ASA 5520 8.0 (4) port depending on the ACLs vpn works not
Hi all
I have a problem with an ASA (5520 8.0 (4)) for lack of working with a port based acl for remote clients. I have a simple acl from a single line to split traffic, if I allowed the tunnel IP works fine, if I lock it up to TCP 3389 rdp will not work. I don't see anything in the logs and debug output, I did have a problem with a similar configuration (5510 8.0 (4) and I'm at a loss to explain it.)
Everyone knows about this problem before? I have nat exclusions etc and as I said, the tunnel only works if the acl permits all IP traffic between client and server.
THX in advance
Split-tunnel list cannot IP, if you want to restrict which ports are are sent via the tunnel vpn for your clients vpn, you need to use VPN filters under Group Policy:
Tags: Cisco Security
Similar Questions
-
What are the ports used by the Cisco VPN Client?
Hello
I need to open my outgoing traffic on my firewall to allow two interns (LAN) Cisco VPN Client to connect to their Internet virtual private network.
I already opened the port 500/UDP, but they are not able to connect. If I open all outgoing ports, they can connect.
What are the ports used by the Cisco VPN Client?
Thank you
You need to open:
UDP 500
ESP protocol
You must also open the UDP 4500 port (if using NAT - T).
In addition, if the clients are connecting to a VPN 3000 Concentrator series and it is configured for all other options of NAT-transparency, corresponding ports must be open. By default:
1. If using IPSec over TCP 10000, then open TCP 10000.
2. If using IPSec over UDP 10000, open UDP 1000.
-
Hello
I'm trying to set up a private network virtual to another ASA. I ping the outside fo the other ASA. This VPN is just for a small site in a hub and spoke topology, my config is just for the Office spoke so he basically this office having to send all it's traffic to the hub HQ where the servers are. You see no reason why the VPN will not come to the top?
ciscoasa # sh run
: Saved
:
ASA Version 8.4 (2)
!
ciscoasa hostname
activate 8Ry2Yjyt7RRXU24 encrypted password
2KFQnbIdI.2KYOU encrypted passwd
names of
!
interface GigabitEthernet0
nameif outside
security-level 0
IP 90.174.83.202 255.255.255.252
!
interface GigabitEthernet1
nameif inside
security-level 100
IP 10.101.61.1 255.255.255.0
!
interface GigabitEthernet2
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet3
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet4
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet5
Shutdown
No nameif
no level of security
no ip address
!
passive FTP mode
internal network object - 10.101.61.0
10.101.61.0 subnet 255.255.255.0
network of the internal object - 0.0.0.0
subnet 0.0.0.0 0.0.0.0
network of the Corp object
10.100.1.0 subnet 255.255.255.0
access extensive list ip 10.101.61.0 inside_access_in allow 255.255.255.0 any
inside_access_in list extended access permit icmp any one
access extensive list ip 10.101.61.0 outside_cryptomap allow 255.255.255.0 10.100.1.0 255.255.255.0
pager lines 24
Enable logging
registration of the errors of the console
asdm of logging of information
Outside 1500 MTU
Within 1500 MTU
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 714.bin
don't allow no asdm history
ARP timeout 14400
!
network of the internal object - 0.0.0.0
NAT dynamic interface (indoor, outdoor)
!
NAT (inside, all) after-service automatic internal static source - 10.101.61.0 internal 10.101.61.0 static destination Corp. Corp. non-proxy-arp
inside_access_in access to the interface inside group
Route outside 0.0.0.0 0.0.0.0 93.174.83.201 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
AAA authentication enable LOCAL console
the ssh LOCAL console AAA authentication
LOCAL AAA authorization command
LOCAL AAA authorization exec
Enable http server
http 10.101.61.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-DES-SHA-TRANS esp - esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-DES-MD5-TRANS esp - esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transit
Crypto ipsec ikev2 ipsec-proposal OF
encryption protocol esp
Esp integrity sha - 1, md5 Protocol
card crypto outside_map 1 match address outside_cryptomap
card crypto outside_map 1 set pfs group5
peer set card crypto outside_map 1 80.171.156.66
card crypto outside_map 1 set ikev1 transform-set ESP-DES-SHA ESP-DES-MD5
outside_map card crypto 1 define ipsec ikev2 proposals
outside_map interface card crypto outside
IKEv2 crypto policy 40
the Encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
Crypto ikev2 allow outside
Crypto ikev1 allow outside
IKEv1 crypto policy 130
authentication crack
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 140
authentication rsa - sig
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 150
preshared authentication
the Encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH 10.101.61.0 255.255.255.0 inside
SSH timeout 5
Console timeout 0
dhcpd address 10.101.61.10 - 10.101.61.254 inside
dhcpd allow inside
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
internal GroupPolicy_80.171.156.66 group strategy
attributes of Group Policy GroupPolicy_80.171.156.66
VPN-tunnel-Protocol ikev1, ikev2
username * oiYa7C.IOflZak password encrypted privilege 15
tunnel-group 80.171.156.66 type ipsec-l2l
tunnel-group 80.171.156.66 General-attributes
Group - default policy - GroupPolicy_80.171.156.66
IPSec-attributes tunnel-group 80.171.156.66
IKEv1 pre-shared-key *.
remote control-IKEv2 pre-shared-key authentication *.
pre-shared-key authentication local IKEv2 *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect sunrpc
inspect the tftp
Review the ip options
inspect the rtsp
inspect the pptp
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect esmtp
inspect sqlnet
inspect the skinny
inspect xdmcp
inspect the sip
inspect the netbios
inspect the icmp
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
crashinfo record disable
Cryptochecksum:fbebeccb487674e3d8d1c4cff0b27749
: end
ciscoasa #.
Hello
An obvious problem is scheduling of the NAT rules
network of the internal object - 0.0.0.0
NAT dynamic interface (indoor, outdoor)
!
NAT (inside, all) after-service automatic internal static source - 10.101.61.0 internal 10.101.61.0 static destination Corp. Corp. non-proxy-arp
In the configuration above Dynamics PAT configuration replaces the configuration of NAT0 means for VPN L2L
You must make this change and test again if there other problems
no nat (inside, all) after-service automatic internal static source - 10.101.61.0 internal 10.101.61.0 static destination Corp. Corp. non-proxy-arp
NAT (inside, all) internal static source - 10.101.61.0 internal 10.101.61.0 static destination Corp. Corp. non-proxy-arp
We delete "automatic termination" of the command so that the NAT0 rule is moved to the top of NAT rules before the current dynamic PAT rule to the LAN.
Hope this helps
-Jouni
-
ASA 5505 9.1 Unable to ping inside the IPSec VPN network
To give some background that the asa has been reloaded and upgranded from 8.2 to 9.1. I am able to connect to vpn, but unable to reach anything inside, including of the asa. I didn't unfortunately not much experience with 8.3 +, but I thought that I had nat made appropriately. Nothing else is currently configured for the asa, as it's just an asa test currently, so I could of just missed something odvious.
ASA Version 9.1 (3)
!
hostname testasa
activate the encrypted password of Ry5/Pmodu2QL1Xe3
volatile xlate deny tcp any4 any4
volatile xlate deny tcp any4 any6
volatile xlate deny tcp any6 any4
volatile xlate deny tcp any6 any6
volatile xlate deny udp any4 any4 eq field
volatile xlate deny udp any4 any6 eq field
volatile xlate deny udp any6 any4 eq field
volatile xlate deny udp any6 any6 eq field
names of
mask 192.168.3.1 - 192.168.3.200 255.255.255.0 IP local pool VPNPool
!
interface Ethernet0/0
!
interface Ethernet0/1
switchport access vlan 2
!
interface Ethernet0/2
switchport access vlan 2
!
interface Ethernet0/3
switchport access vlan 2
!
interface Ethernet0/4
switchport access vlan 2
!
interface Ethernet0/5
switchport access vlan 2
!
interface Ethernet0/6
switchport access vlan 2
!
interface Ethernet0/7
switchport access vlan 2
!
interface Vlan1
nameif outside
security-level 0
IP address dhcp setroute
!
interface Vlan2
nameif inside
security-level 100
IP 192.168.2.252 255.255.255.0
!
passive FTP mode
network of the NETWORK_OBJ_192.168.2.0_24 object
Subnet 192.168.2.0 255.255.255.0
network of the NETWORK_OBJ_192.168.3.0_24 object
subnet 192.168.3.0 255.255.255.0
network of object obj-Interior
Subnet 192.168.2.0 255.255.255.0
object obj - vpn network
subnet 192.168.3.0 255.255.255.0
VPNGroup_splitTunnelAcl list standard access allowed 192.168.2.0 255.255.255.0
pager lines 24
Enable logging
asdm of logging of information
Outside 1500 MTU
Within 1500 MTU
no failover
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
no permit-nonconnected arp
NAT (inside, outside) static source inside obj obj-indoor destination static obj - vpn obj - vpn
!
NAT source auto after (indoor, outdoor) dynamic one interface
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
Enable http server
http 192.168.2.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec pmtu aging infinite - the security association
Dynamic crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
trustpool crypto ca policy
Crypto ikev1 allow outside
IKEv1 crypto policy 10
authentication crack
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 20
authentication rsa - sig
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 30
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 40
authentication crack
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 50
authentication rsa - sig
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 60
preshared authentication
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 70
authentication crack
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 80
authentication rsa - sig
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 90
preshared authentication
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 100
authentication crack
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 110
authentication rsa - sig
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 120
preshared authentication
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 130
authentication crack
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 140
authentication rsa - sig
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 150
preshared authentication
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 65535
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH timeout 5
SSH group dh-Group1-sha1 key exchange
Console timeout 0
interface ID client DHCP-client to the outside
dhcpd address 192.168.2.50 - 192.168.2.100 inside
dhcpd dns 208.67.222.222 198.153.192.40 interface inside
dhcpd allow inside
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
AnyConnect essentials
internal VPNGroup group strategy
Group Policy attributes VPNGroup
value of server DNS 208.67.222.222 198.153.192.40
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list VPNGroup_splitTunnelAcl
disable the split-tunnel-all dns
no method of MSIE-proxy-proxy
VLAN no
NAC settings no
test I9znLlryc6yq.BN4 encrypted privilege 15 password username
tunnel-group VPNGroup type remote access
attributes global-tunnel-group VPNGroup
address pool VPNPool
Group Policy - by default-VPNGroup
IPSec-attributes tunnel-group VPNGroup
IKEv1 pre-shared-key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
Review the ip options
inspect the netbios
inspect the rsh
inspect the rtsp
inspect the skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect the tftp
inspect the sip
inspect xdmcp
inspect the icmp
inspect the icmp error
!
global service-policy global_policy
context of prompt hostname
Hello
To be honest, I can't see anything in the configuration that should be a problem.
Your NAT settings seem to be correct.
You have the global setting of "sysopt connection permit - vpn" who does not appear in this form in the CLI configuration. This configuration means essentially that the SAA would allow traffic from a VPN connection to work around interface ACL of the interface when the VPN connection is completed (outside)
Your ACL Split Tunnel is also correct.
You might connect with VPN Client and run a continuous ICMP to a host of LAN and provide an output of the following command after a the ICMP has run a few seconds
Crypto ipsec to show his
Should see the counters of VPN.
You can also try adding
management-access inside
This should allowed you to the 'internal' to the ASA IP ICMP and also manage ASA through the VPN connection by using the 'internal' the IP address provided you have enabled it. But for this you need to change the configuration of "nat" in this
NAT (inside, outside) static source inside obj obj-indoor destination static obj - vpn vpn-obj-research route
Hope this helps
-Jouni
-
Split DNS on ASA 5510 access remote vpn works not
I connect successfully to the tunnel and can ping hosts remotely by IP but am unable to browse the internet from the VPN client. Also, the resolution of host name on the remote end does not work... can only connect through the IP address. Ideas? Thanks again!
Your group policy will SUFFER a good split tunneling and divide the dns settings. But I think that you are awarded the DfltGrpPolicy rather than your group policy will SUFFER because group policy is not set in your group of tunnel, nor be transmitted from authentication.
Make a vpn-sessiondb distance 'show' to confirm what group policy is assigned to fix it, assign your group policy will BE to your group of tunnel as follows:
global-tunnel-group attributes
Will BE by default-group-policy
-heather
-
Depending on the browser preview does not work in DW CC 20141
I just installed WAMP 2.5 on my local machine from 8.1 to win. All files transferred to the test server very well and everything works. However, when I opened Dreamweaver pages in preview, I get URL not found error. Pages open very well in all browsers when I open them directly in Windows Explorer. I modified the HOSTS file in windows such as recommended in the Setup in WAMP 2.5 for the use of virtual hosts as follows:
127.0.0.1 localhost
127.0.0.1 Project1
127.0.0.1 sttest.dev
: 1 localhost
: 1 Project1
: sttest.dev 1
where sttest is my project folder to the local website for the test server.
Any help or ideas would be appreciated.
Thank you!
I thought that our problem. In WAMP if you use virtual servers, you must point to a folder under the www folder in the main folder of WAMP or other place. I had designated a Project1 localhost, but had failed to create a folder under the folder c:\WAMP\www Project1. So I set up a specific folder as c:\WAMP\www\STTest1 as a project folder and then edited my HOSTS file for:
127.0.0.1 localhost
127.0.0.1 sttest1
: 1 localhost
: sttest1 1
Given that I had previously 127.0.0.1 Project1 stated in my HOSTS file but no file Project1, the Dreamweaver did not find the html page on my local server. So for now, all is good.
-
ASA 5520 to Juniper ss505m vpn
I'm having a problem with the vpn site to site between a asa 5520 and Juniper ss 505 m. The tunnel rises, but we seem unable to pass traffic through the vpn tunnel. It appears on the remote side makes a connection to the ftp server on the Local Server, but is never prompt identification of connection information.
April 19, 2016 13:27:13 SQL-B2B-01: % ASA-4-402116: IPSEC: received a package ESP x.x (SPI = 0xD167A5E8, sequence number = 0xD).
241.90 (user = X.X.241.90) at X.X.167.230. Inside the package décapsulés does not match policy negotiated in the SA. The
package specifies its destination as its Protocol TCP, its source such as X.X.2.68 and X.X.167.233. SA specifies its loc
proxy of Al X.X.167.233/255.255.255.255/tcp/5376 and his remote_proxy as X.X.2.68/255.255.255.255/tcp/5376.
list of remote ip-group of objects allowed extended West Local Group object
NAT static Local_Pub Local destination (indoor, outdoor) static source Remote
Crypto ipsec ikev1 transform-set esp-aes-256 Remote esp-sha-hmac
West-map 95 crypto card is the Remote address
card crypto West-map 95 set peer X.X.241.90
map West-map 95 set transform-set Remote ikev1 crypto
card crypto West-map 95 defined security-association life seconds 28800Juniper-
"Remote-ftp" X.X.167.233 255.255.255.255
Gateway proposal P1 preshare "[email protected]/ * /" proposal "pre-g2-aes256-sha-28800.
P2-proposal "no-pfs-esp-aes256-sha-28800" No. - pfs esp aes256 sha-1 second 28800
----------------------
the top of the policy of "Trust" to "Untrust" "X.X.2.68/32" "Remote-ftp' 'ftp' vpn"Remote-vpn"tunnel log
put on top of the "Untrust" policy to the "Trust" "Remote-ftp' 'X.X.2.68/32' 'ftp' vpn"SonoraQ-vpn"tunnel sign
I do not know Juniper, but it seems that it is trying to negotiate the use of only 5376/tcp on the tunnel, when it should be negotiated just Protocol "ip".
-
VPN site to site &; outdoor on ASA 5520 VPN client
Hi, I'm jonathan rivero.
I have an ASA 5520 Version 8.0 (2), I configured the site-to-site VPN and works very well, in the other device, I configured the VPN Client for remote users and works very well, but I try to cofigure 2 VPNs on ASA 5520 on the same outside interface and I have the line "outside_map interface card crypto outdoors (for VPN client). , but when I set up the "crypto map VPNL2L outside interface, it replaces the command', and so I can have only a single connection.
the executed show.
ASA1 (config) # sh run
: Saved
:
ASA Version 8.0 (2)
!
hostname ASA1
activate 7esAUjZmKQSFDCZX encrypted password
names of
!
interface Ethernet0/0
nameif inside
security-level 100
address 172.16.3.2 IP 255.255.255.0
!
interface Ethernet0/1
nameif outside
security-level 0
IP 200.20.20.1 255.255.255.0
!
interface Ethernet0/1.1
VLAN 1
nameif outside1
security-level 0
no ip address
!
interface Ethernet0/2
Shutdown
No nameif
no level of security
no ip address
!
interface Ethernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Ethernet0/4
Shutdown
No nameif
no level of security
no ip address
!
interface Ethernet0/5
Shutdown
No nameif
no level of security
no ip address
!
2KFQnbNIdI.2KYOU encrypted passwd
passive FTP mode
object-group, net-LAN
object-network 172.16.0.0 255.255.255.0
object-network 172.16.1.0 255.255.255.0
object-network 172.16.2.0 255.255.255.0
object-network 172.16.3.0 255.255.255.0
object-group, NET / remote
object-network 172.16.100.0 255.255.255.0
object-network 172.16.101.0 255.255.255.0
object-network 172.16.102.0 255.255.255.0
object-network 172.16.103.0 255.255.255.0
object-group network net-poolvpn
object-network 192.168.11.0 255.255.255.0
access list outside nat extended permit ip net local group object all
access-list extended sheep allowed ip local object-group net object-group net / remote
access-list extended sheep allowed ip local object-group net net poolvpn object-group
access-list splittun-vpngroup1 extended permitted ip local object-group net net poolvpn object-group
pager lines 24
Within 1500 MTU
Outside 1500 MTU
outside1 MTU 1500
IP local pool ippool 192.168.11.1 - 192.168.11.100 mask 255.255.255.0
no failover
ICMP unreachable rate-limit 100 burst-size 10
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0 access-list sheep
NAT (inside) 1 access list outside nat
Route outside 0.0.0.0 0.0.0.0 200.20.20.1 1
Route inside 172.16.0.0 255.255.255.0 172.16.3.2 1
Route inside 172.16.1.0 255.255.255.0 172.16.3.2 1
Route inside 172.16.2.0 255.255.255.0 172.16.3.2 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout, uauth 0:05:00 absolute
dynamic-access-policy-registration DfltAccessPolicy
the ssh LOCAL console AAA authentication
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
86400 seconds, duration of life crypto ipsec security association
Crypto ipsec kilobytes of life security-association 400000
Crypto-map dynamic outside_dyn_map 20 the value transform-set ESP-3DES-SHA
card crypto VPNL2L 1 match for sheep
card crypto VPNL2L 1 set peer 200.30.30.1
VPNL2L 1 transform-set ESP-3DES-MD5 crypto card game
map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map
outside_map interface card crypto outside
crypto isakmp identity address
crypto ISAKMP allow outside
crypto ISAKMP policy 20
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
crypto ISAKMP policy 30
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 65535
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH timeout 5
Console timeout 0
a basic threat threat detection
Statistics-list of access threat detection
!
!
internal vpngroup1 group policy
attributes of the strategy of group vpngroup1
banner value +++ welcome to Cisco Systems 7.0. +++
value of 192.168.0.1 DNS server 192.168.1.1
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value splittun-vpngroup1
value by default-ad domain - domain.local
Split-dns value ad - domain.local
the address value ippool pools
username password asa1 VRTlLlJ48/PoDKjS encrypted privilege 15
tunnel-group 200.30.30.1 type ipsec-l2l
IPSec-attributes tunnel-group 200.30.30.1
pre-shared-key *.
type tunnel-group vpngroup1 remote access
tunnel-group vpngroup1 General-attributes
ippool address pool
Group Policy - by default-vpngroup1
vpngroup1 group of tunnel ipsec-attributes
pre-shared-key *.
context of prompt hostname
Cryptochecksum:00000000000000000000000000000000
: end
ASA2 (config) #sh run
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
86400 seconds, duration of life crypto ipsec security association
Crypto ipsec kilobytes of life security-association 400000
card crypto VPNL2L 1 match for sheep
card crypto VPNL2L 1 set peer 200.30.30.1
VPNL2L 1 transform-set ESP-3DES-MD5 crypto card game
VPNL2L interface card crypto outside
crypto isakmp identity address
crypto ISAKMP allow outside
crypto ISAKMP policy 20
preshared authentication
3des encryption
md5 hash
Group 2
life 86400tunnel-group 200.30.30.1 type ipsec-l2l
IPSec-attributes tunnel-group 200.30.30.1
pre-shared key ciscomy topology:
I try with the following links, but did not work
http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a0080912cfd.shtml
http://www.Cisco.com/en/us/products/ps6120/products_tech_note09186a00807e0aca.shtml
Best regards...
"" I thing both the force of the SAA with the new road outside, why is that? ".
without the road ASA pushes traffic inward, by default.
In any case, this must have been a learning experience.
Hopefully, this has been no help.
Please rate, all the helful post.
Thank you
Rizwan Muhammed.
-
Cisco ASA 5520, 8.02, 4GE SSM, IPS?
I have an ASA 5520 with 4GE SSM module.
The ASDM, I see IPS basic signatures... anyway to upgrade these signatures, add to, etc.?
Not really, you must purchase the AIP - SSM module for this.
Concerning
Farrukh
-
Has just received a new ASA 5520 and I'm trying to update the ASA s/w to 7.2 and the ASDM to 5.2. I copied the Flash files, but when I run "asdm image flash: / asdm521.bin ' I get an error that it is not an image file and I don't know where to start with the ASA. Any help would be appreciated. I can't find any info in my documentation.
Try this,
To update/install the ASDM follow the example of the procedure,
ASA (config) # copy tftp flash
Address or name of remote host [xxxx]?
Source [pix704.bin] file name? ASDM - 504.bin
Destination file name [asdm - 504.bin]?
Access t... ftp://x.x.x.x/asdm-504.bin!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing flash file: / asdm - 504.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
5958324 bytes copied in 165,460 seconds (36111 bytes/s)
ASA (config) #.
ASA (config) # sh flash
Directory of flash: /.
7 rw-5437440 21:12:42 pix704.bin 24 November 2005
5919340 - rw - 11 20:59:06 November 24, 2005 asdm - 504.bin
-7017 rw-13 14:00:58 22 July 2005 admin.cfg
ASDM - 504.bin is now copied into the flash. We should now set to use PIX
This image to load ASDM.
ASA (config) # asdm image flash: / asdm - 504.bin
Final steps involve configuration running record in memory as we
changes to boot files and reload the PIX.
ASA (config) # write memory
Building configuration...
Cryptochecksum: d4f498de e877e418 2f9effa7 62ca0d6b
4807 bytes copied in 3.20 seconds (1602 bytes/s)
[OK]
ASA (config) # reload
Once the PIX comes back to the top, we can check that upgradation succeeded
using the command 'show version '.
Consult the ASDM upgrade procedure
I hope this helps... all the best... the rate of responses if deemed useful...
REDA
-
Transfer the image to the ASDM ASA on the anyconnect VPN
I'm relatively new to the ASA firewalls. My previous experience of firewall is a firewall provider. I work with an ASA 5515 - X running ASA 915 and ASDM 713. I connect Windows 8 and therefore improve the ASDM to 731. I've done it before no problem. My problem with this particular update is that I really need to download the image to a VPN connection. I can't configure a NAT device on my end to allow the ASA to connect to my public IP address - so I can connect to the ASA via anyconnect. I can't SSH in public IP address of the ASA (for now) but I can't transfer the asdm image obviously not my public IP b/c I have no NAT on my end. So I connect my PC to the anyconnect service and get an IP VPN. I need to run the command:
copy ftp://user: [email protected] / * *//asdm-731.bin disk0:
I get the following output: for access to the ftp://user: [email protected] / * *//asdm-731.bin...
Error opening % ftp://user: [email protected] / * *//asdm-731.bin (Permission denied)Anyone know good ways to solve this CLI only?
Thanks for your help.
Zach
Looks like a FTP permission problem. The user has read access? Also, make sure that your 8 victory is tuned for FTP requests on map virtual VPN.
one of the other option is to use a host of jump in your lan behind asa and open the asdm from there, using asdm, it will be easier to copy the file to asa flash.
-
I just upgraded my ASA from 7 to 8 and now, my remote access VPN working properly. The tunnels connect and I can ping anything, but I can't browse network shares or connect to Exchange.
No idea as to what I'm missing?
Thank you
Dan
IPSec VPN packets are removed when compression is enabled, when you configure the enable command ip-comp under Group Policy, then large packages that are eligible for compression are deleted in silence by the security apparatus. VPN compression is only useful for very slow Internet connections, so we suggest you disable compression (ip-comp disable). Alternatively, you can move on to build interim 8.0 (4.16) or later. (CSCsu26649)
Release notes for Cisco 8.0.4.
-
With an ASA 5520 port forwarding
Hi all
I recently bought a Cisco ASA 5520 on eBay for study and I decided to only use it as a firewall between my home LAN and Internet. Wow, what a learning curve! I managed to add my internal networks as objects and create a rule (thanks to youtube) NAT to PAT my internal devices out of the Internet with ASSISTANT Deputy Ministers, but I am really struggling to do the following:-
-allow all incoming traffic that hits the outside interface for port 38921 and nat at 10.1.10.101:38921
-allow all incoming traffic that hits the outside interface for port 30392 and nat at 10.1.10.101:30392
Can someone guide me on how to do it, because I have a couple of services that run behind these ports on a server I want to get when I'm not at home? My (rather messy) config is as follows:-
hostname FW1
activate the encrypted password
encrypted passwd
names of
!
interface GigabitEthernet0/0
Description * externally facing Internet *.
nameif outside
security-level 0
IP address dhcp setroute
!
interface GigabitEthernet0/1
Description * internal face to 3750 *.
nameif inside
security-level 100
IP 10.1.10.2 255.255.255.0
!
interface GigabitEthernet0/2
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
nameif management
security-level 100
IP 192.168.1.1 255.255.255.0
!
passive FTP mode
the VLAN1 object network
subnet 192.168.1.0 255.255.255.0
Legacy description
network of the WiredLAN object
10.1.10.0 subnet 255.255.255.0
Wired LAN description
network of the CorporateWifi object
10.1.160.0 subnet 255.255.255.0
Company Description 160 of VLAN wireless
network of the GuestWifi object
10.1.165.0 subnet 255.255.255.0
Description Wireless VLAN 165 comments
network of the LegacyLAN object
subnet 192.168.1.0 255.255.255.0
Description Legacy LAN in place until the change on
the file server object network
Home 10.1.10.101
Description File Server
service object Service1
tcp source eq eq 38921 38921 destination service
1 service Description
the All_Inside_Networks object-group network
network-object VLAN1
network-object, object WiredLAN
network-object, object CorporateWifi
network-object, object GuestWifi
network-object, object LegacyLAN
object-group service Service2 tcp - udp
port-object eq 30392
object-group service DM_INLINE_TCPUDP_1 tcp - udp
port-object eq 30392
Group-object Service2
object-group Protocol TCPUDP
object-protocol udp
object-tcp protocol
Outside_access_in list extended access allowed object-group TCPUDP any inactive FileServer object-group DM_INLINE_TCPUDP_1 object
Outside_access_in list extended access allowed object Service1 any inactive FileServer object
pager lines 24
Enable logging
asdm of logging of information
Outside 1500 MTU
MTU 1500 internal
management of MTU 1500
no failover
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 714.bin
don't allow no asdm history
ARP timeout 14400
service interface NAT (inside, outside) dynamic source FileServer Service1 inactive Service1
NAT (all, outside) interface dynamic source All_Inside_Networks
Access-group Outside_access_in in interface outside
Internal route 10.1.160.0 255.255.255.0 10.1.10.1 1
Internal route 10.1.165.0 255.255.255.0 10.1.10.1 1
Internal route 192.168.1.0 255.255.255.0 10.1.10.1 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
Enable http server
http 10.1.160.15 255.255.255.255 internal
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
Telnet 10.1.160.15 255.255.255.255 internal
Telnet timeout 5
SSH timeout 5
Console timeout 0
interface ID client DHCP-client to the outside
management of 192.168.1.2 - dhcpd address 192.168.1.254
enable dhcpd management
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
username privilege of encrypted password of Barry 15
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
Cryptochecksum:19be38edefe8c3fd05e720aedee62c8e
: end
1. This is just one example of configuration and another option with to reason and avoid to send us the complete configuration of NAT:
network of the 10.1.10.101 object
Home 10.1.10.101
service object 38921
tcp source eq 38921 service
service object 30392
tcp source eq 30392 service
NAT (inside, outside) 1 static source 10.1.10.101 38921 38921 service interface
NAT (inside, outside) 1 static source 10.1.10.101 30392 30392 service interface
Let me know if it works
-
Hello
First I must admit that I am not very versed in Cisco equipment or in general IPSEC connections so my apologies if I'm doing something really good obviously stupid, but I checked through any kind of things that I could find on the internet on the configuration of IPSEC VPN.
The setup I have is an asa 5520 (o/s 8.2) firewall which, for now, is connected to a temporary connection beautiful style home broadband for testing purposes. The netopia router is configured to allow ipsec passthrough and redirect 62515 UDP, TCP 10000, 4500 UDP, UDP 500 ports in the asa 5520.
I'm trying to connein out of a laptop with disabled windows firewall and vpn cisco 5.0.02.0090 client version.
I ran several attempts through the ipsec configuration wizard options. most of the time that nothing comes in the newspaper to show that a connection was attempted, but there is a way I can set up product options the following on the firewall log:
4. Sep 24 2010 | 13: 54:29 | 713903 | Group = VPNtest9, IP = 86.44.x.x, error: cannot delete PeerTblEntry
5: Sep 24 2010 | 13: 54:29 | 713902 | Group = VPNtest9, IP = 86.44.x.x, drop table homologous counterpart does not, no match!
6. Sep 24 2010 | 13: 54:21 | 713905 | Group VPNtest9, IP = 86.44.x.x, P1 = relay msg sent to AM WSF
3: Sep 24 2010 | 13: 54:21 | 713201 | Group = VPNtest9, IP = 86.44.x.x, double-Phase 1 detected package. Retransmit the last packet.
6. Sep 24 2010 | 13: 54:16 | 713905 | Group VPNtest9, IP = 86.44.x.x, P1 = relay msg sent to AM WSF
3: Sep 24 2010 | 13: 54:16 | 713201 | Group = VPNtest9, IP = 86.44.x.x, double-Phase 1 detected package. Retransmit the last packet.
6. Sep 24 2010 | 13: 54:11 | 713905 | Group VPNtest9, IP = 86.44.x.x, P1 = relay msg sent to AM WSF
3: Sep 24 2010 | 13: 54:11 | 713201 | Group = VPNtest9, IP = 86.44.x.x, double-Phase 1 detected package. Retransmit the last packet.
3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1
3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1
3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1
3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1
3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1
3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1
3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1
3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1
3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1
3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1
6. Sep 24 2010 | 13: 54:06 | 302015 | 86.44.x.x | 51905 | 192.168.0.27 | 500 | Built UDP inbound connection 7487 for Internet:86.44.x.x/51905 (86.44.x.x/51905) at identity:192.168.0.27/500 (192.168.0.27/500)
and this, in the journal of customer:
Cisco Systems VPN Client Version 5.0.02.0090
Copyright (C) 1998-2007 Cisco Systems, Inc.. All rights reserved.
Customer type: Windows, Windows NT
Running: 5.1.2600 Service Pack 3
24 13:54:08.250 24/09/10 Sev = Info/4 CM / 0 x 63100002
Start the login process
25 13:54:08.265 24/09/10 Sev = Info/4 CM / 0 x 63100004
Establish a secure connection
26 13:54:08.265 24/09/10 Sev = Info/4 CM / 0 x 63100024
Attempt to connect with the server "213.94.x.x".
27 13:54:08.437 24/09/10 Sev = Info/6 IKE/0x6300003B
Attempts to establish a connection with 213.94.x.x.
28 13:54:08.437 24/09/10 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK AG (SA, KE, NO, ID, VID (Xauth), VID (dpd), VID (Frag), VID(Nat-T), VID (Unity)) at 213.94.x.x
29 13:54:08.484 24/09/10 Sev = Info/4 IPSEC / 0 x 63700008
IPSec driver started successfully
30 13:54:08.484 24/09/10 Sev = Info/4 IPSEC / 0 x 63700014
Remove all keys
31 13:54:13.484 24/09/10 Sev = Info/4 IKE / 0 x 63000021
Retransmit the last package!
32 13:54:13.484 24/09/10 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK AG (Retransmission) to 213.94.x.x
33 13:54:18.484 24/09/10 Sev = Info/4 IKE / 0 x 63000021
Retransmit the last package!
34 13:54:18.484 24/09/10 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK AG (Retransmission) to 213.94.x.x
35 13:54:23.484 24/09/10 Sev = Info/4 IKE / 0 x 63000021
Retransmit the last package!
36 13:54:23.484 24/09/10 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK AG (Retransmission) to 213.94.x.x
37 13:54:28.484 24/09/10 Sev = Info/4 IKE / 0 x 63000017
Marking of IKE SA delete (I_Cookie = 36C50ACCE984B0B0 R_Cookie = 0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
38 13:54:28.984 24/09/10 Sev = Info/4 IKE/0x6300004B
IKE negotiation to throw HIS (I_Cookie = 36C50ACCE984B0B0 R_Cookie = 0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
39 13:54:28.984 24/09/10 Sev = Info/4 CM / 0 x 63100014
Could not establish the Phase 1 SA with the server '213.94.x.x' due to the 'DEL_REASON_PEER_NOT_RESPONDING '.
40 13:54:28.984 24/09/10 Sev = Info/5 CM / 0 x 63100025
Initializing CVPNDrv
41 13:54:28.984 24/09/10 Sev = Info/6 CM / 0 x 63100046
Set indicator established tunnel to register to 0.
42 13:54:28.984 24/09/10 Sev = Info/4 IKE / 0 x 63000001
Signal received IKE to complete the VPN connection
43 13:54:29.187 24/09/10 Sev = Info/4 IPSEC / 0 x 63700014
Remove all keys
44 13:54:29.187 24/09/10 Sev = Info/4 IPSEC / 0 x 63700014
Remove all keys
45 13:54:29.187 24/09/10 Sev = Info/4 IPSEC / 0 x 63700014
Remove all keys
46 13:54:29.187 24/09/10 Sev = Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
I have connectivity full http from the internet to a machine inside the asa 5520 so I think that the static routing and NAT'ing should be ok, but I am pleased to provide you with all the details.
Can you see what I'm doing wrong?
Thank you
Sam
Pls add the following policy:
crypto ISAKMP policy 10
preshared authentication
the Encryption
md5 hash
Group 2
You can also run debug on the ASA:
debugging cry isa
debugging ipsec cry
and retrieve debug output after trying to connect.
-
ASA 5520 Infiltration of DNS query
Is the operation of TCPDUMP, simular to Sindwinder FW (example below), possible through ASA 5520 and AIP-SSM-10 (IPS) module? Reference and the answer to my question are appreciated.
•tcpdump options for DNS
-Internal Burba: tcpdump - ntpi em0 port 53
-External Burba: tcpdump - ntpi em1 port 53
tcpdump for SMTP options:
Burba internal: tcpdump - ntpi em0 port 25
External Burba: tcpdump - ntpi em1 port 25
You can use the iplog command to capture a PCAP file on the module AIP - SSM (assuming that you sent the traffic you with capture or through the module AIP - SSM IPS). It will capture based on the source IP address.
http://www.Cisco.com/en/us/docs/security/IPS/6.0/command/reference/crCmds.html#wp466857
If you want TCPdump granularity, make a service account on the sensor, open a session in the Linux system, able to root and tcpdump away.
Maybe you are looking for
-
Re: Driver ATI Installationsur Satellite C660 1 - EF
Greetings! I have a problem installing the ATI vga driver. I know that only drivers from the Toshiba site may be used, but they do not work yet. I have a Toshiba Satellite C660 laptop 1 - EF with ATI HD5470 and Windows 7 SP1 x 64 installed. I bought
-
Tecra M5: How to use the FN + F2 fast locking with external keyboard keys?
When to use a docking station and the keyboard of the UBS, the function key ("Fn + F2") on my tecra M5 as will not work. The USB keyboard has a Fn key, but when you press on with F2 nothing happens. Can I lock the screen another way?
-
Hello I own a Tecra 8200 with the latest version of the bios 1.6. I want to spend my 10 GB hard drive to a bigger! I searched the whole forum and google to find some information about the maximum size for this laptop, but there is different informati
-
The SX60 features of wifi internal. I have a custom SX50. Can I buy some sort of gizmo adapter that plugs into the SX50 and send photos to my iPad using wifi. If so, could you please link or tell me where to find one? Thank you...
-
In the final the re-install on Officejet 6500 a Plus - USB connection cable fails HELP
"Cable USB make sure the printer is on and remove any material from the port USB at the back of the printer" when this step is complete, nothing DON'T is PASSES only option return no 'next' - button nothing... That does the trick in the previous step