3030 router Cisco LAN to LAN VPN, can only mount router tunnel

Similar Questions

• Lan to lan VPN and VPNclient support at the same time?

  Hello I have a 2811 router.

  I put up as a VPN with Clients_vpn hub connect to it, and I used an IPSec on a stick configuration.

  At the same time, I would need to use the same Lan - to - Lan IPSec router to other different sites 2.

  I can't figure out how do it since I use already my 2811 as Concentrator VPN for Clients_vpn.

  Y at - it a trick?

  Thank you very much

  Riccardo

  Of course, here is an example of configuration of a router to be configured to stop static VPN LAN-to-LAN as customer VPN at the same time:

  http://www.Cisco.com/en/us/products/ps5855/products_configuration_example09186a00809c7171.shtml

  And another one for the router be configured to terminate dynamic LAN - to - LAN VPN as VPN Client:

  http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a00801dddbb.shtml

  Another example of setting right on the LAN-to-LAN VPN between 2 routers:

  http://www.Cisco.com/en/us/products/HW/routers/ps221/products_configuration_example09186a008073e078.shtml

  Hope that helps.

• How to set up a Lan to Lan VPN without using your external IP address?

  I have two 28 subnets A & B.

  My PIX and ASA outside interface addresses are both in A subnet.

  I am in the middle of a migration of the PIX to ASA and need to use the PIX outside of the address of the interface on the ASA for the last two remaining lan to lan VPN.

  I do like that because the sellers of these virtual private networks to connect to are huge dinosaurs IT and the aaages to get their sh * t tri... This means that I have to pass the IP address to my ASA, so I can't sentence have change for a new IP peer.

  I tried to figure out how to set a specific my counterpart VPN IP address but I can't figure out how...

  I even physically connected a second ethernet port and tried to give a similar IP in the same range, which it says it is not possible to have both outside the IP addresses on the same subnet.

  Hello

  It is not possible to have an IP address "secondary" on the physics/logic interface of a Cisco firewall.

  And as you've noticed, you cannot configure the same subnet on 2 different interface either.

  We are talking about such a large configuration that you want to just migrate from completely to the ASA PIX and make a switch during a maintenance window?

  Couldn't you just pass the ASAs 'outside' IP address address to that on the PIX and move the ASAs 'outside' of the PIX? Or not the ASAs "outside" IP address already some configured related to what makes this impossible?

  -Jouni

• VPN Remote LAN to LAN VPN issues

  The issue I'm having is that I have an ASA that provides Lan to Lan VPN and remote access VPN.  Lan to Lan VPN connects to another network where a remote server, and the remote vpn connects remote users to the LAN.  The two virtual private networks are currently working, however users remote connection via the remote access vpn can not connect to the server over the lan to lan vpn.  Here's our Installer.

  ASA - LAN to LAN VPN - ASA - LAN Local - Server

  |

  |

  Remote VPN access

  |

  |

  Remote users

  In this configuration remote users can access the local network, the server can access the local network, and the local network can access the server and remote users.  However, the server cannot access the remote users and remote users cannot access the server.  Any ideas on how to get this to work would be much appreciated.  I created the NAT rules I think were needed and added the necessary address so that the user remote vpn' client application lists the network on the otherside of the vpn as routable network LAN to LAN.  Also, I believe that all the rules of access are correct as tracers of package on both sides are successful.  However when you try to ping across the remote client on the server at the other end of the L2L it fails as other attempts to access the server like rdp.  Does anyone have a step by step on how to set up this type of vpn configuration remote and l2l configured on asa while leaving the two virtual private networks talk to each other.  By the way are two ASA 5505 that with two virtual private networks in this configuration is one on the other end of the l2l 7.2 and 8.2.  Any help would be appreciated, especially a tuturail or a list of commands needed to implement, because I think that I'm probably missing just a little extra configuration, I just can not understand.

  Use your favorite search engine "permit same-security-traffic intra-interface"

  Sent by Cisco Support technique iPad App

• Using configuration for the 2nd link of lan to lan vpn

  Hello

  Successfully, I configured a connection of lan to lan vpn between two offices. I try to add another link to a 3rd office to my office at home, but have some difficulty. I have attached my setup and hope someone can help me solve my problem. Right now I have a working vpn to the 172.16.0.0/24 network and putting in place the link to 172.16.3.0/24 so. For the new vpn connection, I can ping the external interfaces, but can't ping anything in-house.

  Thanks for your time and help,

  Jason

  Jason

  There is a major mistake that's easy to fix. You have successfully created a second instance of the encryption card to create a VPN tunnel for the second site. But as currently configured two instances of the encryption card use the same access list:

  1 ipsec-isakmp crypto map clientmap

  match address 100

  5 ipsec-isakmp crypto map clientmap

  match address 100

  But each session/tunnel VPN needs its own access list. So, I suggest that you make the following changes:

  5 ipsec-isakmp crypto map clientmap

  match address 101

  no access list 100

  access-list 100 permit ip 192.168.0.0 0.0.0.255 172.16.0.0 0.0.0.255

  access-list 101 permit ip 192.168.0.0 0.0.0.255 172.16.3.0 0.0.0.255

  This provides a list of separate for each session/tunnel access and should solve this problem. Try it and tell us the result.

  HTH

  Rick

• VPN to access LAN VPN clinet.

  We use a PIX 515 as the hub of a LAN to LAN VPN as well as to access VPN Clinet. Using a multipoint configuration sites speaks (all PIX 501) are able to communicate with each other. However, the VPN to access the 515 client are not able to access the VPN sites has talked about. I think that it is due to the fact that put an end to all tunnels on the same interface of the PIX 515. Is there a way to allow the VPN CLient to communicate with the LAN VPN spoke?

  Concerning

  PD

  Currently, it is not a good way to meet the requirements above. However, add us a new item (or rather, a restriction of relax) for the PIX 7.0 code (to be released in December/January) to allow clients VPN packets 'u-turn' on a Hub PIX to PIX spoke connected via Lan-to-Lan tunnels. The program 7.0 beta is about to begin (may have just begun) so if interested, please contact your local account engineer Cisco. Sorry for the news but help is on the way.

  Scott

• in wiraless I can access the internet... but in lan, I can not... It is showing there is no default gateway... How can I solve this?

  I can access wireless internet... but in lan, I can not... It is showing there is no default gateway... How can I solve this?

  Hello

  1. you have from any other computer connected to the same network? If logged in, you are able to access the Internet on the other computer?

  2 have you made any changes to the computer before the show?

  3. What is the brand and model of the router?

  In the meantime, follow these steps and check.

  Method 1:

  First, you try to run the troubleshooter from network built into windows 7 and check if it can help solve you the problem of connection to the Internet.

  Access the link below and follow the steps.

  http://Windows.Microsoft.com/en-us/Windows7/using-the-network-troubleshooter-in-Windows-7

  Method 2:

  If the problem persists, you can manually assign the IP address and the default gateway and check if it works very well. Before assigning the IP address and the default gateway manually, make a note of the IP address on the computer. To do this open command prompt, type ipconfig and press to enter. This displays the IP address, make a note of it.

  To manually assign the IP address and default gateway, follow these steps:

  a. in the system, right click on network icon tray. Choose the open network and sharing.

  b. right-click on the connection to the Local network and click Properties. c. double-click Protocol Internet Version 4 (TCP/IPv4) and assign the IP address manually.

  Example: Old IP address is 192.168.0.1

  Replace the IP 192.168.0.50

  d. let the subnet mask and default gateway are the same.

  Subnet mask = 255.255.255.0

  Gateway by default, would usually 192.168.0.1 or 192.168.1.1

  e. click apply then click Ok and restart the computer and check if it helps to solve the problem.

  Method 3:

  You can also try to contact the manufacturer of the router and try to reset the settings of the router and check if that helps you solve the problem.

  Method 4:

  Also try to uninstall the network card in Device Manager, then restart the computer. Later allow Windows to install generic drivers and check if it works very well.

  Before you uninstall the network card, I you suggests to create a System Restore Point manually, so that in this case, a problem occurs when performing these steps, you can always perform a system restore.

  Follow the steps below to uninstall and reinstall the network card.

  a. click on start

  b. the start search box, type "devmgmt.msc" and press on enter

  (c) in Device Manager, expand network adapters

  d. right-click on the network adapter and uninstall.

  e. restart the computer, and then reinstall the network card.

  When uninstalling device drivers make sure you put a check mark against 'delete the driver for this device '.

  You can also consult the following link:

  Windows wireless and wired network connection problems

  http://Windows.Microsoft.com/en-us/Windows/help/wired-and-wireless-network-connection-problems-in-Windows

  I hope this helps!

• Cisco IPSec VPN works only one way.

  I'm hitting my head against the wall for more than 2 weeks now. I can't get this figured out.

  We have 2 locations and a server with an Internet service provider. Currently, we are connecting to our Internet service provider via a vpn ipsec to our headquarters. later, we will add the 1 direction.

  The problem is the following. My vpn is in place, I can ping my local ip address, my IP of the tunnel, the remote tunnel interface, the vlan remote or the gateway, but I can't ping anything you wanted. The branch to the ISP I ping the router in the Internet service provider's domain controller and the server very well. but I can't ping or talk about anything either at the Office on the side of the IAF. and so I can not communicate with any host on the LAN. Can someone please help me with this?

  Can I unload the configs of the two routers here someone watching?

  Thanks in advance.

  Exemption from the NAT on the end server must include the following reject order:

  NAT extended IP access list

  5 deny ip 10.1.20.0 0.0.0.255 10.178.164.128 0.0.0.127

  Disable the ip nat translation before testing again.

• Cisco 877 as a VPN server

  Hello

  I try to configure my router ADSL cisco 877 as a vpn server, so that multiple site can connect to the ADSL cisco 877 router. Is it possible to achieve this goal. If yes what is the procedure and if possible, please copy the URL for documentation here.

  Thank you

  Siva.

  Here is the sample configuration for the client in network Extension mode and IOS Easy VPN server:

  http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a0080808395.shtml

  The sample configuration uses local authentication, you can always change it to use radius authentication.

• Cisco easy VPN access Internet without Split Tunnel

  Hey guys

  IM wondering if anyone has a config that can help me get access to internet via an easy vpn tunnel on a cisco 877 router.

  Basically, we are traveling to be users able to use the internet through vpn, rather than using split tunneling. The reason for this is that we have several sites that are attached by lists of external IP access for some services.

  We hope that mobile users to interact with these sites through the central router and use external IP of access routers secure sites.

  I hope that makes sense. I know that we can use a proxy but we also use other services of bases no proxy on these sites, it would be rather routed direct access.

  Thank you

  Luke

  Hi Luke,.

  Please use the installation of the client VPN (complete tunnel) link below.

  http://www.Cisco.com/en/us/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps6659/prod_white_paper0900aecd80313bd0.PDF

  Note the useful message.

  Thank you

  Kasi

• Cisco ASA 5510 L2L VPN on the backup interface

  OK, here is what I have and I even if I knew how to do this, but it has not worked for me.  I hope someone out there can help you.

  I have an ASA 5510 running 8.4 with double configuration of ISPs on 2 different interfaces: outside (primary), backup (backup).  I also have a site to site VPN ASA another in another city.  The VPN is now configured on the external interface and works very well.  What I wanted to do, is to make the VPN running on backup interface only.

  So, I changed the card encryption on the remote side to use the backup interface IP and created a tunnel-group for her.  Then, I created a map encryption for backup interface and activated ikev1 on it.  The default route is configured to use the external interface, so I created a static route that routes traffic destined for the external interface of the remote side to the backup interface default gateway.  I can get to establish tunnels, but no traffic passes through them.  I have however while I need a NAT device for the tunnel traffic to I created a NAT so but still no transmitted traffic.  I tried the packet - trace and he said: the traffic was allowed and show its crypto ipsec command, I see the configuration of the tunnel, but no traffic will pass through it.  Can anyone help?

  Ben,

  you use a code to version 8.4, I recommend starting by removing the config NAT statements at both ends. This version does not have the NAT and control, and if you don't need... I've seen instances with 8.4 (3) where a NAT even though apparently correct was causing not to pass through the traffic.

  Site A:

  NAT (inside, backup) source static obj-SiteALAN obj-SiteALAN static obj-SiteBLAN obj-SiteBLAN

  Site b:

  NAT (inside, outside) source static obj - 192.168.5.0 obj - 192.168.5.0 destination static obj - 192.168.3.0 obj - 192.168.3.0

  If possible, you should increase your AES encryption, but this is a personal point of view and should not stop the traffic through the links. You should be able to see the counters for the data transmitted / received are these incrementing?

  Do you have the ACLs that are from the inside to the outside and internal interface to the Interface of backup (duplicated.

  In this model, the control is the routing.

  Best regards

  Ju

  http://helpamunky.WordPress.com/

• S2S VPN works only in one direction

  I am very new to cisco devices, but we have recently acquired a catalyst 2911 device for our co - lo cabinet and I will try to get a vpn connection from site to site between installation and my network of offices as well as a remote access VPN for me to use in case I need to fix something then that apart from Labour Bureau.

  Gateway to the Office is 66.119.163.2 and the device is a TZ210 with his network is 192.168.1.0/24

  Co bridge is 204.244.50.254 and the device is 2911 ASR with its LAN network in 10.0.10.0/24

  The VPN S2S connection is in place between the two locations and 2911 device and servers LAN can ping and RDP for office machines.  Office network can only ping the IP Address of the LAN interface on the 2911 that is 10.0.10.1 but not the servers on the network.  the VPN site-to-site was created with the wizard CCP.

  How can I allow the network 192.168.1.0/24 see 10.0.10.1/24 network and why I only see now the gateway?

  If need be I can post my file running-config with the redacted pre-shared keys.

  You need only the first line of the ACL 125, well pls wanted to remove the 2nd line:

  1. access-list 125 allow ip 10.0.10.0 0.0.0.255 192.168.1.0 0.0.0.255
  2. access-list 125 allow ip 192.168.1.0 0.0.0.255 10.0.10.0 0.0.0.255

  Also change the action of 'pass' to 'inspect' for the following

  class type inspect sdm-cls-VPNOutsideToInside-3

  Pass

  Hope that solves this problem.

• I can only connect to the Internet in safe mode

  I tried - virus checks, HijackThis, disabling services and startup.  I have three tabs for House (CNN, Yahoo and Gmail).  Gmail connects but I can't access any other sites.  Outlook 2007 connects to the MS Exchange Server.  Everything has been fine for years and then suddenly it happened.  I have excluded router and other connection issues.

  I have a Lenovo Thinkpad T300, under XP SP3.

  Here is the HijackThis log.  Nothing jumps, but I'm not an expert.  Any guidance would be greatly appreciated.

  Logfile of Trend Micro HijackThis v2.0.4
  Scan saved at 11:47:14, 04/23/2011
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v8.00 (8.00.6001.18702)
  Boot mode: safe mode with network support

  Ongoing process:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\Explorer.exe
  C:\Program may Explorer\iexplore.exe
  C:\Program may Explorer\iexplore.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\HijackThis\HijackThis.exe

  R0 - HKCU Software Microsoft Internet Explorer hand, Start Page = http://edition.cnn.com/
  R1 - HKLM Software Microsoft Internet Explorer Main, Default_Page_URL is http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM Software Microsoft Internet Explorer Main, Default_Search_URL is http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM Software Microsoft Internet Explorer hand, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM Software Microsoft Internet Explorer hand, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM Software Microsoft Internet Connection Wizard, ShellNext is http://go.microsoft.com/fwlink/?LinkId=74005
  R1 - Software Settings, ProxyServer = 172.29.127.2:8080
  R1 - Software Settings, ProxyOverride = 80.146.191.86; *.local;
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
  O2 - BHO: Spybot-S & D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy SDHelper.dll
  O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\IPS\IPSBHO. DLL
  O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared Windows Live WindowsLiveLogin.dll
  O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program skypeieplugin.dll skypeieplugin.dll
  O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Lenovo Client Security Solution tvtpwm_ie_com.dll (file missing)
  O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
  O2 - BHO: Java (TM) plug-in 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears Explorer\0.5.36.0\gears.dll
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  O3 - Toolbar: ask toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
  O4 - HKLM\... \Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers Files\Lenovo\Scheduler\scheduler_proxy.exe
  O4 - HKLM\... \Run: [TpShocks] TpShocks.exe
  O4 - HKLM\... \Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
  O4 - HKLM\... \Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe/r
  O4 - HKLM\... \Run: [TosDockApp] C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe
  O4 - HKLM\... \Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\... \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\... \Run: [StartCCC] "C:\Program Files ATI Technologies ATI." ACE\Core-Static\CLIStart.exe"MSRun
  O4 - HKLM\... \Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR. DLL, PwrMgrBkGndMonitor
  O4 - HKLM\... \Run: [picon] "C:\Program Files\Fichiers Files\Intel\Privacy Icon\PrivacyIconClient.exe" - start
  O4 - HKLM\... \Run: [message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe/Start
  O4 - HKLM\... \Run: [MaxMenuMgr] "C:\Program Seagate Status\StxMenuMgr.exe.
  O4 - HKLM\... \Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
  O4 - HKLM\... \Run: C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [LPMailChecker]
  O4 - HKLM\... \Run: [HP Software Update] C:\Program HP HP Software Update\HPWuSchd2.exe
  O4 - HKLM\... \Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
  O4 - HKLM\... \Run: [cssauth] "C:\Program Lenovo Client Security Solution\cssauth.exe" silent
  O4 - HKLM\... \Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
  O4 - HKLM\... \Run: [adobe Reader Speed Launcher] "C:\Program 8.0\Reader\Reader_sl.exe Adobe."
  O4 - HKLM\... \Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
  O4 - HKLM\... \Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
  O4 - HKLM\... \Run: [client access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe".
  O4 - HKLM\... \Run: [put customer help Access] "C:\Program Files\IBM\Client Access\cwbinhlp.exe".
  O4 - HKLM\... \Run: [client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
  O4 - HKLM\... \Run: [client Access Express welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe".
  O4 - HKLM\... \Run: [Cm106Sound] RunDll32 cm106.cpl, CMICtrlWnd
  O4 - HKLM\... \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" - atboottime
  O4 - HKLM\... \Run: [TkBellExe] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\... \Run: [carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
  O4 - HKCU\... \Run: [SansaDispatch] C:\Documents and Settings\William L. Jenner\Application Data\SanDisk\Sansa Updater\SansaDispatch .exe
  O4 - HKCU\... \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" / background
  O4 - HKCU\... \Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\... \Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears Explorer\0.5.36.0\gears.dll
  O9 - Extra 'Tools' menuitem: & Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears Explorer\0.5.36.0\gears.dll
  O9 - Extra button: Skype plugin - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program skypeieplugin.dll skypeieplugin.dll
  O9 - Extra 'Tools' menuitem: Skype plugin - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program skypeieplugin.dll skypeieplugin.dll
  O9 - Extra button: research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR. DLL
  O9 - Extra button: enter Web - {B4E30F61-16D9-11D3-85D1-005004229569} - c:\lotus\organize\bandobjs.dll
  O9 - Extra button: (no name)-{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583}-C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Lenovo Client Security Solution tvtpwm_ie_com.dll (file missing)
  O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3}-C:\Program Lenovo Client Security Solution tvtpwm_ie_com.dll (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  Ø16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft data collection control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
  Ø16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://login2.alibaba.com/download/2125/aliedit.cab
  Ø16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
  Ø16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
  O18 - Protocol: Skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program skypeieplugin.dll skypeieplugin.dll
  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
  O22 - SharedTaskScheduler: Preloader Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
  O22 - SharedTaskScheduler: component categories - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll cache daemon
  O23 - Service: Ac Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe Profile Manager
  O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
  O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers Apple Mobile Device Support\AppleMobileDeviceService.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: Service Hello - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
  O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Cisco Systems Client\cvpnd.exe
  O23 - Service: iSeries Access as Windows - command Ferner (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD. EXE
  O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink base Software\DisplayLinkManager.exe
  O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
  O23 - Service: Service (FreeAgentGoNext Service) Seagate - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
  O23 - Service: Google Update Service (gupdate1c9f1db3850d284) (gupdate1c9f1db3850d284) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Google Updater\GoogleUpdaterService.exe
  O23 - Service: ThinkPad (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe PM Service
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Fichiers Common Service\IntuitUpdateService.exe
  O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers Files\InterVideo\RegMgr\iviRegMgr.exe
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
  O23 - Service: Intel Active Management Technology local management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
  O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: power DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC Manager. EXE
  O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Fichiers Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
  O23 - Service: Intel® Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Fichiers Files\Intel\WirelessCommon\RegSrvc.exe PROSet/Wireless
  O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Fichiers SharedCOM Shared\10.0\SharedCOM\RoxMediaDB10.exe
  O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
  O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers SureThing Shared\stllssvr.exe
  O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program Lenovo update\suservice.exe
  O23 - Service: ThinkVantage Registry Monitor - Lenovo Group Limited - c:\Program Files\Fichiers Files\Lenovo\tvt_reg_monitor_svc.exe Service
  O23 - Service: Registration Service of the APS of the HDD (TPHDEXLGSVC) - Lenovo ThinkPad. -C:\WINDOWS\System32\TPHDEXLG.exe
  O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Lenovo Client Security Solution\tvttcsd.exe
  O23 - Service: TVT backup Protection Service - Unknown owner - C:\Program Lenovo and Recovery\rrpservice.exe
  O23 - Service: TVT - Lenovo Group Limited - C:\Program Lenovo and Recovery\rrservice.exe backup Service
  O23 - Service: TVT - Lenovo Group Limited - c:\Program Files\Fichiers Files\Lenovo\Scheduler\tvtsched.exe Planner
  O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Lenovo and Recovery\UpdateMonitor.exe
  O23 - Service: Intel(r) Active Management Technology User Notification Service (EACH) - Intel Corporation - C:\Program Files Files\Intel\Privacy Icon\UNS\UNS.exe

  --
  End of file - 14122 bytes

  "Internet Explorer cannot display this page".

  I disabled NAV - no change.  As I said, I've tried everything.  I just reinstalled Windows and it works again.

• VPN needs access to all external internal vpn traffic traffic all in tunnel

  Hello

  Could someone help me find the problem?

  I am ASA configuration as firewall + vpn server, essentially outside of the device's access T1 (there are two VLANS in inside via an iptables, outside of iptables is on the same vlan as insdie of ASA (192.168.5.1 and 192.168.5.2).)  VPN users are authenticated via authentication 2 factors (SDI, ip is 192.168.5.5) and get the ACL by local database.  pool of VPN is 192.168.6.1 - 192.168.6.15. pool of VPN is coordinated to the external IP address

  trying to access a remote host A from the host a is open for the IP and one specific Protocol. all vpn traffic are in the tunnel. the VPN user can connected and ACL vpnuser1_ONLY not working does not as expected.

  Here is the part of configuration:

  ASA Version 8.2 (2)
  ...........

  Route outside 0.0.0.0 0.0.0.0 xx.10.194.193 1

  Route inside companynet1 255.255.255.0 192.168.5.2 1

  Route inside companynet2 255.255.255.0 192.168.5.2 1

  Route inside companynet3 255.255.255.0 192.168.5.2 1

  Route inside companynet4 255.255.255.0 192.168.5.2 1

  ...............

  Route inside companynetn 255.255.255.0 192.168.5.2 1

  
  

  NAT (inside) 4 vpnpool 255.255.255.0 outside   <--------- is="" this="">

  Global (outside) 4 xx.10.194.238 netmask 255.255.255.255

  Split-tunnel-policy tunnelall

  .....................

  vpnuser1_ONLY list extended access permitted tcp vpnpool 255.255.255.0 192.168.1.28 host 255.255.255.255 eq ssh connect

  vpnuser1_ONLY list extended access permitted tcp vpnpool 255.255.255.0 74.2.23.195 host 255.255.255.255 eq ssh connect

  ............

  enable SVC

  tunnel-group-list activate

  attributes of Group Policy DfltGrpPolicy

  VPN - connections 8

  VPN-idle-timeout 10

  VPN-session-timeout 60

  Protocol-tunnel-VPN l2tp ipsec

  WebVPN

  SVC Dungeon - install any

  time to generate a new key of SVC 8

  SVC generate a new method ssl key

  SVC request no svc default

  internal GroupPolicy1 group strategy

  attributes of Group Policy GroupPolicy1

  VPN - connections 1

  VPN-idle-timeout 9

  VPN-session-timeout 45

  VPN-tunnel-Protocol svc

  Split-tunnel-policy tunnelall

  WebVPN

  SVC Dungeon - install any

  time to generate a new key of SVC 15

  SVC generate a new method ssl key

  client of dpd-interval SVC 30

  dpd-interval SVC 30 bridge

  value of deny message connection succeeded, but because some criteria have not been met, or because of a specific group policy, you are not allowed to use the VPN features. For more information, contact your COMPUTER administrator.

  disable the SVC routing-filtering-ignore

  username vpnuser1 encrypted password xxxxxxx

  username vpnuser1 attributes

  VPN-group-policy GroupPolicy1

  VPN-idle-timeout 6

  VPN-session-timeout 20

  VPN-filter value vpnuser1_ONLY

  VPN-tunnel-Protocol svc

  value of group-lock COMAVPN

  type of remote access service

  tunnel-group DefaultRAGroup webvpn-attributes

  Disable group companyvpn aliases

  type tunnel-group COMAVPN remote access

  attributes global-tunnel-group COMAVPN

  address (inside) vpnpool pool

  address vpnpool pool

  SDI Group-authentication server

  authentication-server-group (inside) SDI

  LOCAL authority-server-group

  Group Policy - by default-GroupPolicy1

  tunnel-group COMAVPN webvpn-attributes

  activation of the Group companyremote alias

  I did anything wrong / missing?

  Thank you

  Yijun

  
  

  First of all, you can set "no nat-control" because once you have relieved of NAT, 'no nat-control' becomes disable anyway. 'No nat-control' is useful if you have no statement of NAT at all on the interface.

  Second, if you can't access the outside inside which is because you must configure the NAT exemption. Not sure if you have configured it.

  Here's the command:

  access-list allowed sheep ip 192.168.1.0 255.255.255.0 192.168.6.0 255.255.255.0

  NAT (inside) 0 access-list sheep

  You can then add all other subnets that are internal to the ACL sheep if you need VPN access.

  Finally, for the error message deny on access-group "OUTSIDE", you would need check if you have configured "sysopt connection VPN-enabled'. If it is disabled, it will also check the "OUTSIDE" interface for VPN traffic.

• I can only receive emails and send not so far from home

  Split of: " ", "http://social.answers.microsoft.com/Forums/en-US/vistanetworking/thread/a424e146-1a2f-4133-80d5-db98f08f5421"" "

  Currently, I use Windows Vista and access my email using Windows Mail.  When I am connected to my internet router 'House', I can send and receive emails, absolutely perfect.  When I am away from home and try to connect to an internet router to the hotel (with a key) or internet router to friends (with a key), I can only receive emails and not send.  I get the error message is: the connection to the server has failed.  He then mentions the details into account, server, Protocol, Port and secure (SSL) followed by the Socket error: 10060 and the error number: 0x800CCC0E.  Anyone know why I have a problem when I'm away from home?  Any help much appreciated.

  Looks like you are running in a block of 25 port. What you experienced is normal. As a general rule, the owner of port 25 SMTP server you use must be the same as the entity that provides your Internet connection at the moment. To learn more about this issue, see anti-spam

  http://www.postcastserver.com/help/Port_25_Blocking.aspx

   

  The workarounds available when sending abroad are the following:

   

  1. use webmail to send (via your browser).

  2. ask your ISP if they have one port other than '25' for SMTP.

  3. If you frequently send multiple locations, get free Gmail account, configure it for POP access, set up in Windows Mail and use it to

  your shipment of household chores. Gmail uses port 465 for SMTP, which is not blocked as is port 25.

  
  Gary van, Microsoft MVP (Mail)

  "UNDERCOVERADDICT" wrote in the new message: * e-mail address is removed from the privacy... *

  Currently, I use Windows Vista and access my email using Windows Mail.  When I am connected to my internet router 'House', I can send and receive emails, absolutely perfect.  When I am away from home and try to connect to an internet router to the hotel (with a key) or internet router to friends (with a key), I can only receive emails and not send.  I get the error message is: the connection to the server has failed.  He then mentions the details into account, server, Protocol, Port and secure (SSL) followed by the Socket error: 10060 and the error number: 0x800CCC0E.  Anyone know why I have a problem when I'm away from home?  Any help much appreciated.

  Gary van, MVP (Mail)