Authentication failure - 5505 8.3 configuration to windows server RAIDUS vpn client
Hello
I'm trying to put up a 5505 (8.3 running) so that I can use vpn client through the RADIUS authentication
I set up a new local RAIDUS windows box and used the ASDM Assistant and a few other installation guides the 5505.
I get the following error:
INFO: Attempt to <10.0.0.92>IP address authentication test (timeout: 12 seconds)
ERROR: Authentication rejected: failure of the AAA
any help would be greatly appreciated
Here is my config sanitized:
lit5505-02 # sh run
: Saved
:
ASA Version 8.3 (1)
!
hostname lit5505-02
no names
!
interface Vlan1
nameif inside
security-level 100
10.0.0.100 IP address 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP address
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
banner motd ****************************************
Banner motd No. unauthorized access is allowed
banner motd ****************************************
passive FTP mode
DNS server-group DefaultDNS
domain name
network obj_any object
subnet 0.0.0.0 0.0.0.0
object network lotus_notes
host 10.0.0.3
network sonicwall_ssl_2000 object
Home 10.0.0.12
network of the NETWORK_OBJ_10.0.0.0_24 object
10.0.0.0 subnet 255.255.255.0
network of the ABD_LAN object
10.7.0.0 subnet 255.255.0.0
network of the LIT_LAN object
10.0.0.0 subnet 255.255.0.0
network of the LIT_LAN_vlan101 object
subnet 10.0.1.0 255.255.255.0
network of the LIT_LAN_vlan102 object
10.0.2.0 subnet 255.255.255.0
network of the LIT_LAN_vlan103 object
subnet 10.0.3.0 255.255.255.0
network of the LIT_LAN_vlan104 object
10.0.4.0 subnet 255.255.255.0
network of the LIT_LAN_vlan105 object
10.0.5.0 subnet 255.255.255.0
network of the LIT_LAN_vlan106 object
10.0.6.0 subnet 255.255.255.0
network of the LIT_LAN_vlan109 object
10.0.9.0 subnet 255.255.255.0
network of the LIT_LAN_vlan112 object
10.0.112.0 subnet 255.255.255.0
network of the LIT_LAN_vlan114 object
10.0.114.0 subnet 255.255.255.0
network of the LIT_LAN_vlan120 object
10.0.20.0 subnet 255.255.255.0
network of the LIT_LAN_vlan121 object
10.0.21.0 subnet 255.255.255.0
network of the LIT_LAN_vlan100 object
10.0.0.0 subnet 255.255.255.0
network of the LIT_LAN_vlan107 object
10.0.7.0 subnet 255.255.255.0
network of the LIT_LAN_vlan108 object
10.0.8.0 subnet 255.255.255.0
network of the BER_vlan1 object
subnet 10.8.0.0 255.255.255.0
the LIT_VLANS object-group network
network-object, object LIT_LAN_vlan100
network-object, object LIT_LAN_vlan101
network-object, object LIT_LAN_vlan102
network-object, object LIT_LAN_vlan103
network-object, object LIT_LAN_vlan104
network-object, object LIT_LAN_vlan105
network-object, object LIT_LAN_vlan106
network-object, object LIT_LAN_vlan107
network-object, object LIT_LAN_vlan108
network-object, object LIT_LAN_vlan109
network-object, object LIT_LAN_vlan112
network-object, object LIT_LAN_vlan114
network-object, object LIT_LAN_vlan120
network-object, object LIT_LAN_vlan121
the BER_VLANS object-group network
network-object, object BER_vlan1
access list off - in extended permit icmp any one
out-in access-list extended permit tcp any object sonicwall_ssl_2000 eq https
access-list out-in extended permit tcp any eq smtp lotus_notes object
access list-based ip allowed any one
outside_1_cryptomap list extended access permitted ip LIT_VLANS object ABD_LAN object-group
outside_2_cryptomap list extended access permitted ip object-group LIT_VLANS-group of objects BER_VLANS
pager lines 24
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
ICMP unreachable rate-limit 1 burst-size 110.0.0.92>
don't allow no asdm history
ARP timeout 14400
NAT static LIT_VLANS LIT_VLANS destination (indoor, outdoor) static source ABD_LAN ABD_LAN
NAT static LIT_VLANS LIT_VLANS destination (indoor, outdoor) static source BER_VLANS BER_VLANS
!
network obj_any object
NAT dynamic interface (indoor, outdoor)
object network lotus_notes
Static NAT (indoor, outdoor)
network sonicwall_ssl_2000 object
Static NAT (indoor, outdoor)
Access-group all-out in the interface inside
out-in access-group in external interface
Route outside 0.0.0.0 0.0.0.0
Route inside 10.0.1.0 255.255.255.0 10.0.0.254 1
Route inside 10.0.2.0 255.255.255.0 10.0.0.254 1
Route inside between 10.0.3.0 255.255.255.0 10.0.0.254 1
Route inside 10.0.4.0 255.255.255.0 10.0.0.254 1
Route inside 10.0.5.0 255.255.255.0 10.0.0.254 1
Route inside 10.0.6.0 255.255.255.0 10.0.0.254 1
Route inside 10.0.7.0 255.255.255.0 10.0.0.254 1
Route inside 10.0.8.0 255.255.255.0 10.0.0.254 1
Route inside 10.0.9.0 255.255.255.0 10.0.0.254 1
Route inside 10.0.20.0 255.255.255.0 10.0.0.254 1
Route inside 10.0.21.0 255.255.255.0 10.0.0.254 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
RADIUS protocol AAA-server litvms03
litvms03 AAA-server (inside) host 10.0.0.92
key *.
RADIUS-common-pw *.
the ssh LOCAL console AAA authentication
Enable http server
http 10.0.0.0 255.255.0.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
card crypto outside_map 1 match address outside_1_cryptomap
card crypto outside_map 1 set pfs Group1
map 1 set outside_map crypto peer
card crypto outside_map 1 set of transformation-ESP-3DES-SHA
card crypto outside_map 2 match address outside_2_cryptomap
card crypto outside_map 2 pfs Group1 set
card crypto outside_map 2 defined peer
card crypto outside_map 2 game of transformation-ESP-3DES-SHA
outside_map interface card crypto outside
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
No encryption isakmp nat-traversal
Telnet timeout 5
SSH 10.0.0.0 255.255.0.0 inside
SSH 10.7.0.0 255.255.0.0 inside
SSH timeout 5
SSH version 2
Console timeout 0
management-access inside
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
NTP server 216.14.98.234 prefer external source
NTP server 204.15.208.61 prefer external source
WebVPN
internal jdr_littleport_employee_vpn group policy
attributes of the strategy of group jdr_littleport_employee_vpn
banner value
value of 10.0.0.8 WINS server 10.100.1.141
value of 10.0.0.8 DNS server 10.100.1.141
Split-tunnel-policy tunnelall
jdrcables.com value by default-field
Split-dns value jdrcables.com
IPv6 address pools no
type of tunnel-group ipsec-l2l
Tunnel ipsec-attributes group
pre-shared key *.
type of tunnel-group ipsec-l2l
Tunnel ipsec-attributes group
pre-shared key *.
!
!
context of prompt hostname
Cryptochecksum:6d1868630c83f17fe0c7de41006a1526
: end
Rich
I have checked the road conditions but missed the VIRTUAL LAN address. Sorry about that.
I'm glad to see that you solved the problem and am not surprised that the question seems to have been some incompatible in the serttings server. I think you should be able to close the thread based on your response. Give it a try.
HTH
Rick
Tags: Cisco Security
Similar Questions
-
D20 problem of configuration of Windows Server 2008 R2 / 1 x SATA HD / 4 x SATA SSD
Hi all
I have a Mod D20. 4155 and want to use next to it is by default SATA HDD SATA SSD four disks of virtual machines. Windows Server 2008 R2 will be the OS with the use of its Hyper-V features.
I have Aproblem with detection of drives in the configuration of the operating system. All 5 disks are visible in the Marvell controller BIOS setup. It is possible to configure a RAID on the SSD, etc, but I don't "see" any disk in the configuration of the operating system. I tried to load additional drivers in the part of the Setup utility GUI, but it did not work. I tried with the driver Marcell SAS and Intel Matrix driver, both located at http://www-307.ibm.com/pc/support/site.wss/migr-72280.html.
Suggestions for the BIOS of the PC / BIOS Marvell / OS installation configurations?
Best regards, Chrischmi
Hi all
I found the solution myself. After detection, the default drive is a SATA drive (and), I got the idea to test it on the Intel SATA controller. It was possible to install the spirit of the machine the disks attached to the Intel controller. After installation, I went to Device Manager and installed the driver of Lenovo Marvell, rekindled the Marvell controller disk and started the. Successfully. Yes!
On my way to the solution, I had another problem: in the setup of Windows GUI part, I got an error of 0 x 80300001 with Lenovo's Intel SATA driver. It was not possible to install windows Server on the SATA drive with reason0x80300001. very helpful post, Microsoft! (-) I decided to use the default Microsoft for the Intel SATA controller driver after a reboot. Installer executed well, but ended with an error 0 x 80070017 and problems of copy of (unknown) files. The solution (found after a few hours...) was to burn a new installation of Windows Server DVD. I don't want to talk about it anymore...
-Christoph
-
Configuration of Windows Server 2012
Hello, I tried to configure Windows Server 2012 using vcac using vCenter. Clonening works, customizing of comments has started, but the virtual machine is often, so he needs a manual restart. That is documented in article kb 2048394 and 20373666. However Windows Server 2012 isn't a guest operating system supported according to the vcac matrix. I also noticed it is possible to install the agent of comments, but it does not call. So I wonder when Windows server 2012 will be fully supported and if there is a way to get comments running agent? Cheers, Thomas
Hi Thomas,
We will fully support Server 2012 as a guest in our version 5.2 operating system (scheduled for GA daily now).
Dave
-
ASM Configuration on Windows Server 2003
Hi all
My Version of DB: 10.2.0
OS version: Windows Server 2003
I try to configure ASM on stand-alone server using DBCA, but when I try to start OCSS by running the batch localconfig file it does not work.
Is someone can you please tell me where I am wrongSQL > create diskgroup data external redundancy disk
2 'I:\ASMDISKS\ DISK1. "
3 'I:\ASMDISKS\ DISK2.
4 'I:\ASMDISKS\ DISK3 ';
create diskgroup data external redundancy diskMaybe you caught ;-), looks like there's space between ASMDISKS and DISKn .
Correct it and create it again. post if no errors.
-
Basic Test Lab Configuration Guides: Windows Server
Dear all
I'm asking for help for the following
We have just a lab Cisco isolated from our network, we have 5 students and I want to help them with
establishment of a laboratory to test in a virtual environment, the goal is to teach them how to create a network, run the following
DC + 2 workstations
I'm looking for Guides to basic setup and Test laboratories in a virtual environment
Windows Server 2012r2 & Windows 7 Enterprise
Windows Server 2008r2 & Windows 7 Enterprise
Hello
Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.
http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer
See you soon.
-
Configuration of Cisco for Cisco VPN Client ASA 5505
Our firm has finally made the move from Sonicwall Cisco for our SMB customers. Got our first customer with a VPN site-to site solid and you have configured the main router for connections via the Cisco VPN Client VPN Wizard.
When I install the VPN Client on desktop computers that does not capture all the necessary options (unless you have a SSL VPN). I guess that there is a process that I am missing to export a connection profile that Cisco VPN Client users can import for their connection.
There step by step guides to create the connection profile file to distribute to customers?
Hello
The ASDM wizard is for the configuration on the SAA. This wizard will help you complete the VPN configuration on the end of the ASA.
You will need to set the same in the client, so that they can negotiate and connect.
Input connection in the client field, that's what you want to be seen that on the VPN client - it can be any name
Host will be the external ip address of the ASA.
Group options:
name - same tunnel as defined on the ASA group
Password - pre-shared as on ASA.Confirm password - same pre-shared key.
Once this is over, you will see the customer having an entry same as a login entry. You must click on connect there. He will be a guest user and the password. Please enter the login crendentials. VPN connects.
You can distribute the .pcf file that is formed at the place mentioned in the post above. Once the other client receive the .pcf, they need to import it by clicking this tab on the VPN client.
Kind regards
Anisha
-
Installation failure: EBS R12.2.5 on Windows Server R2 Standard 2012
Hello
I install EBS R12.2.5 VISION Instance on Windows Server 2012 R2 Standard, that is certified. I downloaded the media and made the scene and complete the prerequisites.
I installed it, under Tools before building the stadium and run rapidwiz
- Microsoft Visual Studio Express 2013 for Windows Desktop ()Doc ID 1330706.1()
- Cygwin (Doc ID 414992.1( )
Then build step, all right.
Checked it the rapidwiz version:
C:\stager122\startCD\Disk1\rapidwiz > RapidWizVersion.cmd
Oracle E-Business Suite quick installation wizard
Version 12.2.0.50
(c) copyright 2000-2011 Oracle Corporation. All rights reserved.
Press a key to continue...
Then I run the RapidWiz.cmd to install...
at 29%, I got an error, the error detail is given below:
C:\Users\ADMINI~1\AppData\Local\Temp > C:\stager122\startCD\Disk1\rapidwiz\jre\NT\1.6.0\bin\java - cp C:\oracle\app\VIS\fs2\inst\apps\VIS_srcebs\temp\ASInstallHome\fnd\... \j11067592_fnd.zip; C:\oracle\app\VIS\fs2\inst\apps\VIS_srcebs\temp\ASInstallHome\fnd\java\3rdparty\stdalone\xmlparserv2.zip-Doracle.apps.fnd.txk.env_home=C:\oracle\app\VIS\fs2\EBSapps\appl\admin\VIS_srcebs\-Doracle.apps.fnd.txk.runtime.config=C:\oracle\app\VIS\fs2\inst\apps\VIS_srcebs\temp\xmldocs\instASpatches.xml oracle.apps.fnd.txk.config.InstallService
Fatal error: T2K install Service
oracle.apps.fnd.txk.config.ProcessStateException: FileSys OS COMMAND Failed: out = 3 see the log file for more details. CMD = cmd /c rmdir /s /q C:\\oracle\\app\\VIS\\fs2\\FMW_Home\webtier\OPatch # node = NodeId = 1698 Type = 24 TypeName = filesys_patch_action Name = RefId = State 901 = init ConfigDoc = APPS_OHS_HOME ParentDoc = null topology = R12 Action = os_cmd
at oracle.apps.fnd.txk.config.FileSysPatchActionNode.doFileSysOSCmd(FileSysPatchActionNode.java:169)
at oracle.apps.fnd.txk.config.FileSysPatchActionNode.processState(FileSysPatchActionNode.java:101)
at oracle.apps.fnd.txk.config.PatchActionNode.processState(PatchActionNode.java:187)
at oracle.apps.fnd.txk.config.PatchNode.processState(PatchNode.java:338)
at oracle.apps.fnd.txk.config.PatchesNode.processState(PatchesNode.java:79)
at oracle.apps.fnd.txk.config.InstallNode.processState(InstallNode.java:68)
at oracle.apps.fnd.txk.config.TXKTopology.traverse(TXKTopology.java:594)
at oracle.apps.fnd.txk.config.InstallService.doInvoke(InstallService.java:224)
at oracle.apps.fnd.txk.config.InstallService.invoke(InstallService.java:237)
at oracle.apps.fnd.txk.config.InstallService.main(InstallService.java:291)
C:\Users\ADMINI~1\AppData\Local\Temp > if 1 == 0 goto: INSTAS_OK
C:\Users\ADMINI~1\AppData\Local\Temp > echo cannot install specific patches
Can not install the unique patches
RW-50010: error:-script returned an error: 1
RW-50004: Error Code when you run the external process. Check the log file for more details.
APPL_TOP install the driver running for instance SCREWS
I tried many things, re-download the error also, but always the same media.
Kindly help me.
Thank you and best regards,
Waqas
With the help of VMWare he can't.
Using Oracle VM VirtualBox, as successful.
-
After moving to Windows server 2012 VPN connection error
Hello world!
Recently, I upgraded my Windows Server 2003 SB server to a new server running Windows Server 2012.
I started from scratch by creating a new domain, user, accounts etc.
The new server is using the same IP address as the old server.
Since then, I can't connect through the VPN. I have already added the role of remote access on the new server.
When I try to connect to my Windows 7 laptop, I get this error:
"Error 800: the remote connection does not because attempts VPN tunnels failed." The VPN server is maybe inaccessible. "If this connection tries to use an L2TP/IPsec tunnel, the security settings required for IPsec negotiation is may not configured properly."
Any help with this is appreciated.
Hello
The question you posted would be better suited in the TechNet Forums. We have a separate team working on the server problem, so I would recommend posting your query in the TechNet Forums.
TechNet Forum
http://social.technet.Microsoft.com/forums/Windows/en-us/home?Forum=w7itprovirtHope this information is useful.
-
Windows 10 anyconnect vpn client
Can someone please explain to me how to download the windows client to vpn anyconnect 10 on my asa 5516 9.5 version and configure the asa for windows 10 clients? Any help would be greatly appreciated.
Thank you
Lake
Hello Lakeram,
It's the same process, you must download the AnyConnect that is officially supported by Windows 10, as you can see below:
AnyConnect 3.1MR10 (3.1.10010) and later are compatible with Windows 10 official release. Technical assistance Center (TAC) will be available from 29/07/2015.
Download package on the flash of the ASA and the move to the WebVPN as image for Windows, and then configure the Tunnel Group, group policy and the XML profile, please follow the guide below:
- http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyc...
- http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mob...
Those two will help you to properly, configure the AnyConnect
Keep me posted, please note and mark it as correct the useful message
David Castro,
-
Problem Cisco VPN Client with local authentication
I configured PIX for the Cisco VPN client for remote access. It must be connected and also inside network is accessible. It is without any authentication username. It works well with a vpngroup name and the password for the vpngroup, configured on PIX and also on the Cisco VPN client. (version 4.6)
When I configure crypto for local authentication, it did not work. configuration is as follows.
#crypto card: name of the map of local authentication client
I created a user with private = 15.
Client VPN must be connected, and then it pops up a window user name and password. After giving these details. The user is not authenticated.
Are there patterns more to do in / isakmp / ipsec / aaa configurations.
Thank you
AAA-server local LOCAL Protocol
client authentication card crypto remote_vpn LOCAL
client configuration address card crypto remote_vpn throw
client configuration address card crypto remote_vpn answer
-
copy of the mac to windows server data
Hi all
My apologies in advance if this ended up in the wrong section of the forum, hoping someone could point me in the right direction.
I work for a company that currently stores its files on an OS X journaled NAS device, connected to a Mac Mini via the lightning cable and the mac connects to the network via ethernet.
We are planning a migration of large data (~ 18 TB) from a NAS device mac to format, on a Windows Server (like using NetApp storage solution / VM datastore)
I wonder what could be the best application to manage the data transfer? In Windows environments, I used Robocopy or FTP and love it, but not really know on the side of Mac of things when it comes to data migrations.
We have a paid version of ChronoSync we use to run our nightly backups to other NAS material - I see that this has developed in a few searches on Google.
2 other products that pop up in my research are arRsync and SuperDuper - can someone comment or recommend these products?
That's what I look for in an application to manage the transfer:
-support to copy the attributes of file from the MAC world to Windows
-support the recovery if the transfer fails / break
-being able to provide a significant peace of mind summary when the transfer is complete (sort of like ChronoSyncs connect)
-GUI based and have a nice interface
-Be reliable to transfer large date - currently about 18 ~ TB
Looking forward to hearing your comments, no doubt let me know things that I have to take into consideration during the planning phase or "traps".
Matt
So I'm going to bite and offers some advice. Summer by this much (sigh).
First of all, some of the things to watch for:
1: naming. Mac users in storage Mac can use any character that they want: and. For example, my.file! @# $> That's so important # $123. . can be a file name. Cannot * REALLY IMPORTANT FILE! Yes, there are spaces in the and at the end. Yes, this will make panic window. You need to do a review of the names of files and folders before you try to migrate. Search for files that begin and end with the space character. Beware reserved characters in Windows. Clean your name prior to migration. For more information, see here https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247(v=vs.85).aspx
2: maximum length of the path. Yes. In this day of unicode several parts of Windows can only manage a path of the file system maximum of 256 characters. See the link above. If you arrive by a system of support for paths longer (like OS X and * nix operating systems) that you want to review the length of your paths. Test, test and test again with all of your tools, including your backup software. Make sure he can see both paths that exceed the API limit and also it is able to restore data in ways that exceed the length.
3: SMB is always a nightmare. Numeral ID of file crawling, to slow down the reading of the directory, to Hung Finder. Your version of Mac OS will have degrees of success. 10.8 was a mess with DFS. 10.9 was a wreck of train with Windows cluster servers. 10.10 has huge issues with ID of file enumeration and periodic deadlock. Yet once, test in your environment. Get comfortable with the nsmb.conf file.
4: do not leave your sleep of Macs. Reconnect the AFP inactive supports. To connect to a server, let mac sleep, wake can renegotiate the connection with the server (generally) volume. SMB does not. If your Mac to sleep with documents open on the part of the SMB, you are in a world of pain.
5: Be prepared to not be able to find anything. Research on the shared Windows resources has been a frustrating situation. You will have taken in charge of Spotlight from the server so that you can use a directory to search like Find Any File trawling or be ready to manage Spotlight index on each workstation and hope for the best.
Regarding the methods to get the data from one place to another, you must realize that there is a time constraint. Using a 4 GB/min of transfer GigE, assuming that no problem and rule without interruptions, 18 TB of data will be 75 hours to copy. Now, since it is a SAR passes to a Windows system, you probably won't get 4 GB/min so increase this number by 20%. If the Windows Server on writing virus scanning, add another 10%. If possible, the best advice I can give you is to do it in logical blocks. Now, I don't know your data set, so this is not possible. However, if you have several shares, move an action by end of week to ensure you have enough time to perform the copy and also to correct problems that may occur.
About the tools, I have always used rsync because it allows the two detailed logging and works also in additional line. Should we get disturbed for any reason, you can pick up where you left off. Unfortunately, this isn't based GUI. Also, the rsync 2.6.3 included with OS X is not sufficient to support all the features of file system. I prefer to build a copy of the last branch 3. I'll also include some of the patches as indicators of file and compression of hfs. If it's just data, the patches may not be necessary. If you need a GUI tool, CronoSync is correct.
And finally, if you find that SMB on Windows is just too frustrating, there's Acronis access connect. It is a supplement to the Windows Server native AFP and Spotlight. Over the past years, I was faced with questions SMB through many versions of Mac OS X. Of course, several questions are in corporate environments where I have no visibility to the configuration of Windows Server. I have no idea what they are doing on these machines, but I don't know that OS X integration was harsh.
I hope this helps. Good luck in your project. Test and test even more before putting forward your end-users.
Reid
Apple Consultants Network
Author - "El Capitan Server - Foundation Services.
Author - "El Capitan Server - Collaboration & control»
Author - "El Capitan Server - Advanced Services '.
: IBooks exclusively available in Apple store
-
VB6 DLL is not log messages in the Windows Server 2003 event log when it is called from an ASP page
Hi all
I have an ASP web application, I will create a "VBModule1" (VB6 Dll) instance of an ASP page and inside this method of "VBModule1" I create an instance of another VB6 Dll 'VBLogger', who calls App.LogEvent () to write messages to the event log.
I tested the Web application on the develepoment (XP) machine and everything worked fine but when the user runs the Web application on the Production Server (windows server 2003) events are not saved.
Friend missing the security settings of my ASP web app that needs to be configured on Windows Server 2003 for VB6 DLLs logging events?
Please think as soon as POSSIBLE.
IIS on Windows server 20003 version: 6.0
Thank you.
Hello
The question you have posted is related to Windows Server 2003 would be better suited to the Windows Server community.
Please visit the link below to find a community that will support what ask you:
http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer
-
IP address of the VPN client must demonstrate external IP of ASA 5505
Hi guys,.
We have a small project with the Government which has some difficult requiment with security.
Current situation;
1 site the Government has allowed a public IP address of our company to access their server in-house.
2. in our office, staff can connect to their server using RDP by Cisco ASA 5505 I configured with two or three clicks.
3. this ASA was outside (public) Government of authorized IP address.
Request amended;
1. given the increase in the tasks, our staff must have access to the Government of the home server.
2. Government will not grant vpn access to them directly.
3. they ask us to provide our staff VPN then RDP access to the Government site.
I have install VPN and it connects very well with no problems just for the connection itself.
But if I check using www.whatismyIPaddress.com, he demonstrated local IP address that they got by their ISP not CISCO ASA 5505 outside the interface.
The problem is unlike Microsoft ISA 2006 VPN which shows the external public IP address when a client connects to the VPN server, Cisco vpn client shows that it is the local IP address that is not in its list in the Government site.
I'm more like Ms. guy then Cisco as I did ' t have a lot of chances to play with Cisco, sorry about that.
Is that what I missed in the middle of config or needs a setting more to achieve this?
How can I make client VPN to show it's IP address to the interface of Cisco ASA rather than the IP address of the local ISP?
Thanks in advance,
Charlie
have you added "same-security-traffic permit intra-interface" like I said in the previous post?
-
LAN ASA 5505 VPN client access issue
Hello
I'm no expert in ASA and routing so I ask support the following case.
There is a (running on Windows 7) Cisco VPN client and an ASA5505.
The objectives are client can use the gateway remote on SAA for Skype and able to access devices in SAA within the interface.
The Skype works well, but I can't access devices in the interface inside through a VPN connection.
Can you please check my following config and give me any advice to fix NAT or VPN settings?
ASA Version 7.2 (4)
!
ciscoasa hostname
domain default.domain.invalid
activate wDnglsHo3Tm87.tM encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP address dhcp setroute
!
interface Vlan3
prior to interface Vlan1
nameif dmz
security-level 50
no ip address
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passive FTP mode
DNS server-group DefaultDNS
domain default.domain.invalid
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
inside_access_in list extended access permitted tcp 192.168.1.0 255.255.255.0 any
inside_access_in list extended access permitted udp 192.168.1.0 255.255.255.0 any
outside_access_in list of allowed ip extended access entire 192.168.1.0 255.255.255.0
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
MTU 1500 dmz
local pool VPNPOOL 10.0.0.200 - 10.0.0.220 255.255.255.0 IP mask
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 524.bin
don't allow no asdm history
ARP timeout 14400
NAT-control
Global 1 interface (outside)
NAT (inside) 1 10.0.0.0 255.255.255.0
NAT (inside) 1 192.168.1.0 255.255.255.0
NAT (outside) 1 10.0.0.0 255.255.255.0
inside_access_in access to the interface inside group
Access-group outside_access_in in interface outside
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
the ssh LOCAL console AAA authentication
Enable http server
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto-map dynamic outside_dyn_map pfs set 20 Group1
Crypto-map dynamic outside_dyn_map 20 the value transform-set ESP-3DES-SHA
map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map
outside_map interface card crypto outside
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH 192.168.1.0 255.255.255.0 inside
SSH timeout 5
SSH version 2
Console timeout 0
dhcpd outside auto_config
!
dhcpd address 192.168.1.2 - 192.168.1.33 inside
dhcpd dns xx.xx.xx.xx interface inside
dhcpd allow inside
!
attributes of Group Policy DfltGrpPolicy
No banner
WINS server no
value of server DNS 84.2.44.1
DHCP-network-scope no
VPN-access-hour no
VPN - connections 3
VPN-idle-timeout 30
VPN-session-timeout no
VPN-filter no
Protocol-tunnel-VPN IPSec l2tp ipsec webvpn
disable the password-storage
disable the IP-comp
Re-xauth disable
Group-lock no
disable the PFS
IPSec-udp disable
IPSec-udp-port 10000
Split-tunnel-policy tunnelall
Split-tunnel-network-list no
by default no
Split-dns no
Disable dhcp Intercept 255.255.255.255
disable secure authentication unit
disable authentication of the user
user-authentication-idle-timeout 30
disable the IP-phone-bypass
disable the leap-bypass
allow to NEM
Dungeon-client-config backup servers
MSIE proxy server no
MSIE-proxy method non - change
Internet Explorer proxy except list - no
Disable Internet Explorer-proxy local-bypass
disable the NAC
NAC-sq-period 300
NAC-reval-period 36000
NAC-by default-acl no
address pools no
enable Smartcard-Removal-disconnect
the firewall client no
rule of access-client-none
WebVPN
url-entry functions
HTML-content-filter none
Home page no
4 Keep-alive-ignore
gzip http-comp
no filter
list of URLS no
value of customization DfltCustomization
port - forward, no
port-forward-name value access to applications
SSO-Server no
value of deny message connection succeeded, but because some criteria have not been met, or because of a specific group policy, you are not allowed to use the VPN features. Contact your administrator for more information
SVC no
SVC Dungeon-Installer installed
SVC keepalive no
generate a new key SVC time no
method to generate a new key of SVC no
client of dpd-interval SVC no
dpd-interval SVC bridge no
deflate compression of SVC
internal group XXXXXX strategy
attributes of XXXXXX group policy
Protocol-tunnel-VPN IPSec
Split-tunnel-policy tunnelall
Split-tunnel-network-list no
XXXXXX G910DDfbV7mNprdR encrypted privilege 15 password username
username password encrypted XXXXXX privilege 0 5p9CbIe7WdF8GZF8
attributes of username XXXXXX
Strategy Group-VPN-XXXXXX
username privilege 15 encrypted password cRQbJhC92XjdFQvb XXXXX
tunnel-group XXXXXX type ipsec-ra
attributes global-tunnel-group XXXXXX
address VPNPOOL pool
Group Policy - by default-XXXXXX
tunnel-group ipsec-attributes XXXXXX
pre-shared-key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
inspect the icmp
!
global service-policy global_policy
context of prompt hostname
Cryptochecksum:a8fbb51b0a830a4ae823826b28767f23
: end
ciscoasa #.
Thanks in advance!
fbela
config #no nat (inside) 1 10.0.0.0 255.255.255.0< this="" is="" not="">
Add - config #same-Security-permit intra-interface
#access - extended list allowed sheep ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0
#nat (inside) 0 access-list sheep
Please add and test it.
Thank you
Ajay
-
Installation of Windows Server 2012 problem
I tried with different configurations, install Windows Server 2012 as operating system prompted but still got the error attached.
Someone knows why?Hello and welcome to the communities.
What version of VMware Player are you using?
Maybe you are looking for
-
How the Hootlet on Hoot came in my toolbar?
I had a problem with my toolbars being gone, none of the above helped. Then I noticed that something called a "Hootlet" in my tool bar (address bar). It's HootSuite. It is not installed on my computer, it is not listed in Mozilla Add ons. I don't kno
-
I'm looking for unassigned photos.
I want all my photos in my iPhoto import event or an album, but I don't know how to find pictures that I have who are not yet enrolled in one of these places in the new system. Is it possible, other than laboriously scanning all 20,000 photos, lookin
-
When I went in my pictures folder, I see that all emails, web pages visited, images, etc. are stored in the library of my photos folder. How can I stop this?
-
I have a Photosmart Premium C309a printer. The solution Center tells me my ink cartridge Photosmart HP564XL black is low and my HP 564XL Photo Photosmart ink cartridge is ok. Both cartridges are physically different in size. To further complicate thi
-
The mouse starts to move around and stops working
I have a desktop HP with Windows Vista Home Basic. Since last or if the mouse started to give problems. Suddenly the mouse starts to move everything on the screen and is unresponsive. It opens some programs and suddenly stops. Sometimes the mouse jus