Cannot access the internal network of VPN with PIX 506th

Similar Questions

• VPN IS CONNECTED BUT CANNOT ACCESS THE INTERNAL NETWORK

  I tried to set up a simple customer vpn using this document

  http://www.Cisco.com/en/us/products/sw/secursw/ps2308/products_configuration_example09186a00801e71c0.shtml

  VPN IS CONNECTED BUT CANNOT ACCESS THE INTERNAL NETWORK BEHIND "RA"...

  6.3 (5) PIX version

  interface ethernet0 car

  Auto interface ethernet1

  ethernet0 nameif outside security0

  nameif ethernet1 inside the security100

  activate the encrypted password of VmHKIhnF4Gs5AWk3

  VmHKIhnF4Gs5AWk3 encrypted passwd

  hostname VOIPLABPIX

  domain voicelab.com

  fixup protocol dns-length maximum 512

  fixup protocol ftp 21

  fixup protocol h323 h225 1720

  fixup protocol h323 ras 1718-1719

  fixup protocol http 80

  fixup protocol they 389

  fixup protocol rsh 514

  fixup protocol rtsp 554

  fixup protocol sip 5060

  fixup protocol sip udp 5060

  fixup protocol 2000 skinny

  fixup protocol smtp 25

  fixup protocol sqlnet 1521

  fixup protocol tftp 69

  names of

  access-list 101 permit ip 172.10.2.0 255.255.255.0 172.10.3.0 255.255.255.0

  access-list 101 permit ip 172.10.1.0 255.255.255.0 172.10.3.0 255.255.255.0

  access-list 102 permit ip 172.10.2.0 255.255.255.0 172.10.3.0 255.255.255.0

  access-list 102 permit ip 172.10.1.0 255.255.255.0 172.10.3.0 255.255.255.0

  pager lines 24

  Outside 1500 MTU

  Within 1500 MTU

  IP address outside 208.x.x.11 255.255.255.0

  IP address inside 172.10.2.2 255.255.255.0

  alarm action IP verification of information

  alarm action attack IP audit

  IP local pool voicelabpool 172.10.3.100 - 172.10.3.254

  history of PDM activate

  ARP timeout 14400

  NAT (inside) - 0 102 access list

  Route outside 0.0.0.0 0.0.0.0 208.x.x.11 1

  Route inside 172.10.1.0 255.255.255.0 172.10.2.1 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225

  H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00

  Sip timeout - disconnect 0:02:00 prompt Protocol sip-0: 03:00

  Timeout, uauth 0:05:00 absolute

  GANYMEDE + Protocol Ganymede + AAA-server

  AAA-server GANYMEDE + 3 max-failed-attempts

  AAA-server GANYMEDE + deadtime 10

  RADIUS Protocol RADIUS AAA server

  AAA-server RADIUS 3 max-failed-attempts

  AAA-RADIUS deadtime 10 Server

  AAA-server local LOCAL Protocol

  Enable http server

  http 172.0.0.0 255.0.0.0 inside

  http 0.0.0.0 0.0.0.0 inside

  No snmp server location

  No snmp Server contact

  SNMP-Server Community public

  No trap to activate snmp Server

  enable floodguard

  Permitted connection ipsec sysopt

  Crypto ipsec transform-set esp-aes-256 trmset1, esp-sha-hmac

  Crypto-map dynamic map2 10 set transform-set trmset1

  map map1 10 ipsec-isakmp crypto dynamic map2

  client authentication card crypto LOCAL map1

  map1 outside crypto map interface

  ISAKMP allows outside

  ISAKMP identity address

  part of pre authentication ISAKMP policy 10

  ISAKMP policy 10 encryption aes-256

  ISAKMP policy 10 sha hash

  10 2 ISAKMP policy group

  ISAKMP life duration strategy 10 86400

  vpngroup address voicelabpool pool cuclab

  vpngroup dns 204.x.x.10 Server cuclab

  vpngroup cuclab by default-field voicelab.com

  vpngroup split tunnel 101 cuclab

  vpngroup idle 1800 cuclab-time

  vpngroup password cuclab *.

  Telnet timeout 5

  SSH 208.x.x.11 255.255.255.255 outside

  SSH 0.0.0.0 0.0.0.0 outdoors

  SSH 172.10.1.2 255.255.255.255 inside

  SSH timeout 60

  Console timeout 0

  username labadmin jNEF0yoDIDCsaoVQ encrypted password privilege 2

  Terminal width 80

  Cryptochecksum:b03a349e1ac9e6022432523bbb54504b

  : end

  Try to turn on NAT - T

  PIX (config) #isakmp nat-traversal 20

  http://www.Cisco.com/en/us/products/ps6120/products_tech_note09186a00807e0aca.shtml#Solution1

  HTH

• Cisco ASA 5505 VPN L2TP cannot access the internal network

  Hello

  I'm trying to configure Cisco VPN L2TP to my office. After a successful login, I can't access the internal network.

  Can you jhelp me to find the problem?

  I have Cisco ASA:

  within the network - 192.168.1.0

  VPN - 192.168.168.0 network

  I have the router to 192.168.1.2 and I cannot ping or access this router.

  Here is my config:

  ASA Version 8.4 (3)

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 192.168.1.1 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP 198.X.X.A 255.255.255.248

  !

  passive FTP mode

  permit same-security-traffic intra-interface

  the net-all purpose network

  subnet 0.0.0.0 0.0.0.0

  network vpn_local object

  192.168.168.0 subnet 255.255.255.0

  network inside_nw object

  subnet 192.168.1.0 255.255.255.0

  outside_access_in list extended access permit icmp any any echo response

  outside_access_in list extended access deny ip any any newspaper

  pager lines 24

  Enable logging

  asdm of logging of information

  Within 1500 MTU

  Outside 1500 MTU

  IP local pool sales_addresses 192.168.168.1 - 192.168.168.254

  ICMP unreachable rate-limit 1 burst-size 1

  don't allow no asdm history

  ARP timeout 14400

  NAT dynamic interface of net-all source (indoor, outdoor)

  NAT (inside, outside) source inside_nw destination inside_nw static static vpn_local vpn_local

  NAT (exterior, Interior) source vpn_local destination vpn_local static static inside_nw inside_nw-route search

  !

  network vpn_local object

  dynamic NAT interface (outdoors, outdoor)

  network inside_nw object

  NAT dynamic interface (indoor, outdoor)

  Access-group outside_access_in in interface outside

  Route outside 0.0.0.0 0.0.0.0 198.X.X.B 1

  Timeout xlate 03:00

  Pat-xlate timeout 0:00:30

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  identity of the user by default-domain LOCAL

  AAA authentication enable LOCAL console

  the ssh LOCAL console AAA authentication

  AAA authentication http LOCAL console

  Enable http server

  http 192.168.1.0 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start

  IKEv1 crypto ipsec transform-set my-transform-set-ikev1 esp-3des esp-sha-hmac

  transport in transform-set my-transform-set-ikev1 ikev1 crypto ipsec mode

  Crypto-map Dynamics dyno 10 set transform-set my-transformation-set-ikev1 ikev1

  card crypto 20-isakmp ipsec vpn Dynamics dyno

  vpn outside crypto map interface

  Crypto isakmp nat-traversal 3600

  Crypto ikev1 allow outside

  IKEv1 crypto policy 10

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  Telnet timeout 5

  SSH 192.168.1.0 255.255.255.0 inside

  SSH timeout 30

  Console timeout 0

  management-access inside

  dhcpd address 192.168.1.5 - 192.168.1.132 inside

  dhcpd dns 75.75.75.75 76.76.76.76 interface inside

  dhcpd allow inside

  !

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  WebVPN

  internal sales_policy group policy

  attributes of the strategy of group sales_policy

  Server DNS 75.75.75.75 value 76.76.76.76

  Protocol-tunnel-VPN l2tp ipsec

  user name-

  user name-

  attributes global-tunnel-group DefaultRAGroup

  address sales_addresses pool

  Group Policy - by default-sales_policy

  IPSec-attributes tunnel-group DefaultRAGroup

  IKEv1 pre-shared-key *.

  tunnel-group DefaultRAGroup ppp-attributes

  ms-chap-v2 authentication

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  maximum message length automatic of customer

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  Review the ip options

  !

  global service-policy global_policy

  context of prompt hostname

  no remote anonymous reporting call

  Cryptochecksum:5d1fc9409c87ecdc1e06f06980de6c13

  : end

  Thanks for your help.

  You must test with 'real' traffic on 192.168.1.2 and if you use ping, you must add icmp-inspection:

  Policy-map global_policy

  class inspection_default

  inspect the icmp

  --

  Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
  http://www.Kiva.org/invitedBy/karsteni

• Cannot access the internal network with Cisco easy vpn client RV320

  I have a cisco RV320 (firmware v1.1.1.06) and created a tunnel easy vpn (= split tunnel tunnel mode), then I installed the cisco client vpn v5.0.07.0290 in Windows 7 64 bit, I can connect to the vpn, but I do not see the other pc ping nor them, no idea?

  Thank you

  Hello

  1. is the firewall on the active Windows 7 computer? If so, please disable it

  2. can you check that you get a correct IP address in the range of the POOL of IP configured?

  3. When you perform the tracert command to access an internal server, it crosses the VPN¨?

  4. is the tunnel of split giving you access to internal IP subnets defined?

  5. on the RV320 you see the user connected and sending and receiving bytes?

  Don t forget to rate and score as correct the helpful post!

  David Castro,

  Kind regards

• Need help to access the internal network via VPN on ASA5505 8.4 (1)

  Recently, I upgraded my ASA5055 from 8.02 to 8.4 and since I have updated to the new version I can access my home network is no longer through the VPN. I can connect to the VPN with no problems however I can no longer ping or you connect to my network of 10.0. Someone would be kind enough to look at my config and tell me what needs to be added to make it work? In my old config, I had a statement of NAT for VPN that is no longer here.

  I also wanted to configure WebVPN to work as well, and this is something that I've never been able to understand. Is it also possible that I can be on my 20.0 network and connect to the VPN and access 10.0 as well? When it is connected to my network of 20.0 I'm not received credentials to connect to the VPN. I would be grateful if someone can help out me. The major part of this is the first part of this question.

  My configuration:

  ASA Version 8.4 (1)

  !

  ASA5505 hostname

  domain xxxxxxxx.dyndns.org

  enable encrypted password xxxxxxxxxxxx

  xxxxxxxxxxxxxxx encrypted passwd

  names of

  nameserver 192.168.10.2

  Office of name 192.168.10.3

  name Canon 192.168.10.5

  name 192.168.10.6 mvix

  name 192.168.10.7 xbox

  name 192.168.10.8 dvr

  name 192.168.10.9 bluray

  name 192.168.10.10 lcd

  name 192.168.10.11 mp620

  name 192.168.10.12 kayla

  name 192.168.1.1 asa5505

  name 192.168.1.2 ap1

  name 192.168.10.4 mvix2

  name 192.168.10.13 lcd2

  name 192.168.10.14 dvr2

  !

  interface Vlan1

  nameif management

  security-level 100

  IP address asa5505 255.255.255.248

  management only

  !

  interface Vlan2

  0050.8db6.8287 Mac address

  nameif outside

  security-level 0

  IP address dhcp setroute

  !

  interface Vlan10

  nameif private

  security-level 100

  IP 192.168.10.1 255.255.255.224

  !

  interface Vlan20

  nameif Public

  security-level 100

  IP 192.168.20.1 255.255.255.224

  !

  interface Ethernet0/0

  Description pointing to WAN

  switchport access vlan 2

  !

  interface Ethernet0/1

  Uplink port Linksys 12 description

  switchport access vlan 10

  !

  interface Ethernet0/2

  Description Server 192.168.10.2/27

  switchport access vlan 10

  !

  interface Ethernet0/3

  Uplink Eth1 management description

  !

  interface Ethernet0/4

  switchport access vlan 30

  !

  interface Ethernet0/5

  switchport access vlan 30

  !

  interface Ethernet0/6

  switchport access vlan 30

  !

  interface Ethernet0/7

  Description of Cisco 1200 Access Point

  switchport trunk allowed vlan 1,10,20

  switchport trunk vlan 1 native

  switchport mode trunk

  !

  Banner motd users only, all others must disconnect now!

  boot system Disk0: / asa841 - k8.bin

  passive FTP mode

  clock timezone PST - 8

  clock summer-time recurring PDT

  DNS server-group DefaultDNS

  domain xxxxxxx.dyndns.org

  network object obj - 192.168.50.0

  192.168.50.0 subnet 255.255.255.0

  Server network objects

  host 192.168.10.2

  network object obj - 192.168.10.0

  192.168.10.0 subnet 255.255.255.224

  network object obj - 192.168.20.0

  subnet 192.168.20.0 255.255.255.224

  network server-01 object

  host 192.168.10.2

  network server-02 object

  host 192.168.10.2

  xbox network object

  Home 192.168.10.7

  xbox-01 network object

  Home 192.168.10.7

  xbox-02 network object

  Home 192.168.10.7

  xbox-03 network object

  Home 192.168.10.7

  xbox-04 network object

  Home 192.168.10.7

  network server-03 object

  host 192.168.10.2

  network server-04 object

  host 192.168.10.2

  network server-05 object

  host 192.168.10.2

  Desktop Network object

  host 192.168.10.3

  kayla network object

  Home 192.168.10.12

  Home_VPN_splitTunnelAcl list standard access allowed 192.168.10.0 255.255.255.224

  outside_access_in list extended access permit tcp any any eq 3389

  outside_access_in list extended access permit tcp any any eq 2325

  outside_access_in list extended access permit tcp any eq ftp server object

  outside_access_in list extended access permit tcp any any eq 5851

  outside_access_in list extended access udp allowed any any eq 5850

  outside_access_in list extended access permit tcp any any eq pptp

  outside_access_in list extended access udp allowed any any eq syslog

  outside_access_in list extended access udp allowed any any eq 88

  outside_access_in list extended access udp allowed any any eq 3074

  outside_access_in list extended access permit tcp any any eq 3074

  outside_access_in list extended access permit tcp any any eq field

  outside_access_in list extended access udp allowed any any eq field

  outside_access_in list extended access permitted tcp everything any https eq

  outside_access_in list extended access permit tcp any eq ssh server object

  outside_access_in list extended access permit tcp any any eq 2322

  outside_access_in list extended access permit tcp any any eq 5900

  outside_access_in list extended access permit icmp any any echo response

  outside_access_in list extended access permit icmp any any source-quench

  outside_access_in list extended access allow all unreachable icmp

  outside_access_in list extended access permit icmp any one time exceed

  outside_access_in list extended access udp allowed any any eq 5852

  KaileY_splitTunnelAcl list standard access allowed 192.168.10.0 255.255.255.224

  pager lines 24

  Enable logging

  timestamp of the record

  exploitation forest-size of the buffer of 36000

  logging warnings put in buffered memory

  recording of debug trap

  asdm of logging of information

  address record [email protected] / * /

  exploitation forest-address recipient [email protected] / * / level of errors

  Management Server host forest

  MTU 1500 management

  Outside 1500 MTU

  MTU 1500 private

  MTU 1500 Public

  local pool IPPOOL 192.168.50.2 - 192.168.50.10 255.255.255.0 IP mask

  local pool VPN_POOL 192.168.100.2 - 192.168.100.10 255.255.255.0 IP mask

  no failover

  ICMP unreachable rate-limit 1 burst-size 1

  ICMP allow all outside

  ASDM image disk0: / asdm - 641.bin

  don't allow no asdm history

  ARP timeout 14400

  !

  Server network objects

  NAT (private, foreign) static tcp ftp 5851 service interface

  network object obj - 192.168.10.0

  NAT (private, foreign) dynamic interface

  network object obj - 192.168.20.0

  NAT (outside) dynamic public interface

  network server-01 object

  NAT (private, outside) interface static 2325 2325 tcp service

  network server-02 object

  NAT (private, outside) interface static udp syslog syslog service

  xbox network object

  NAT (private, outside) interface static service udp 88 88

  xbox-01 network object

  NAT (private, outside) interface static service udp 3074-3074

  xbox-02 network object

  NAT (private, outside) interface static service tcp 3074-3074

  xbox-03 network object

  NAT (private, outside) interface static tcp domain domain service

  xbox-04 network object

  field of the udp NAT (private, foreign) of the static interface function

  network server-03 object

  NAT (private, outside) interface static tcp https https service

  network server-04 object

  Static NAT (private, outside) interface service tcp ssh 2322

  network server-05 object

  NAT (private, outside) interface static 5900 5900 tcp service

  Desktop Network object

  NAT (private, outside) interface static service tcp 3389 3389

  kayla network object

  NAT (private, outside) interface static service udp 5852 5852

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  dynamic-access-policy-registration DfltAccessPolicy

  AAA authentication enable LOCAL console

  AAA authentication http LOCAL console

  the ssh LOCAL console AAA authentication

  AAA authentication LOCAL telnet console

  Enable http server

  http 192.168.1.0 255.255.255.248 management

  redirect http outside 80

  location of SNMP server on the Office floor

  SNMP Server contact [email protected] / * /

  Community SNMP-server

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  No vpn sysopt connection permit

  Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac

  Crypto-map dynamic outside_dyn_map pfs set 20 Group1

  Crypto-map dynamic outside_dyn_map 20 set transform-set ESP-3DES-SHA ikev1

  life together - the association of security crypto dynamic-map outside_dyn_map 20 28800 seconds

  Crypto-map dynamic outside_dyn_map 20 kilobytes of life together - the association of safety 4608000

  map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map

  outside_map interface card crypto outside

  Crypto ikev1 allow outside

  IKEv1 crypto policy 10

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  Telnet timeout 5

  SSH 192.168.1.0 255.255.255.248 management

  SSH 0.0.0.0 0.0.0.0 outdoors

  SSH timeout 30

  Console timeout 30

  access to administration management

  dhcpd dns 24.205.1.14 66.215.64.14

  dhcpd ping_timeout 750

  dhcpd field xxxxxxxx.dyndns.org

  dhcpd outside auto_config

  !

  dhcpd manage 192.168.1.4 - 192.168.1.5

  dhcpd enable management

  !

  dhcpd address private 192.168.10.20 - 192.168.10.30

  enable private dhcpd

  !

  dhcpd 192.168.20.2 public address - 192.168.20.30

  dhcpd enable Public

  !

  a basic threat threat detection

  statistical threat detection port

  Statistical threat detection Protocol

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  Server NTP 192.43.244.18

  Server NTP 129.6.15.28

  WebVPN

  internal Home_VPN group strategy

  attributes of Group Policy Home_VPN

  value of 8.8.8.8 DNS Server 4.2.2.2

  Ikev1 VPN-tunnel-Protocol without ssl-client

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list Home_VPN_splitTunnelAcl

  value by default-field www.xxxxxx.com

  the address value IPPOOL pools

  WebVPN

  the value of the URL - list ClientlessBookmark

  political group internal kikou

  group attributes political kikou

  value of 8.8.8.8 DNS Server 4.2.2.2

  Ikev1 VPN-tunnel-Protocol

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list KaileY_splitTunnelAcl

  XXXXXXX.dyndns.org value by default-field

  username scottrog encrypted password privilege 0 xxxxxxxxxxxxxx

  user_name john encrypted password privilege 0 xxxxxxxxxxxxxxx

  username joek encrypted password privilege 0 xxxxxxxxxxxx

  eostrike encrypted xxxxxxxxxxxx privilege 15 password username

  username almostsi encrypted password privilege 0 xxxxxxxxxxxxxx

  username ezdelarosa password xxxxxxxxxxxxxxencrypted privilege 0

  type tunnel-group Home_VPN remote access

  attributes global-tunnel-group Home_VPN

  IPPOOL address pool

  LOCAL authority-server-group

  authorization-server-group (outside LOCAL)

  Group Policy - by default-Home_VPN

  authorization required

  IPSec-attributes tunnel-group Home_VPN

  IKEv1 pre-shared-key *.

  type tunnel-group SSLClientProfile remote access

  tunnel-group SSLClientProfile webvpn-attributes

  enable SSLVPNClient group-alias

  tunnel-group type ClientLESS remote access

  tunnel-group kanazoé type remote access

  attributes global-tunnel-group kanazoé

  address VPN_POOL pool

  by default-group-policy kikou

  tunnel-group KaileY ipsec-attributes

  IKEv1 pre-shared-key *.

  by default-group Home_VPN tunnel-Group-map

  !

  !

  context of prompt hostname

  call-home

  Profile of CiscoTAC-1

  no active account

  http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address

  email address of destination [email protected] / * /

  destination-mode http transport

  Subscribe to alert-group diagnosis

  Subscribe to alert-group environment

  Subscribe to alert-group monthly periodic inventory

  monthly periodicals to subscribe to alert-group configuration

  daily periodic subscribe to alert-group telemetry

  Cryptochecksum:438ed6084bb3dc956574b1ce83f52b86

  : end

  ASA5505 #.

  Here are the declarations of NAT for your first question:

  network object obj - 192.168.100.0

  255.255.255.0 subnet 192.168.100.0

  NAT (private, foreign) source static obj - 192.168.10.0 obj - 192.168.10.0 destination static obj - 192.168.50.0 obj - 192.168.50.0

  NAT (private, foreign) source static obj - 192.168.10.0 obj - 192.168.10.0 destination static obj - 192.168.100.0 obj - 192.168.100.0

  And 'clear xlate' after the above and that should fix your first question.

  I would check your second question and get back to you shortly.

• Cannot access the internal resources for VPN site-to-site

  We have two ASA.  We set up just VPN site-to-site.  For some reason, we are not able to access internal resources at the main office of the remote office.  Do you have any suggestions?  Thank you.

  as wu suggested, please first confirm that the tunnel is mounted correctly

  "sh cry isa his '-> will tell u if the phase 1 is in place

  "sh cry ips its '-> say if phase 2 is in place

  now once they r upward, when you ping from site to site b

  program in the site, you should see one and decaps site b for traffic from a to b and vice versa for return transportation

  Now we have to see where it is a failure

  could be tht package is coming up to the asa but not getting is not encrypted or that the package does not come to the asa itself

  You can run tracer package to see if it's getting wrapped, or in other words hits vpn tunnel

  It might be a nat problem, and sometimes if it is a new configuration probably ISP may have blocked the esp traffic in one direction or in the other direction

  the best approach, that it is turn on "management of access to the inside" on the firewall and make a ping of source of asa

  inside ping

• Just upgraded to El Capitan and cannot access the calendar. It opens with a "Shift schedules to the server" message Can only Force Quit

  Just upgraded to El Capitan and cannot access the calendar. It opens with a message 'Moving calendars to the server.

  I cannot access all features and can be closed only by using force quit.

  Please stop calendar and also the application of reminders, runs. Force quit if necessary.

  Back up all data.

  If you synchronize some of your calendars, or reminders with iCloud, then in the iCloud preferences window, uncheck that marked calendars and reminders. You will be prompted to confirm that you want to remove your iCloud calendars and reminders of the computer. They will always be in iCloud. Re-check the boxes.

  If you synchronize agendas or reminders with another network such as Google service, please open the preferences panel Internet accounts. Make a note of the settings for calendar accounts, then delete and recreate.

  Launch schedule and see if there is an improvement.

• ASA 5505 IPSEC VPN connected but cannot access the local network

  ASA: 8.2.5

  ASDM: 6.4.5

  LAN: 10.1.0.0/22

  Pool VPN: 172.16.10.0/24

  Hi, we purcahsed a new ASA 5505 and try to configure IPSEC VPN via ASDM; I simply run the wizards, installation vpnpool, split tunnelling, etc.

  I can connect to the ASA using the cisco VPN client and internet works fine on the local PC, but it can not access the local network (can not impossible. ping remote desktop). I tried the same thing on our Production ASA(those have both Remote VPN and Site-to-site VPN working), the new profile, I created worked very well.

  Here is my setup, wrong set up anything?

  ASA Version 8.2 (5)

  !

  hostname asatest

  domain XXX.com

  activate 8Fw1QFqthX2n4uD3 encrypted password

  g9NiG6oUPjkYrHNt encrypted passwd

  names of

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 10.1.1.253 255.255.252.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  address IP XXX.XXX.XXX.XXX 255.255.255.240

  !

  passive FTP mode

  clock timezone PST - 8

  clock summer-time recurring PDT

  DNS server-group DefaultDNS

  domain vff.com

  vpntest_splitTunnelAcl list standard access allowed 10.1.0.0 255.255.252.0

  access extensive list ip 10.1.0.0 inside_nat0_outbound allow 255.255.252.0 172.16.10.0 255.255.255.0

  pager lines 24

  Enable logging

  timestamp of the record

  logging trap warnings

  asdm of logging of information

  logging - the id of the device hostname

  host of logging inside the 10.1.1.230

  Within 1500 MTU

  Outside 1500 MTU

  IP local pool 172.16.10.1 - 172.16.10.254 mask 255.255.255.0 vpnpool

  no failover

  ICMP unreachable rate-limit 1 burst-size 1

  don't allow no asdm history

  ARP timeout 14400

  Global 1 interface (outside)

  NAT (inside) 0-list of access inside_nat0_outbound

  NAT (inside) 1 0.0.0.0 0.0.0.0

  Route outside 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  AAA-server protocol nt AD

  AAA-server host 10.1.1.108 AD (inside)

  NT-auth-domain controller 10.1.1.108

  Enable http server

  http 10.1.0.0 255.255.252.0 inside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

  Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

  Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

  Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

  life crypto ipsec security association seconds 28800

  Crypto ipsec kilobytes of life - safety 4608000 association

  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set

  Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

  outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

  outside_map interface card crypto outside

  crypto ISAKMP allow outside

  crypto ISAKMP policy 10

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  Telnet timeout 5

  SSH 10.1.0.0 255.255.252.0 inside

  SSH timeout 20

  Console timeout 0

  dhcpd outside auto_config

  !

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  WebVPN

  internal group vpntest strategy

  Group vpntest policy attributes

  value of 10.1.1.108 WINS server

  Server DNS 10.1.1.108 value

  Protocol-tunnel-VPN IPSec l2tp ipsec

  disable the password-storage

  disable the IP-comp

  Re-xauth disable

  disable the PFS

  IPSec-udp disable

  IPSec-udp-port 10000

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list vpntest_splitTunnelAcl

  value by default-domain XXX.com

  disable the split-tunnel-all dns

  Dungeon-client-config backup servers

  the address value vpnpool pools

  admin WeiepwREwT66BhE9 encrypted privilege 15 password username

  username user5 encrypted password privilege 5 yIWniWfceAUz1sUb

  the encrypted password privilege 3 umNHhJnO7McrLxNQ util_3 username

  tunnel-group vpntest type remote access

  tunnel-group vpntest General attributes

  address vpnpool pool

  authentication-server-group AD

  authentication-server-group (inside) AD

  Group Policy - by default-vpntest

  band-Kingdom

  vpntest group tunnel ipsec-attributes

  pre-shared-key BEKey123456

  NOCHECK Peer-id-validate

  !

  !

  privilege level 3 mode exec cmd command perfmon

  privilege level 3 mode exec cmd ping command

  mode privileged exec command cmd level 3

  logging of the privilege level 3 mode exec cmd commands

  privilege level 3 exec command failover mode cmd

  privilege level 3 mode exec command packet cmd - draw

  privilege show import at the level 5 exec mode command

  privilege level 5 see fashion exec running-config command

  order of privilege show level 3 exec mode reload

  privilege level 3 exec mode control fashion show

  privilege see the level 3 exec firewall command mode

  privilege see the level 3 exec mode command ASP.

  processor mode privileged exec command to see the level 3

  privilege command shell see the level 3 exec mode

  privilege show level 3 exec command clock mode

  privilege exec mode level 3 dns-hosts command show

  privilege see the level 3 exec command access-list mode

  logging of orders privilege see the level 3 exec mode

  privilege, level 3 see the exec command mode vlan

  privilege show level 3 exec command ip mode

  privilege, level 3 see fashion exec command ipv6

  privilege, level 3 see the exec command failover mode

  privilege, level 3 see fashion exec command asdm

  exec mode privilege see the level 3 command arp

  command routing privilege see the level 3 exec mode

  privilege, level 3 see fashion exec command ospf

  privilege, level 3 see the exec command in aaa-server mode

  AAA mode privileged exec command to see the level 3

  privilege, level 3 see fashion exec command eigrp

  privilege see the level 3 exec mode command crypto

  privilege, level 3 see fashion exec command vpn-sessiondb

  privilege level 3 exec mode command ssh show

  privilege, level 3 see fashion exec command dhcpd

  privilege, level 3 see the vpnclient command exec mode

  privilege, level 3 see fashion exec command vpn

  privilege level see the 3 blocks from exec mode command

  privilege, level 3 see fashion exec command wccp

  privilege see the level 3 exec command mode dynamic filters

  privilege, level 3 see the exec command in webvpn mode

  privilege control module see the level 3 exec mode

  privilege, level 3 see fashion exec command uauth

  privilege see the level 3 exec command compression mode

  level 3 for the show privilege mode configure the command interface

  level 3 for the show privilege mode set clock command

  level 3 for the show privilege mode configure the access-list command

  level 3 for the show privilege mode set up the registration of the order

  level 3 for the show privilege mode configure ip command

  level 3 for the show privilege mode configure command failover

  level 5 mode see the privilege set up command asdm

  level 3 for the show privilege mode configure arp command

  level 3 for the show privilege mode configure the command routing

  level 3 for the show privilege mode configure aaa-order server

  level mode 3 privilege see the command configure aaa

  level 3 for the show privilege mode configure command crypto

  level 3 for the show privilege mode configure ssh command

  level 3 for the show privilege mode configure command dhcpd

  level 5 mode see the privilege set privilege to command

  privilege level clear 3 mode exec command dns host

  logging of the privilege clear level 3 exec mode commands

  clear level 3 arp command mode privileged exec

  AAA-server of privilege clear level 3 exec mode command

  privilege clear level 3 exec mode command crypto

  privilege clear level 3 exec command mode dynamic filters

  level 3 for the privilege cmd mode configure command failover

  clear level 3 privilege mode set the logging of command

  privilege mode clear level 3 Configure arp command

  clear level 3 privilege mode configure command crypto

  clear level 3 privilege mode configure aaa-order server

  context of prompt hostname

  no remote anonymous reporting call

  Cryptochecksum:447bbbc60fc01e9f83b32b1e0304c6b4

  : end

  Captures we can see packets going from the pool to the internal LAN, but we do not reply back packages.

  The routing must be such that for 172.16.10.0/24 packages should reach the inside interface of the ASA.

  On client machines or your internal LAN switch, you need to add route for 172.16.10.0/24 pointing to the inside interface of the ASA.

• Cisco linksys router and cannot access the wireless network

  We have cisco linksys wireless router.  When we installed everything first, we could connect our wireless laptops to the network.  Now, however, the network is detected, but there is no access to the internet.  We have even a guy from ATT were out and he said that the wireless router has been installed backwards?  He installed a dsl fast access on our laptop icon, and now we can access the wireless network but only if we connect as the first.  We can also connect iPod to the wireless network.  They detect the network, but when we enter the password cannot connect.

  Hi JC_3094,

  Welcome to the Microsoft Community and thanks for posting the question.

  According to the description, it looks like you aren't able to access the Internet.

  The likely causes of this problem is if the router is not configured properly.

  Here are some steps that should help you to solve this problem.

  Method 1:

  Check if the router is configured properly to get access to the Internet.

  Method 2:

  Try the steps mentioned in this link and check:

  This tutorial is designed to help you identify and solve problems with a wired (Ethernet) and wireless (Wi - Fi) network connections in Windows.

  Wireless and wired network problems
  http://Windows.Microsoft.com/en-us/Windows/network-connection-problem-help#network-problems=Windows-7&V1H=win8tab1&V2H=win7tab1&V3H=winvistatab1&v4h=winxptab1

   

  Method 3:

   

  If there is a frequent disconnection try to update the firmware on the router and check.

   

  In addition, visit these links for more information:

   

  Why can't I connect to the Internet?

  http://Windows.Microsoft.com/en-us/Windows7/why-can-t-I-connect-to-the-Internet

   

  Hope this information helps. Respond us if you have any questions with windows and we will be happy to help.

• Customer remote cannot access the server LAN via VPN

  Hi friends,

  I'm a new palyer in ASA.

  My business is small. We need to the LAN via VPN remote client access server.

  I have an ASA5510 with version 7.0. I have configured remote access VPN and it can establish the tunnel with success. But I can not access the server.

  Client VPN is 5.0.07.0290 version. Encrypted packages have increased but the decrypted packet is 0 in the VPN client statistics, after I connected successfully.

  Next to the ASA, I show crypto ipsec sa, just deciphering the packets increase.

  Who can help me?

  Thank you very much.

  The following configuration:

  ASA Version 7.0(7)
  
      !
  
      hostname VPNhost
  
      names
  
      dns-guard
  
      !
  
      interface Ethernet0/0
  
      nameif outside
  
      security-level 10
  
      ip address 221.122.96.51 255.255.255.240
  
      !
  
      interface Ethernet0/1
  
      nameif inside
  
      security-level 100
  
      ip address 192.168.42.199 255.255.255.0
  
      !
  
      interface Ethernet0/2
  
      shutdown
  
      no nameif
  
      no security-level
  
      no ip address
  
      !
  
      interface Management0/0
  
      shutdown
  
      no nameif
  
      no security-level
  
      no ip address
  
      management-only
  
      !
  
      ftp mode passive
  
      dns domain-lookup inside
  
      access-list PAT_acl extended permit ip 192.168.42.0 255.255.255.0 any
  
      access-list allow_PING extended permit icmp any any inactive
  
      access-list Internet extended permit ip host 221.122.96.51 any inactive
  
      access-list VPN extended permit ip 192.168.42.0 255.255.255.0 192.168.43.0 255.255.255.0
  
      access-list VPN extended permit ip 192.168.43.0 255.255.255.0 192.168.42.0 255.255.255.0
  
      access-list CAPTURE extended permit ip host 192.168.43.10 host 192.168.42.251
  
      access-list CAPTURE extended permit ip host 192.168.42.251 host 192.168.43.10
  
      pager lines 24
  
      mtu outside 1500
  
      mtu inside 1500
  
      ip local pool testpool 192.168.43.10-192.168.43.20
  arp timeout 14400
  
      global (outside) 1 interface
  
      nat (inside) 0 access-list VPN
  
      nat (inside) 1 access-list PAT_acl
  
      route outside 0.0.0.0 0.0.0.0 221.122.96.49 10
  
  
      username testuser password 123
  
      aaa authentication ssh console LOCAL
  
      aaa local authentication attempts max-fail 3
  no sysopt connection permit-ipsec
  
      crypto ipsec transform-set FirstSet esp-des esp-md5-hmac
  
      crypto dynamic-map dyn1 1 set transform-set FirstSet
  
      crypto dynamic-map dyn1 1 set reverse-route
  
      crypto map mymap 1 ipsec-isakmp dynamic dyn1
  
      crypto map mymap interface outside
  
      isakmp enable outside
  
      isakmp policy 1 authentication pre-share
  
      isakmp policy 1 encryption des
  
      isakmp policy 1 hash md5
  
      isakmp policy 1 group 2
  
      isakmp policy 1 lifetime 86400
  
      isakmp nat-traversal  3600
  
      tunnel-group testgroup type ipsec-ra
  
      tunnel-group testgroup general-attributes
  
      address-pool testpool
  
      tunnel-group testgroup ipsec-attributes
  
      pre-shared-key *
  
      telnet timeout 5
  ssh timeout 10
  
      console timeout 0
  : end
  

  Topology as follows:

  

  Hello

  Configure the split for the VPN tunneling.

  1. Create the access list that defines the network behind the ASA.

     ciscoasa(config)#access-list Split_Tunnel_List remark The corporate network behind the ASA. ciscoasa(config)#access-list Split_Tunnel_List standard permit 10.0.1.0 255.255.255.0 

  2. Mode of configuration of group policy for the policy you want to change.

     ciscoasa(config)#group-policy hillvalleyvpn attributes ciscoasa(config-group-policy)#

  3. Specify the policy to split tunnel. In this case, the policy is tunnelspecified.

     ciscoasa(config-group-policy)#split-tunnel-policy tunnelspecified 

  4. Specify the access tunnel split list. In this case, the list is Split_Tunnel_List.

     ciscoasa(config-group-policy)#split-tunnel-network-list value Split_Tunnel_List 

  5. Type this command:

     ciscoasa(config)#tunnel-group hillvalleyvpn general-attributes 

  6. Associate the group with the tunnel group policy

     ciscoasa(config-tunnel-ipsec)# default-group-policy hillvalleyvpn 

  7. Leave the two configuration modes.

     ciscoasa(config-group-policy)#exit ciscoasa(config)#exit ciscoasa#

  8. Save configuration to non-volatile RAM (NVRAM) and press enter when you are prompted to specify the name of the source file.

  Kind regards
  Abhishek Purohit
  CCIE-S-35269

• cannot access the files of another user with the admin account

  I'm on a computer with Windows Vista 64-bit home problems.
  I normally have the computer configured to connect automatically to a non privileged user and rarely use the admin account.
  Recently, I downloaded an update (Finally, more like a relocation to the latest version) and realized that I need the admin account to install properly for all users that UAC would make things a royal PITA with a zillion prompts.

  I quickly disconnected and logged in as admin. Then, I realized that the installation file has been stored in the "downloads" folder in my regular account.
  Worse still, I could not access this folder, or I couldn't tab of future security. All I could do was to 'change the property' to my admin account, but I really didn't block me on these issues. Even from Explorer using "run as administrator" gave me problems, although the DIR command in cmd.com would be the list of people.

  I used the "change user" function to log my account regular and checked the Security tab and saw that the "Administrators" Group had already read and checked 'total control '. Why can't access the admin account? As an admin with XP, I had free access to everything I wanted to leave that I wanted.

  What happens if I was a parent and wanted to check to make sure that my child was not software piracy or download illegal music that would get stuck with the fines because I'm his guardian? How would I go about checking his records?

  What happens if I was an employer at a small office using working groups and wanted to ensure that the employee was not downloading pornography?

  How can I use the powers of the administrator to access other files (regular) user?
  Why do I still need to ask this question? It was automatic under NT, 2000, XP and the various servers at least as high as 2003.

  I found the problem, it was ANOTHER problem with Norton Security Suite for Comcast.
  I uninstalled and did not only to release 100 GIGABYTES of space, my boot time has been cut to a quarter of the former time, and this problem has disappeared.

• Windows 7. cannot access the menu widget to click with the right button on the desktop / gadgets

  Hoping that someone can help or has had a similar problem.

  I just bought a new PC with windows 7, get used to gadgets and was dubious about downloading msn no cert apps/gadgets...

  yesterday I downloaded a facebook gadget that worked well at first, but today there dissapeared.couldnt give a s * 1 t on the app
  but its stopped me access my gadgets list via a right click on the desktop background and selection gadgets... nothing happens, so I guess that its facebook app, I installed. If all goes well, there is a fix for this

  any help would be appreciated... ive been using xp so I havnt had the negative acknowledgement of this gadget stuff yet.

  Thanks :)

  For any question on Windows 7:

  http://social.answers.Microsoft.com/forums/en-us/category/Windows7

  Link above is Windows 7 Forum for questions on Windows 7.

  Windows 7 questions should be directed to the it.

  You are in the Vista Forums.

  See you soon.

  Mick Murphy - Microsoft partner

• Cannot access the guest network

  < < < TEXT DELETED FOR SECURITY REASONS.  NOT GERMAIN to SOLUTION. > > >

  Comments can not access internet or local network even.

  < < < TEXT DELETED FOR SECURITY REASONS.  NOT GERMAIN to SOLUTION. > > >

  You have a 3rd party firewall installed on your host computer?  What antivirus you have installed on your host computer?

• Can connect to the IPSec VPN, but can not see the internal network

  I have several users that can connect to our rooms of ussing IPSec VPN on a 5505. I have a user who can connect, but cannot see the internal network. This user is using DSL with a speedstream 4100. However, I have another user with the same configuration that can connect and see the internal network. Newspapers in ASDM show the link, but do not seem to show any errors trying to access internal. Any help will be greatly appreciated. Thank you, Bill.

  Add...

  ISAKMP nat-traversal crypto

• Cannot access ' inside' LAN of AnyConnect VPN

  Hello. I am having trouble with my VPN connection where I can connect to it very well, and access the internet, but I can't access the internal network. Anyone have any ideas on what I can check to solve that?

  I think that the suggestion concerning the exemption of NAT is very good. If that is not the issue, then I have some other suggestions.

  -with the session created VPN review information the AnyConnect and look in the route Details tab and be sure that these LAN addresses appear as secure routes.

  -check that the devices in the local network that you can not reach a route to addresses in the pool of the VPN.

  HTH

  Rick