WRT54GS VPN Connection Issues: Error code 87

Similar Messages

• Problem: Failed to open the connection. Error Code 0x800002F4 (-2147482892)

  Problem: Failed to open the connection. Error Code 0x800002F4 (-2147482892)
  This is on two (2) separate machines. These are NEW INSTALLATION development work stations (laptops). One is Vista (Visual Studio 2008 / Crystal Reports 2008), and the other is Windows XP Pro (Visual Studio 2003 / Crystal Reports XI R1).
  I am using EXISTING CODE (established over several years), and EXISTING REPORTS (established over several years). Old development station was XP Pro, as above, and still exists, and still works fine.
  I can open the report in Crystal, and see the results just fine. Data for the report is obtained via ODBC.
  Can someone identity the actual error by the Error Code above, and advise. Thanks You in Advance.

  Ok, so let's start at step 1:
  SP 1 just released and I'd recommend applying that. The SO is available from here:
  https://smpdl.sap-ag.de/~sapidp/012002523100010503722008E/cr2008_sp1.exe
  For future reference, msm matching the above SP is here:
  https://smpdl.sap-ag.de/~sapidp/012002523100011715292008E/cr121_mm.zip
  and msi is here:
  https://smpdl.sap-ag.de/~sapidp/012002523100011722132008E/cr121_redist_install.zip
  Step 2: a few questions:
  a) I am not sure what CR SDK you are using; RDC, .NET? I suspect that you are using the CR assemblies for .NET, but do confirm.
  b) what is the database you are connecting to?
  c) is this a web or a win app?
  Step 3:  As the error can mean any number of things (to me it's just means something went wrong during the attempt to connect to the database...), the solution may vary, however the troubleshooting steps remain quite consistent:
  1) Do make sure the report is indeed working in the CR 2008 designer (e.g.; make sure "saved data" is not enabled.
  2) Try a simple new windows app with one of your reports. See if you have a report with no subreports and use it
  3) If that works, use a report with subreports
  4) If the above does not work in (1) above, create a new report to the same ODBC connection, do not code any database connection - let the report prompt for the logon parameter (PWD)
  5) Run the new report in your new app, enter the PWD when prompted
  6) If this works, add your database logon code
  7) If that works, add your original report (again, preferably with no subreports)
  8) If that fails, ensure that the subreport and main report use the same database connection type (ODBC)
  9) If it works, see if you can determine the difference between your old app and the new app.
  Ludek

• DirectAccess Client not connecting without error code on Windows Server 2012 R2 and Windows 8.1

  Hello,
  we are currently migrating from Windows Server 2012 to 2012 R2 and are not able to get the new Direct Access Service up and running. Our goal is to establish DirectAccess connection for a handful of clients using the IPHTTPS-adapter on the default port 443.
  Errors:
  There is actually no error showing up. It seems the infrastructure tunnel cannot be created but none of the IPv6-transition adapters is connecting (teredo and 6-to-4 are down) and the IPHTTPs adapter gives no informations about a problem:
  >Get-DAConnectionStatus
  Status    : Error
  Substatus : CouldNotContactDirectAccessServer
  >Get-NetIPHttpsState
  LastErrorCode   : 0x0
  InterfaceStatus : Failed to connect to the IPHTTPS server; waiting to reconnect
  Setup:
  Our setup is a virtualized Windows Server 2012 R2 Standard running on Hyper-V. It is located behind a NAT having the Port 443 mapped to the server. The only role installed after the basic install is RRAS including DirectAccess and VPN. The assistants completed
  successfully (running the configuration for DirectAccess and VPN). Operation Status says everything is green und working (for multiple days in the meanwhile). A previous direct access installation (on a different machine running Windows Server 2012) has
  been removed before installing the new server. The new installation is using a different router, so this might also be the cause of a problem.
  The client is a Windows 8.1 notebook located outside the company network accessing the internet through another NAT-device. The client has been able to connect to the previous DirectAccess setup but has never been able to establish a connection after the
  setup of the new Direct Access server. The device has no outbound constraints concerning the NAT-device and is only running the integrated Windows Firewall.
  Diagnosis:
  So far I've done some basic DNS and connectivity checks. The DNS-name can be resolved correctly and the router even responds to pings. The port forward is working and HTTPs connections are generally possible (temporarily routed the port to
  access the NLS-Website located on the server, which worked fine).
  Network monitor shows that both computers are communicating, traffic on the expected Port 443 is incoming on the server and responses from the server reach the client.
  Opening the IPHTTPs-url and in an endless page load. Sometime the browser page closes but I've never seen any result. Using telnet on the port shows that the server is accepting connections. I've even build a small test application that does a GET-Request
  on the URL returning HTTP-200 and no content.
  I'm currently running out of ideas what to do and since no error occurs this is kind of a bit frustrating. Any help appreciated.
  Regards
  Matthias

  Hi,
  In addition, have you disabled the DA client components on the DA client? If no, please also check
  the settings on the Name Resolution Policy Table.
  More information:
  DirectAccess
  Client Location Awareness – NRPT Name Resolution
  In addition, error 0x4C9 means the remote computer refused the network connection. It may be due to the invalid
  registry or corrupt drivers. For more detailed information, please refer to the link below:
  Error 1225 - Error Code 0x4C9
  Note:
  Microsoft is providing this information as a convenience to you. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Best regards,
  Susie

• Macbook Pro Retina & Mediasonic ProRAID USB 3 issue - Error Code -50

  Hi everyone,
  I have a Mediasonic ProRAID 4-bay container (model HFR2-SU3S2) connected to my new Macbook Pro Retina via USB 3.0 (using the replacement pc board supplied by Mediasonic that provides true USB 3 speeds for supported apple devices). It is currently connected through a USB 3 hub but the same issue occurred when I had it directly connected to the laptop.
  I've noticed that when the laptop display goes to sleep (beyond the screen saver), when I return to do work and wake the display (a Dell 3011 30" connected using the apple dual link mini display adapter), the drive is mounted and I can browse the folder structure without a problem.
  However, whenever I do anything to write to the volume, like to create a folder, I get 'Error Code -50', preventing me from writing. Similarly, if I try to work on an image stored on this volume from within Adobe Lightroom, for example, I get Write error messages as well.
  I've found that the only short term fix is to unmount and powercycle the RAID box. Are there any other remedies that I can look into? I have my Macbook Pro configured to NOT spin down any hard drives nor does it go to sleep (other than the display) when connected to AC power.
  Thanks in advance for any help!

  Your still within your 14 day no question asked return period. 
  IMO, I'd return it for a refund and BTO the 15.4" MB Pro without retina.
  1.  High Resoulution Antiglare WS (1680X1050)
  2.  Upgraded 7200 RPM drive (upgrade to SSD later)
  I've read lots of post (here) about issues with the 1st Gen rMBP.
  I've also read lots of positive articles in favor of the rMBP.

• Secure Connection Failed: Error code: ssl_error_illegal_parameter_alert - New problem after website moved to new server.

  My website was migrated to a new cloud server last week and after the move visitors to my site using Firefox have been intermittently receiving the following error when visiting a https:// url.
  Secure Connection Failed
  An error occurred during a connection to www.url.com
  SSL peer rejected a handshake message for unacceptable content. (Error code: ssl_error_illegal_parameter_alert)
  The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
  Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
  Upon a few refreshes the page may load again but often very slowly and often not all images will load.
  The web hosts have tried many things, have had cpanel techs check the server and even set up a new ssl certificate to try and resolve the problem with no luck.
  Researching the internet shows that people have faced this issue when upgrading Firefox or with certain AntiVirus software conflicts.
  However I can't tell all FF visitors to start altering their config files in order to be able to visit my site.
  I don't understand how I didn't have this issue prior to the migration but now something has changed that no one knows how to resolve.
  For reference: I am using FF 28.0 and I am not experiencing this SSL error on any other site other than my own since the migration.
  Does anyone have any information on what the web host may be able to do to fix this SSL issue that only occurs for FireFox users?
  Thank you for any suggestions you may be able to offer.

  Still experiencing this problem and hoping someone may have some ideas to try on the server.

• Secure Connection Failed (Error code: sec_error_ca_cert_invalid)

  Hello
  I'm having troulbes accessing HP iLO with FF 36.0 on Ubuntu 14.04 LTS, getting the following error message:
  ====================================
  Secure Connection Failed
  An error occurred during a connection to 172.25.X.X. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)
  The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
  Please contact the website owners to inform them of this problem.
  ====================================
  It seems to work with other browser such as Chromium, so the problem seems to be FF 36.0. Unfortunately, I don't have an "Add exception" button in FF that would allow me to bypass this warning.
  I've already followed the following links:
  https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
  https://support.mozilla.org/en-US/kb/troubleshoot-extensions-themes-to-fix-problems
  But I didn't managed to get it work. Any idea how to get it fixed?

  I have a better answer, upgrade to version 37 via bug 1138332

• 64bit vpn client issue /error :reason -442:failed to enable virtual adapter.

  Hi All of you ,
  I m using vpn client for windows64bit  -  file name - vpnclient-winx64-msi-5.0.07.0290-k9.exe and installing it on windows 2003 server .
  But while connecting via vpn client to f/w , Virtual Adapter is taking the ip address but not connecting .getting error message on screen -
  reason -442:failed to enable virtual adapter.
  Is it possible some configuration or image issue from ASA as its first time we are trying to use 64bit OS , vpn client for 32bit OS working fine .
  Below are the logs from vpn clinet when i tried to connect to ASA5520 . Version 7.0(8) -
  Cisco Systems VPN Client Version 5.0.07.0290
  Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
  Client Type(s): Windows, WinNT
  Running on: 5.2.3790 Service Pack 2
  Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
  1      15:38:03.921  01/27/11  Sev=Info/4 CM/0x63100002
  Begin connection process
  2      15:38:03.937  01/27/11  Sev=Info/4 CM/0x63100004
  Establish secure connection
  3      15:38:03.937  01/27/11  Sev=Info/4 CM/0x63100024
  Attempt connection with server "203.199.30.190"
  4      15:38:04.125  01/27/11  Sev=Info/4 CM/0x6310000E
  Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
  5      15:38:04.140  01/27/11  Sev=Info/4 CM/0x63100015
  Launch xAuth application
  6      15:38:09.515  01/27/11  Sev=Info/4 CM/0x63100017
  xAuth application returned
  7      15:38:09.515  01/27/11  Sev=Info/4 CM/0x6310000E
  Established Phase 1 SA.  1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
  8      15:38:10.562  01/27/11  Sev=Info/4 CM/0x63100019
  Mode Config data received
  9      15:38:10.781  01/27/11  Sev=Warning/2 CVPND/0xE340002C
  Unable to enable the 64-bit VA after timeout
  10     15:38:10.781  01/27/11  Sev=Warning/3 CVPND/0xE3400029
  The Client failed to enable the Virtual Adapter on 64-bit Windows
  11     15:38:10.781  01/27/11  Sev=Warning/2 CM/0xE310000A
  The virtual adapter failed to enable
  12     15:38:10.781  01/27/11  Sev=Info/6 CM/0x6310003A
  Unable to restore route changes from file.
  13     15:38:10.781  01/27/11  Sev=Info/6 CM/0x63100037
  The routing table was returned to original state prior to Virtual Adapter
  14     15:38:10.859  01/27/11  Sev=Info/4 CM/0x63100035
  The Virtual Adapter was disabled
  15     15:38:10.859  01/27/11  Sev=Warning/2 IKE/0xE300009B
  Failed to active IPSec SA: Unable to enable Virtual Adapter (NavigatorQM:936)
  16     15:38:10.859  01/27/11  Sev=Warning/2 IKE/0xE30000A7
  Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2263)
  17     15:38:11.546  01/27/11  Sev=Info/4 CM/0x63100012
  Phase 1 SA deleted before first Phase 2 SA is up cause by "Unknown".  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
  18     15:38:11.546  01/27/11  Sev=Info/5 CM/0x63100025
  Initializing CVPNDrv
  19     15:38:11.578  01/27/11  Sev=Info/6 CM/0x63100046
  Set tunnel established flag in registry to 0.
  20     15:38:40.953  01/27/11  Sev=Info/4 CM/0x63100002
  Begin connection process
  21     15:38:40.953  01/27/11  Sev=Warning/2 CVPND/0xA3400019
  Error binding socket: -21. (DRVIFACE:1234)
  22     15:38:40.968  01/27/11  Sev=Info/4 CM/0x63100004
  Establish secure connection
  23     15:38:40.968  01/27/11  Sev=Info/4 CM/0x63100024
  Attempt connection with server "203.199.30.190"
  24     15:38:41.156  01/27/11  Sev=Info/4 CM/0x6310000E
  Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
  25     15:38:41.171  01/27/11  Sev=Info/4 CM/0x63100015
  Launch xAuth application
  26     15:39:08.031  01/27/11  Sev=Info/4 CM/0x63100017
  xAuth application returned
  27     15:39:08.046  01/27/11  Sev=Info/4 CM/0x6310000E
  Established Phase 1 SA.  1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
  28     15:39:09.093  01/27/11  Sev=Info/4 CM/0x63100019
  Mode Config data received
  29     15:39:09.312  01/27/11  Sev=Warning/2 CVPND/0xE340002C
  Unable to disable the 64-bit VA after timeout
  30     15:39:09.312  01/27/11  Sev=Warning/3 CVPND/0xE340002A
  The Client failed to disable the Virtual Adapter on 64-bit Windows
  31     15:39:19.937  01/27/11  Sev=Warning/3 CVPND/0xA340000D
  The virtual adapter was not recognized by the operating system.
  32     15:39:19.937  01/27/11  Sev=Warning/2 CM/0xE310000A
  The virtual adapter failed to enable
  33     15:39:19.937  01/27/11  Sev=Info/6 CM/0x6310003A
  Unable to restore route changes from file.
  34     15:39:19.937  01/27/11  Sev=Info/6 CM/0x63100037
  The routing table was returned to original state prior to Virtual Adapter
  35     15:39:20.109  01/27/11  Sev=Warning/2 CVPND/0xE340002C
  Unable to disable the 64-bit VA after timeout
  36     15:39:20.109  01/27/11  Sev=Warning/3 CVPND/0xE340002A
  The Client failed to disable the Virtual Adapter on 64-bit Windows
  37     15:39:20.281  01/27/11  Sev=Warning/2 CVPND/0xE340002C
  Unable to disable the 64-bit VA after timeout
  38     15:39:20.281  01/27/11  Sev=Warning/3 CVPND/0xE340002A
  The Client failed to disable the Virtual Adapter on 64-bit Windows
  39     15:39:20.578  01/27/11  Sev=Warning/2 CVPND/0xE340002C
  Unable to disable the 64-bit VA after timeout
  40     15:39:20.578  01/27/11  Sev=Warning/3 CVPND/0xE340002A
  The Client failed to disable the Virtual Adapter on 64-bit Windows
  41     15:39:20.953  01/27/11  Sev=Warning/2 CVPND/0xE340002C
  Unable to disable the 64-bit VA after timeout
  42     15:39:20.953  01/27/11  Sev=Warning/3 CVPND/0xE340002A
  The Client failed to disable the Virtual Adapter on 64-bit Windows
  43     15:39:21.437  01/27/11  Sev=Info/4 CM/0x63100035
  The Virtual Adapter was disabled
  44     15:39:21.437  01/27/11  Sev=Warning/2 IKE/0xE300009B
  Failed to active IPSec SA: Unable to enable Virtual Adapter (NavigatorQM:936)
  45     15:39:21.437  01/27/11  Sev=Warning/2 IKE/0xE30000A7
  Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2263)
  46     15:39:22.046  01/27/11  Sev=Info/4 CM/0x63100012
  Phase 1 SA deleted before first Phase 2 SA is up cause by "Unknown".  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
  47     15:39:22.046  01/27/11  Sev=Info/5 CM/0x63100025
  Initializing CVPNDrv
  48     15:39:22.062  01/27/11  Sev=Info/6 CM/0x63100046
  Set tunnel established flag in registry to 0.
  release notes for vpn client 64bit  -
  http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client5007/release/notes/vpnclient5007.html#wp63537

  Hi Anisha ,
  Exact version of OS is "Microsoft Windows Server 2003 x64"  .
  I need supported cisco vpn client for this OS .
  =========
  Thanx 4 reply .
  Raj

• Custom WebAuth Issues "Error Code 1"

  Hi All,
  Being experimenting in the Custom Webauth uploads. The main problem I have is my company does not want to issue a username/password to each vistor so we just have a static credentials that change weekly. In the custom webauth this mean error code 1 is issued by the controller "the user is already logged in" Go Figure! All browsers apart from IE ignore this and redirect as normal. IE being the pain it is displays the message but does not redirect. This means the user goes into a constant login loop trying over and over again. But in fact they have already authenitcate and all they need do is browse away from the login.
  Does anyone know how I can ignore error code 1 all together. Its funny the built in page doesn't even care about this and when I captured that and uploaded the failed login script stopped working. I guess different error codes are used when using a custom webauth.
  Think Cisco need to update the templates anyway for the latest browsers.
  Thanks,
  Darren

  I'm not sure if this would help, but could you use this command to stop the checks for multiple logins and hopefully not generate the error code? From the 7.0 config guide:
  "config advanced eap max-login-ignore-identity-response {enable | disable}—When enabled, this command limits the number of devices that can be connected to the controller with the same username. You can log in up to eight times from different devices (PDA, laptop, IP phone, and so on) on the same controller. The default value is enabled."

• TCP Open Connection and Error Code 1

  So, I have a client that is supposed to continuously try to connect to a server using TCP Open Connection.vi. When the connection is established, the loop is supposed to exit.
  psuedocode for the loop I have is as follows (similar code, LV 7.1, exhibiting the same problem is attached)
  while (error)
    attempt to open connection
  Pretty simple, right?
  I've had no issues with servers written in LabVIEW, but when attempting to integrate with a server that was written in C, it appeared that the client created multiple connections. I have been able to reproduce this problem by writing a server with Java. The C server was on a remote machine, the Java server on a local. Both see different numbers of additional connections (3 for C, 2 for Java).
  Looking at the error codes, I am getting a bunch of code 56 (timeout, expected) and the ocassional code 1 (unexpected). I have noticed that whenever I have this multiple connection problem, I show an error code 1 right before the valid connection attempt and loop exit. Is there someway that a connection is being established (or partially established), but labVIEW is still returning an error? Is there a better way to verify that a TCP connection was actually successful?
  Here is example output from the attached code, it shows the error codes generated
  56
  56
  56
  1
  56
  56
  56
  56
  56
  56
  56
  1
  56
  56
  56
  56
  56
  56
  56
  1
  Here is output from my Java code
  [2006-05-24 15:43:23.556] - Begin Listening for Connection Attempts
  [2006-05-24 15:43:23.587] - Accepting Connection
  [2006-05-24 15:43:23.603] - Begin Listening for Connection Attempts
  [2006-05-24 15:43:23.603] - Accepting Connection
  Running ServerNIOConnection Thread
  [2006-05-24 15:43:23.603] - Begin Listening for Connection Attempts
  Running ServerNIOConnection Thread
  Thanks,
  Martin
  Message Edited by mmathis2000 on 05-24-2006 05:50 PM
  Attachments:
  Sample Client.vi ‏21 KB

  Hello,
  I’m a little curious why you are setting up your client like
  this.  If it is your objective to just
  have the client wait until a connection is made, why not just have the TCP
  connect VI have timeout value of ‘-1’ meaning “do not timeout”.  This will allow the built-in TCP event
  structure to listen for connections and ‘wake up’ your program when a
  connection is established.  I say this,
  because the error messages seem to be dependant on the timeout values.  For example, wire in 1ms to the timeout and
  see how the messages differ in timeouts as opposed to wiring in “2000” for the
  timeout value.  This is because the
  Connect VI attempts a connection and waits only the specified timeout before
  abandoning that attempt and continuing with another attempt.  I’m betting in your case connecting to the
  server takes longer than your timeout value, so the connection is initiated by
  your LV client, the handshaking takes place, your server indicates that a
  connection is being made, and sometime during this process your timeout expires
  and LV tries the process again thus you see the multiple connections.  Go ahead and try this as an experiment – take
  your VI, and instead of using ‘localhost’ use the IP address of your favorite
  website and change the remote port to port 80. 
  Change the timeout to -1 and wait for the connection, then change the timeout
  to 1 and see all the timeout errors given.
  Hopefully this answers your question, please let me know if
  you have any additional questions or if this is inaccurate/unclear.
  Travis M
  LabVIEW R&D
  National Instruments

• External HD issue Error code -36

  I am unable to copy or move files to and from my lacie porsch external hd. I get the following message.
  The Finder cannot complete the operation because some date in "grab-drop image.jpg" could not be read or written. (Error code -36).
  any ideas? I have verified the drive it is fine and apps work off the drive. ITunes store will not download to the drive.
  Thanks

  Sometimes the iSight has been known to hijack the Firewire bus. I'd try to see if the problem persists with only the Porch drive connected via Firewire and nothing else. An error -36 is an input output error. It often happens also when a hard drive is extremely full.

• ASA 5505 vpn connection issues

  Hello I am having some issues with getting my vpn connection working on a new site. I get no internet connection when hooking up the asa. My current config is below. I have included a packet trace from my remote site to my main site. Any help would be appriciated, I am not very experanced in coniguring the devices.
  hostname ciscoasa
  domain-name .com
  enable password w3iW.W8jLtqmhFnt encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Vlan1
   nameif inside
   security-level 100
   ip address 10.10.10.1 255.255.255.0
  interface Vlan2
   nameif outside
   security-level 0
   ip address 72.xxx.xx.xx 255.255.255.0
  interface Ethernet0/0
   switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  ftp mode passive
  dns server-group DefaultDNS
   domain-name .com
  access-list NONATACL extended permit ip 10.10.10.0 255.255.255.0 192.1.1.0 255.2
  55.255.0
  access-list VPNACL extended permit ip 10.10.10.0 255.255.255.0 192.1.1.0 255.255
  .255.0
  access-list OUTSIDEACL extended permit icmp any any
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/flash
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list NONATACL
  nat (inside) 1 0.0.0.0 0.0.0.0
  access-group OUTSIDEACL in interface outside
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  http 0.0.0.0 0.0.0.0 inside
  http 10.10.10.1 255.255.255.255 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESPDESMD5 esp-des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto map VPNMAP 13 match address VPNACL
  crypto map VPNMAP 13 set peer 68.xx.xxx.xxx
  crypto map VPNMAP 13 set transform-set ESPDESMD5
  crypto map VPNMAP interface outside
  crypto isakmp identity address
  crypto isakmp enable outside
  crypto isakmp policy 13
   authentication pre-share
   encryption des
   hash md5
   group 2
   lifetime 86400
  telnet 10.10.10.0 255.255.255.0 inside
  telnet 192.1.1.0 255.255.255.0 outside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd dns 192.1.1.6 192.1.1.4
  dhcpd wins 192.1.1.6 192.1.1.4
  dhcpd ping_timeout 750
  dhcpd domain .com
  dhcpd auto_config outside
  dhcpd address 10.10.10.10-10.10.10.40 inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  tunnel-group 76.xxx.xxx.xx type ipsec-l2l
  tunnel-group 76.xxx.xxx.xx ipsec-attributes
   pre-shared-key *
  tunnel-group 68.xx.xxx.xxx type ipsec-l2l
  tunnel-group 68.xx.xxx.xxx ipsec-attributes
   pre-shared-key *
  class-map inspection_default
   match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
   parameters
    message-length maximum 512
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:229af8a14b475d91b876176163124158
  : end
  ciscoasa(config)#reciated

  Hello Belnet,
  What do the logs show from the ASA.
  Can you post them ??
  Any other question..Sure..Just remember to rate all of the community answers.
  Julio

• Cisco ASA 5505 Remote Access IP/Sec VPN Connectivity Issues

  We have a Cisco ASA that we use just for Remote Access VPN. It uses UDP and was working fine for about 2 months. Recently clients have had intermittent issues when connecting from home. The following message is display by the Cisco VPN Client :
  "Secure VPN connection terminated locally by the Client. Reason 412: The remote peer is no longer responding"
  Upon looking at a client side packet capture, I notice that no response is being given back to the client for the udp packets sent to the ASA on udp 500. If I login to the ASA from the LAN and send a single ping FROM the ASA, then the client can connect without issue. I don't understand the significance of the needed outbound ping since ping is not used by the client to test if the ASA is alive.
  Once again this is a remote access udp ip/sec VPN. I set most of it up with the VPN wizard and then backed up the config. The issue started happening at least a month after setup (maybe two) and I restored to the saved config just in-case, but the issue remains.
  Any insight would be greatly appreciated.
  I'm using IOS 831 and have tried 821 and 823 as one thread that I found recommended downgraded to 821.
  Thanks much,
  Justin

  Javier,
  I logged into the ASA last time the VPN went down. I issued the following commands:
  debug crypto isakmp 190
  debug crypto ipsec 190
  capture outside-cap interface outside match udp any any
  I then used a remote access tool to access the client and tried to connect. I got absolutely nothing from debugging. So I issued the following command:
  show capture outside | include 500
  and also got nothing. So I issued the following command:
  ping 4.2.2.2
  Upon which my normal deug messaged began to showup, so I issued the show capture outside command again and recieved the expected output below:
     1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 868
     2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 444
     3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 172
     4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
     5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
     6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
     7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 60
     8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 204
     9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
    10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 252
    11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 868
    12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 444
    13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 172
    14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
    15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
    16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
    17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
    18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 204
    19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 252
    20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 1036
    21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
    22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 188
    23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
    34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
    35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
    70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 100
  174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 500
  377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000:  udp 100    1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 868
     2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 444
     3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 172
     4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
     5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
     6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
     7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 60
     8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 204
     9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
    10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 252
    11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 868
    12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 444
    13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 172
    14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
    15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
    16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
    17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
    18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 204
    19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 252
    20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 1036
    21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
    22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 188
    23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
    34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
    35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
    70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 100
  174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 500
  377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000:  udp 100
  It would seem as if no traffic reached the ASA until some outbound traffic to an arbitrary public IP. In this case I sent an echo request to a public DNS server. It seems almost like a state-table issue although I don't know how ICMP ties in.
  Once again, any insight would be greatly appreciated.
  Thanks,
  Justin

• Unable to connect to website losing connection and the result is displayed as Secure Connection Failed (Error code: ssl_error_access_denied_alert)

  Secure Connection Failed
  An error occurred during a connection to website name
  Peer received a valid certificate, but access was denied.
  (Error code: ssl_error_access_denied_alert)
  # The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
  # Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

  Still experiencing this problem and hoping someone may have some ideas to try on the server.

• Re: Cd/DVD drive issue - error code 39 on Satellite P series

  Hi,
  This is my first request for help.
  My CD/DVD drive is no longer recognized and when I go to Device Manager and click on CD/DVD I am informed that the file cdrom.sys is there but cannot be loaded.
  An error number 39 is reported.
  Any advice would be greatly appreciated but please keep it simple to one line actions if possible.

  Of course you can get some advices ;)
  I think you would find it faster if you would search in the forum firstly but I will try to help you too.
  There error code 39 is very common issue and can be solved easy;
  Check this MS knowledge base article:
  http://support.microsoft.com/kb/314060/en-us
  So firstly remove the CD/DVD drive from the device manager.
  Then access the registry using the regedit command and remove the Upperfilters and Lowerfilters values completely from the following registry key:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}
  Reboot the notebook and wait till the CD/DVD drive was installed again.
  Thats it. ;)

• IPad2, Verizon 3G, VPN Connectivity Issues

  Greetings all. I am the systems administrator for my corporation and have seen an issue that I wish to present to the community for discussion.
  For those enterprise users that have an iPad2 with Verizons 3G, are you experiencing connectivity issues while trying to connect to your VPNs from the 3G network? If so, have you found any work around to allow connectivity or does it work fine for you?
  Here's a summary of my issues:
  We have a VPN server built on Debian Linux that has been in operation for over four years. It handles remote VPN connections from Windows, Linux,  Android, OS X, iOS, and from many different devices including multiple flavors of Apple products (iMacs, Minis, MacBooks, iPads, etc.). To date, it has performed flawlessly with assorted devices connecting to it through broadband and assorted 3G networks.
  Recently I purchased an iPad2 with Verizon 3G. I was able to set up the VPN connection using PPTP and connect using a Wi-Fi connection. When I turned off the Wi-Fi and attempted the same connection via Verizon 3G, it fails. I then took an associates iPad1 using AT&T 3G, set up the same connection, and was able to connect. I don't have access to an iPad2 on AT&T 3G so, I can't speak for that.
  Here's the logs from the VPN server while connecting from my iPad2:
  Wi-Fi
  Jul 27 05:20:43 localhost pppd[31694]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
  Jul 27 05:20:43 localhost pppd[31694]: pptpd-logwtmp: $Version$
  Jul 27 05:20:43 localhost pppd[31694]: pppd 2.4.4 started by root, uid 0
  Jul 27 05:20:43 localhost pppd[31694]: Using interface ppp2
  Jul 27 05:20:43 localhost pppd[31694]: Connect: ppp2 <--> /dev/pts/4
  Jul 27 05:20:46 localhost pppd[31694]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received
  Jul 27 05:20:46 localhost pppd[31694]: found interface eth1 for proxy arp
  Jul 27 05:20:46 localhost pppd[31694]: local  IP address 192.168.1.69
  Jul 27 05:20:46 localhost pppd[31694]: remote IP address 192.168.1.82
  Jul 27 05:20:46 localhost pppd[31694]: pptpd-logwtmp.so ip-up ppp2 scott XXX.XXX.XXX.XXX (removed external IP for security reasons)
  Quick connect, able to utilize VPN connection normally. No issues.
  Verizon 3G
  Jul 27 05:20:29 localhost pppd[31682]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
  Jul 27 05:20:29 localhost pppd[31682]: pptpd-logwtmp: $Version$
  Jul 27 05:20:29 localhost pppd[31682]: pppd 2.4.4 started by root, uid 0
  Jul 27 05:20:29 localhost pppd[31682]: Using interface ppp2
  Jul 27 05:20:29 localhost pppd[31682]: Connect: ppp2 <--> /dev/pts/4
  Jul 27 05:20:32 localhost pppd[31682]: peer refused to authenticate: terminating link
  Jul 27 05:20:33 localhost pppd[31682]: Connection terminated.
  Jul 27 05:20:33 localhost pppd[31682]: Exit.
  As you can see, the peer refuses to authenticate causing the link to be terminated while attempting to connect using Verizons network. This is with the same VPN connection settings on the iPad2 that just worked with WiFi connection from the same device.
  Here's what I can verify with regards to 3G networks:
  Older (<4) iPhones and iPad1 using AT&T can connect
  Windows and OS X based laptops using Sprint 3G can connect
  Android based smart phones using Sprint 3G can connect
  I have not called Verizon or Apple Support yet but, that's next when I have the time. My initial conclusion is that there is something with Verizons 3G services that is causing the issue. It may be that Verizon is using some sort of data compression process that is problematic with VPN transmission. While the log shows an unsupported IPv6 protocol when connecting via Wi-Fi, it still negotiates a successful connection and I don't think that's the root cause for the disconnect. Thoughts?

  Hi Alexander,
  I am running in to the exact same issue (although not with Linux).  Did you ever find a fix for this?  I have some support tickets open with my VAR's, but found your post and thought I would check.  If I find anything I will post.
  Thanks
  Stu