Cannot have access + RDP VPN PIX

Hi to all the experts out there!

I configured a PIX 501 VPN serverto be able to accept the VPN connection, here are the following parameters of PIX:

6.3 (5) PIX version

interface ethernet0 car

interface ethernet1 100full

ethernet0 nameif outside security0

nameif ethernet1 inside the security100

enable the encrypted password xxxx

XXXXX encrypted passwd

Firewall-xxx host name

domain xxx.com

fixup protocol dns-length maximum 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol 2000 skinny

No fixup not protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names of

name 192.168.1.3 srv-xxx-02

External access-list permit tcp any any eq smtp

External access-list allowed tcp everything any https eq

External access-list permit tcp any any eq www

access-list allowed sheep ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0

pager lines 24

ICMP allow any inside

Outside 1500 MTU

Within 1500 MTU

IP address outside pppoe setroute

IP address inside 192.168.1.1 255.255.255.0

alarm action IP verification of information

alarm action attack IP audit

local IP VPNPOOL 10.1.2.1 pool - 10.1.2.10

location of PDM 192.168.1.0 255.255.255.0 inside

PDM logging 100 information

history of PDM activate

ARP timeout 14400

Global 1 interface (outside)

NAT (inside) 1 192.168.1.0 255.255.255.0 0 0

public static (inside, outside) tcp smtp interface srv-xxx-02 smtp netmask 255.255.255.2

55 0 0

public static tcp (indoor, outdoor) interface https https srv-xxx-02 netmask 255.255.255

.255 0 0

public static tcp (indoor, outdoor) interface www www srv-xxx-02 netmask 255.255.255.255

0 0

Timeout xlate 0:05:00

Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225

H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00

Sip timeout - disconnect 0:02:00 prompt Protocol sip-0: 03:00

Timeout, uauth 0:05:00 absolute

GANYMEDE + Protocol Ganymede + AAA-server

AAA-server GANYMEDE + 3 max-failed-attempts

AAA-server GANYMEDE + deadtime 10

RADIUS Protocol RADIUS AAA server

AAA-server RADIUS 3 max-failed-attempts

AAA-RADIUS deadtime 10 Server

AAA-RADIUS (inside) host server srv-xxx-02 radius_key timeout 10

AAA-server local LOCAL Protocol

Enable http server

http 192.168.1.0 255.255.255.0 inside

No snmp server location

No snmp Server contact

SNMP - server Syn-001 community

No trap to activate snmp Server

enable floodguard

Permitted connection ipsec sysopt

Crypto ipsec transform-set esp-3des esp-md5-hmac csaset

Crypto csamap dynamic-map 10 transform-set csaset

map csa 10-isakmp ipsec crypto dynamic csamap

client card crypto csa RADIUS authentication

csa outside crypto map interface

ISAKMP allows outside

ISAKMP nat-traversal 20

part of pre authentication ISAKMP policy 10

ISAKMP policy 10 3des encryption

ISAKMP policy 10 md5 hash

10 2 ISAKMP policy group

ISAKMP life duration strategy 10 86400

vpngroup VPNHOSTS! address VPNPOOL pool

vpngroup VPNHOSTS! Server DNS srv-xxx-02

vpngroup VPNHOSTS! srv-xxx-02 WINS server

vpngroup VPNHOSTS! by default-domain xxxx.com

vpngroup VPNHOSTS! sheep split tunnel

vpngroup VPNHOSTS! idle time 1800

vpngroup VPNHOSTS! password *.

Telnet 192.168.1.0 255.255.255.0 inside

Telnet timeout 5

SSH 0.0.0.0 0.0.0.0 outdoors

SSH 192.168.1.0 255.255.255.0 inside

SSH timeout 5

Console timeout 0

VPDN group csa request dialout pppoe

VPDN group csa localname xxxxxxxxx

VPDN group csa ppp authentication pap

VPDN username password xxxxxxx *.

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd outside auto_config

Terminal width 80

So I am able to connect to the VPN client but I can not remote desktop to my server:

When I term LUN-Lun 7 loging option

I get the following error:

305005: no group of translation not found for tcp src outside:10.1.2.1/1669 dst domestic: srv-02/BCI-3389

with the current configuration:

Global 1 interface (outside)

NAT (inside) 1 192.168.1.0 255.255.255.0 0 0

the command "nat 0" is missing in order to disable the natting to the traffic to the vpn client.

for example

NAT (inside) 0 access-list sheep

Tags: Cisco Security

Similar Questions

  • Installation update for creative cloud can never exceed 2%, which means that I cannot have access to Premiere Pro. Can anyone help with this?

    Installation update for creative cloud can never exceed 2%, which means that I cannot have access to Premiere Pro. Can anyone help with this? I need urgent access to Premiere Pro, so I can return videos to my clients.

    Check your (win) Task Manager or activity (mac) for a suspended adobe monitor helps the process that you can complete.

  • Three computers networked fine then suddenly the error message «...» Contact the administrator of this server to find out if you have access permissions. Not enough server storage is available to process this command. "

    I had a network that worked very well with three 2 computers running Windows XP Professional and Windows XP Home Edition 1. Suddenly, the network has just stopped allowing certain communications giving the above error message (I have another thread address with XP to Vista computers). The main computer with XP Pro, I'll call A, the second computer with XP Pro, I'll call B and third with XP Home will be C. All computers can share files and printers then without any changes to the system that occurred the following:

    A can access the documents and printers on B and C

    B may NOT have access to documents or printers on one, but access to documents and printers on C

    C cannot have access to the documents on one, but CAN access A printer and CAN access the documents and printers on B

    When access is denied error message is displayed:
    "\\A\My documents is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. Not enough server storage is available to process this command. "(\\A\ being the computer that I am trying to access)

    As I said access from all computers on this network was working fine a week ago and there has been absolutely no changes made to the network. I checked the following

    1. workgroup name on all computers are the same
    2. file and printer sharing are enabled for all computers.
    3. all computers may been from each computers just denied in some cases.

    The firewall that runs on all three machines is AVG and there were no changes to the one last week, but I checked that sharing is allowed.

    I even tried to run the Configuration Wizard from the network on all computers to see if it works, but the same exact problems occur after doing this.

    I met this problem now THREE times. I can't believe that I'm the only one who has this problem and I can't believe that there isn't a solution for it. None of the Microsoft documentation has even a hint of a solution for this specific problem.

    I need a solution that closes completely the network at my church, and they cannot afford to buy printers and others for each of their computers.

    This error message is misleading. See article Knowledge Base Microsoft Antivirus software may Cause Event ID 2011 for a likely solution, specifying a value of IRPStackSize 15 on A computer.
    Boulder computer Maven
    Most Microsoft Valuable Professional

  • Remote access VPN pix version 8.0 (3)

    Hi all

    First of all, I would like to thank to all members of the forum who got help in several messages on the configuration of the pix 515.

    I am now configuring remote VPN access with radius authentication to my network, but I can't connect.

    I use the cisco vpn client 5.0.03.0560, I have also tested my pix radius (inside) server authentication and works very well.

    I already tried to retype the key of the cli, but I still can't remote access vpn to work.

    I also tried to create another remote vpn with another name and local authentication, but I have the same problem.

    I use 8.0 (3) version pix.

    Can someone help me

    I attach the log file of the cisco vpn client to help solve the problem, as well a configuration of the pix folder.

    Thank you very much in advance and I seek prior information.

    http://www.Cisco.com/en/us/docs/security/ASA/asa72/configuration/guide/vpnadd.html#wp999516

    [Pls RATE if HELP]

  • Using Firefox 7.0.1; having problems with hotmail. Cannot click on controls at the top of MSG, which is New, reply, delete, etc.. Can click on the same commands @ the bottom of the problem w/no MSG. Also cannot click on Inbox folder once I have access to

    Using Firefox 7.0.1; having problems with hotmail. Cannot click on controls at the top of MSG, which is New, reply, delete, etc.. Can click on the same commands @ the bottom of the problem w/no MSG. Also cannot click on Inbox folder once I have access to another folder. All known solutions?

    This problem may be caused by the Yahoo! toolbar as scopes as well down and covers the top of the browser window, allowing links in this part of the screen not clickable.

    Start Firefox in Firefox to solve the issues in Safe Mode to check if one of the extensions or if hardware acceleration is the cause of the problem (switch to the DEFAULT theme: Firefox (Tools) > Add-ons > appearance/themes).

  • change password now cannot me access, I do not have a disk to reset admin

    I changed my password to connect, but it does not have access, I don't have a reset disk admin, but I can connect via another user. I am the administrator, but even when I do not remember the password for this. Placing the indication of password, it gives the trick for my old password is still not accepted. can anyone help?

    Moved from feedback
    Windows version not supplied

    Hello

    You should always tell us what is your operating system.

    Microsoft prohibits any help given in these Forums for you help bypass or "crack" passwords lost or forgotten.

    Here's information from Microsoft, explaining that the policy:

    http://answers.Microsoft.com/en-us/Windows/Forum/Windows_7-security/keeping-passwords-secure-Microsoft-policy-on/39f56ef0-5d68-41AD-9daa-6e6019c25d37

    This is information from Microsoft for when you forgot your XP password.

    "How to connect to your Windows XP-based computer if you forget your password or if your password expires"

    http://support.Microsoft.com/kb/321305

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    Information of Vista.

    "What to do if you forget your Windows password"

    http://Windows.Microsoft.com/is-is/Windows-Vista/what-to-do-if-you-forget-your-Windows-password

    If you forget the administrator password, and you do not have a password reset disk or another administrator account, you will not be able to reset the password. If there is no other user account on the computer, you will not be able to log in to Windows and you will need to re - install Windows.

    http://support.Microsoft.com/kb/940765

    If you are unable to connect to Windows 7 or Windows Vista, you can use the Windows Vista System Restore feature, or the Windows 7 system restore feature.

    You may be unable to connect to Windows Vista or Windows 7 in the following scenarios:

    • Scenario 1: You recently set a new password for the protected administrator account. However, you don't remember the password.
    • Scenario 2: You type the correct password. However, Windows Vista or Windows 7 does not accept the password because the system is damaged.
    • Scenario 3: You delete a protected administrator account. Now, you cannot connect to another administrator account.
    • Scenario 4: You change an administrator account protected with a standard user account. Now, you cannot connect to another administrator account.

    See you soon.

  • cannot delete the folder I am one user have access to all the files and folders can remove any but one could take ownership of disk backup file

    Cannot delete the folder, I can move it, is presantly on my desk, I'm only user I have access to all the files and folders can remove everything, but this one, took possession of the file. file is made backup disk before I reloaded vista Explorer cause did not work right

    Try to open an administrator command prompt. Then cd to the desktop. Finally, run 'attrib-h - r s' and also ' attrib s h - r/s -*.» * ». Then right-click on the folder and check the button unblock. Similarly, with all the files in the folder, pledge. Never underestimate your own stupidity.

  • Error when you try to play audio files: Windows Media Player cannot access the file. The file may be in use, you won't have access to the computer where the file is stored

    Windows Media Player cannot access the file. The file may be in use, you won't have access to the computer on which the file is stored, or your proxy settings are may not be incorrect.

    I hope someone can help on Win 7 64 bit, music is taken on a disk usb2 external hard... I had no problem until today when the message in the title appeared next to each track, with a little red cross.

    I already deleted database library as suggested by some of the forums, also disabled the media as a feature of Win 7, rebooted and then re-enabled it.  I also disconnected externally and restarted that as well, I'm also the same mistake with a cd in the cd drive as well.

    Can anyone help?

    Hello

    This error may occur for one of the following reasons:
    The file is currently in use. Close the file and then try again.

    You are not allowed to access the location where the file is stored.

    Follow these steps to grant all permissions in the folder where the files are stored:
    1. right click on the folder on the external drive and click Properties.
    2. in the Properties window, click on Security tab.
    3. now, click Edit , and then click Add.
    4. now, type everyone in the box and click OK.
    5. check the full control box.
    6. click on apply and then click OK.

    You can also try the mentioned below as follows:

    1. click on start.
    2. go in Control Panel.
    3. Select "SOUND".
    4. double-click on speakers.
    5. click on the tab advanced and then uncheck the enable audio enhancements.

    Kind regards
    Amal-Microsoft Support.
    Visit our Microsoft answers feedback Forum and let us know what you think.

  • Cannot open my encrypted Documents? -Cannot open the document: user does not have access privileges

    I am using Window7 and I got some of my encrypted files by opening the properties of the file and selecting the encryption option. I have not had any problems so far, but all of a sudden I can't open my encrypted files. There is an error message indicating "cannot open the document: user does not have access privileges. But I have no other user account on my computer and I am logged in with my administrator profile. I turned off my computer, rebooted and tried various methods, but when I open the file it shows the same message as above. Help, please?

    Hello

    Please follow the steps from the link below.

    Appropriating a file or a folder

    http://TechNet.Microsoft.com/en-us/library/cc753659.aspx

    Also check out the links below.

    Encrypt or decrypt a file or folder

    http://Windows.Microsoft.com/en-us/Windows7/encrypt-or-decrypt-a-folder-or-file

    Recover encrypted files or folders

    http://Windows.Microsoft.com/en-us/Windows7/recover-encrypted-files-or-folders

    Import or export certificates and private keys

    http://Windows.Microsoft.com/en-us/Windows7/import-or-export-certificates-and-private-keys

  • Cannot open drive D. get the message "You don't have access to the file D:\."

    I try to open a disc which worked yesterday and cannot. I get this message. You don't have access to the folder "D:\". ». Contact your administrator to access this folder.  All my documents are here and I recently had to wipe my system to factory.  So frustrated!

    Hello Lita R,.

    I suggest your run the troubleshooter to see if there are any problems with your CD/DVD drive.

    It is an automatic Fixit.
    http://support.Microsoft.com/mats/cd_dvd_drive_problems/en-us

    You can also try the Fixit of performance as well.
    http://support.Microsoft.com/mats/slow_windows_performance/en-us

    I hope this helps.

    Marilyn

  • Error message: "Windows Media Player cannot access the file. The file may be in use, you won't have access to the computer on which the file is stored, or your proxy settings are may not be incorrect. »

    Original title: problems of residential group after system recovery

    I started a homegroup on my computer.  I added another computer to the homegroup.  Everything worked fine until I had to perform a system recovery on the laptop that I used to start the homegroup.  I implemented the homegroup again, but I can't access the files on the other computer via Windows Media Player.  I get an error message that says "Windows Media Player cannot access the file. The file may be in use, you won't have access to the computer on which the file is stored, or your proxy settings are may not be incorrect. "I can access all the music files via Windows Explorer.  I have to start over with a new password?  Can I just create a new homegroup?  What other options do I have?  You can provide any help would be greatly appreciated.  Thank you.

    Hello

    Please follow the methods and check the issue:

    Method 1:

    Open the homegroup troubleshooting utility:

    http://Windows.Microsoft.com/en-us/Windows7/open-the-HomeGroup-Troubleshooter

    Method 2:

    Why can't I access my homegroup? :

    http://Windows.Microsoft.com/en-us/Windows7/why-cant-I-access-my-HomeGroup

    For reference:

    Homegroup: frequently asked questions:

    http://Windows.Microsoft.com/is-is/Windows7/HomeGroup-frequently-asked-questions

    Method 3:

    See the steps in "include a folder shared in a library" from the link below:

    Access to files and printers on other homegroup computers: http://Windows.Microsoft.com/is-is/Windows7/access-files-and-printers-on-other-HomeGroup-computers

    I hope this helps.

  • Windows Media Player error "Windows Media Player cannot access the file. Is the file may be in use, you won't have access to the computer... »

    When you try to download an audio conference on Windows Media Player class, the following notification: Windows Media Player cannot access the file. The file may be in use, you won't have access to the computer on which the file is stored, or your proxy settings are may not be incorrect. I was able to download in the past but now cannot. Any suggestions?

    In WMP, find the tab "Tools", "upper task bar", Search tab options when pressed.

    In the new properties window, change the tabs, connections would determine internet

    speed adjustment... Change all.

  • guest computer must have access to the printer host cannot use

    I have a new Mac, an old Mac, an old Windows machine and printer of Xante AW1200.

    Almost all of my work is done on the new Mac.  I get the old machine Mac or Windows of the drawer on rare occasions, or when I need to print something, because the new Mac cannot use the printer.  (Xante never taken the trouble to develop an OS X 10.6.4 driver for this printer.)

    I would like to get rid of the Windows machine.  I have it successfully migrated to a machine of comments on the new Mac, using vmware Fusion 3.1.3 but I have not found a way to get the computer to see the printer.

    This isn't a complete surprise, as Xante does not provide a driver for their (former) printer and (my new host) operating system OS X 10.6.4 - but they were planning a WIndows XP driver that has always worked well on the Windows machine, connected by the RS232 port.

    The printer also works very well on my old Mac, connected via ethernet.

    Can I connect the printer to the new Mac's ethernet port.  Of course, the Mac cannot work with it.  But could the guest computer use Windows sound driver to manage the printer?

    None of the four standard ways of printing seem applicable: ThinPrint because the host cannot use the printer.  USB because the printer is not a USB connector.  network / wireless because I do not have my old Mac running all the time.  Hello because I think that it requires that the host can see the printer.

    It certainly isn't a frequently asked Question.  Sorry, my situation is so unusual.  But the printer is special enough for the work that I do.  Any tips?

    Thank you.

    If you have a router on your site then you should be able to connect the printer to the router, configure it as needed, and then accessing it in the comments as a network printer.  Note: The guest network should be configured as connected by a bridge to access in this way.

    Another option of network which is doable, but a little more difficult to set up, is to fix the printer directly on the Mac with a standard CAT5 Ethernet cable, not a Crossover as suggested in the Ethernet Port of Mac being automatic detection User Guide.  You would then manually configure the IP address, etc. on the printer and network bridged on the comments and even if Bridged his only access to the printer on this network adapter.  Then use a second network in the guest configured as NAT, if you do not also use Bridged on that, to enable the client to have access to other resources on the physical LAN to the host, such as Internet access, etc..

  • With 10 FF, when you access fields: no cursor doesn't appear, cannot select text, no visual indication that you have access to a field.

    When you click in a field to enter text (as in this text box), no visual indicator appears (for example, a cursor blinking) to let you know that you have access to the field. In addition, when you select the text in the field, there is no indicator that you have selected text (do not be highlighted). The only way to know is to start typing or trying to cut text or paste text. It is not at all intuitive.

    You encounter this bug that will be fixed in Firefox 10.0.1, eventually published later this week.

    • bug 718939 - Java applet causes fields to become semi-don't text not responding

  • VPN to access LAN VPN clinet.

    We use a PIX 515 as the hub of a LAN to LAN VPN as well as to access VPN Clinet. Using a multipoint configuration sites speaks (all PIX 501) are able to communicate with each other. However, the VPN to access the 515 client are not able to access the VPN sites has talked about. I think that it is due to the fact that put an end to all tunnels on the same interface of the PIX 515. Is there a way to allow the VPN CLient to communicate with the LAN VPN spoke?

    Concerning

    PD

    Currently, it is not a good way to meet the requirements above. However, add us a new item (or rather, a restriction of relax) for the PIX 7.0 code (to be released in December/January) to allow clients VPN packets 'u-turn' on a Hub PIX to PIX spoke connected via Lan-to-Lan tunnels. The program 7.0 beta is about to begin (may have just begun) so if interested, please contact your local account engineer Cisco. Sorry for the news but help is on the way.

    Scott

Maybe you are looking for

  • Videos not working not not after 13.0.1 update

    Hello. Update firefox to version 13.0.1 but videos in youtube/facebook etc etc do not play. Checked all my plugins and flash, real player, quicktime, etc., are all up to date. Anyone got any ideas on a solution? Thank you.

  • How can I get a satellite A110-233 to recognize the NIC under Linux?

    Hello I just bought a satellite A110-233. I have partitioned the hard drive, so I have XP and Fedora Core 5 (FC5).XP works fine when I plug in the network cable, but FC5 (or at least the Linux kernel) doesn't seem to be able to find and activate the

  • Open the file inside the app

    Hello I am an old user of Windows and new to Mac, so this is probably a stupid question. But I wonder how the files in an application package can be opened using the file > open dialog box. I installed a 'Scid vs Mac' chess program and need to open a

  • Satellite M40x-112 - need advice on upgrade HARD disk

    Hello I have a Satellite M40x-112, it is almost 3 years and the hard drive (TOSHIBA MK8025GAS ATA) has problems, I need to change it, but I don't know a lot of this so I ask for help and advice on which hard drive should I buy for this laptop. I sear

  • Variable and nested loops

    Hi, I'm a relatively new to programming of LV, so be gentle. In a Word, I am running nested loops than the material test power on and off cycles. The parameters for each loop is entered on the front panel of the user. For example, the power supply at