WRT54GS VPN Connection Issues: Error code 87
Hello experts,
I have unsuccessfully tried to help my wife connect her XP laptop to her work VPN over our home wi-fi network. I have a WRT54GS v.4 router with the latest firmware, WPA2 encryption. It connects to the VPN just fine but is unable to ping any internal IP addresses and I get the following log message everytime.
1 09:58:43.546 10/10/09 Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route: code 87
Destination 192.168.1.255
Netmask 255.255.255.255
Gateway 192.168.1.1
Interface 192.168.1.237
2 09:58:43.546 10/10/09 Sev=Warning/2 CM/0xA3100024
Unable to add route. Network: c0a801ff, Netmask: ffffffff, Interface: c0a801ed, Gateway: c0a80101.
I have tried the following troubleshooting tasks:
a) Plugged her laptop directly to the cable modem >> Works like a charm which makes me think it has got to be a router issue.
b) Reset to factory defaults, tried running it without any encryption, tried running it in DMZ mode >> No joy, still get the same above error message in the VPN log.
c) Opened up ports 500 and 1723 for TCP/IP and UDP with her laptop's IP address >> Still no luck.
All passthrough options are enabled for VPN in the router's config interface. I have also tried disabling the router's firewall.
I am at my wit's end here guys. Is it possible that the WRT54GS isn't VPN friendly (although it seems very unlikely) and I just have to get another router? Any help is appreciated.
Edit: The VPN server is IPSec/UDP
Message Edited by sidewinder_us on 10-10-2009 07:36 AM
No, I wasn't trying to ping my router from the VPN connection, I was trying to ping the VPN host server at the office for troubleshooting purposes and the request times out everytime. I am still getting the error message in the log "AddRoute failed to add a route: code 87". I disabled "Block Anonymous Internet Requests" like you said but it didn't make any difference. I am able to ping the computer's IP address assigned by the VPN but I can't ping the host server or anything else.
It's basically connecting to the VPN but not connecting as in I can't do anything on the VPN like access local folders or run a specific software called eClinicalWorks which works fine from the office.
If I plug the laptop directly to the cable modem, I don't get that error message in the VPN client's log anymore and everything works fine.
Message Edited by sidewinder_us on 10-12-2009 03:14 PM
Similar Messages
-
Problem: Failed to open the connection. Error Code 0x800002F4 (-2147482892)
Problem: Failed to open the connection. Error Code 0x800002F4 (-2147482892)
This is on two (2) separate machines. These are NEW INSTALLATION development work stations (laptops). One is Vista (Visual Studio 2008 / Crystal Reports 2008), and the other is Windows XP Pro (Visual Studio 2003 / Crystal Reports XI R1).
I am using EXISTING CODE (established over several years), and EXISTING REPORTS (established over several years). Old development station was XP Pro, as above, and still exists, and still works fine.
I can open the report in Crystal, and see the results just fine. Data for the report is obtained via ODBC.
Can someone identity the actual error by the Error Code above, and advise. Thanks You in Advance.Ok, so let's start at step 1:
SP 1 just released and I'd recommend applying that. The SO is available from here:
https://smpdl.sap-ag.de/~sapidp/012002523100010503722008E/cr2008_sp1.exe
For future reference, msm matching the above SP is here:
https://smpdl.sap-ag.de/~sapidp/012002523100011715292008E/cr121_mm.zip
and msi is here:
https://smpdl.sap-ag.de/~sapidp/012002523100011722132008E/cr121_redist_install.zip
Step 2: a few questions:
a) I am not sure what CR SDK you are using; RDC, .NET? I suspect that you are using the CR assemblies for .NET, but do confirm.
b) what is the database you are connecting to?
c) is this a web or a win app?
Step 3: As the error can mean any number of things (to me it's just means something went wrong during the attempt to connect to the database...), the solution may vary, however the troubleshooting steps remain quite consistent:
1) Do make sure the report is indeed working in the CR 2008 designer (e.g.; make sure "saved data" is not enabled.
2) Try a simple new windows app with one of your reports. See if you have a report with no subreports and use it
3) If that works, use a report with subreports
4) If the above does not work in (1) above, create a new report to the same ODBC connection, do not code any database connection - let the report prompt for the logon parameter (PWD)
5) Run the new report in your new app, enter the PWD when prompted
6) If this works, add your database logon code
7) If that works, add your original report (again, preferably with no subreports)
8) If that fails, ensure that the subreport and main report use the same database connection type (ODBC)
9) If it works, see if you can determine the difference between your old app and the new app.
Ludek -
Hello,
we are currently migrating from Windows Server 2012 to 2012 R2 and are not able to get the new Direct Access Service up and running. Our goal is to establish DirectAccess connection for a handful of clients using the IPHTTPS-adapter on the default port 443.
Errors:
There is actually no error showing up. It seems the infrastructure tunnel cannot be created but none of the IPv6-transition adapters is connecting (teredo and 6-to-4 are down) and the IPHTTPs adapter gives no informations about a problem:
>Get-DAConnectionStatus
Status : Error
Substatus : CouldNotContactDirectAccessServer
>Get-NetIPHttpsState
LastErrorCode : 0x0
InterfaceStatus : Failed to connect to the IPHTTPS server; waiting to reconnect
Setup:
Our setup is a virtualized Windows Server 2012 R2 Standard running on Hyper-V. It is located behind a NAT having the Port 443 mapped to the server. The only role installed after the basic install is RRAS including DirectAccess and VPN. The assistants completed
successfully (running the configuration for DirectAccess and VPN). Operation Status says everything is green und working (for multiple days in the meanwhile). A previous direct access installation (on a different machine running Windows Server 2012) has
been removed before installing the new server. The new installation is using a different router, so this might also be the cause of a problem.
The client is a Windows 8.1 notebook located outside the company network accessing the internet through another NAT-device. The client has been able to connect to the previous DirectAccess setup but has never been able to establish a connection after the
setup of the new Direct Access server. The device has no outbound constraints concerning the NAT-device and is only running the integrated Windows Firewall.
Diagnosis:
So far I've done some basic DNS and connectivity checks. The DNS-name can be resolved correctly and the router even responds to pings. The port forward is working and HTTPs connections are generally possible (temporarily routed the port to
access the NLS-Website located on the server, which worked fine).
Network monitor shows that both computers are communicating, traffic on the expected Port 443 is incoming on the server and responses from the server reach the client.
Opening the IPHTTPs-url and in an endless page load. Sometime the browser page closes but I've never seen any result. Using telnet on the port shows that the server is accepting connections. I've even build a small test application that does a GET-Request
on the URL returning HTTP-200 and no content.
I'm currently running out of ideas what to do and since no error occurs this is kind of a bit frustrating. Any help appreciated.
Regards
MatthiasHi,
In addition, have you disabled the DA client components on the DA client? If no, please also check
the settings on the Name Resolution Policy Table.
More information:
DirectAccess
Client Location Awareness – NRPT Name Resolution
In addition, error 0x4C9 means the remote computer refused the network connection. It may be due to the invalid
registry or corrupt drivers. For more detailed information, please refer to the link below:
Error 1225 - Error Code 0x4C9
Note:
Microsoft is providing this information as a convenience to you. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Best regards,
Susie -
Macbook Pro Retina & Mediasonic ProRAID USB 3 issue - Error Code -50
Hi everyone,
I have a Mediasonic ProRAID 4-bay container (model HFR2-SU3S2) connected to my new Macbook Pro Retina via USB 3.0 (using the replacement pc board supplied by Mediasonic that provides true USB 3 speeds for supported apple devices). It is currently connected through a USB 3 hub but the same issue occurred when I had it directly connected to the laptop.
I've noticed that when the laptop display goes to sleep (beyond the screen saver), when I return to do work and wake the display (a Dell 3011 30" connected using the apple dual link mini display adapter), the drive is mounted and I can browse the folder structure without a problem.
However, whenever I do anything to write to the volume, like to create a folder, I get 'Error Code -50', preventing me from writing. Similarly, if I try to work on an image stored on this volume from within Adobe Lightroom, for example, I get Write error messages as well.
I've found that the only short term fix is to unmount and powercycle the RAID box. Are there any other remedies that I can look into? I have my Macbook Pro configured to NOT spin down any hard drives nor does it go to sleep (other than the display) when connected to AC power.
Thanks in advance for any help!Your still within your 14 day no question asked return period.
IMO, I'd return it for a refund and BTO the 15.4" MB Pro without retina.
1. High Resoulution Antiglare WS (1680X1050)
2. Upgraded 7200 RPM drive (upgrade to SSD later)
I've read lots of post (here) about issues with the 1st Gen rMBP.
I've also read lots of positive articles in favor of the rMBP. -
My website was migrated to a new cloud server last week and after the move visitors to my site using Firefox have been intermittently receiving the following error when visiting a https:// url.
Secure Connection Failed
An error occurred during a connection to www.url.com
SSL peer rejected a handshake message for unacceptable content. (Error code: ssl_error_illegal_parameter_alert)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
Upon a few refreshes the page may load again but often very slowly and often not all images will load.
The web hosts have tried many things, have had cpanel techs check the server and even set up a new ssl certificate to try and resolve the problem with no luck.
Researching the internet shows that people have faced this issue when upgrading Firefox or with certain AntiVirus software conflicts.
However I can't tell all FF visitors to start altering their config files in order to be able to visit my site.
I don't understand how I didn't have this issue prior to the migration but now something has changed that no one knows how to resolve.
For reference: I am using FF 28.0 and I am not experiencing this SSL error on any other site other than my own since the migration.
Does anyone have any information on what the web host may be able to do to fix this SSL issue that only occurs for FireFox users?
Thank you for any suggestions you may be able to offer.Still experiencing this problem and hoping someone may have some ideas to try on the server.
-
Hello
I'm having troulbes accessing HP iLO with FF 36.0 on Ubuntu 14.04 LTS, getting the following error message:
====================================
Secure Connection Failed
An error occurred during a connection to 172.25.X.X. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
====================================
It seems to work with other browser such as Chromium, so the problem seems to be FF 36.0. Unfortunately, I don't have an "Add exception" button in FF that would allow me to bypass this warning.
I've already followed the following links:
https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
https://support.mozilla.org/en-US/kb/troubleshoot-extensions-themes-to-fix-problems
But I didn't managed to get it work. Any idea how to get it fixed?I have a better answer, upgrade to version 37 via bug 1138332
-
64bit vpn client issue /error :reason -442:failed to enable virtual adapter.
Hi All of you ,
I m using vpn client for windows64bit - file name - vpnclient-winx64-msi-5.0.07.0290-k9.exe and installing it on windows 2003 server .
But while connecting via vpn client to f/w , Virtual Adapter is taking the ip address but not connecting .getting error message on screen -
reason -442:failed to enable virtual adapter.
Is it possible some configuration or image issue from ASA as its first time we are trying to use 64bit OS , vpn client for 32bit OS working fine .
Below are the logs from vpn clinet when i tried to connect to ASA5520 . Version 7.0(8) -
Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.2.3790 Service Pack 2
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
1 15:38:03.921 01/27/11 Sev=Info/4 CM/0x63100002
Begin connection process
2 15:38:03.937 01/27/11 Sev=Info/4 CM/0x63100004
Establish secure connection
3 15:38:03.937 01/27/11 Sev=Info/4 CM/0x63100024
Attempt connection with server "203.199.30.190"
4 15:38:04.125 01/27/11 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
5 15:38:04.140 01/27/11 Sev=Info/4 CM/0x63100015
Launch xAuth application
6 15:38:09.515 01/27/11 Sev=Info/4 CM/0x63100017
xAuth application returned
7 15:38:09.515 01/27/11 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
8 15:38:10.562 01/27/11 Sev=Info/4 CM/0x63100019
Mode Config data received
9 15:38:10.781 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to enable the 64-bit VA after timeout
10 15:38:10.781 01/27/11 Sev=Warning/3 CVPND/0xE3400029
The Client failed to enable the Virtual Adapter on 64-bit Windows
11 15:38:10.781 01/27/11 Sev=Warning/2 CM/0xE310000A
The virtual adapter failed to enable
12 15:38:10.781 01/27/11 Sev=Info/6 CM/0x6310003A
Unable to restore route changes from file.
13 15:38:10.781 01/27/11 Sev=Info/6 CM/0x63100037
The routing table was returned to original state prior to Virtual Adapter
14 15:38:10.859 01/27/11 Sev=Info/4 CM/0x63100035
The Virtual Adapter was disabled
15 15:38:10.859 01/27/11 Sev=Warning/2 IKE/0xE300009B
Failed to active IPSec SA: Unable to enable Virtual Adapter (NavigatorQM:936)
16 15:38:10.859 01/27/11 Sev=Warning/2 IKE/0xE30000A7
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2263)
17 15:38:11.546 01/27/11 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "Unknown". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
18 15:38:11.546 01/27/11 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
19 15:38:11.578 01/27/11 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
20 15:38:40.953 01/27/11 Sev=Info/4 CM/0x63100002
Begin connection process
21 15:38:40.953 01/27/11 Sev=Warning/2 CVPND/0xA3400019
Error binding socket: -21. (DRVIFACE:1234)
22 15:38:40.968 01/27/11 Sev=Info/4 CM/0x63100004
Establish secure connection
23 15:38:40.968 01/27/11 Sev=Info/4 CM/0x63100024
Attempt connection with server "203.199.30.190"
24 15:38:41.156 01/27/11 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
25 15:38:41.171 01/27/11 Sev=Info/4 CM/0x63100015
Launch xAuth application
26 15:39:08.031 01/27/11 Sev=Info/4 CM/0x63100017
xAuth application returned
27 15:39:08.046 01/27/11 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
28 15:39:09.093 01/27/11 Sev=Info/4 CM/0x63100019
Mode Config data received
29 15:39:09.312 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
30 15:39:09.312 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
31 15:39:19.937 01/27/11 Sev=Warning/3 CVPND/0xA340000D
The virtual adapter was not recognized by the operating system.
32 15:39:19.937 01/27/11 Sev=Warning/2 CM/0xE310000A
The virtual adapter failed to enable
33 15:39:19.937 01/27/11 Sev=Info/6 CM/0x6310003A
Unable to restore route changes from file.
34 15:39:19.937 01/27/11 Sev=Info/6 CM/0x63100037
The routing table was returned to original state prior to Virtual Adapter
35 15:39:20.109 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
36 15:39:20.109 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
37 15:39:20.281 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
38 15:39:20.281 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
39 15:39:20.578 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
40 15:39:20.578 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
41 15:39:20.953 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
42 15:39:20.953 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
43 15:39:21.437 01/27/11 Sev=Info/4 CM/0x63100035
The Virtual Adapter was disabled
44 15:39:21.437 01/27/11 Sev=Warning/2 IKE/0xE300009B
Failed to active IPSec SA: Unable to enable Virtual Adapter (NavigatorQM:936)
45 15:39:21.437 01/27/11 Sev=Warning/2 IKE/0xE30000A7
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2263)
46 15:39:22.046 01/27/11 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "Unknown". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
47 15:39:22.046 01/27/11 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
48 15:39:22.062 01/27/11 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
release notes for vpn client 64bit -
http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client5007/release/notes/vpnclient5007.html#wp63537Hi Anisha ,
Exact version of OS is "Microsoft Windows Server 2003 x64" .
I need supported cisco vpn client for this OS .
=========
Thanx 4 reply .
Raj -
Custom WebAuth Issues "Error Code 1"
Hi All,
Being experimenting in the Custom Webauth uploads. The main problem I have is my company does not want to issue a username/password to each vistor so we just have a static credentials that change weekly. In the custom webauth this mean error code 1 is issued by the controller "the user is already logged in" Go Figure! All browsers apart from IE ignore this and redirect as normal. IE being the pain it is displays the message but does not redirect. This means the user goes into a constant login loop trying over and over again. But in fact they have already authenitcate and all they need do is browse away from the login.
Does anyone know how I can ignore error code 1 all together. Its funny the built in page doesn't even care about this and when I captured that and uploaded the failed login script stopped working. I guess different error codes are used when using a custom webauth.
Think Cisco need to update the templates anyway for the latest browsers.
Thanks,
DarrenI'm not sure if this would help, but could you use this command to stop the checks for multiple logins and hopefully not generate the error code? From the 7.0 config guide:
"config advanced eap max-login-ignore-identity-response {enable | disable}—When enabled, this command limits the number of devices that can be connected to the controller with the same username. You can log in up to eight times from different devices (PDA, laptop, IP phone, and so on) on the same controller. The default value is enabled." -
TCP Open Connection and Error Code 1
So, I have a client that is supposed to continuously try to connect to a server using TCP Open Connection.vi. When the connection is established, the loop is supposed to exit.
psuedocode for the loop I have is as follows (similar code, LV 7.1, exhibiting the same problem is attached)
while (error)
attempt to open connection
Pretty simple, right?
I've had no issues with servers written in LabVIEW, but when attempting to integrate with a server that was written in C, it appeared that the client created multiple connections. I have been able to reproduce this problem by writing a server with Java. The C server was on a remote machine, the Java server on a local. Both see different numbers of additional connections (3 for C, 2 for Java).
Looking at the error codes, I am getting a bunch of code 56 (timeout, expected) and the ocassional code 1 (unexpected). I have noticed that whenever I have this multiple connection problem, I show an error code 1 right before the valid connection attempt and loop exit. Is there someway that a connection is being established (or partially established), but labVIEW is still returning an error? Is there a better way to verify that a TCP connection was actually successful?
Here is example output from the attached code, it shows the error codes generated
56
56
56
1
56
56
56
56
56
56
56
1
56
56
56
56
56
56
56
1
Here is output from my Java code
[2006-05-24 15:43:23.556] - Begin Listening for Connection Attempts
[2006-05-24 15:43:23.587] - Accepting Connection
[2006-05-24 15:43:23.603] - Begin Listening for Connection Attempts
[2006-05-24 15:43:23.603] - Accepting Connection
Running ServerNIOConnection Thread
[2006-05-24 15:43:23.603] - Begin Listening for Connection Attempts
Running ServerNIOConnection Thread
Thanks,
Martin
Message Edited by mmathis2000 on 05-24-2006 05:50 PM
Attachments:
Sample Client.vi 21 KBHello,
I’m a little curious why you are setting up your client like
this. If it is your objective to just
have the client wait until a connection is made, why not just have the TCP
connect VI have timeout value of ‘-1’ meaning “do not timeout”. This will allow the built-in TCP event
structure to listen for connections and ‘wake up’ your program when a
connection is established. I say this,
because the error messages seem to be dependant on the timeout values. For example, wire in 1ms to the timeout and
see how the messages differ in timeouts as opposed to wiring in “2000” for the
timeout value. This is because the
Connect VI attempts a connection and waits only the specified timeout before
abandoning that attempt and continuing with another attempt. I’m betting in your case connecting to the
server takes longer than your timeout value, so the connection is initiated by
your LV client, the handshaking takes place, your server indicates that a
connection is being made, and sometime during this process your timeout expires
and LV tries the process again thus you see the multiple connections. Go ahead and try this as an experiment – take
your VI, and instead of using ‘localhost’ use the IP address of your favorite
website and change the remote port to port 80.
Change the timeout to -1 and wait for the connection, then change the timeout
to 1 and see all the timeout errors given.
Hopefully this answers your question, please let me know if
you have any additional questions or if this is inaccurate/unclear.
Travis M
LabVIEW R&D
National Instruments -
External HD issue Error code -36
I am unable to copy or move files to and from my lacie porsch external hd. I get the following message.
The Finder cannot complete the operation because some date in "grab-drop image.jpg" could not be read or written. (Error code -36).
any ideas? I have verified the drive it is fine and apps work off the drive. ITunes store will not download to the drive.
ThanksSometimes the iSight has been known to hijack the Firewire bus. I'd try to see if the problem persists with only the Porch drive connected via Firewire and nothing else. An error -36 is an input output error. It often happens also when a hard drive is extremely full.
-
ASA 5505 vpn connection issues
Hello I am having some issues with getting my vpn connection working on a new site. I get no internet connection when hooking up the asa. My current config is below. I have included a packet trace from my remote site to my main site. Any help would be appriciated, I am not very experanced in coniguring the devices.
hostname ciscoasa
domain-name .com
enable password w3iW.W8jLtqmhFnt encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 10.10.10.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 72.xxx.xx.xx 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name .com
access-list NONATACL extended permit ip 10.10.10.0 255.255.255.0 192.1.1.0 255.2
55.255.0
access-list VPNACL extended permit ip 10.10.10.0 255.255.255.0 192.1.1.0 255.255
.255.0
access-list OUTSIDEACL extended permit icmp any any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/flash
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NONATACL
nat (inside) 1 0.0.0.0 0.0.0.0
access-group OUTSIDEACL in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 inside
http 10.10.10.1 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESPDESMD5 esp-des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map VPNMAP 13 match address VPNACL
crypto map VPNMAP 13 set peer 68.xx.xxx.xxx
crypto map VPNMAP 13 set transform-set ESPDESMD5
crypto map VPNMAP interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 13
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
telnet 10.10.10.0 255.255.255.0 inside
telnet 192.1.1.0 255.255.255.0 outside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 192.1.1.6 192.1.1.4
dhcpd wins 192.1.1.6 192.1.1.4
dhcpd ping_timeout 750
dhcpd domain .com
dhcpd auto_config outside
dhcpd address 10.10.10.10-10.10.10.40 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
tunnel-group 76.xxx.xxx.xx type ipsec-l2l
tunnel-group 76.xxx.xxx.xx ipsec-attributes
pre-shared-key *
tunnel-group 68.xx.xxx.xxx type ipsec-l2l
tunnel-group 68.xx.xxx.xxx ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:229af8a14b475d91b876176163124158
: end
ciscoasa(config)#reciatedHello Belnet,
What do the logs show from the ASA.
Can you post them ??
Any other question..Sure..Just remember to rate all of the community answers.
Julio -
Cisco ASA 5505 Remote Access IP/Sec VPN Connectivity Issues
We have a Cisco ASA that we use just for Remote Access VPN. It uses UDP and was working fine for about 2 months. Recently clients have had intermittent issues when connecting from home. The following message is display by the Cisco VPN Client :
"Secure VPN connection terminated locally by the Client. Reason 412: The remote peer is no longer responding"
Upon looking at a client side packet capture, I notice that no response is being given back to the client for the udp packets sent to the ASA on udp 500. If I login to the ASA from the LAN and send a single ping FROM the ASA, then the client can connect without issue. I don't understand the significance of the needed outbound ping since ping is not used by the client to test if the ASA is alive.
Once again this is a remote access udp ip/sec VPN. I set most of it up with the VPN wizard and then backed up the config. The issue started happening at least a month after setup (maybe two) and I restored to the saved config just in-case, but the issue remains.
Any insight would be greatly appreciated.
I'm using IOS 831 and have tried 821 and 823 as one thread that I found recommended downgraded to 821.
Thanks much,
JustinJavier,
I logged into the ASA last time the VPN went down. I issued the following commands:
debug crypto isakmp 190
debug crypto ipsec 190
capture outside-cap interface outside match udp any any
I then used a remote access tool to access the client and tried to connect. I got absolutely nothing from debugging. So I issued the following command:
show capture outside | include 500
and also got nothing. So I issued the following command:
ping 4.2.2.2
Upon which my normal deug messaged began to showup, so I issued the show capture outside command again and recieved the expected output below:
1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 868
2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 444
3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 172
4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 76
5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 92
6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 76
7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 60
8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 204
9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 92
10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 252
11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 868
12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 444
13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 172
14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 76
15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 92
16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 76
17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 60
18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 204
19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 252
20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 1036
21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 92
22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 188
23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 60
34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 92
35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 92
70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000: udp 100
174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000: udp 500
377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000: udp 100 1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 868
2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 444
3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 172
4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 76
5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 92
6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 76
7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 60
8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 204
9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 92
10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 252
11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 868
12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 444
13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 172
14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 76
15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 92
16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 76
17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 60
18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 204
19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 252
20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 1036
21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 92
22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 188
23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 60
34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 92
35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 92
70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000: udp 100
174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000: udp 500
377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000: udp 100
It would seem as if no traffic reached the ASA until some outbound traffic to an arbitrary public IP. In this case I sent an echo request to a public DNS server. It seems almost like a state-table issue although I don't know how ICMP ties in.
Once again, any insight would be greatly appreciated.
Thanks,
Justin -
Secure Connection Failed
An error occurred during a connection to website name
Peer received a valid certificate, but access was denied.
(Error code: ssl_error_access_denied_alert)
# The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
# Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.Still experiencing this problem and hoping someone may have some ideas to try on the server.
-
Re: Cd/DVD drive issue - error code 39 on Satellite P series
Hi,
This is my first request for help.
My CD/DVD drive is no longer recognized and when I go to Device Manager and click on CD/DVD I am informed that the file cdrom.sys is there but cannot be loaded.
An error number 39 is reported.
Any advice would be greatly appreciated but please keep it simple to one line actions if possible.Of course you can get some advices ;)
I think you would find it faster if you would search in the forum firstly but I will try to help you too.
There error code 39 is very common issue and can be solved easy;
Check this MS knowledge base article:
http://support.microsoft.com/kb/314060/en-us
So firstly remove the CD/DVD drive from the device manager.
Then access the registry using the regedit command and remove the Upperfilters and Lowerfilters values completely from the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}
Reboot the notebook and wait till the CD/DVD drive was installed again.
Thats it. ;) -
IPad2, Verizon 3G, VPN Connectivity Issues
Greetings all. I am the systems administrator for my corporation and have seen an issue that I wish to present to the community for discussion.
For those enterprise users that have an iPad2 with Verizons 3G, are you experiencing connectivity issues while trying to connect to your VPNs from the 3G network? If so, have you found any work around to allow connectivity or does it work fine for you?
Here's a summary of my issues:
We have a VPN server built on Debian Linux that has been in operation for over four years. It handles remote VPN connections from Windows, Linux, Android, OS X, iOS, and from many different devices including multiple flavors of Apple products (iMacs, Minis, MacBooks, iPads, etc.). To date, it has performed flawlessly with assorted devices connecting to it through broadband and assorted 3G networks.
Recently I purchased an iPad2 with Verizon 3G. I was able to set up the VPN connection using PPTP and connect using a Wi-Fi connection. When I turned off the Wi-Fi and attempted the same connection via Verizon 3G, it fails. I then took an associates iPad1 using AT&T 3G, set up the same connection, and was able to connect. I don't have access to an iPad2 on AT&T 3G so, I can't speak for that.
Here's the logs from the VPN server while connecting from my iPad2:
Wi-Fi
Jul 27 05:20:43 localhost pppd[31694]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Jul 27 05:20:43 localhost pppd[31694]: pptpd-logwtmp: $Version$
Jul 27 05:20:43 localhost pppd[31694]: pppd 2.4.4 started by root, uid 0
Jul 27 05:20:43 localhost pppd[31694]: Using interface ppp2
Jul 27 05:20:43 localhost pppd[31694]: Connect: ppp2 <--> /dev/pts/4
Jul 27 05:20:46 localhost pppd[31694]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received
Jul 27 05:20:46 localhost pppd[31694]: found interface eth1 for proxy arp
Jul 27 05:20:46 localhost pppd[31694]: local IP address 192.168.1.69
Jul 27 05:20:46 localhost pppd[31694]: remote IP address 192.168.1.82
Jul 27 05:20:46 localhost pppd[31694]: pptpd-logwtmp.so ip-up ppp2 scott XXX.XXX.XXX.XXX (removed external IP for security reasons)
Quick connect, able to utilize VPN connection normally. No issues.
Verizon 3G
Jul 27 05:20:29 localhost pppd[31682]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Jul 27 05:20:29 localhost pppd[31682]: pptpd-logwtmp: $Version$
Jul 27 05:20:29 localhost pppd[31682]: pppd 2.4.4 started by root, uid 0
Jul 27 05:20:29 localhost pppd[31682]: Using interface ppp2
Jul 27 05:20:29 localhost pppd[31682]: Connect: ppp2 <--> /dev/pts/4
Jul 27 05:20:32 localhost pppd[31682]: peer refused to authenticate: terminating link
Jul 27 05:20:33 localhost pppd[31682]: Connection terminated.
Jul 27 05:20:33 localhost pppd[31682]: Exit.
As you can see, the peer refuses to authenticate causing the link to be terminated while attempting to connect using Verizons network. This is with the same VPN connection settings on the iPad2 that just worked with WiFi connection from the same device.
Here's what I can verify with regards to 3G networks:
Older (<4) iPhones and iPad1 using AT&T can connect
Windows and OS X based laptops using Sprint 3G can connect
Android based smart phones using Sprint 3G can connect
I have not called Verizon or Apple Support yet but, that's next when I have the time. My initial conclusion is that there is something with Verizons 3G services that is causing the issue. It may be that Verizon is using some sort of data compression process that is problematic with VPN transmission. While the log shows an unsupported IPv6 protocol when connecting via Wi-Fi, it still negotiates a successful connection and I don't think that's the root cause for the disconnect. Thoughts?Hi Alexander,
I am running in to the exact same issue (although not with Linux). Did you ever find a fix for this? I have some support tickets open with my VAR's, but found your post and thought I would check. If I find anything I will post.
Thanks
Stu
Maybe you are looking for
-
Follow up to recent posts regarding rendering problems
I've read all posts to Berrett below but can't seem to get my "Flip Video" camcorder (uses MPEG-4AVI) video into FCE without the rendering problem. I've tried to convert in two ways. Using MPEG Streamclip I transferred my video to my desktop using th
-
I previously posted a question regarding a blue box with a question mark in it being displayed instead of a picture. I have updated my Flash player and I have ensured that everything in the quicktime section of the system preferences was checked (exc
-
PLANNEDORDER_GETDETAIL Msg type how to create IDOC TYpe
I have copied the BO BUS2004 to a ZBUS2004 along with Messagt type ZPLANNEDORDER_GETDETAIL, FM ZBAPI_PLANNEDORDER_GET_DETAIL, what I cannot do if create a copy of the required IDOC TYPE. PLANNEDORDER_GETDETAIL01 does not exist, I want to make a ZPL
-
HT1222 Software update option not showing in settings option of my iPad 2
Software Update option not showing in settings of my iPad 2
-
Since downloading iOS8 (big mistake) onto my iPad the photos taken with the camera are terrible quality, very grainy. With iOS7 they were lovely and clear. Having most of the problems everyone else is having also.