Cisco 877 site to site VPN routers a DHCP end cannot get the tunnel

Similar Questions

• S2S VPN - cannot get the tunnel upward

  I couldn't lift a VPN site-to site because of a configuration error that I can't fix

  The topology is Server1 > Hub > ASA - 1 ASA-2<><>

  When I launch a ping server 1 Server 2 to try to get out of the tunnel to the top, I get the following error:

  % ASA-6-110002: unable to locate the output for ICMP inside:192.168.100.2/2655 to 192.168.200.2/0 interface

  No matter which side I am ping, I get the error on both of the ASA. Here is the config for the two ASA, thanks for any help.

  !
  ASA-1 hostname
  !
  interface GigabitEthernet0
  nameif outside
  security-level 0
  IP 80.1.1.1 255.255.255.252
  !
  interface GigabitEthernet1
  nameif inside
  security-level 100
  IP 192.168.100.1 address 255.255.255.0
  !
  passive FTP mode
  network of the PC_LAN object
  255.255.255.0 subnet 192.168.100.0
  network of the REMOTE_LAN object
  192.168.200.0 subnet 255.255.255.0
  extended access list ACL-OUTSIDE-PING icmp permitted any one
  LAB_S2S_VPN to access extended list ip 192.168.100.0 allow 255.255.255.0 192.168.200.0 255.255.255.0 connect
  LAB_S2S_VPN list extended access allow icmp 192.168.100.0 255.255.255.0 192.168.200.0 255.255.255.0 connect
  pager lines 24
  Enable logging
  exploitation forest-size of the buffer of 6000
  debug logging in buffered memory
  Outside 1500 MTU
  Within 1500 MTU
  ICMP unreachable rate-limit 1 burst-size 1
  ICMP allow any inside
  ARP timeout 14400
  NAT static PC_LAN PC_LAN destination (indoor, outdoor) static source REMOTE_LAN REMOTE_LAN
  Access-Group ACL-OUTSIDE-PING to the interface inside
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  Floating conn timeout 0:00:00
  dynamic-access-policy-registration DfltAccessPolicy
  identity of the user by default-domain LOCAL
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
  Crypto ipsec transform-set ikev1 aes-esp - SHA-AES-ESP esp-sha-hmac
  card crypto VPN_CRYPTO_MAP 1 corresponds to the address LAB_S2S_VPN
  card crypto VPN_CRYPTO_MAP 1 set peer 80.1.1.2
  card crypto VPN_CRYPTO_MAP 1 set transform-set ESP-AES-SHA ikev1
  VPN_CRYPTO_MAP interface card crypto outside
  Crypto ikev1 allow outside
  IKEv1 crypto policy 10
  preshared authentication
  aes encryption
  sha hash
  Group 2
  life 86400
  management-access inside
  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  tunnel-group 80.1.1.2 type ipsec-l2l
  IPSec-attributes tunnel-group 80.1.1.2
  IKEv1 pre-shared-key *.

  ASA-2 host name
  !
  interface GigabitEthernet0
  nameif outside
  security-level 0
  IP 80.1.1.2 255.255.255.252
  !
  interface GigabitEthernet1
  nameif inside
  security-level 100
  192.168.200.1 IP address 255.255.255.0
  !
  interface GigabitEthernet2
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  passive FTP mode
  network of the PC_LAN object
  192.168.200.0 subnet 255.255.255.0
  network of the REMOTE_LAN object
  255.255.255.0 subnet 192.168.100.0
  extended access list ACL-OUTSIDE-PING icmp permitted any one
  LAB_S2S_VPN to access extended list ip 192.168.200.0 allow 255.255.255.0 192.168.100.0 255.255.255.0 connect
  LAB_S2S_VPN list extended access allow icmp 192.168.200.0 255.255.255.0 192.168.100.0 255.255.255.0 connect
  pager lines 24
  Outside 1500 MTU
  Within 1500 MTU
  no failover
  ICMP unreachable rate-limit 1 burst-size 1
  don't allow no asdm history
  ARP timeout 14400
  NAT static REMOTE_LAN REMOTE_LAN destination (indoor, outdoor) static source PC_LAN PC_LAN
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  Floating conn timeout 0:00:00
  dynamic-access-policy-registration DfltAccessPolicy
  identity of the user by default-domain LOCAL
  Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
  Crypto ipsec transform-set ikev1 aes-esp - SHA-AES-ESP esp-sha-hmac
  card crypto VPN_CRYPTO_MAP 1 corresponds to the address LAB_S2S_VPN
  card crypto VPN_CRYPTO_MAP 1 set peer 80.1.1.1
  card crypto VPN_CRYPTO_MAP 1 set transform-set ESP-AES-SHA ikev1
  VPN_CRYPTO_MAP interface card crypto outside
  Crypto ikev1 allow outside
  IKEv1 crypto policy 10
  preshared authentication
  aes encryption
  sha hash
  Group 2
  life 86400
  Telnet timeout 5
  SSH timeout 5
  Console timeout 0
  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  tunnel-group 80.1.1.1 type ipsec-l2l
  IPSec-attributes tunnel-group 80.1.1.1
  IKEv1 pre-shared-key *.
  !

  You won't have a road to 192.168.200.2 so he was not able to locate the next hop for the traffic of the tunnel.

  These static routes adding causes all traffic to be sent to the default gateway of the internet, including VPN and VPN traffic not.
  So adding a route for 192.168.200.0 pointing to 80.1.1.X gave the same results.

  Kind regards
  Dinesh Moudgil

  PS Please rate helpful messages.

• Problem access to Windows update, error: site has encountered a problem and cannot display the page you are trying to view.

  Original title: problem accessing Windows update.

  I just reinstalled a pre - SP3 of XP version. When I tried to download the SP3 I got the message: the site has encountered a problem and cannot display the page you are trying to view. I don't know what to do. Help, anyone?

  Download the following:

  http://www.Microsoft.com/en-US/Download/details.aspx?ID=28 (Service Pack 2)
  http://www.Microsoft.com/en-US/Download/details.aspx?ID=24 (Service Pack 3)

  Ignore warnings about these packages for computer scientists, or only of the
  too much network installs and others.  These are full Service Packs which can
  be installed without an internet connection or when no other SPs are
  installed.   Install SP2 first, followed by SP3.

  NOTE: If SP2 is already installed on your computer, or if the SP1a is installed, go straight to the Service Pack 3 package.

• Automatic updates program turned out impossible to turn it on, with error message "site has encountered a problem and cannot display the page you are trying to view.

  Original title: Auto updates

  My automatic updates program is disabled.  When I try to turn it on, I get this message "the site has encountered a problem and cannot display the page you are trying to view.  Automatic updates forever, why was off and why he now won't come back?

  Bill T

  E-mail address is removed from the privacy *.

  Hi Bill,

  This problem can be caused if the automatic updates service may be missing in the Services snap-in.

  1. is the Service Pack 3 installed on your computer?

  2. what anti-virus software you use in your computer?

  Follow the steps below:

  Method 1:

  To resolve this issue, follow these steps:

  1. Click Start, click run, type explore, and then click OK.
  2. Look for the following folder:

  %windir%\System32\inf

  Note The %windir%\System32 placeholder represents the path of the WINDOWS System folder. Typically, C:\WINDOWS is the path of the WINDOWS System folder.

  The inf folder is a hidden folder. To view the inf folder, follow these steps:

  a. on the Tools menu, click on Folder Optionsand then click the view tab.

  b. in the list of Advanced settings , click to display the hidden files and folders under hidden files and folders.

  c. click applyand then click OK.

  3. double-click on the inf folder, right-click in theand then click install.

  4. click on Browse. Look for, and then click the \ServicePackFiles\i386 %windir%\System32folder if the following conditions are met:

  • You install Windows XP SP3 from a CD Windows XP SP3 which included as part of the basic installation of SP3.
  • You have downloaded and installed Windows XP SP3 from the Microsoft Web site.
  • Windows XP SP3 was included with the computer.

  Note If the files from the Service Pack folder is not present on the computer, you can copy the files from a Windows XP SP3 slipstreamed installation CD.

  5. click OK to copy the files.

  6. change the setting on the computer to not display the hidden files and folders. To do this, follow these steps:

  1. On the Tools menu, click Folder Options, and then click the view tab.
  2. In the list of Advanced settings , click show not the hidden files and folders under hidden files and folders.
  3. Click applyand then click OK.

  7 restart the computer and check.

  Method 2:

  Follow the steps in the link below.

  You receive an error message "Windows Update has encountered an error and cannot display the requested page" when you try to install an update:

  http://support.Microsoft.com/kb/883614

  For reference:

  How to configure and use automatic updates in Windows:

  http://support.Microsoft.com/kb/306525

   

  If you need further assistance on this topic, let know us and we will be happy to help you.

• "the site has encounter a problem and cannot display the page" Why am I seeing this whenever I try to access the center of update microsorf?

  "the site has encounter a problem and cannot display the page" Why am I seeing this whenever I try to access the center of update microsorf?

  Hello
   
  1 do you have service pack 3 installed on the computer?
   
  2. what was the recent change in hardware or software performed on the computer before the question?
   
  Please follow the links below to solve the problem.

  Method 1
   
  You receive an error message "Windows Update has encountered an error and cannot display the requested page" when you try to install an update

  
  http://support.Microsoft.com/kb/883614
  
  Method 2

  Add the Windows Update Web sites to the trusted sites zone in Internet Explorer

  If you have verified that your firewall and antivirus are not causing the problem, try adding the following Web sites for the Microsoft Internet Explorer Trusted sites zone on the computer where you use Windows Update. After you have added the following Web sites to the Microsoft Internet Explorer trusted sites zone, run Windows Update. To run this method, follow these steps:

  a. start Internet Explorer.

  b. on the Tools menu, click Internet Options.

  c. click on the Security tab and then click on Trusted Sites.

  d. click Sites.

  e. Click to clear the requires a secure server (https :) for all sites in this zone check.)

  f. in box add this website to the zone, type each of the following Web site addresses and then click Add:

  o https://*.microsoft.com

  o https://download.windowsupdate.com

  o https://update.microsoft.com/windowsupdate

  o http://*.update.microsoft.com

  o https://*.update.microsoft.com

  o http://download.windowsupdate.com

  g. click closeand then click OK.

  h. visit the Windows Update Web site or the Microsoft Update Web site.

  I hope this helps.

• Error "the site has encountered a problem and cannot disply the page you are trying to view" when I run Windows Update

  Original title:

  I just reinstalled xp pro on my Dell D620 and it is not allowing me to run the updates. Error message: the site has encountered a problem and cannot disply the page you are trying to view. I have service pak 2

  Hello

  You get this error when you try to open the windows update or when you check for windows update?

  Check out the following link.

  You receive an error message "Windows Update has encountered an error and cannot display the requested page" when you try to install an update

  http://support.Microsoft.com/kb/883614

• Impossible to update "site has encountered a problem and cannot display the page you are trying to show."

  When I try to update either using the can I Update or Microsoft Update I get the following message: "the site has encountered a problem and cannot display the page you are trying to view. The options provided below may help you solve the problem. "

  When I open Microsoft Security Essentials and click Update I get the following message: "the Virus and spyware definitions failed and an error code: 0 x 80070424 message.»

  I am unable to get the position of automatic updates to turn on. I followed a few threads that says run "services.msc" Background Intelligent Transfer Service is ongoing as is the workstation but automatic updates does not appear!

  I tried auto Fix It and automatic installation of updates, but still no luck.

  All the other programs on the seam of my computer for updated correctly. and seams of browser to work properly. I also tried dissabling my firewall and adding the site to my trusted sites update and that didn't work either.

  I'm on PC based on Microsoft Windows XP Professional 5.1.2600 Service Pack 3 Build 2600 on a Toshiba X 86 vs

  Q: which antivirus application was installed before installing MSE, was your subscription always news, and did you uninstall it before installing MSE?
  A: I do not uninstall [McAfee Security Center before] I installed MSE...

  See...

  Checklist for installation of Microsoft Security Essentials
      http://answers.Microsoft.com/thread/bf757e6a-E320-4a67-92bc-767e6acb26c4

  Should I have any other antivirus software and Microsoft Security Essentials?
      http://blogs.msdn.com/b/securitytipstalk/archive/2010/09/08/do-i-need-both-Microsoft-security-essentials-and-another-antivirus-software-program.aspx

  ======================================

  You could try the following:

  [You may want to print these instructions for reference offline. [If a step said to restart, restart!]

  1. download the McAfee Consumer Product Removal, save it to your desktop tool: http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

  1B. download the Norton removal tool, save it to your desktop: ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

  2. close all open applications (that is, anything with an icon on the taskbar).

  3 uninstall McAfee Security Center & reboot.

  4. make sure that the Windows Firewall is now enabled.

  5. If S * PERAntiSpyware is always installed, uninstall it and reboot again. If not go to # 6's.

  6. double-click on the file that you saved in # 1 a above, to run the utility. DO TAP not your keyboard until the race ends, then restart.

  6. double-click the file that you saved in # 1 b above to run the utility. DO TAP not your keyboard until the race ends, then reboot again.

  7. open Internet Explorer (only) to http://support.microsoft.com/kb/923737 & run the difficulty.

  8. open Internet Explorer (only) to http://support.microsoft.com/kb/971058 & run the automated troubleshooter from end to end. [1]

  9 restart a last time & test. Make absolutely certain that you can update MSE manually using the update on the update tab button.

  ~~~~~~~~~~~~~~~~~~~~~~~~
  [1] full Disclosure: the difficulty operating in AGGRESSIVE mode will remove your update history but not list the updates installed in Add/Remove programs.

• Cannot install "Express updates" online, get the message "site has encountered a problem and cannot display the page, you are you are trying to view.

  I try to install my Windows updates on my Windows XP machine. I go to the windows update site, click on "Express" method to install. And get the error message "site has encountered a problem and cannot display the page, you are you are trying to view. I rebooted several times and tried several times, always with the same result. Also, there is an error number in the dialog box. The error number is 0 x 80070424

  Any suggestions?

  You can also check this thread http://answers.microsoft.com/en-us/windows/forum/windows_other-windows_update/windows-update-error-0x80070424/6511a332-7de3-4f10-b823-49b6dae86b9c for so the troubleshooting steps possible.

• I'm in the Mexico and can browse the web but cannot get the roadrunner site to open the webmail server to allow access to e-mail.

  I'm in the Mexico and can browse the web but cannot get the roadrunner site to open the webmail server to allow access to e-mail. I worked around it through another proxy server, but navigation is a pain. does anyone know a solution to this problem? Roadrunner denies that it doesn't clog and so did the modem service here which is telmex?

  [moved]

  I had the same problem 2 weeks while in the Mexico.  I contacted the support TWC and the person to whom I spoke said he had to unlock something.  When he did, all my mail came in Outlook in the spam folder.  It was OK because I got my mail.

  I moved to a different House and now have the same problem again.  I've contacted support TWC and not had much luck. The second level support person and I spent more than an hour, the call of the Mexico using Vontage.  He has not found anything by the previous call that guided him by setting this time.  He said that he would open a ticket and call me in the next 24 to 48 hours.

  Is it reminds and solves the problem, I'll post how it was corrected.

  Amigos audio!

• Cisco 877 using draytek 2600 VPN

  First I want to apologize for my complete lack of knowledge of cisco, I had the problem of replacing our dumped in my lap draytek routers

  Here's the background

  I have a cisco 877 router connected to our adsl broadband to our headquarters. I got this set instead of Nat and DHCP all working for allow multiple users internet access through our unique static ip address provided by the ISP lets say ip 1.2.3.4 address.

  Our internal network is 192.168.1.0 255.255.255.0

  I have a draytek vigor 2600 in a branch set up the same thing with a static IP address provided by the ISP allows to say that the investigation period is 5.6.7.8.

  The internal network is 192.168.4.0 255.255.255.0

  Here's the problem (except me)

  I'm trying to set up a VPN between the head office and branch so that branch office users to connect to our internal server (lets say ip is 192.168.1.2) to receive group policies, access files and also telnet on our database server (lets say ip 192.168.1.3).

  I have attached a kind of running the config that I restored the little I've read on this site and others. I tried these settings and other permutations of these settings, but I can't seem to establish a tunnel even if when I show tunnel0 int on the router it says tunnel is up and line protocol is up, if I show ip route shows that there is an ip address for the tunnel and it's all (no vpn indicator light lit).

  Could someone please take a look at the file and see if it makes sense and I got the right information. I highlighted the parts, I'm not sure in red (quite a bit and obviously not the exact settings, but I think it should be).

  And

  Once all the settings are correct on the cisco it will automatically establish vpn or what I have to deal since the draytek.

  Hello

  Can activate you ' debug cry isa ' and ' debug cry ips "and post ehre. Looks like the acl, transform set crypto or pfs settings might be incompatible. Ensure that all parameters of phase 2 are adapted to both ends.

  Kind regards

  Assia

• Cannot complete the tunnel ' phase 2 ', by establishing a site to site VPN.

  I am trying to establish a VPN tunnel from site to site between a Cisco 1921 and an ASA.

  I am debugging using:

  Debug crypto ISAKMP

  Debug crypto ipsec

  No debug message is coming on the 1921.

  The following debug message returns constantly to the ASA:

  15 jan 16:42:55 [IKEv1]: Group = 184.1.126.140, IP = 184.1.126.140, construct_ ipsec_delete(): No. SPI to identify the Phase 2 SA!

  ASA config: http://pastebin.com/raw.php?i=wgTxe3gF

  1921 config: http://pastebin.com/raw.php?i=TEihijEF

  Why won't the two establish a VPN tunnel?

  It's very strange that ASA appears the tunnel, but the router does not work. It seems that the router is waiting for authentication.

  You can add-

  crypto isakmp key address 184.1.96.42 no-xauth

  You can debug isakmp and ipsec on the router and display it?

• Cisco ASA5520 facing ISP with private IP address. How to get the IPSec VPN through the internet?

  / * Style definitions * / table. MsoNormalTable {mso-style-name : « Table Normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 à 5.4pt 0 à 5.4pt ; mso-para-marge-top : 0 ; mso-para-marge-droit : 0 ; mso-para-marge-bas : 10.0pt ; mso-para-marge-left : 0 ; ligne-hauteur : 115 % ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-fareast-font-family : « Times New Roman » ; mso-fareast-theme-font : minor-fareast ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ;}

  Hello guys,.

  I have Cisco ASA5520 facing the ISP with private IP address. We don't have a router and how to get the IPSec VPN through the internet?

  The question statement not the interface pointing to ISP isn't IP address private and inside as well.

  Firewall configuration:

  Firewall outside interface Gi0 10.0.1.2 > ISP 10.0.1.1 with security-level 0

  Firewall inside the interface Ethernet0 192.168.1.1 > LAN switch 192.168.1.2 with security-level 100

  I have public IP block 199.9.9.1/28

  How can I use the public IP address to create the IPSec VPN tunnel between two sites across the internet?

  can I assign a public IP address on the Gig1 inside the interface with the security level of 100 and how to apply inside to carry on this interface?

  If I configure > firewall inside of the item in gi1 interface ip address 199.9.9.1/28 with security-level 100. How to make a safe lane VPN through this interface on the internet?

  I'm used to the public IP address allocation to the interface outside of the firewall and private inside the interface IP address.

  Please help with configuration examples and advise.

  Thank you

  Eric

  Unfortunately, you can only complete the VPN connection on the interface the VPN connection source, in your case the external interface.

  3 options:

  (1) connect a router in front of the ASA and assign your public ip address to the ASA outside interface.

  OR /.

  (2) If your ISP can perform static translation of 1 to 1, then you can always finish the VPN on the external interface and ask your provider what is the static ip address assigned to your ASA out of the IP (10.0.1.2) - this will launch the VPN of bidirectionally

  OR /.

  (3) If your ISP performs PAT (dynamic NAT), then you can only start the tunnel VPN on the side of the ASA and the other end of the tunnel must be configured to allow VPN LAN-to-LAN dynamics.

• [SOLVED] Native Iphone4s Cisco VPN client cannot establish the tunnel (victory clients do)

  Hello

  IPhone 4 s last IOS5 V 5.1.1 installed

  I'm not able to make the native IPSEC VPN connection upset my company Cisco 877

  Instead, all my computer laptop and netbook with Cisco VPN Client work installed fine when they connect remotely to society 877

  Turn debugging 877, it seems Iphone successfully passes the 1 connection ike (actually Iphone wonder phase2 user/pass), but it hung to phase2 give me the error 'Negotiation with the VPN server has no' back

  An idea or a known issue on this?

  This is how I configured my VPN 877 part:

  R1 (config) # aaa new-model

  R1 (config) # aaa authentication default local connection

  R1 (config) # aaa authentication login vpn_xauth_ml_1 local

  R1 (config) # aaa authentication login local sslvpn

  R1 (config) # aaa authorization network vpn_group_ml_1 local

  R1 (config) # aaa - the id of the joint session

  Crypto isakmp policy of R1 (config) # 1

  R1(config-ISAKMP) # BA 3des

  # Preshared authentication R1(config-ISAKMP)

  Group R1(config-ISAKMP) # 2

  R1(config-ISAKMP) #.

  R1(config-ISAKMP) #crypto isakmp policy 2

  R1(config-ISAKMP) # BA 3des

  Md5 hash of R1(config-ISAKMP) #.

  # Preshared authentication R1(config-ISAKMP)

  Group R1(config-ISAKMP) # 2

  Output R1(config-ISAKMP) #.

  R1 (config) # CUSTOMER - VPN crypto isakmp client configuration group

  R1(config-ISAKMP-Group) # key xxxxxxxx

  R1(config-ISAKMP-Group) # 192.168.0.1 dns

  R1(config-ISAKMP-Group) # VPN - pool

  ACL R1(config-ISAKMP-Group) # 120

  R1(config-ISAKMP-Group) max-users # 5

  Output R1(config-ISAKMP-Group) #.

  R1 (config) # ip local pool VPN-pool 192.168.0.20 192.168.0.25

  R1 (config) # crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac

  R1 (config) # crypto ipsec VPN-profile-1 profile

  R1(IPSec-Profile) # set the transform-set encrypt method 1

  Tunnel type interface virtual-Template2 R1 (config) #.

  R1(Config-if) # ip unnumbered FastEthernet0/0

  R1(Config-if) # tunnel mode ipsec ipv4

  Ipsec protection tunnel R1(Config-if) # VPN - profile - 1 profile

  Profile of R1 (config) # isakmp crypto vpn-ike-profile-1

  R1(conf-ISA-Prof) # match group identity CUSTOMER VPN

  R1(conf-ISA-Prof) # vpn_xauth_ml_1 list client authentication

  R1(conf-ISA-Prof) # isakmp authorization list vpn_group_ml_1

  R1(conf-ISA-Prof) # client configuration address respond

  R1(conf-ISA-Prof) virtual-model # 2

  Then run AccessList 120 for desired traffic ("access-list 120 now allows ip any any")

  I have configured my VPN Cisco "CUSTOMER-VPN" clients and relative password

  Whenever they connect, they are prompted for the password and username phase2 then they join the VPN with an IP address from local subnet released.

  With the same parameters required and confirmed in section ipsec VPN Iphone it does not work.

  It's 877 isakmp debug output after that Iphone wonder name of user and password (then I suppose that phase 1 completed):

  * 14:29:30.731 May 19: ISAKMP (0:2081): received 151.38.197.143 packet 500 Global 500 (R) sport dport CONF_XAUTH

  * 14:29:30.735 May 19: ISAKMP: (2081): responsible for operation of 151.38.197.143 of treatment. Message ID =-1427983983

  * 14:29:30.735 May 19: ISAKMP: Config payload RESPONSE

  * 14:29:30.735 May 19: ISAKMP/xauth: response XAUTH_USER_NAME_V2 attribute

  * 14:29:30.735 May 19: ISAKMP/xauth: response XAUTH_USER_PASSWORD_V2 attribute

  * 14:29:30.735 May 19: ISAKMP: (2081): node-1427983983 error suppression FALSE reason "made with Exchange of request/response xauth.

  * 14:29:30.735 May 19: ISAKMP: (2081): entry = IKE_MESG_FROM_PEER, IKE_CFG_REPLY

  * 14:29:30.735 May 19: ISAKMP: (2081): former State = new State IKE_XAUTH_REQ_SENT = IKE_XAUTH_AAA_CONT_LOGIN_AWAIT

  * 14:29:30.743 May 19: ISAKMP: node set 1322685842 to CONF_XAUTH

  * 19 May 14:29:30.747: ISAKMP: (2081): launch peer 151.38.197.143 config. ID = 1322685842

  * 19 May 14:29:30.747: ISAKMP: (2081): lot of 151.38.197.143 sending my_port 500 peer_port 500 (R) CONF_XAUTH

  * 14:29:30.747 May 19: ISAKMP: (2081): sending a packet IPv4 IKE.

  * 14:29:30.747 May 19: ISAKMP: (2081): entry = IKE_MESG_FROM_AAA, IKE_AAA_CONT_LOGIN

  * 14:29:30.747 May 19: ISAKMP: (2081): former State = new State IKE_XAUTH_AAA_CONT_LOGIN_AWAIT = IKE_XAUTH_SET_SENT

  * 14:29:31.299 May 19: ISAKMP (0:2081): received 151.38.197.143 packet 500 Global 500 (R) sport dport CONF_XAUTH

  * 14:29:31.299 May 19: ISAKMP: (2081): responsible for operation of 151.38.197.143 of treatment. Message ID = 1322685842

  * 14:29:31.299 May 19: ISAKMP: Config payload ACK

  * 19 May 14:29:31.303: ISAKMP: (2081): XAUTH ACK processed

  * 14:29:31.303 May 19: ISAKMP: (2081): error suppression node 1322685842 FALSE basis "Mode of Transaction.

  * 14:29:31.303 May 19: ISAKMP: (2081): talking to a customer of the unit

  * 14:29:31.303 May 19: ISAKMP: (2081): entry = IKE_MESG_FROM_PEER, IKE_CFG_ACK

  * 14:29:31.303 May 19: ISAKMP: (2081): former State = new State IKE_XAUTH_SET_SENT = IKE_P1_COMPLETE

  * 14:29:31.303 May 19: ISAKMP: (2081): entry = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE

  * 14:29:31.303 May 19: ISAKMP: (2081): former State = new State IKE_P1_COMPLETE = IKE_P1_COMPLETE

  * 19 May 14:29:31.303: IPSEC (key_engine): had an event of the queue with 1 KMI message (s)

  * 14:29:31.315 May 19: ISAKMP: (2081): entry = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE

  * 14:29:31.315 May 19: ISAKMP: (2081): former State = new State IKE_P1_COMPLETE = IKE_P1_COMPLETE

  * 14:29:31.623 may 19: ISAKMP (0:2081): received 151.38.197.143 packet 500 Global 500 (R) sport dport QM_IDLE

  * 14:29:31.623 may 19: ISAKMP: node set-851463821 to QM_IDLE

  * 14:29:31.623 may 19: ISAKMP: (2081): responsible for operation of 151.38.197.143 of treatment. Message ID =-851463821

  * 14:29:31.623 may 19: ISAKMP: Config payload REQUEST

  * 14:29:31.623 may 19: ISAKMP: (2081): verification of claim:

  * 14:29:31.623 may 19: ISAKMP: IP4_ADDRESS

  * 14:29:31.623 may 19: ISAKMP: IP4_NETMASK

  * 14:29:31.623 may 19: ISAKMP: IP4_DNS

  * 14:29:31.623 may 19: ISAKMP: IP4_NBNS

  * 14:29:31.623 may 19: ISAKMP: ADDRESS_EXPIRY

  * 14:29:31.623 may 19: ISAKMP: APPLICATION_VERSION

  * 14:29:31.623 may 19: ISAKMP: MODECFG_BANNER

  * 14:29:31.623 may 19: ISAKMP: domaine_par_defaut

  * 14:29:31.623 may 19: ISAKMP: SPLIT_DNS

  * 14:29:31.623 may 19: ISAKMP: SPLIT_INCLUDE

  * 14:29:31.623 may 19: ISAKMP: INCLUDE_LOCAL_LAN

  * 14:29:31.623 may 19: ISAKMP: PFS

  * 14:29:31.623 may 19: ISAKMP: MODECFG_SAVEPWD

  * 14:29:31.623 may 19: ISAKMP: FW_RECORD

  * 14:29:31.623 may 19: ISAKMP: serveur_sauvegarde

  * 14:29:31.623 may 19: ISAKMP: MODECFG_BROWSER_PROXY

  * 14:29:31.627 May 19: ISAKMP/author: author asks for CUSTOMER-VPNsuccessfully group AAA

  * 14:29:31.627 May 19: ISAKMP: (2081): entry = IKE_MESG_FROM_PEER, IKE_CFG_REQUEST

  * 14:29:31.627 May 19: ISAKMP: (2081): former State = new State IKE_P1_COMPLETE = IKE_CONFIG_AUTHOR_AAA_AWAIT

  * 14:29:31.627 May 19: ISAKMP: (2081): attributes sent in the message:

  * 19 May 14:29:31.627: address: 0.2.0.0

  * 19 May 14:29:31.627: ISAKMP: (2081):address of 192.168.0.21 assignment

  * 14:29:31.627 May 19: ISAKMP: sending private address: 192.168.0.21

  * 14:29:31.627 May 19: ISAKMP: send the subnet mask: 255.255.255.0

  * 14:29:31.631 May 19: ISAKMP: sending IP4_DNS server address: 192.168.0.1

  * 14:29:31.631 May 19: ISAKMP: sending ADDRESS_EXPIRY seconds left to use the address: 3576

  * 14:29:31.631 May 19: ISAKMP: string APPLICATION_VERSION sending: Cisco IOS software, software C870 (C870-ADVIPSERVICESK9-M), Version 12.4 (15) T7, VERSION of the SOFTWARE (fc3)

  Technical support: http://www.cisco.com/techsupport

  Copyright (c) 1986-2008 by Cisco Systems, Inc.

  Updated Friday 14 August 08 07:43 by prod_rel_team

  * 14:29:31.631 May 19: ISAKMP: split shipment include the name Protocol 120 network 0.0.0.0 mask 0.0.0.0 0 src port 0, port 0 DST

  * 14:29:31.631 May 19: ISAKMP: sending save the password answer value 0

  * 19 May 14:29:31.631: ISAKMP: (2081): respond to peer 151.38.197.143 config. ID =-851463821

  * 19 May 14:29:31.631: ISAKMP: (2081): lot of 151.38.197.143 sending my_port 500 peer_port 500 (R) CONF_ADDR

  * 14:29:31.631 May 19: ISAKMP: (2081): sending a packet IPv4 IKE.

  * 14:29:31.631 May 19: ISAKMP: (2081): node-851463821 error suppression FALSE reason "error no.".

  * 14:29:31.631 May 19: ISAKMP: (2081): talking to a customer of the unit

  * 14:29:31.631 May 19: ISAKMP: (2081): entry = IKE_MESG_FROM_AAA, IKE_AAA_GROUP_ATTR

  * 14:29:31.631 May 19: ISAKMP: (2081): former State = new State IKE_CONFIG_AUTHOR_AAA_AWAIT = IKE_P1_COMPLETE

  * 14:29:31.635 May 19: ISAKMP: (2081): entry = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE

  * 14:29:31.635 May 19: ISAKMP: (2081): former State = new State IKE_P1_COMPLETE = IKE_P1_COMPLETE

  Here the Iphone remains unused for a few seconds...

  * 14:29:48.391 May 19: ISAKMP (0:2081): received 151.38.197.143 packet 500 Global 500 (R) sport dport QM_IDLE

  * 14:29:48.391 May 19: ISAKMP: node set 1834509506 to QM_IDLE

  * 19 May 14:29:48.391: ISAKMP: (2081): HASH payload processing. Message ID = 1834509506

  * 19 May 14:29:48.391: ISAKMP: (2081): treatment of payload to DELETE. Message ID = 1834509506

  * 14:29:48.391 May 19: ISAKMP: (2081): peer does not paranoid KeepAlive.

  * 14:29:48.395 May 19: ISAKMP: (2081): peer does not paranoid KeepAlive.

  * 14:29:48.395 May 19: ISAKMP: (2081): removal of HIS right State 'No reason' (R) QM_IDLE (post 151.38.197.143)

  * 14:29:48.395 May 19: ISAKMP: (2081): error suppression node 1834509506 FALSE reason 'informational (en) State 1.

  * 19 May 14:29:48.395: IPSEC (key_engine): had an event of the queue with 1 KMI message (s)

  * 19 May 14:29:48.395: IPSEC (key_engine_delete_sas): rec would notify of ISAKMP

  * 19 May 14:29:48.395: IPSEC (key_engine_delete_sas): remove all SAs shared with peer 151.38.197.143

  * 14:29:48.395 May 19: ISAKMP: node set-1711408233 to QM_IDLE

  * 19 May 14:29:48.395: ISAKMP: (2081): lot of 151.38.197.143 sending my_port 500 peer_port 500 (R) QM_IDLE

  * 14:29:48.395 May 19: ISAKMP: (2081): sending a packet IPv4 IKE.

  * 14:29:48.399 May 19: ISAKMP: (2081): purge the node-1711408233

  * 14:29:48.399 May 19: ISAKMP: (2081): entry = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

  * 14:29:48.399 May 19: ISAKMP: (2081): former State = new State IKE_P1_COMPLETE = IKE_DEST_SA

  * 14:29:48.399 May 19: ISAKMP: (2081): removal of HIS right State 'No reason' (R) QM_IDLE (post 151.38.197.143)

  * 14:29:48.399 May 19: ISAKMP: (0): cannot decrement IKE Call Admission Control incoming_active stat because he's already 0.

  * 14:29:48.399 May 19: ISAKMP (0:2081): return address 192.168.0.21 to pool

  * 14:29:48.399 May 19: ISAKMP: Unlocking counterpart struct 0 x 84084990 for isadb_mark_sa_deleted(), count 0

  * 14:29:48.399 May 19: ISAKMP: return address 192.168.0.21 to pool

  * 14:29:48.399 May 19: ISAKMP: delete peer node by peer_reap for 151.38.197.143: 84084990

  * 14:29:48.399 May 19: ISAKMP: return address 192.168.0.21 to pool

  * 14:29:48.403 May 19: ISAKMP: (2081): node-1427983983 error suppression FALSE reason 'IKE deleted.

  * 14:29:48.403 May 19: ISAKMP: (2081): error suppression node 1322685842 FALSE reason 'IKE deleted.

  * 14:29:48.403 May 19: ISAKMP: (2081): node-851463821 error suppression FALSE reason 'IKE deleted.

  * 14:29:48.403 May 19: ISAKMP: (2081): error suppression node 1834509506 FALSE reason 'IKE deleted.

  * 14:29:48.403 May 19: ISAKMP: (2081): entry = IKE_MESG_FROM_PEER, IKE_MM_EXCH

  * 14:29:48.403 May 19: ISAKMP: (2081): former State = new State IKE_DEST_SA = IKE_DEST_SA

  * 19 May 14:29:48.403: IPSEC (key_engine): had an event of the queue with 1 KMI message (s)

  It seems 877 comes even to assign a local ip address of LAN for Iphone (192.168.0.21) but then something goes wrong...

  Any idea or suggestion on this?

  Thank you very much

  Hi Federico,.

  Please let us know.

  Please mark this message as answered while others will be able to learn the lessons.

  Thank you.

  Portu.

• Unable to get access to the Windows Update Site. IE says "Internet Explorer cannot display the webpage"

  I am not able to access the MS Update site and receive page cannot be displayed error when I browse them directly or search results. I am able to navigate without problems to other web sites. Any ideas? I see all kinds of references to this in all directions, but the solutions that have been suggested do not work for me. I use McAfee anti-virus following personal firewall installed - version 10.15. I tried to disable the firewall (some messages indicate that this is what keeps me to access the update site), but still cannot access the MS. Update site

  Any ideas?

  Ian Robertson

  Repost:

  Cleaning a compromised system
       http://TechNet.Microsoft.com/en-us/library/cc700813.aspx

  ~ Robear Dyer (PA Bear) ~ MS MVP (that is to say, mail, security, Windows & Update Services) since 2002 ~ WARNING: MS MVPs represent or work for Microsoft

• error code: 0 x 80070002: MS updates__The site has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem

  The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem

  Hello

  Look in Control Panel - updates of Windows to see what is the KB and post it here. You can indeed
  There no need and do a right click on it and HIDE it. Let us know what is the update, so that we can
  help advise.

  Also, if you don't need it you can try to download it here.

  Microsoft Download Center - research on KBxxxxxx the number of update for anchor xxxxxx
  http://www.Microsoft.com/downloads/en/default.aspx

  Download - SAVE - go to the place where your put it - click on - RUN as ADMINISTRATOR

  If you need to fix the error:

  Error message when you use the Windows Update Web site or the Microsoft Update Web site to install updates: "0 x 80070002.
  http://support.Microsoft.com/kb/956698

  Windows Update Error 80070002http://windowshelp.microsoft.com/Windows/en-us/help/c5f4d9e0-3eb6-426b-8118-0cedf489a75f1033.mspx#EJH

  Or - these two (above and below must be the same)

  Windows Update Error 80070002
  http://Windows.Microsoft.com/en-us/Windows-Vista/Windows-Update-Error-80070002

  Fix Error 80070002 when using Windows Update in Vista
  http://www.mydigitallife.info/2007/12/21/fix-Error-80070002-when-using-Windows-Update-in-Vista/
  Error Code 0 × 80070002 during Windows Vista SP1 Setup Install - SP2 might have similar problem
  http://www.tipandtrick.NET/2008/error-code-0x80070002-during-Windows-Vista-SP1-Setup-install/

  You receive an error '0 x 80070002' or '0 x 80070003' code after you download an update from Windows Update, Microsoft Update or Windows Server Update Services
  http://support.Microsoft.com/kb/910336

  Error message when you use the Windows Update Web site or the Microsoft Update Web site to install updates: "0 x 80070002.
  http://support.Microsoft.com/kb/956698

  ----------------------------------------------------

  Then run this:

  How to reset the Windows Update components? -a Mr Fixit
  http://support.Microsoft.com/kb/971058

  Description of the system for Windows Vista, Windows Server 2008, update tool and
  for Windows 7
  http://support.Microsoft.com/kb/947821

  ------------------------------------------------------------

  If necessary, you can get free reports of incidents:

  Windows updates - free Incident report

  Go here and click on-> Windows Update fails while searching, downloading or installation of updates
  http://support.Microsoft.com/GP/wusupport#tab3

  The security updates, you can get free support Incident report
  http://www.Microsoft.com/protect/resources/support.aspx

  I hope this helps.

  Rob - bicycle - Mark Twain said it is good.