ASA 5515 - Anyconnect - inside the subnet connection problem

Similar Questions

• Cisco ASA 5515 - Anyconnect users can connect to ASA, but cannot ping inside the local IP address

  Hello!

  I have a 5515 ASA with the configuration below. I have configure the ASA as remote access with anyconnect VPN server, now my problem is that I can connect but I can not ping.

  ASA Version 9.1 (1)

  !

  ASA host name

  domain xxx.xx

  names of

  local pool VPN_CLIENT_POOL 192.168.12.1 - 192.168.12.254 255.255.255.0 IP mask

  !

  interface GigabitEthernet0/0

  nameif inside

  security-level 100

  192.168.11.1 IP address 255.255.255.0

  !

  interface GigabitEthernet0/1

  Description Interface_to_VPN

  nameif outside

  security-level 0

  IP 111.222.333.444 255.255.255.240

  !

  interface GigabitEthernet0/2

  Shutdown

  No nameif

  no level of security

  no ip address

  !

  interface GigabitEthernet0/3

  Shutdown

  No nameif

  no level of security

  no ip address

  !

  interface GigabitEthernet0/4

  Shutdown

  No nameif

  no level of security

  no ip address

  !

  interface GigabitEthernet0/5

  Shutdown

  No nameif

  no level of security

  no ip address

  !

  interface Management0/0

  management only

  nameif management

  security-level 100

  192.168.5.1 IP address 255.255.255.0

  !

  passive FTP mode

  DNS server-group DefaultDNS

  www.ww domain name

  permit same-security-traffic intra-interface

  the object of the LAN network

  subnet 192.168.11.0 255.255.255.0

  LAN description

  network of the SSLVPN_POOL object

  255.255.255.0 subnet 192.168.12.0

  VPN_CLIENT_ACL list standard access allowed 192.168.11.0 255.255.255.0

  pager lines 24

  Enable logging

  asdm of logging of information

  Within 1500 MTU

  Outside 1500 MTU

  management of MTU 1500

  no failover

  ICMP unreachable rate-limit 1 burst-size 1

  ASDM image disk0: / asdm - 711.bin

  don't allow no asdm history

  ARP timeout 14400

  no permit-nonconnected arp

  NAT (exterior, Interior) static source SSLVPN_POOL SSLVPN_POOL static destination LAN LAN

  Route outside 0.0.0.0 0.0.0.0 111.222.333.443 1

  Timeout xlate 03:00

  Pat-xlate timeout 0:00:30

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  WebVPN

  list of URLS no

  identity of the user by default-domain LOCAL

  the ssh LOCAL console AAA authentication

  AAA authentication http LOCAL console

  LOCAL AAA authorization exec

  Enable http server

  http 192.168.5.0 255.255.255.0 management

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start

  Crypto ipsec pmtu aging infinite - the security association

  Crypto ca trustpoint ASDM_TrustPoint5

  Terminal registration

  E-mail [email protected] / * /

  name of the object CN = ASA

  address-IP 111.222.333.444

  Configure CRL

  Crypto ca trustpoint ASDM_TrustPoint6

  Terminal registration

  domain name full vpn.domain.com

  E-mail [email protected] / * /

  name of the object CN = vpn.domain.com

  address-IP 111.222.333.444

  pair of keys sslvpn

  Configure CRL

  trustpool crypto ca policy

  string encryption ca ASDM_TrustPoint6 certificates

  Telnet timeout 5

  SSH 192.168.11.0 255.255.255.0 inside

  SSH timeout 30

  Console timeout 0

  No ipv6-vpn-addr-assign aaa

  no local ipv6-vpn-addr-assign

  192.168.5.2 management - dhcpd addresses 192.168.5.254

  !

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  SSL-trust outside ASDM_TrustPoint6 point

  WebVPN

  allow outside

  CSD image disk0:/csd_3.5.2008-k9.pkg

  AnyConnect image disk0:/anyconnect-win-3.1.04066-k9.pkg 1

  AnyConnect enable

  tunnel-group-list activate

  attributes of Group Policy DfltGrpPolicy

  Ikev1 VPN-tunnel-Protocol l2tp ipsec without ssl-client

  internal VPN_CLIENT_POLICY group policy

  VPN_CLIENT_POLICY group policy attributes

  WINS server no

  value of server DNS 192.168.11.198

  VPN - 5 concurrent connections

  VPN-session-timeout 480

  client ssl-VPN-tunnel-Protocol

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list VPN_CLIENT_ACL

  myComp.local value by default-field

  the address value VPN_CLIENT_POOL pools

  WebVPN

  activate AnyConnect ssl dtls

  AnyConnect Dungeon-Installer installed

  AnyConnect ssl keepalive 20

  time to generate a new key 30 AnyConnect ssl

  AnyConnect ssl generate a new method ssl key

  AnyConnect client of dpd-interval 30

  dpd-interval gateway AnyConnect 30

  AnyConnect dtls lzs compression

  AnyConnect modules value vpngina

  value of customization DfltCustomization

  internal IT_POLICY group policy

  IT_POLICY group policy attributes

  WINS server no

  value of server DNS 192.168.11.198

  VPN - connections 3

  VPN-session-timeout 120

  Protocol-tunnel-VPN-client ssl clientless ssl

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list VPN_CLIENT_ACL

  field default value societe.com

  the address value VPN_CLIENT_POOL pools

  WebVPN

  activate AnyConnect ssl dtls

  AnyConnect Dungeon-Installer installed

  AnyConnect ssl keepalive 20

  AnyConnect dtls lzs compression

  value of customization DfltCustomization

  username vpnuser password PA$ encrypted $WORD

  vpnuser username attributes

  VPN-group-policy VPN_CLIENT_POLICY

  type of remote access service

  Username vpnuser2 password PA$ encrypted $W

  username vpnuser2 attributes

  type of remote access service

  username admin password ADMINPA$ $ encrypted privilege 15

  VPN Tunnel-group type remote access

  General-attributes of VPN Tunnel-group

  address VPN_CLIENT_POOL pool

  Group Policy - by default-VPN_CLIENT_POLICY

  VPN Tunnel-group webvpn-attributes

  the aaa authentication certificate

  enable VPN_to_R group-alias

  type tunnel-group IT_PROFILE remote access

  attributes global-tunnel-group IT_PROFILE

  address VPN_CLIENT_POOL pool

  Group Policy - by default-IT_POLICY

  tunnel-group IT_PROFILE webvpn-attributes

  the aaa authentication certificate

  enable IT Group-alias

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  maximum message length automatic of customer

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  Review the ip options

  inspect the icmp

  !

  global service-policy global_policy

  context of prompt hostname

  no remote anonymous reporting call

  : end

  Help me please! Thank you!

  Hello

  Please set ACLs to allow ICMP between these two subnets (192.168.11.0 and 192.168.12.0) and check. It should ping. Let me know if it does not work.

  Thank you

  swap

• cannot ping in dmz subnet from inside the subnet

  Hey guys

  can someone pls take a look at this config in my 515 and tell me why I can't ping from host 10.2.1.20 (connected inside interface) to host (connected to the dmx interface) 10.3.1.20...

  Thanks ;)

  6.3 (3) version PIX

  interface ethernet0 car

  interface ethernet1 100full

  stop 100full interface ethernet2

  interface ethernet3 100full

  stop 100full interface ethernet4

  interface ethernet5 100full

  ethernet0 nameif outside security0

  nameif ethernet1 inside the security100

  ethernet2 intf2 security2 nameif

  nameif ethernet3 intf3 interieure4

  nameif ethernet4 intf4 securite6

  nameif dmz security50 ethernet5

  enable password xxxx

  passwd xxxx

  hostname MYHOSTNAME

  domain MYDOMAINNAME.local

  fixup protocol dns-length maximum 512

  fixup protocol ftp 21

  fixup protocol h323 h225 1720

  fixup protocol h323 ras 1718-1719

  fixup protocol http 80

  fixup protocol rsh 514

  fixup protocol rtsp 554

  fixup protocol sip 5060

  fixup protocol sip udp 5060

  fixup protocol 2000 skinny

  fixup protocol smtp 25

  fixup protocol sqlnet 1521

  fixup protocol tftp 69

  names of

  inside_access_in ip access list allow a whole

  pager lines 24

  Outside 1500 MTU

  Within 1500 MTU

  intf2 MTU 1500

  intf3 MTU 1500

  intf4 MTU 1500

  MTU 1500 dmz

  IP address outside 61.29.xxx.xxx 255.255.255.248

  IP address inside 10.2.1.11 255.255.255.0

  No intf2 ip address

  No intf3 ip address

  No intf4 ip address

  10.3.1.11 dmz IP address 255.255.255.0

  alarm action IP verification of information

  alarm action attack IP audit

  no failover

  failover timeout 0:00:00

  failover poll 15

  No IP failover outdoors

  No IP failover inside

  no failover ip address intf2

  no failover ip address intf3

  no failover ip address intf4

  no failover ip address dmz

  history of PDM activate

  ARP timeout 14400

  Global interface 10 (external)

  NAT (inside) 10 0.0.0.0 0.0.0.0 0 0

  NAT (dmz) 10 10.3.1.0 255.255.255.0 0 0

  static (inside, dmz) 10.2.1.0 10.2.1.0 netmask 255.255.255.0 0 0

  inside_access_in access to the interface inside group

  Route outside 0.0.0.0 0.0.0.0 61.29.xxx.xxx 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225

  H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00

  Timeout, uauth 0:05:00 absolute

  GANYMEDE + Protocol Ganymede + AAA-server

  RADIUS Protocol RADIUS AAA server

  AAA-server local LOCAL Protocol

  Enable http server

  http 10.2.1.0 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  SNMP-Server Community public

  SNMP-Server enable traps

  enable floodguard

  Telnet timeout 5

  SSH timeout 5

  Console timeout 0

  Terminal width 80

  Thanks again

  Rob

  ICMP is not a stateful Protocol, so you must explicitly allow ICMP traffic on the DMZ interface. Try adding the following:

  access-list dmz_access_in allow icmp a whole

  Access-group dmz_access_in in dmz interface

  I hope this helps.

  Scott

• the server connection problem to download the file

  Not sure how it happened. But DW will update is no longer my remote server. the remote page on the FTP server connection works without a hitch. I have the remote IP, set up as http:192.168.0.11/ (for example), but when I go to download the file, it wants to update remotely http://ipaddress/C: / wamp/www/webfolder/file. Odd.
  
  Does anyone else have this problem? Suggestions please. Thank you.
  
  Mike
  

  Thanks for the suggestion, but configuring FTP checked OK. in fact he did a test of the thin connection all the time. Maybe it had to do with memory cache on my computer? in any case, I liquidated DW, restarted the program and the download Panel works great.

• Cisco ASA 5515 - Anyconnect users cannot ping other users Anyconnect. How can I allow icmp between Anyconnect users traffic?

  Configuration of the ASA is below!

  ASA Version 9.1 (1)

  !

  ASA host name

  domain xxx.xx

  names of

  local pool VPN_CLIENT_POOL 192.168.12.1 - 192.168.12.254 255.255.255.0 IP mask

  !

  interface GigabitEthernet0/0

  nameif inside

  security-level 100

  192.168.11.1 IP address 255.255.255.0

  !

  interface GigabitEthernet0/1

  Description Interface_to_VPN

  nameif outside

  security-level 0

  IP 111.222.333.444 255.255.255.240

  !

  interface GigabitEthernet0/2

  Shutdown

  No nameif

  no level of security

  no ip address

  !

  interface GigabitEthernet0/3

  Shutdown

  No nameif

  no level of security

  no ip address

  !

  interface GigabitEthernet0/4

  Shutdown

  No nameif

  no level of security

  no ip address

  !

  interface GigabitEthernet0/5

  Shutdown

  No nameif

  no level of security

  no ip address

  !

  interface Management0/0

  management only

  nameif management

  security-level 100

  192.168.5.1 IP address 255.255.255.0

  !

  passive FTP mode

  DNS server-group DefaultDNS

  www.ww domain name

  permit same-security-traffic intra-interface

  the object of the LAN network

  subnet 192.168.11.0 255.255.255.0

  LAN description

  network of the SSLVPN_POOL object

  255.255.255.0 subnet 192.168.12.0

  VPN_CLIENT_ACL list standard access allowed 192.168.11.0 255.255.255.0

  pager lines 24

  Enable logging

  asdm of logging of information

  Within 1500 MTU

  Outside 1500 MTU

  management of MTU 1500

  no failover

  ICMP unreachable rate-limit 1 burst-size 1

  ASDM image disk0: / asdm - 711.bin

  don't allow no asdm history

  ARP timeout 14400

  no permit-nonconnected arp

  NAT (exterior, Interior) static source SSLVPN_POOL SSLVPN_POOL static destination LAN LAN

  Route outside 0.0.0.0 0.0.0.0 111.222.333.443 1

  Timeout xlate 03:00

  Pat-xlate timeout 0:00:30

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  WebVPN

  list of URLS no

  identity of the user by default-domain LOCAL

  the ssh LOCAL console AAA authentication

  AAA authentication http LOCAL console

  LOCAL AAA authorization exec

  Enable http server

  http 192.168.5.0 255.255.255.0 management

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start

  Crypto ipsec pmtu aging infinite - the security association

  Crypto ca trustpoint ASDM_TrustPoint5

  Terminal registration

  E-mail [email protected] / * /

  name of the object CN = ASA

  address-IP 111.222.333.444

  Configure CRL

  Crypto ca trustpoint ASDM_TrustPoint6

  Terminal registration

  domain name full vpn.domain.com

  E-mail [email protected] / * /

  name of the object CN = vpn.domain.com

  address-IP 111.222.333.444

  pair of keys sslvpn

  Configure CRL

  trustpool crypto ca policy

  string encryption ca ASDM_TrustPoint6 certificates

  Telnet timeout 5

  SSH 192.168.11.0 255.255.255.0 inside

  SSH timeout 30

  Console timeout 0

  No ipv6-vpn-addr-assign aaa

  no local ipv6-vpn-addr-assign

  192.168.5.2 management - dhcpd addresses 192.168.5.254

  !

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  SSL-trust outside ASDM_TrustPoint6 point

  WebVPN

  allow outside

  CSD image disk0:/csd_3.5.2008-k9.pkg

  AnyConnect image disk0:/anyconnect-win-3.1.04066-k9.pkg 1

  AnyConnect enable

  tunnel-group-list activate

  attributes of Group Policy DfltGrpPolicy

  Ikev1 VPN-tunnel-Protocol l2tp ipsec without ssl-client

  internal VPN_CLIENT_POLICY group policy

  VPN_CLIENT_POLICY group policy attributes

  WINS server no

  value of server DNS 192.168.11.198

  VPN - 5 concurrent connections

  VPN-session-timeout 480

  client ssl-VPN-tunnel-Protocol

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list VPN_CLIENT_ACL

  myComp.local value by default-field

  the address value VPN_CLIENT_POOL pools

  WebVPN

  activate AnyConnect ssl dtls

  AnyConnect Dungeon-Installer installed

  AnyConnect ssl keepalive 20

  time to generate a new key 30 AnyConnect ssl

  AnyConnect ssl generate a new method ssl key

  AnyConnect client of dpd-interval 30

  dpd-interval gateway AnyConnect 30

  AnyConnect dtls lzs compression

  AnyConnect modules value vpngina

  value of customization DfltCustomization

  internal IT_POLICY group policy

  IT_POLICY group policy attributes

  WINS server no

  value of server DNS 192.168.11.198

  VPN - connections 3

  VPN-session-timeout 120

  Protocol-tunnel-VPN-client ssl clientless ssl

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list VPN_CLIENT_ACL

  field default value societe.com

  the address value VPN_CLIENT_POOL pools

  WebVPN

  activate AnyConnect ssl dtls

  AnyConnect Dungeon-Installer installed

  AnyConnect ssl keepalive 20

  AnyConnect dtls lzs compression

  value of customization DfltCustomization

  username vpnuser password PA$ encrypted $WORD

  vpnuser username attributes

  VPN-group-policy VPN_CLIENT_POLICY

  type of remote access service

  Username vpnuser2 password PA$ encrypted $W

  username vpnuser2 attributes

  type of remote access service

  username admin password ADMINPA$ $ encrypted privilege 15

  VPN Tunnel-group type remote access

  General-attributes of VPN Tunnel-group

  address VPN_CLIENT_POOL pool

  Group Policy - by default-VPN_CLIENT_POLICY

  VPN Tunnel-group webvpn-attributes

  the aaa authentication certificate

  enable VPN_to_R group-alias

  type tunnel-group IT_PROFILE remote access

  attributes global-tunnel-group IT_PROFILE

  address VPN_CLIENT_POOL pool

  Group Policy - by default-IT_POLICY

  tunnel-group IT_PROFILE webvpn-attributes

  the aaa authentication certificate

  enable IT Group-alias

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  maximum message length automatic of customer

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  Review the ip options

  inspect the icmp

  !

  global service-policy global_policy

  context of prompt hostname

  no remote anonymous reporting call

  : end

  Hello

  Here's what you'll need:

  permit same-security-traffic intra-interface

  VPN_CLIENT_ACL standard access list allow 192.168.12.0 255.255.255.0

  destination NAT (outside, outside) SSLVPN_POOL SSLVPN_POOL SSLVPN_POOL SSLVPN_POOL static static source

  Patrick

• Tunnel of Split VPN Setup ASA to force inside the tunnel for single address

  Hi all

  We have an ASA with IPSec VPN facility to addresses Internet of Tunnel from Split.  We have an Internet address that must come from the external interface of the ASA.  I have added this address to the list of split tunnel and confirmed on the client that is the road to the tunnel, but I'm not able to get to this address via the VPN.

  How the ASA to allow this unique Internet address to come via the VPN and route back on the same interface to the Internet and the return traffic to back up in the client VPN tunnel.

  I need to get to the address is 213.92.42.118. Here's the config relavent (let me know if I left anything):

  interface GigabitEthernet0/0
  nameif outside
  IP 1.1.1.1 255.255.255.0
  permit same-security-traffic inter-interface
  permit same-security-traffic intra-interface
  name 10.80.177.0 VPN_Pool
  Outbound_Ports tcp service object-group
  port-object eq www
  access-list extended sheep allowed any ip VPN_Pool 255.255.255.0
  access-list extended users allow icmp a whole
  access-list extended users enable a tcp
  access-list extended users allow udp a whole
  users_splitTunnelAcl list standard access allowed 10.0.0.0 255.0.0.0
  standard access list users_splitTunnelAcl allow 192.168.43.0 255.255.255.0
  users_splitTunnelAcl list standard access allowed 192.168.40.0 255.255.255.0
  users_splitTunnelAcl list standard access allowed host 213.92.42.118

  FWOB list extended access permit tcp any any Outbound_Ports object-group

  Global (LUXCVGASA01e) 2 1.1.1.1

  NAT (LUXCVGASA01i) 2 10.0.0.0 255.0.0.0
  NAT 0 access-list sheep (LUXCVGASA01i)

  Any help is appreciated.

  -Jeff

  Hi Jeff,

  Just had a chance to look through the Setup and I guess that configured nat is incorrect.

  access-list extended sheep allowed any ip VPN_Pool 255.255.255.0
  NAT 0 access-list sheep (LUXCVGASA01i)
  NAT (LUXCVGASA01i) 2 10.0.0.0 255.0.0.0

  Global (LUXCVGASA01e) 2 1.1.1.1

  The access-list says sheep that ALL traffic goes to the pool of the VPN to go UN-natted. So, when you try to access the public ip address via the tunnel VPN, the traffic the ASA, ASA then performs a search destination NAT and matches the nat command "nat (LUXCVGASA01i) 0 access-list sheep." If the ASA detects a destination NAT translation, it will bypass route search and uses the destination NAT translation to determine the output interface (in this scenario, the output interface is LUXCVGASA01i.

  So, to resolve this problem, change the acl sheep from "any to VPN_Pool 255.255.255.0" inside"to the network VPN_Pool 255.255.255.0.

  clear xlate and re-initialization of the tunnel, and this should solve the problem.

  Let me know if that answers your query.

  Kind regards

  Manisha masseur

• Windows Update, in particular, is the cause the internet connection problem? Why Microsoft is not the problem?

  Twice in the space of a few days our internet connection has been disabled. System Restore solve the problem - temporarily. It would be good to know exactly which file is causing the problem.

  I applied all the updates of Windows 7 on 5 computers and encountered no problems.  You use McAfee antivirus by chance?  There was an update for that because of the problems of Internet access for some.  Check with McAfee, if you use that.

  Good luck.

• Please help in the db connectivity problem after Server moves to the location of diff

  Our database is 10.2.0.3 with 2 RAC nodes. Our database servers are MS 2003 R2. Recently, we moved our database on different servers in the other location. Say that we pitch A, B and C.
  A - the location for the database users understand me.
  B - the former location of the db
  C - the new location of the db.
  
  Location B and C are in the same city but different places. A and B are located in different cities. I was told that there is no direct link between A and C and the link between A and C must pass through B. Since the move we have experienced the problem of connectivity of database between A and C. Some users got "ORA-03113: end of file on the communication channel. For me, I constantly "ORA-03135: connection lost contact" Sqlplus or Toad if I leave my session idle for an hour or more, no matter if it uses dedicated or shared connection. We also asked our network administrator to make sure that there is no firewall between the two and we have also added KeepAliveTime and KeepAliveInterval the new db server record. We also have a TAR with Oracle.
  
  Thanks a lot for your help in advance.
  
  Shirley

  Connections this time-out when left idle for an hour feels very strongly to a firewall issue. The fact that you are going through Site B and cannot connect directly to Site c. imply strongly that there is a firewall at Site C. Since B can communicate with C, I would bet that there is a hole in the firewall allows connections between B and C. But firewalls commonly kill idle connections after a timeout: you would need to talk to the administrator of the firewall to determine how to configure the firewall to allow connections to be idle indefinitely.

  Justin

• Two PC on the lan connection problem

  I wanted to connect two PCs using lan via the TCP protocol. I run a simple customer data and simple data on my PC server. But when I opened the single database server on my PC and the client of simple data on the other PC then error 63 I think it's error.tell buffer overflow series me what I'll do. is it necessary to configure listening TCP by double clicking it and give it some values? I am new to networking so can not debug the error.plz tell me what to do? Also should what changes I to VI Server? Which port number should I enter?

  
  

• The SMC connection problem

  Whenever I use SMC, he always claims that my device (e240 or something like that) is not connected, even though I can access it fine of anywhere else on the computer. How can I fix it?

  He was already in MSC mode, so I tried in MTP mode and it works!

• 5 Nexus at the Scout connection problem

  So I can not connect my Nexus 5 (Android 4.4.2) to the Scout, but Nexus S (Android 4.1.2) and iPhone connect correctly. They are all in the same wi - fi network.

  Any idea what could possibly go wrong?

  Thank you!

  My computer has never appears on the Scout app as it does on all my other Android/iOS devices, but had it works now by connecting to 192.168.0.101.

• Use the Testsoftware, connection problems

  Hello. While trying to connect there is a pop up window saying: I am not abel to connect to internet, BUT I am connected and not in offline mode. What can I do to use the testsoftware?

  Could you help me please? Thank you very much. Alice

  

  Hello Alice Ka.,.

  You are on a managed network, if so, then please consult the KB: http://helpx.adobe.com/x-productkb/policy-pricing/activation-deactivation-products.html.

  Kind regards

  Romit Sinha

• inside the user initiates the connection to the vpn user

  Hi, couldn't solve this problem:

  I have to the customer. A and B.

  Connected via VPN for remote access and the applied filter A

  B is inside the user connected inside interface with sec - lvl 100.

  For example,.

  Pings B A but without success

  B connect A, but without success

  I know of sec - lvl 100 all the conn is allowed and ASA allows a connection established to the rear. Why B is not allowed at a.

  (after adding the ACL to allow b to A, I've been successful)

  First of all, security levels don't matter when it comes to traffic-vpn - all traffic in both directions is allowed without restriction as long as sysopt-permit vpn connection is present in the config (default).

  Secondly, when you applied the filter-vpn functionality, ACL works for traffic in both directions, i.e. you explicitly allow traffic in both directions in this single ACL.

  These vpn filter ACL is a little special ACL, cause it is written from the perspective of the (client) remote site, but should include entries for both directions. You can take a look here (or elsewhere)) on how it works:

  http://popravak.WordPress.com/2011/11/05/Cisco-ASA-VPN-filter-as-i-see-it/

• Everyone around the Malaysia has problems connecting to Windows Update Server?

  For 4 days, I have the problem using Windows Update. Updates is never to download completely, Windows Update will just stop after failing to download the updates.

  Then I tried to download updates and apply them manually; VS2008SP1ENUX1512962. ISO (Visual Studio 2008 Sp1) is one of the things that I download. This 800 + MB file I've downloaded 3 times on the Microsoft Download site and they are all corrupt. I got a copy uncorrupted file using torrent finally. There are others who are corrupt as well.

  That's why I'm thinking, is there something wrong with the server of Microsoft Update, or the Malaysia connectivity problem? I'm getting an average of 100 Kbps download speed of site except Windows Update - which starts at 30 kbps and after 15 minutes drops to 5 Kbps.

  Hello Siang Hong,

  Thank you for using Microsoft Vista answers Forum!

  What is the address of Web site, that you try to download the update?  Looks like you may have an infection of viruses or malware on your PC. Just to be on the safe side, I would say that you follow the steps in these links barely pull on this issue.

  How to remove a computer virus?

  How to get rid of malware

   

  If the above does not apply to you, thanks for posting back with some details about your network settings so that we can be able to help more on your connection problem.

  David O
  Microsoft Answers Support Engineer
  Visit our and tell us what you think.

• CISCO ASA 5515 WITH THE VERSION OF FIREPOWER

  ASA 5515 service with the power of fire. Can be managed with ASDM firepower. ?

  Anyone suggests Versions for firepower, ASDM, ASA?

  Kindly help

  You will find it useful to install the Module of firepower on ASA for the management of the premises:

  http://www.Cisco.com/c/en/us/TD/docs/security/ASA/Quick_Start/SFR/firepo...

  Thank you

  Guillaume

  Rate if this can help!