VPN Virtual Adapter and Vista
I am running Vista for Business on my notebook and have installed VPN Client version 5.0.02.0090
Each time I try to connect to my network the VPN client times out and I get the message
Secure VPN Connection terminated locally by the Client
Reason 442: Failed to enable Virtual Adapter
When I go to Device Manager and enable the VPN network adapter, it becomes disabled once I try to connect again.
I tried the softpedia.com/Tweak fix and it worked the first time I tried to connect, but once I disconnected the error came back again at subsequent tries.
This is pretty frustrating. Plse help. Thanx.
Tony
OK, I have come a little bit further with this problem. Some recent automatic updates by Windows Vista caused the client to stop working when it was working before.
I uninstalled all the updates (most were critical security patches which now leaves me vulnerable) and uninstalled the Cisco VPN client including scouring the Registry for anything remotely associated with the VPN such as any reference to 'CVPN' or 'Cisco'.
I then installed the latest VPN client (V 5.0.03.0560), and I DIDN'T reboot as it asked me too. The reason I thought this was a good idea is because after a reboot, the Network Connections are reset and re-assigned IPs which was, I started to think, part of the problem.
It Worked! I was able to start the client (that was already an achievement!) and, lo and behold, was able to connect without problems... I thought!
Now I have the following... when I connected to the VPN, I have limited access to the internet. Some sites are fine, others only load half-way and still others I can absolutely not connect to. The ones I can connect to load very very slow.
For now I have left it this way since I can (albeit handicapped) connect to the VPN so I have to keep connecting/disconnecting etc. It is still very frustrating.
However, I believe I know what the problem is, but I don't know how to solve it. If anyone here can use this information to take this one step further, we may get somewhere.
I believe it has to do with the TCP/IP settings where we now have both v4 and v6 running. I think the VPN is using one of these only, and when it is using it, it is not allowing any other traffic through it. I don't know how to solve this. I tried disabling one or the other in either Network Connection, but it either gives me no connection or limited connection.
The reason I think this is it is because some sites are loading/half loading when the VPN is connected... in other words, one of the TCP/IP protocals is open to the Internt traffic, the other is used by the VPN exclusively.
I tried looking for sharing and tunneling options in my VPN client and the Network Connections settings, but I can't find anything.
I am very hesitant to change any more settings since I do have a half-baked solution that at least allows me to meet the deadlines I have for my client.
Let's get this solved!
Similar Messages
-
Setting Link Speed on VPN Virtual Adapter
The link speed for the VPN Adapter used by the VPN Client is normally 1GB. Does anyone know how to chnage this? Some of my users are trying to use the feature in Outlook that will block large attachments when connected to a slow (dilaup) connection. Outlook however sees tha 1GB connection and does not block the attachments.
With a dual band AirPort Extreme, both the 2.4 GHz band and 5 GHz band are being broadcast with the same network name. A computer, or your AirPort Express, will connect to the band with the best (strongest) signal.
Without knowing anything about the layout of your home and location of your devices, my guess would be that the extending AirPort Express sees a better signal at 2.4 GHz, so that is what it extends. Remember, the AirPort Express cannot extend both the 2.4 GHz band and 5 GHz band at the same time.
If the iMac is closer to the AirPort Express than it is to the AirPort Extreme, it's going to pick up the signal from the AirPort Express.
Is that a possibility? -
CMI adapter and Vista security issues
Hi,
We have recently noticed that most of our vista users are complaining that they are unable to run courses despite downloading the latest JRE. On investigating we found that unless we lower the security in IE on Vista CMI adapter aplet is blocked by Vista.
We run iLearn5.0 - any solutions?
KgSee if using the signed applet resolves the security issue.
Add the following parameter at the end of the CMI Adapter URL:
?lms_signed=on -
Reason 442: Failed to enable Virtual Adapter
I've installed version 4.8.02.0010 of the VPN client onto a Dell Latitude D820 laptop. When I attempt to connect, I get this message. There are no firewalls running (I disabled the Windows XP firewall) and I'm running under Service Pack 2 with all of the latest security patches from Microsoft.
I even tried un-installing the client and using an older version (4.8.00.0440) and it reports a similar error in the Log file.
I'd prefer to NOT have to wipe the laptop and reinstall the O/S if I don't have to. This is the only laptop that I've experienced this problem with but it's also the first Dell Latitude D820 that I've attempted to install the client on.
Is there a problem with the Dell Latitudes and the VPN Client? Is there another way around this other than a wipe and re-install?
I've already tried replacing the profiles and still get the same problem.Hi,
There is another thing that you can try temporarily.
Goto device manager on the computer and manually enable the virtual adapter and see if it works.
There might be some other adapters / softwares installed that you might have uninstall. Those could be some wireless adapters, personal firewall or internet security package, any other kind of adapter that you installed after installing the VPN cliemt.
HTH,
Kamal -
Microsoft Failover Cluster Virtual Adapter
I have read the following blog about Microsoft Failover Cluster Virtual Adapter and have few questions.
http://blogs.technet.com/b/askcore/archive/2009/02/13/what-is-a-microsoft-failover-cluster-virtual-adapter-anyway.asp
How does this adapter choose the IP address? It seems that it is using 169.254 subnet address.
Can the IP address changed? If yes, how to change it in Windows 2008 R2?
What tool is used to show the kernel drivers? The blog shows a screenshot below the sentence The Cluster network driver (netft.sys) is a kernel mode driver and is started and stopped by the Cluster
Service.
If the physical NIC which has the same MAC address of the adapter is disabled, will that cause problem?
Thanks.Hi PCSQL66,
Firstly, NetFT self-configures an APIPA adres and no manuel user config requireds. Then MAC adress is self-generated based on a hash of MAC address of the first enumerated (by NDIS) physical NIC in the clsuter node. You know Netft is a virtual network adapter.
And you cannot change it and you dont need to change.
You are right about MAC address conflict but mac address conflict detection and rersolution in Win2012.
I think what you want to see about kernel mode drivers or user mode etc you can use the sysinternal utility.
I want to say NDIS 6.2 is miniport virtual adaptor. -
Vista, Cisco VPN Client 5.0.01.0600 "Failed to enable Virtual Adapter"
Four times out of five when trying to connect with the VPN client on Vista Business I get a message that the Virtual adapter cannot be enabled.
When checking the logs there are two entries that always is seen together with this failure:
123 09:21:36.026 12/27/07 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: unable CreateUnicastIpAddressEntry, error 0
129 09:21:55.709 12/27/07 Sev=Warning/3 CVPND/0xA340001A
Failed to find VA MAC Address
Anyone else who have seen this issue on Vista?Hi Magnus
Uninstall VPN client. Restart the PC
Donwload and run the following software, then restart the PC
http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml
Reinstall VPN client
Regards -
64bit vpn client issue /error :reason -442:failed to enable virtual adapter.
Hi All of you ,
I m using vpn client for windows64bit - file name - vpnclient-winx64-msi-5.0.07.0290-k9.exe and installing it on windows 2003 server .
But while connecting via vpn client to f/w , Virtual Adapter is taking the ip address but not connecting .getting error message on screen -
reason -442:failed to enable virtual adapter.
Is it possible some configuration or image issue from ASA as its first time we are trying to use 64bit OS , vpn client for 32bit OS working fine .
Below are the logs from vpn clinet when i tried to connect to ASA5520 . Version 7.0(8) -
Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.2.3790 Service Pack 2
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
1 15:38:03.921 01/27/11 Sev=Info/4 CM/0x63100002
Begin connection process
2 15:38:03.937 01/27/11 Sev=Info/4 CM/0x63100004
Establish secure connection
3 15:38:03.937 01/27/11 Sev=Info/4 CM/0x63100024
Attempt connection with server "203.199.30.190"
4 15:38:04.125 01/27/11 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
5 15:38:04.140 01/27/11 Sev=Info/4 CM/0x63100015
Launch xAuth application
6 15:38:09.515 01/27/11 Sev=Info/4 CM/0x63100017
xAuth application returned
7 15:38:09.515 01/27/11 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
8 15:38:10.562 01/27/11 Sev=Info/4 CM/0x63100019
Mode Config data received
9 15:38:10.781 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to enable the 64-bit VA after timeout
10 15:38:10.781 01/27/11 Sev=Warning/3 CVPND/0xE3400029
The Client failed to enable the Virtual Adapter on 64-bit Windows
11 15:38:10.781 01/27/11 Sev=Warning/2 CM/0xE310000A
The virtual adapter failed to enable
12 15:38:10.781 01/27/11 Sev=Info/6 CM/0x6310003A
Unable to restore route changes from file.
13 15:38:10.781 01/27/11 Sev=Info/6 CM/0x63100037
The routing table was returned to original state prior to Virtual Adapter
14 15:38:10.859 01/27/11 Sev=Info/4 CM/0x63100035
The Virtual Adapter was disabled
15 15:38:10.859 01/27/11 Sev=Warning/2 IKE/0xE300009B
Failed to active IPSec SA: Unable to enable Virtual Adapter (NavigatorQM:936)
16 15:38:10.859 01/27/11 Sev=Warning/2 IKE/0xE30000A7
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2263)
17 15:38:11.546 01/27/11 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "Unknown". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
18 15:38:11.546 01/27/11 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
19 15:38:11.578 01/27/11 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
20 15:38:40.953 01/27/11 Sev=Info/4 CM/0x63100002
Begin connection process
21 15:38:40.953 01/27/11 Sev=Warning/2 CVPND/0xA3400019
Error binding socket: -21. (DRVIFACE:1234)
22 15:38:40.968 01/27/11 Sev=Info/4 CM/0x63100004
Establish secure connection
23 15:38:40.968 01/27/11 Sev=Info/4 CM/0x63100024
Attempt connection with server "203.199.30.190"
24 15:38:41.156 01/27/11 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
25 15:38:41.171 01/27/11 Sev=Info/4 CM/0x63100015
Launch xAuth application
26 15:39:08.031 01/27/11 Sev=Info/4 CM/0x63100017
xAuth application returned
27 15:39:08.046 01/27/11 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
28 15:39:09.093 01/27/11 Sev=Info/4 CM/0x63100019
Mode Config data received
29 15:39:09.312 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
30 15:39:09.312 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
31 15:39:19.937 01/27/11 Sev=Warning/3 CVPND/0xA340000D
The virtual adapter was not recognized by the operating system.
32 15:39:19.937 01/27/11 Sev=Warning/2 CM/0xE310000A
The virtual adapter failed to enable
33 15:39:19.937 01/27/11 Sev=Info/6 CM/0x6310003A
Unable to restore route changes from file.
34 15:39:19.937 01/27/11 Sev=Info/6 CM/0x63100037
The routing table was returned to original state prior to Virtual Adapter
35 15:39:20.109 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
36 15:39:20.109 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
37 15:39:20.281 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
38 15:39:20.281 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
39 15:39:20.578 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
40 15:39:20.578 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
41 15:39:20.953 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
42 15:39:20.953 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
43 15:39:21.437 01/27/11 Sev=Info/4 CM/0x63100035
The Virtual Adapter was disabled
44 15:39:21.437 01/27/11 Sev=Warning/2 IKE/0xE300009B
Failed to active IPSec SA: Unable to enable Virtual Adapter (NavigatorQM:936)
45 15:39:21.437 01/27/11 Sev=Warning/2 IKE/0xE30000A7
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2263)
46 15:39:22.046 01/27/11 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "Unknown". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
47 15:39:22.046 01/27/11 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
48 15:39:22.062 01/27/11 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
release notes for vpn client 64bit -
http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client5007/release/notes/vpnclient5007.html#wp63537Hi Anisha ,
Exact version of OS is "Microsoft Windows Server 2003 x64" .
I need supported cisco vpn client for this OS .
=========
Thanx 4 reply .
Raj -
Problem "bug" iOS 8 iPad 2, virtual keyboard and stream hdmi cable (adapter)
Hi all I have a problem with regard to virtual keyboard and streaming through the adapter HdMi, the keyboard when I want to write after a while, the horizontal bar where there google voice covers the top of the letters and unable to write and had to power cycle the device to return to how it was before, while streaming via hdmi between iPad 2 and a monitor when I run the stream, the screen is completely black but emits audio and iPad remains the streaming window with the window crashed the site, what not to do, if I make an end to the stream in full screen, you see a window but not full screen, if someone knows how to help me out on this, you have had the same problem as my'd be happy to hear from you soon and solve this bug in iOS 7.1.2 before that did not happen, thanks and warm greetings to all of you.
Hi all I have a problem with regard to virtual keyboard and streaming through the adapter HdMi, the keyboard when I want to write after a while, the horizontal bar where there google voice covers the top of the letters and unable to write and had to power cycle the device to return to how it was before, while streaming via hdmi between iPad 2 and a monitor when I run the stream, the screen is completely black but emits audio and iPad remains the streaming window with the window crashed the site, what not to do, if I make an end to the stream in full screen, you see a window but not full screen, if someone knows how to help me out on this, you have had the same problem as my'd be happy to hear from you soon and solve this bug in iOS 7.1.2 before that did not happen, thanks and warm greetings to all of you.
-
Reason 442: Failed to Enable Virtual Adapter - Windows 7 64 bit
Some details about the issue.
I'm trying to connect to my client's network using VPN Client version 5.0.07.0290. The user authetication is done by providing RSA SecureID token value. After entering proper credentials, the client window gets struck at 'Securing Communication Channels...' message in status bar and reports 'Reason 442: Failed to Enable Virtual Adapter' error after few mintues. I have confirmed that this version works for other people in my team , so I'm guessing it has something to do with my system settings than the client itself.
Below are the trobleshooting tips that I have already tried.
1. Uninstall and Reinstall the client.
2. Enable WinXP SP2 compatability for ipsecdialer.exe and vpngui.exe.
3. Clicking 'Diagnose' on the Citrix Virtaul Adapter connection in Networks and Sharing centre, reports no issues.
4. Enabling Network sharing for Local Area Network and disaling Wireless Networks
I'm running Windows 7 64 bit Enterpise OS.
Appreciate any suggestions to resolve this issue.
Thanks,
PVNSKC
Update: 9/7/2011
OK, things look much better after a good vacation, always!!!
I tried to connect today by reinstalling the client after a weekend shutdown (I don't believe the cold reboot stuff, but hey, worth a try! ) and it did work. The only change I did today was to disable the Wireless Connection adapter in Networks Connections. I'm not sure whether that fixed or not cause I had tried that already. Anyway, below is my current configuration which is working for now!
1. Below executables are running in the XP compatability mode.
cvpnd.exe, VAInst64.exe, vpngui.exe
2. Local Area Connection is allowed for 'Sharing'
3. Registry is updated with below entry.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters /v ArpRetryCount /t REG_DWORD /d 0 /f
4. Wireless Connection is disabled.
Thank you all for the responses.
PVNSKCHi,
Duplicate IP Address Triggers Error 442 on Windows 7 and Vista
The following error "Reason 442: failed to enable virtual adapter" appears after Windows 7 and Vista reports a duplicate IP address detected. Subsequent connections fail with same message, but the OS does not report a duplicate IP address detected.
To work around error 442, do the following steps:
Step 1 Open "Network and Sharing Center".
Step 2 Select "Manage Network Connections".
Step 3 Enable the Virtual Adapter ("VA"—Cisco VPN Adapter).
Step 4 Right-click on Cisco VPN Adapter and select "Diagnose" from the context menu.
Step 5 Select "Reset the network adapter Local Area Connection X".
If this procedure does not work, run the following command from cmd:
reg add HKLM\System\CurrentControlSet\Services\Tcpip\Parameters /v ArpRetryCount /t REG_DWORD /d 0 /f
Then reboot.
This resolves the issue until the OS reports a duplicate IP address again. Follow the preceding steps to resolve it again.
If that doesn't work, you might have UAC enabled. If so, you must run cmd as administrator and repeat the previous registry workaround.
NOTE: You mentioned step 4 already, try the whole sequence again, if the steps does not work then try the registry key.
Hope this helps,
Sian -
Under Vista with VPN Client 5.0.01.0600 I always have to go into Manage Network connections and "enable" the Virtual Adapter. Why can't the virtual adapter just stay enabled?
UAC and Windows firewall are disabled, I'm logged in as full administrator.There is not a newer version of VPN Client than this, seems to coorelate to when I close my lid and laptop goes into sleep and then awakes later. Sometimes I have to reboot for the Virtual Adapter to stay enabled. I'll enable it and hit F5 and it will be back at Disabled. Most of the time it stays Enabled. No Firewalls and I don't think AV would Disable a Virtual Adapter, my wireless or ethernet never Disable. Annoying caveat!
Jason Aarons
MCSE/CCVP/CCNP/CCDP -
VPN Client Issue after Vista Upgrade
Not sure if this should be posted here, if not please let me know.
My organization has recently implemented Vista via an Upgrade-in-Place Process that takes an imaged system (Windows XP Pro - 32bit) and upgrades the system with a network image of Windows Vista Enterprise. Applications are left installed and herein lies my problem.
I'm using Cisco VPN Client 5.0.04, the client worked fine before the upgrade, after the upgrade, not so well.
While troubleshooting I noted the Cisco Systems VPN Adapter was no longer listed as being installed under Network Adapters in the Windows Device Manager, there was however an adapter, labled 6to4 adapter with an exclamation point. I went through the uninstall process for the Cisco VPN Client, rebooted and reinstalled. When trying to connect, I can use one of two pcf files (both are a back up of one another), the first connection profile goes through the motion of connection, tries to contact the security gateway, and states "Not Connected"
I enabled logging on the connection and tried again. Here's an excerpt from that log:
09:37:18.278 04/21/09 Sev=Warning/2 CERT/0xA3600038
Successfully added Key Usage fields to be matched.
7 09:37:19.792 04/21/09 Sev=Warning/2 CERT/0xA3600038
Successfully added Key Usage fields to be matched.
8 09:37:20.338 04/21/09 Sev=Warning/2 CERT/0xE3600001
Failed to launch application using cert pipe due to error: 0x800b010a.
9 09:37:20.338 04/21/09 Sev=Warning/2 IKE/0xE300009B
Failed to generate signature: Signature generation failed (SigUtil:97)
10 09:37:20.338 04/21/09 Sev=Warning/2 IKE/0xE300009B
Failed to build Signature payload (MsgHandlerMM:489)
11 09:37:20.338 04/21/09 Sev=Warning/2 IKE/0xE300009B
Failed to build MM msg5 (NavigatorMM:312)
12 09:37:20.338 04/21/09 Sev=Warning/2 IKE/0xE30000A7
Unexpected SW error occurred while processing Identity Protection (Main Mode) negotiator:(Navigator:2263)
Has anyone seen this behavior after an upgrade from XP to Vista? I'm I going to have to start with a fresh install? I appreciate any suggestions or advice.
Thanks,
JimiI finally figured out this problem and I feel it should at least be shared for another person who runs into this problem.
The problem was resolved by loading my personal certificates (the one that is read by the smart card reader and used to authenticate me on VPN) needed to be added to the personal certificates folder in the Local Machine layer.
I did this by opening up an MMC window --> Adding the certificates snap-in (in windows 7 it distinguishes 3 different layers, so choose the local user and the computer layer) --> and then copying the certificates in the personal folder located under Certificates - Current User into the personal folder located in Local Machine.
The most likely reason this happened to me is that the image I was working with had security settings blocking the certificates to be read at the current user level and not at the local machine level. Therefore, it's a problem with out image and the security policies put in place at the registry level and/or group policies placed in Active Directory. This is more of a workaround than an actual fix to the problem, but at least it pinpoints where the break is happening.
Now I can push the image back to the developers to review the security policies placed in the image. -
442 Error - Failed to enable Virtual Adapter
Windows 8, I am trying to connect on VPN and I only receive this error : 442 - Failed to enable Virtual Adapter.
Install Citrix Deterministic Network Enhancer to solve Cisco IPSec VPN issue with Windows 8/8.1. Check below guide,
http://www.vmwareandme.com/2013/12/solved-windows-8-and-windows-81-cisco.html
www.mytricks.in -
Macbook (late 08) 13.3" -- miniDV to DVI adapter and Dell 24" 2405 FSP Flat
All
Just purchased a Macbook 13.3" and bought the miniDV to DVI adapter for my 24" Dell 2405 FSP. For whatever reason, I cannot get system prefs to "detect display".
I am not sure if the cable is broken out of package or there is a problem with this adapter in general. I am trying to use the cable to view OS/X and XP Home via Bootcamp on large screen while Macbook is in clamshell (closed) mode.
Seems like a lot of people are having issues but I don't know what to do. It seems the cables from Apple vary by model and worse, appear to be lower quality than most would expect. Any thoughts on commands or steps to try and diagnose. Or should I buy the miniDV to VGA adapter for the Dell flatscreen?Update to this issue.
1. Friend brought his Macbook Pro 17" with full DVI adapter to my Dell 2405 FPW -- he has same 24" flatscreen. It works -- so monitor is fine.
2. I went to Apple Store and REPLACED miniDV to DVI adapter to my monitor. No response. Not registering at all. But when friend hooked his Macbook with adapter, the screen came on.
Assumptions:
1. Macbook 13.3" aluminum port is damaged -- will go to Apple to confirm
2. Odds of two adapter cables not working - highly slim (got from two different stores if we want to shake the odds a bit more based on batch shipments
It appears that the port is NOT compatible with this monitor OR the cable quality is so bad that I have to go through a bunch of them.
Last option - miniDV to VGA adapter to my Dell monitor to see if that works. But it is one of two options -- from my perspective:
1. Monitor/port incompatibility
2. Bad cables
I even tried XP Home Edition under Bootcamp with the adapter and monitor did not display.
What's disappointing in all of this is Apple tech support told me to download "drivers" from Dell's site -- and puzzled, I asked if Dell was supporting Mac computers because OS/X did not have drivers for this monitor and Dell only has it themselves - they emailed me download links (which is convenient) but it was clear that she doesn't know what she was doing -- the links were XP and Vista only.
Sigh...Rev A Macbook. Will probably need Apple to work on this issue. -
Site-to-Site VPN btw Pix535 and Router 2811, can't get it work
Hi, every one, I spent couple of days trying to make a site-to-site VPN between PIX535 and router 2811 work but come up empty handed, I followed instructions here:
http://www.cisco.com/en/US/products/ps9422/products_configuration_example09186a0080b4ae61.shtml
#1: PIX config:
: Saved
: Written by enable_15 at 18:05:33.678 EDT Sat Oct 20 2012
PIX Version 8.0(4)
hostname pix535
interface GigabitEthernet0
description to-cable-modem
nameif outside
security-level 0
ip address X.X.138.132 255.255.255.0
ospf cost 10
interface GigabitEthernet1
description inside 10/16
nameif inside
security-level 100
ip address 10.1.1.254 255.255.0.0
ospf cost 10
access-list outside_access_in extended permit ip any any
access-list inside_nat0_outbound extended permit ip 10.1.0.0 255.255.0.0 10.20.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip any 10.1.1.192 255.255.255.248
access-list outside_cryptomap_dyn_60 extended permit ip any 10.1.1.192 255.255.255.248
access-list outside_1_cryptomap extended permit ip 10.1.0.0 255.255.0.0 10.20.0.0 255.255.0.0
pager lines 24
ip local pool cnf-8-ip 10.1.1.192-10.1.1.199 mask 255.255.0.0
global (outside) 10 interface
global (outside) 15 1.2.4.5
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 15 10.1.0.0 255.255.0.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 X.X.138.1 1
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-MD5
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA
crypto dynamic-map outside_dyn_map 40 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 40 set security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 60 match address outside_cryptomap_dyn_60
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-MD5 ESP-3DES-SHA ESP-DES-MD5 ESP-DES-SHA
crypto dynamic-map outside_dyn_map 60 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 60 set security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer X.X.21.29
crypto map outside_map 1 set transform-set ESP-DES-SHA
crypto map outside_map 1 set security-association lifetime seconds 28800
crypto map outside_map 1 set security-association lifetime kilobytes 4608000
crypto map outside_map 65534 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 1
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 3600
group-policy GroupPolicy1 internal
group-policy cnf-vpn-cls internal
group-policy cnf-vpn-cls attributes
wins-server value 10.1.1.7
dns-server value 10.1.1.7 10.1.1.205
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value x.com
username sean password U/h5bFVjXlIDx8BtqPFrQw== nt-encrypted
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key secret1
radius-sdi-xauth
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group cnf-vpn-cls type remote-access
tunnel-group cnf-vpn-cls general-attributes
address-pool cnf-8-ip
default-group-policy cnf-vpn-cls
tunnel-group cnf-vpn-cls ipsec-attributes
pre-shared-key secret2
isakmp ikev1-user-authentication none
tunnel-group cnf-vpn-cls ppp-attributes
authentication ms-chap-v2
tunnel-group X.X.21.29 type ipsec-l2l
tunnel-group X.X.21.29 ipsec-attributes
pre-shared-key SECRET
class-map inspection_default
match default-inspection-traffic
service-policy global_policy global
prompt hostname context
Cryptochecksum:9780edb09bc7debe147db1e7d52ec39c
: end
#2: Router 2811 config:
! Last configuration change at 09:15:32 PST Fri Oct 19 2012 by cnfla
! NVRAM config last updated at 13:45:03 PST Tue Oct 16 2012
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname LA-2800
crypto pki trustpoint TP-self-signed-1411740556
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1411740556
revocation-check none
rsakeypair TP-self-signed-1411740556
crypto pki certificate chain TP-self-signed-1411740556
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343131 37343035 3536301E 170D3132 31303136 32303435
30335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34313137
34303535 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100F75F F1BDAD9B DE9381FD 165B5188 7EAF9685 CF15A317 1B424825 9C66AA28
C990B2D3 D69A2F0F D745DB0E 2BB4995D 73415AC4 F01B2019 84373199 C4BCF9E0
E599B86C 17DBDCE6 47EBE0E3 8DBC90B2 9B4E217A 87F04BF7 A182501E 24381019
A61D2C05 5404DE88 DA2A1ADC A81B7F65 C318B697 7ED69DF1 2769E4C8 F3449B33
35AF0203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
551D1104 0B300982 074C412D 32383030 301F0603 551D2304 18301680 14B56EEB
88054CCA BB8CF8E8 F44BFE2C B77954E1 52301D06 03551D0E 04160414 B56EEB88
054CCABB 8CF8E8F4 4BFE2CB7 7954E152 300D0609 2A864886 F70D0101 04050003
81810056 58755C56 331294F8 BEC4FEBC 54879FF5 0FCC73D4 B964BA7A 07D20452
E7F40F42 8B355015 77156C9F AAA45F9F 59CDD27F 89FE7560 F08D953B FC19FD2D
310DA96E A5F3E83B 52D515F8 7B4C99CF 4CECC3F7 1A0D4909 BD08C373 50BB53CC
659C4246 2CB7B79F 43D94D96 586F9103 9B4659B6 5C8DDE4F 7CC5FC68 C4AD197A 4EC322
quit
crypto isakmp policy 1
authentication pre-share
crypto isakmp key SECRET address X.X.138.132 no-xauth
crypto ipsec transform-set la-2800-trans-set esp-des esp-sha-hmac
crypto map la-2800-ipsec-policy 1 ipsec-isakmp
description vpn ipsec policy
set peer X.X.138.132
set transform-set la-2800-trans-set
match address 101
interface FastEthernet0/0
description WAN Side
ip address X.X.216.29 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
no mop enabled
crypto map la-2800-ipsec-policy
interface FastEthernet0/1
description LAN Side
ip address 10.20.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed auto
no mop enabled
ip nat inside source route-map nonat interface FastEthernet0/0 overload
access-list 10 permit X.X.138.132
access-list 99 permit 64.236.96.53
access-list 99 permit 98.82.1.202
access-list 101 remark vpn tunnerl acl
access-list 101 remark SDM_ACL Category=4
access-list 101 remark tunnel policy
access-list 101 permit ip 10.20.0.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 deny ip 10.20.0.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 permit ip 10.20.0.0 0.0.0.255 any
snmp-server community public RO
route-map nonat permit 10
match ip address 110
webvpn gateway gateway_1
ip address X.X.216.29 port 443
ssl trustpoint TP-self-signed-1411740556
inservice
webvpn install svc flash:/webvpn/svc.pkg
webvpn context gateway-1
title "b"
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group policy_1
functions svc-enabled
svc address-pool "WebVPN-Pool"
svc keep-client-installed
svc split include 10.20.0.0 255.255.0.0
default-group-policy policy_1
gateway gateway_1
inservice
end
#3: Test from Pix to router:
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: X.X.21.29
Type : user Role : initiator
Rekey : no State : MM_WAIT_MSG2
>>DEBUG:
Oct 22 12:07:14 pix535:Oct 22 12:20:28 EDT: %PIX-vpn-3-713902: IP = X.X.21.29, Removing peer from peer table failed, no match!
Oct 22 12:07:14 pix535 :Oct 22 12:20:28 EDT: %PIX-vpn-4-713903: IP = X.X.21.29, Error: Unable to remove PeerTblEntry
#4: test from router to pix:
LA-2800#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
X.X.138.132 X.X.216.29 MM_KEY_EXCH 1017 0 ACTIVE
>>debug
LA-2800#ping 10.1.1.7 source 10.20.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.7, timeout is 2 seconds:
Packet sent with a source address of 10.20.1.1
Oct 22 16:24:33.945: ISAKMP:(0): SA request profile is (NULL)
Oct 22 16:24:33.945: ISAKMP: Created a peer struct for X.X.138.132, peer port 500
Oct 22 16:24:33.945: ISAKMP: New peer created peer = 0x488B25C8 peer_handle = 0x80000013
Oct 22 16:24:33.945: ISAKMP: Locking peer struct 0x488B25C8, refcount 1 for isakmp_initiator
Oct 22 16:24:33.945: ISAKMP: local port 500, remote port 500
Oct 22 16:24:33.945: ISAKMP: set new node 0 to QM_IDLE
Oct 22 16:24:33.945: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 487720A0
Oct 22 16:24:33.945: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
Oct 22 16:24:33.945: ISAKMP:(0):found peer pre-shared key matching 70.169.138.132
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-07 ID
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-03 ID
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-02 ID
Oct 22 16:24:33.945: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
Oct 22 16:24:33.945: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1
Oct 22 16:24:33.945: ISAKMP:(0): beginning Main Mode exchange
Oct 22 16:24:33.945: ISAKMP:(0): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_NO_STATE
Oct 22 16:24:33.945: ISAKMP:(0):Sending an IKE IPv4 Packet.
Oct 22 16:24:34.049: ISAKMP (0:0): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_NO_STATE
Oct 22 16:24:34.049: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Oct 22 16:24:34.049: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM2
Oct 22 16:24:34.049: ISAKMP:(0): processing SA payload. message ID = 0
Oct 22 16:24:34.049: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.049: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Oct 22 16:24:34.049: ISAKMP:(0): vendor ID is NAT-T v2
Oct 22 16:24:34.049: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.049: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch
Oct 22 16:24:34.053: ISAKMP:(0):found peer pre-shared key matching 70.169.138.132
Oct 22 16:24:34.053: ISAKMP:(0): local preshared key found
Oct 22 16:24:34.053: ISAKMP : Scanning profiles for xauth ...
Oct 22 16:24:34.053: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
Oct 22 16:24:34.053: ISAKMP: encryption DES-CBC
Oct 22 16:24:34.053: ISAKMP: hash SHA
Oct 22 16:24:34.053: ISAKMP: default group 1
Oct 22 16:24:34.053: ISAKMP: auth pre-share
Oct 22 16:24:34.053: ISAKMP: life type in seconds
Oct 22 16:24:34.053: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
Oct 22 16:24:34.053: ISAKMP:(0):atts are acceptable. Next payload is 0
Oct 22 16:24:34.053: ISAKMP:(0):Acceptable atts:actual life: 0
Oct 22 16:24:34.053: ISAKMP:(0):Acceptable atts:life: 0
Oct 22 16:24:34.053: ISAKMP:(0):Fill atts in sa vpi_length:4
Oct 22 16:24:34.053: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
Oct 22 16:24:34.053: ISAKMP:(0):Returning Actual lifetime: 86400
Oct 22 16:24:34.053: ISAKMP:(0)::Started lifetime timer: 86400.
Oct 22 16:24:34.053: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.053: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Oct 22 16:24:34.053: ISAKMP:(0): vendor ID is NAT-T v2
Oct 22 16:24:34.053: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.053: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch
Oct 22 16:24:34.053: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Oct 22 16:24:34.053: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2
Oct 22 16:24:34.057: ISAKMP:(0): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_SA_SETUP
Oct 22 16:24:34.057: ISAKMP:(0):Sending an IKE IPv4 Packet.
Oct 22 16:24:34.057: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Oct 22 16:24:34.057: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3
Oct 22 16:24:34.181: ISAKMP (0:0): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_SA_SETUP
Oct 22 16:24:34.181: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Oct 22 16:24:34.181: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4
Oct 22 16:24:34.181: ISAKMP:(0): processing KE payload. message ID = 0
Oct 22 16:24:34.217: ISAKMP:(0): processing NONCE payload. message ID = 0
Oct 22 16:24:34.217: ISAKMP:(0):found peer pre-shared key matching X.X.138.132
Oct 22 16:24:34.217: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.217: ISAKMP:(1018): vendor ID is Unity
Oct 22 16:24:34.217: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.217: ISAKMP:(1018): vendor ID seems Unity/DPD but major 55 mismatch
Oct 22 16:24:34.217: ISAKMP:(1018): vendor ID is XAUTH
Oct 22 16:24:34.217: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.217: ISAKMP:(1018): speaking to another IOS box!
Oct 22 16:24:34.221: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.221: ISAKMP:(1018):vendor ID seems Unity/DPD but hash mismatch
Oct 22 16:24:34.221: ISAKMP:received payload type 20
Oct 22 16:24:34.221: ISAKMP:received payload type 20
Oct 22 16:24:34.221: ISAKMP:(1018):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Oct 22 16:24:34.221: ISAKMP:(1018):Old State = IKE_I_MM4 New State = IKE_I_MM4
Oct 22 16:24:34.221: ISAKMP:(1018):Send initial contact
Oct 22 16:24:34.221: ISAKMP:(1018):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
Oct 22 16:24:34.221: ISAKMP (0:1018): ID payload
next-payload : 8
type : 1
address : X.X.216.29
protocol : 17
port : 500
length : 12
Oct 22 16:24:34.221: ISAKMP:(1018):Total payload length: 12
Oct 22 16:24:34.221: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:24:34.221: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:24:34.225: ISAKMP:(1018):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Oct 22 16:24:34.225: ISAKMP:(1018):Old State = IKE_I_MM4 New State = IKE_I_MM5
Oct 22 16:24:38.849: ISAKMP:(1017):purging node 198554740
Oct 22 16:24:38.849: ISAKMP:(1017):purging node 812380002
Oct 22 16:24:38.849: ISAKMP:(1017):purging node 773209335..
Success rate is 0 percent (0/5)
LA-2800#
Oct 22 16:24:44.221: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:24:44.221: ISAKMP (0:1018): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
Oct 22 16:24:44.221: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:24:44.221: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:24:44.221: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:24:44.317: ISAKMP (0:1018): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_KEY_EXCH
Oct 22 16:24:44.317: ISAKMP:(1018): phase 1 packet is a duplicate of a previous packet.
Oct 22 16:24:44.321: ISAKMP:(1018): retransmission skipped for phase 1 (time since last transmission 96)
Oct 22 16:24:48.849: ISAKMP:(1017):purging SA., sa=469BAD60, delme=469BAD60
Oct 22 16:24:52.313: ISAKMP (0:1018): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_KEY_EXCH
Oct 22 16:24:52.313: ISAKMP:(1018): phase 1 packet is a duplicate of a previous packet.
Oct 22 16:24:52.313: ISAKMP:(1018): retransmitting due to retransmit phase 1
Oct 22 16:24:52.813: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:24:52.813: ISAKMP (0:1018): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
Oct 22 16:24:52.813: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:24:52.813: ISAKMP:(1018): sending packet to X.X138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:24:52.813: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:24:52.913: ISAKMP:(1018): phase 1 packet is a duplicate of a previous packet.
Oct 22 16:24:52.913: ISAKMP:(1018): retransmission skipped for phase 1 (time since last transmission 100)
Oct 22 16:25:00.905: ISAKMP (0:1018): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_KEY_EXCH
Oct 22 16:25:00.905: ISAKMP: set new node 422447177 to QM_IDLE
Oct 22 16:25:03.941: ISAKMP:(1018):SA is still budding. Attached new ipsec request to it. (local 1X.X.216.29, remote X.X.138.132)
Oct 22 16:25:03.941: ISAKMP: Error while processing SA request: Failed to initialize SA
Oct 22 16:25:03.941: ISAKMP: Error while processing KMI message 0, error 2.
Oct 22 16:25:12.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:25:12.814: ISAKMP (0:1018): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
Oct 22 16:25:12.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:25:12.814: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:25:12.814: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:25:22.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:25:22.814: ISAKMP (0:1018): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
Oct 22 16:25:22.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:25:22.814: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:25:22.814: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:25:32.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:25:32.814: ISAKMP:(1018):peer does not do paranoid keepalives.
Oct 22 16:25:32.814: ISAKMP:(1018):deleting SA reason "Death by retransmission P1" state (I) MM_KEY_EXCH (peer 70.169.138.132)
Oct 22 16:25:32.814: ISAKMP:(1018):deleting SA reason "Death by retransmission P1" state (I) MM_KEY_EXCH (peer 70.169.138.132)
Oct 22 16:25:32.814: ISAKMP: Unlocking peer struct 0x488B25C8 for isadb_mark_sa_deleted(), count 0
Oct 22 16:25:32.814: ISAKMP: Deleting peer node by peer_reap for X.X.138.132: 488B25C8
Oct 22 16:25:32.814: ISAKMP:(1018):deleting node 1112432180 error FALSE reason "IKE deleted"
Oct 22 16:25:32.814: ISAKMP:(1018):deleting node 422447177 error FALSE reason "IKE deleted"
Oct 22 16:25:32.814: ISAKMP:(1018):deleting node -278980615 error FALSE reason "IKE deleted"
Oct 22 16:25:32.814: ISAKMP:(1018):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Oct 22 16:25:32.814: ISAKMP:(1018):Old State = IKE_I_MM5 New State = IKE_DEST_SA
Oct 22 16:26:22.816: ISAKMP:(1018):purging node 1112432180
Oct 22 16:26:22.816: ISAKMP:(1018):purging node 422447177
Oct 22 16:26:22.816: ISAKMP:(1018):purging node -278980615
Oct 22 16:26:32.816: ISAKMP:(1018):purging SA., sa=487720A0, delme=487720A0
****** The PIX is also used VPN client access , such as Cicso VPN client 5.0, working fine ; Router is used as SSL VPN server, working too
I know there are lots of data here, hopefully these data may be useful for diagnosis purpose.
Any suggestions and advices are greatly appreciated.
SeanHi Sean,
Current configuration:
On the PIX:
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer X.X.21.29
crypto map outside_map 1 set transform-set ESP-DES-SHA
crypto map outside_map 1 set security-association lifetime seconds 28800
crypto map outside_map 1 set security-association lifetime kilobytes 4608000
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
access-list outside_1_cryptomap extended permit ip 10.1.0.0 255.255.0.0 10.20.0.0 255.255.0.0
tunnel-group X.X.21.29 type ipsec-l2l
tunnel-group X.X.21.29 ipsec-attributes
pre-shared-key SECRET
On the Router:
crypto isakmp policy 1
authentication pre-share
crypto map la-2800-ipsec-policy 1 ipsec-isakmp
description vpn ipsec policy
set peer X.X.138.132
set transform-set la-2800-trans-set
match address 101
access-list 101 permit ip 10.20.0.0 0.0.0.255 10.1.0.0 0.0.255.255
crypto ipsec transform-set la-2800-trans-set esp-des esp-sha-hmac
crypto isakmp key SECRET address X.X.138.132 no-xauth
Portu.
Please rate any helpful posts
Message was edited by: Javier Portuguez -
Click wheel ipod and vista question
Hello, I have a 4G click wheel 40 gig ipod (updater version 3.1.1) and I have been using my mothers computer which has windows xp and i haven't upgraded itunes to the version 8. I was given a new computer (32 bit) which is running windows vista basic. My question is am I going to have problems with using vista basic and my older ipod? I have heard that it was turning older ipods into bricks and have been scared to transfer everything over to the new computer.
Also, I am using it with an Alpine KCA-420i (got it the same time as the ipod) in the truck, and it worked great for a while and for the past two years it freezes up, skips songs or just won't work and was wandering if it was due to upgrading itunes? The last time the ipod was updated was for the version it is running now.
I am trying to be careful with my ipod since it got frozen during an ice storm (no electricity for nine days) and left in the truck in bellow freezing temps for a couple of hours. The hard drive didn't appreciate it and is now not really working all that great. clicking, whirling ,grinding noises ya give it a couple good whacks on the back or sides it starts to work again. I read some post on reformatting the disk, last time i tried it the ipod froze but now i am going to try again. I did the diagnostic mode solution and it keeps getting frozen in the HDD scan.
Sorry this is long, but if anybody has any suggestions or answers that would be greatly appreciated. Thank you.
CinamonI don't have a guide or anything, but it is almost as easy as replacing it with another hard drive, and there are online guides for doing that, for example
http://www.ifixit.com/Guide/Device/iPod4th_Generation_orPhoto
Be sure to use those plastic tools. If you use metal ones, you will damage the iPod's case.
And it's a Compact Flash card that I used, not an SD card (which is smaller). Compact Flash cards 16GB and below are getting affordable (if you shop around online), although 32GB and higher ones are still expensive. 4GB cards are very cheap, so you may want to try it with one of those, to confirm it works, since it is always possible there are other problems with your iPod.
1. Get one of these adapters, or equivalent. It's $5 with shipping included.
[CF Compact-Flash SSD To Toshiba IPod 1.8 inch Adapter|http://cgi.ebay.com/CF-Compact-Flash-SSD-To-Toshiba-IPod-1-8-inch-Adapt erW0QQitemZ180303249125QQcmdZViewItemQQptZPCA_Cables_Adapters?hash=item29fae93ee5& _trksid=p3911.c0.m14&trkparms=72%3A1240%7C66%3A2%7C65%3A12%7C39%3A1%7C240%3A1318%7C301%3A1%7C293%3A2% 7C294%3A50]
The listing above on eBay is the same item from the same seller as the one I bought.
2. It fits in the iPod case with only one minor mod. There is a pair of jumper pins, used for the master/slave setting; you can see it on the image in the listing (on the left side). You want it with the jumper ON, for the master setting. It sticks out too much, so I just bent the pins 90 degrees with needle nose pliers, and the jumper still fits. If your 4G iPod is the 40GB model, it has the thicker drive and case, so it may fit fine without bending it over.
3. Connect the Compact Flash card to the adapter and connect the adapter where the 1.8-inch hard drive was connected. You need to put something non-conducting between the logic board and the adapter/CF card. A stiff piece of paper (like a business card) would work; I cut a piece of clear plastic from the +impossible to open without hurting yourself+ packaging material that most tech products come packed in these days. Cut it to the right rectangle shape to fit between the logic board and adapter/CF card without sliding around.
4. The adapter plus CF Card is much smaller than the hard drive, so you need to fill that space to avoid it rattling around. Cardboard pieces would work, but if you want to take advantage of the lighter weight, get something light. I used some of that flexible foamy packing sheets that are used to wrap around delicate items for shipping. I cut appropriate size pieces to take up the extra space. I put one layer between the adapter/CF card and the logic board and the rest between the adapter/CF card and the metal half of the case.
Then, you just connect the iPod and run a Restore, as if it was a regular 4G iPod. The three key advantages are better shock resistance, lighter weight, and no drive spin-up delay. The only real disadvantage is lower capacity, unless you get a more expensive CF card with higher capacity.
Note to other readers: I also tried this retrofit with an older 3rd gen iPod. It did not work for me and the parts I used; I could not get the iPod to format or restore with the Compact Flash card inside.
Maybe you are looking for
-
Importing favourites folder as a whole from backup to Firefox
I have recently reloaded windows and wish to import my favourites folder that is in a backup folder on my C drive to Firefox but I seem unable to do this. Even as single files using the import/export facility under 'bookmarks'. Please could you help?
-
Drives stopped mounting with FW800, but FW400 is OK. Worked OK before, but won't now. Tried new cables, zapping pram, Disk Repair Utility. Any suggestions? Thanks.
-
ps cs6 on mac. since installing yosemite, when working on an image if i want to change tool, via shortcut or wacom pen click, i now have to click on the image title bar, how can i fix this ?
-
Netflix streaming blocked, is there a workaround?
I just upgrade from a Gen 1 iPad to a new iPad Air2. On the Gen 1 I was able to stream Netflix during lunch with the netflix app. Other folks around me on this same network no longer could on their PCs or iPhones. Bring the brand new Air to work toda
-
Can anyone help with a problem transferring purchased music PC to mac?
I have recently moved from a PC to a macbook pro, and have previously purchased 10 or so albums from iTunes store that quite happily updated to my iPod so that I could play them. I used iPodutil to transfer all of my music to my new mac iTunes librar