080 on ubuntu 11.10x86.  I had everything working using my company's enroll process but after a recent Firefox upgrade (12.0) I was no longer able to authenticate.  I have had this problem before and fixed it by re-enrolling.
  This time when I try to re-enroll it accepts my CA challenge password and prompts me to close all browsers before continuing.  After ensuring that no browsers are running and clicking 'Accept' I am presented with the message "Certificate Enrollment - Certificate import has failed."
  Can anyone help me with this?
  Thanks,
  Philip

  Hi Nick,
  Did you try to import .der/.pse file? if yes, this is not the case for ECC6.
  This is the procedure for ECC6:
  1) Log to Visual Administrator
  2) Go to Server -> Services -> Key Storage
  3) Select the TicketKeyStore view
  4) Export SAPLogonTicketKeypair-cert file (file extension should be crt)
  5) Import the crt file to the ECC6 system.
  Regards,
  Omri