Connectivity problems from site to Site - ASA and PIX

Similar Questions

• VPN site to Site - ASA to PIX - same subnet on the inside

  Chaps,

  I have a unusual scenario, whereby case I need a tunnel vpn site-to-site between a pix of cisco version 7 and version 8 cisco asa, which have the same subnet ip to each endpoint.  Is it possible to create such a tunnel from site to site or do I change one of the remote endpoints?

  Thank you

  Nick

  Hi Nicolas,.

  To allow the traffic through the tunnel when having the same at both ends addressing scheme, you should NAT VPN traffic.

  That is to say.

  Site a 10.1.1.0/24 LAN

  Site B LAN 10.1.1.0/24

  The site config:

  NAT permit list to access ip 10.1.1.0 255.255.255.0 192.168.2.0 255.255.255.0

  (in, out) static 192.168.1.0 access-list NAT

  license of crypto list to access ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

  Site B config:

  NAT permit list to access ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0

  (in, out) static 192.168.2.0 access-list NAT

  license of crypto list to access ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

  The idea is that Site A will to 192.168.1.0 translatefd when you go to Site B, and Site B will result to 192.168.2.0 when you go to the Site A.

  Hope that makes sense.

  Federico.

• Problem with IPsec VPN between ASA and router Cisco - ping is not response

  Hello

  I don't know because the IPsec VPN does not work. This is my setup (IPsec VPN between ASA and R2):

  my network topology data:

  LAN 1 connect ASA - 1 (inside the LAN)

  PC - 10.0.1.3 255.255.255.0 10.0.1.1

  ASA - GigabitEthernet 1: 10.0.1.1 255.255.255.0

  -----------------------------------------------------------------

  ASA - 1 Connect (LAN outide) R1

  ASA - GigabitEthernet 0: 172.30.1.2 255.255.255.252

  R1 - FastEthernet 0/0: 172.30.1.1 255.255.255.252

  ---------------------------------------------------------------------

  R1 R2 to connect

  R1 - FastEthernet 0/1: 172.30.2.1 255.255.255.252

  R2 - FastEthernet 0/1: 172.30.2.2 255.255.255.252

  R2 for lan connection 2

  --------------------------------------------------------------------

  R2 to connect LAN2

  R2 - FastEthernet 0/0: 10.0.2.1 255.255.255.0

  PC - 10.0.2.3 255.255.255.0 10.0.2.1

  ASA configuration:

  1 GigabitEthernet interface
  nameif inside
  security-level 100
  IP 10.0.1.1 255.255.255.0
  no downtime
  interface GigabitEthernet 0
  nameif outside
  security-level 0
  IP 172.30.1.2 255.255.255.252
  no downtime
  Route outside 0.0.0.0 0.0.0.0 172.30.1.1

  ------------------------------------------------------------

  access-list scope LAN1 to LAN2 ip 10.0.1.0 allow 255.255.255.0 10.0.2.0 255.255.255.0
  object obj LAN
  subnet 10.0.1.0 255.255.255.0
  object obj remote network
  10.0.2.0 subnet 255.255.255.0
  NAT (inside, outside) 1 static source obj-local obj-local destination obj-remote control remote obj non-proxy-arp static

  -----------------------------------------------------------
  IKEv1 crypto policy 10
  preshared authentication
  aes encryption
  sha hash
  Group 2
  life 3600
  Crypto ikev1 allow outside
  crypto isakmp identity address

  ------------------------------------------------------------
  tunnel-group 172.30.2.2 type ipsec-l2l
  tunnel-group 172.30.2.2 ipsec-attributes
  IKEv1 pre-shared-key cisco123
  Crypto ipsec transform-set esp-aes-192 ASA1TS, esp-sha-hmac ikev1

  -------------------------------------------------------------
  card crypto ASA1VPN 10 is the LAN1 to LAN2 address
  card crypto ASA1VPN 10 set peer 172.30.2.2
  card crypto ASA1VPN 10 set transform-set ASA1TS ikev1
  card crypto ASA1VPN set 10 security-association life seconds 3600
  ASA1VPN interface card crypto outside

  R2 configuration:

  interface fastEthernet 0/0
  IP 10.0.2.1 255.255.255.0
  no downtime
  interface fastEthernet 0/1
  IP 172.30.2.2 255.255.255.252
  no downtime

  -----------------------------------------------------

  router RIP
  version 2
  Network 10.0.2.0
  network 172.30.2.0

  ------------------------------------------------------
  access-list 102 permit ahp 172.30.1.2 host 172.30.2.2
  access-list 102 permit esp 172.30.1.2 host 172.30.2.2
  access-list 102 permit udp host 172.30.1.2 host 172.30.2.2 eq isakmp
  interface fastEthernet 0/1
  IP access-group 102 to

  ------------------------------------------------------
  crypto ISAKMP policy 110
  preshared authentication
  aes encryption
  sha hash
  Group 2
  life 42300

  ------------------------------------------------------
  ISAKMP crypto key cisco123 address 172.30.1.2

  -----------------------------------------------------
  Crypto ipsec transform-set esp - aes 128 R2TS

  ------------------------------------------------------

  access-list 101 permit tcp 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255

  ------------------------------------------------------

  R2VPN 10 ipsec-isakmp crypto map
  match address 101
  defined by peer 172.30.1.2
  PFS Group1 Set
  R2TS transformation game
  86400 seconds, life of security association set
  interface fastEthernet 0/1
  card crypto R2VPN

  I don't know what the problem

  Thank you

  If the RIP is not absolutely necessary for you, try adding the default route to R2:

  IP route 0.0.0.0 0.0.0.0 172.16.2.1

  If you want to use RIP much, add permissions ACL 102:

  access-list 102 permit udp any any eq 520

• Just did my laptop, tried to do windows updates and get a message T "here has been a problem the site witt" and can not open the page I requested at this time.

  Just, I redid my laptop using my system recovery disks. I went to windows update and get this msg when I click on Express.com: the site has encountered a problem and cannot display the page you are trying to view.

  Original title: I redid all my laptop. I went to windows update and get a message that says: there was a problem witht the site and I wanted that the pag can not open the page I have requessted at this time.

  You must download and install Windows XP Service Pack 2 (if not already installed) followed in Windows XP Service Pack 3.  You will find two of them at http://www.microsoft.com/downloads - download the "Network Installation Package" for the two and ignore the part about them being only for the professionals - the parcel I recommend you download will install with or without network connection.

• Unable to connect to 2 sites: craigslist and google

  A few months ago, my upload has begun to slow down. Finally, 2 sites: www.craigslist.com and www.google.com would not at all. I've tried 3 browsers and none will have access to these 2 sites.

  Glad it works again and thanks for posting back.

  Unfortunately if the problem should recur is a problem of detention and they are the may be the most difficult kind of problem to understand.

  Now may be a good time to review your backup and recovery strategies.

• VPN site to site ASA and SSL VPN

  Hello

  Already configured vpn site to site for both sites. Now, I try to configure vpn remote access to one site.

  But I'm starting to config some command like below to access remote vpn, the existing site-to-site vpn disconnected auto.

  No crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  Crypto-map dynamic outside_dyn_map 20 the value transform-set ESP-3DES-SHA

  map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map

  outside_map interface card crypto outside

  Please, help me to check.

  Thank you

  Ko Htwe

  Hello

  You can have a single card encryption for an interface, you must configure both tunnels (access site to & remote) in a single card with number of different sequesnce encryption. Please make sure that the sequence number for the remote access is higher than for the site to site.

  You can also get this back to the config command, why did you remove it.

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  If you still have a problem, please let us know the configuration.

  Kind regards

  Mohammad

• IPSEC VPN from Site to Site - NAT problem with address management

  Hi all

  I have two Cisco ASA 5505 performing of IPSEC Site to Site VPN. All traffic inside each firewall through the VPN tunnel and I have full connectivity. From site A, I can connect to the inside address of the ASA at the site B and launch of the ASDM or SSH, etc.

  The problem I have is when I'm logged on the ASA site B management traffic is given the external address. I created this as interesting traffic to get it to go through the VPN but I need to use the inside address of ASA B. The following is possible:

  • If I can make the ASA Site B to use inside interface as its address management (I already have management access to the inside Interface)
  • I have NAT can address external interfaces to Site B before moving through the VPN tunnel management traffic so that it appears to come from Site B inside the address
  • I can NAT VPN traffic as it appears in the Site A for management traffic to Site B on the right address.

  The problem is that my PRACTICE Please also come from this address and I need the application before being on an internal address to even if my CA.

  Thanks for any help.

  Ian

  Thanks, I understand what you are trying to achieve now.

  However, I think that I don't have good news for you. Unfortunately PEIE request can be initiated of the SAA within the interface, as there is no option to start the query from the inside interface. With other features of management such as AAA, logging, you have an option to specify what ASA desired originally to demand from interface, but CEP doesn't have this option.

  Here's how you can configure under the trustpoint crypto, but unfortunately by specifying the interface doesn't not part of option:

  http://www.Cisco.com/en/us/docs/security/ASA/asa84/command/reference/C5.html#wp2262210

• G-72 laptop HP: network connection problems

  Hello: I have no internet connection. Here's what I know: unidentified network no internet access. Wireless LAN, Microsoft Virtual WiFi Miniport Adapter. In addition, all security settings are OFF. This has just begun. I have no explanation. Any help is appreciated. Thank you... M.

  Hi there @MesaRey,

  I understand that your computer is no longer connected to the internet. I'm happy to help you with this. Please report the number of complete product for your laptop. Check out the following, if you need assistance with this information. How can I find my model number or product number?

  If other devices are connected and the only one having trouble is your laptop, then you can try a system restore, just in case there is a change to your system. Select a restore point before the problem started and test the connection.

  Using Microsoft System Restore (Windows 7)

  The following pages are useful for troubleshooting wireless connectivity problems.
  Troubleshooting your wireless network and Internet access (Windows 7)

  In addition, you can watch the the power management of your wireless adapter:
  Turn off the power to the adapter:
  1. open Device Manager. (Win Key + R > type devmgmt.msc > OK)
  2. expand the network adapters.
  3. right click on the Ethernet adapter / wireless, and then click Properties.
  4. click on the power management tab.
  5 remove the check mark next to allow the computer to turn off this device to save power.
  6. click on OK.
  7 test cycle.

  Forget a network (Windows Vista)
  1. start network and sharing Center.
  2. in the pane tasks, click on manage wireless networks.
  3. right click on the connection that you want to delete and then click on remove network.
  4. in wireless networks handle - warning dialog box, click OK.
  5. the connection is removed from the list of wireless connections that you can view or edit.

  Forget the network: (Windows 7)
  1. press start.
  2. tap manage wireless networks, click on the application at the top of the start menu.
  3. right click on the network, and then click on remove network.
  4 confirm the warning by clicking OK.

  Forget the network: (Windows 8)
  1. press Windows Key + C
  2. click on settings.
  3. click on change PC settings.
  4. click on network on the left.
  5. click on manage known networks.
  6. click on the name of the network.
  7. click on forget.

  Reset TCP/IP on your PC:
  1. go to your start screen/menu and type CMD.
  2. right-click on the command prompt icon and select run as administrator.
  3. in the window that opens type "netsh int ip reset resetlog.txt" without the quotes and press ENTER.
  4 restart your PC and test.

  It can also help to reset the winsock catalog:
  1. go to your start screen/menu and type CMD.
  2. right-click on the command prompt icon and select run as administrator.
  3. in the window that opens type "netsh winsock reset" without the quotes, and then press ENTER.
  4 restart your PC and test.

  Reinstall the NIC drivers:
  1. download the drivers from here, but do not run them again.
  2. go to your Start menu/screen and type Device Manager.
  3. expand network adapters.
  4. right click on the wireless adapter and choose uninstall.
  5 install the drivers downloaded in step 1.
  6. restart your PC and test.

• Pavillion G6 2014tx: wireless connectivity problems

  Since the last 2-3 months, my wireless connection does not work correctly. This happened right after that I did the partitioning in the D drive (I don't think this is the main cause). What is happening is that, all of a sudden when internet does not bar shows signs of yellow warning and 'tells' LIMITED ACCESS wireless network. When I try to solve problems, it will give no problem. Then in Device Manager, I tried to uninstall and install again, the internet worked for a while, and still the same problem occurs. When I tried to call to the service center, they told me that I have to buy CDs to retrieve a value of rs500 because I did not these recovery disks. I'm in serious trouble please help...

  I also tried to update latest driver frm net, even if the problem does not get resolved. I also tried to reset the TCPIP in cmd prompt, but it worked for 2-3 days and still the same problem happened...

  Hi there @Parthsagar2010

  Welcome to the Forums of HP Support! It's a good place to find the help you need, so many other users, the HP experts and other members of the support staff.

  I understand that you are having problems with your wireless connection, and I am happy to help you with this.

  I realize that you mentioned the update of your driver from the internet, but just in case, here is the page drivers. There are several pilots possible depending on what card you have.

  HP Pavilion g6-2014tx Notebook PC - software & drivers

  The following pages are useful for troubleshooting wireless connectivity problems.
  Troubleshooting your wireless network and Internet access (Windows 7)

  In addition, you can watch the the power management of your wireless adapter:
  Turn off the power to the adapter:
  1. open Device Manager. (Win Key + R > type devmgmt.msc > OK)
  2. expand the network adapters.
  3. right click on the Ethernet adapter / wireless, and then click Properties.
  4. click on the power management tab.
  5 remove the check mark next to allow the computer to turn off this device to save power.
  6. click on OK.
  7 test cycle.

  Forget the network: (Windows 7)
  1. press start.
  2. tap manage wireless networks, click on the application at the top of the start menu.
  3. right click on the network, and then click on remove network.
  4 confirm the warning by clicking OK.

  Reset TCP/IP on your PC:
  1. go to your start screen/menu and type CMD.
  2. right-click on the command prompt icon and select run as administrator.
  3. in the window that opens type "netsh int ip reset resetlog.txt" without the quotes and press ENTER.
  4 restart your PC and test.

  It can also help to reset the winsock catalog:
  1. go to your start screen/menu and type CMD.
  2. right-click on the command prompt icon and select run as administrator.
  3. in the window that opens type "netsh winsock reset" without the quotes, and then press ENTER.
  4 restart your PC and test.

  Reinstall the NIC drivers:
  1. download the drivers from here, but do not run them again.
  2. go to your Start menu/screen and type Device Manager.
  3. expand network adapters.
  4. right click on the wireless adapter and choose uninstall.
  5 install the drivers downloaded in step 1.
  6. restart your PC and test.

  Test an ethernet connection:
  Explicit. Test if the problem persists on a wired connection to the adapter hardware troubleshooting wireless can be directed to the appropriate areas.

  Test another connection:
  Many people excluded their home network as a problem if another device working on the same network. Networking is not as simple as that. Each device interacts differently with your router or modem and it is impossible to exclude the settings for this device until the laptop has been tested on another network.

• VPN between ASA and cisco router [phase2 question]

  Hi all

  I have a problem with IPSEC VPN between ASA and cisco router

  I think that there is a problem in the phase 2

  Can you please guide me where could be the problem.
  I suspect questions ACL on the router, but I cannot fix. ACL on the router is specified below

  Looking forward for your help

  Phase 1 is like that

  Cisco_router #sh crypto isakmp his

  IPv4 Crypto ISAKMP Security Association
  status of DST CBC State conn-id slot
  78.x.x.41 87.x.x.4 QM_IDLE 2006 0 ACTIVE

  and ASA

  ASA # sh crypto isakmp his

  ITS enabled: 1
  Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)
  Total SA IKE: 1

  1 peer IKE: 78.x.x.41
  Type: L2L role: initiator
  Generate a new key: no State: MM_ACTIVE

  Phase 2 on SAA

  ASA # sh crypto ipsec his
  Interface: Outside
  Tag crypto map: Outside_map, seq num: 20, local addr: 87.x.x.4

  Outside_cryptomap_20 ip 172.19.209.0 access list allow 255.255.255.0 172.
  19.194.0 255.255.255.0
  local ident (addr, mask, prot, port): (172.19.209.0/255.255.255.0/0/0)
  Remote ident (addr, mask, prot, port): (172.19.194.0/255.255.255.0/0/0)
  current_peer: 78.x.x.41

  #pkts program: 8813, #pkts encrypt: 8813, #pkts digest: 8813
  #pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
  compressed #pkts: 0, unzipped #pkts: 0
  #pkts uncompressed: 8813, model of #pkts failed: 0, #pkts Dang failed: 0
  #send errors: 0, #recv errors: 0

  local crypto endpt. : 87.x.x.4, remote Start crypto. : 78.x.x.41

  Path mtu 1500, fresh ipsec generals 58, media, mtu 1500
  current outbound SPI: C96393AB

  SAS of the esp on arrival:
  SPI: 0x3E9D820B (1050509835)
  transform: esp-3des esp-md5-hmac no
  running parameters = {L2L, Tunnel}
  slot: 0, id_conn: 7, crypto-card: Outside_map
  calendar of his: service life remaining (KB/s) key: (4275000/3025)
  Size IV: 8 bytes
  support for replay detection: Y
  outgoing esp sas:
  SPI: 0xC96393AB (3378746283)
  transform: esp-3des esp-md5-hmac no
  running parameters = {L2L, Tunnel}
  slot: 0, id_conn: 7, crypto-card: Outside_map
  calendar of his: service life remaining (KB/s) key: (4274994/3023)
  Size IV: 8 bytes
  support for replay detection: Y

  Phase 2 on cisco router

  protégé of the vrf: (none)
  local ident (addr, mask, prot, port): (172.19.209.0/255.255.255.0/0/0)
  Remote ident (addr, mask, prot, port): (172.19.194.0/255.255.255.0/0/0)
  current_peer 87.x.x.4 port 500
  LICENCE, flags is {origin_is_acl},
  #pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
  #pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
  compressed #pkts: 0, unzipped #pkts: 0
  #pkts uncompressed: 0, #pkts compr. has failed: 0
  #pkts not unpacked: 0, #pkts decompress failed: 0
  Errors #send 0, #recv 0 errors

  local crypto endpt. : 78.x.x.41, remote Start crypto. : 87.x.x.4
  Path mtu 1452, ip mtu 1452, ip mtu BID Dialer0
  current outbound SPI: 0x0 (0)

  SAS of the esp on arrival:

  the arrival ah sas:

  SAS of the CFP on arrival:

  outgoing esp sas:

  outgoing ah sas:

  outgoing CFP sas:

  protégé of the vrf: (none)
  local ident (addr, mask, prot, port): (172.19.194.0/255.255.255.0/0/0)
  Remote ident (addr, mask, prot, port): (172.19.209.0/255.255.255.0/0/0)
  current_peer 87.x.x.4 port 500
  LICENCE, flags is {origin_is_acl},
  #pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
  #pkts decaps: 8947, #pkts decrypt: 8947, #pkts check: 8947
  compressed #pkts: 0, unzipped #pkts: 0
  #pkts uncompressed: 0, #pkts compr. has failed: 0
  #pkts not unpacked: 0, #pkts decompress failed: 0
  Errors #send 0, #recv 0 errors

  local crypto endpt. : 78.x.x.41, remote Start crypto. : 87.x.x.4
  Path mtu 1452, ip mtu 1452, ip mtu BID Dialer0
  current outbound SPI: 0x3E9D820B (1050509835)

  SAS of the esp on arrival:
  SPI: 0xC96393AB (3378746283)
  transform: esp-3des esp-md5-hmac.
  running parameters = {Tunnel}
  Conn ID: 29, flow_id: Motorola SEC 1.0:29, card crypto: mycryptomap
  calendar of his: service life remaining (k/s) key: (4393981/1196)
  Size IV: 8 bytes
  support for replay detection: Y
  Status: ACTIVE

  the arrival ah sas:

  SAS of the CFP on arrival:

  outgoing esp sas:
  SPI: 0x3E9D820B (1050509835)
  transform: esp-3des esp-md5-hmac.
  running parameters = {Tunnel}
  Conn ID: 30, flow_id: Motorola SEC 1.0:30, card crypto: mycryptomap
  calendar of his: service life remaining (k/s) key: (4394007/1196)
  Size IV: 8 bytes
  support for replay detection: Y
  Status: ACTIVE

  outgoing ah sas:

  outgoing CFP sas:

  VPN configuration is less in cisco router

  access-list 101 permit ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
  access-list 101 permit ip 172.19.206.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
  access-list 101 permit ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
  access-list 101 permit ip 172.19.203.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
  access-list 101 permit ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect
  access-list 101 permit ip 172.19.209.0 0.0.0.255 172.19.194.0 0.0.0.255 connect

  access-list 105 deny ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
  access-list 105 deny ip 172.19.206.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
  access-list 105 deny ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
  access-list 105 deny ip 172.19.203.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
  access-list 105 deny ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect
  access-list 105 deny ip 172.19.209.0 0.0.0.255 172.19.194.0 0.0.0.255 connect

  sheep allowed 10 route map
  corresponds to the IP 105

  Crypto ipsec transform-set esp-3des esp-md5-hmac mytransformset

  mycryptomap 100 ipsec-isakmp crypto map
  the value of 87.x.x.4 peer
  Set transform-set mytransformset
  match address 101

  crypto ISAKMP policy 100
  BA 3des
  md5 hash
  preshared authentication
  Group 2
  ISAKMP crypto key xxx2011 address 87.x.x.4

  Your permit for 105 ACL statement should be down is changed to match because it is the most general ACL.

  You currently have:

  Extend the 105 IP access list
  5 permit ip 172.19.194.0 0.0.0.255 (18585 matches)
  10 deny ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
  30 deny ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
  50 deny ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect

  It should be:

  Extend the 105 IP access list
  10 deny ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
  30 deny ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
  50 deny ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect

  IP 172.19.194.0 allow 60 0.0.0.255 (18585 matches)

  To remove it and add it to the bottom:

  105 extended IP access list

  not 5

  IP 172.19.194.0 allow 60 0.0.0.255 any

  Then ' delete ip nat trans. "

  and it should work now.

• Unable to connect to a site web - says Adobe Flash Player and JavaScript problem

  For more than a year, my daughter was able to use the Web site for children for the lively game. Ago about a week after it has loaded the site and clicked on "Let's play", instead of check-in at the login screen, she received the following message - "to view this content, you must activate JavaScript and you need the latest version of Adobe Flash Player. I found this confusing, because we all software up to date. But, just in case where I did everything he said... still no results. I then contacted the web site support and they recommended I uninstall Adobe software and reinstall it. They sent me specific links from Firefox to do. Always without success. I don't know if some updates have taken place in the last week that may have caused this problem with the web site, but it's very frustrating for us. In addition, we are able to connect (as we used to be able to) on IE, but we love Firefox - Please HELP! One last thing, I am also unable to open web site to my work computer, which also uses Firefox. I'm a fool to the computer, so I would need instruction step by step... Thank you!!!

  URL of affected sites

  http://www.ClubPenguin.com

  I had the same problem and it goes back to AdBlock. Once I disabled that, Club Penguin loaded well again.

• ASA 5505 AnyConnect 8.2 connect other subnets from site to site

  Hello

  I'm somehwat new Cisco and routing. I have an installation of two ASA 5505 that are configured for the site to site vpn and AnyConnect. The AnyConnect subnet can connect to inside VLANs to the SiteA but I can't for the remote to Site B subnet when you use AnyConnect. Any ideas? I have to add the subnet of 10.0.7.0/24 to the site to site policy? Do I need to set up several NAT rules? Details below.

  Site A: ASA 5505 8.2

  Outside: 173.X.X.X/30

  Inside: 10.0.5.0/24

  AnyConnect: 10.0.7.0/24

  Site b: ASA 5505 8.2

  Outsdie: 173.X.X.X/30

  Inside: 10.0.6.0/24

  The AnyConnect subnet cannot access the network of 10.0.6.0/24.

  Any help would be greatly appreciated! Thank you!

  Hello Kevin,

  You must go back to identity (outdoors, outdoor) identity NAT (essentially for two subnets (Anyconnect and Remote_IPSec).

  And of course to include traffic in the ACL for IPSec crypto and (if used) split with the Anyconnect tunnel.

  Note all useful posts!

  Kind regards

  Jcarvaja

  Follow me on http://laguiadelnetworking.com

• No Ping response from Site to Site connection between 876 of Cisco and CheckPoint Firewall

  Hello!

  We try to create a Site-to-Site - connection IPSec between a Cisco 876 (local site) and a control-firewall station (remote site). Cisco 876 is not directly connected to the internet, but it is behind a router ADSL with port-forwarding, redirection of ports 500 and 4500. The configuration of the Cisco 876 running is attached to this thread. Unfortunately, I get no results when debugging the connection with the command "debug crypto isakmp" and "debug crypto ipsec".

  From the point of view of Checkpoint firewall the connection seems to be implemented, but there is no response from ping.

  The server in the local site to be achieved since the network behind the firewall Checkpoint has a routing entry "PEI route add [inside the ip-net Remote] 255.255.255.0 [inside the premises of intellectual property]" (see also annex current config name ip addresses).

  Establishing a VPN Cisco Client connection to the same router Cisco 876 works very well.

  Any help would be much appreciated!

  Jakob J. Blaette

  Hi Jakob,

  Add my two cents here.

  You should always verify that the following ports and Protocol are open:

  1 - UDP port 500--> ISAKMP

  2 - UDP port 4500--> NAT - T

  3-protocol 50---> ESP

  A LAN-to-LAN tunnel will never establish a TCP session, but it could use NAT - T (if behind a NAT). Remember that a single translation isn't a port forwarding, a LAN-to-LAN tunnel is not good unless you have a one-to-one translation of the NATted device, which I think, in your case the router is working.

  HTH.

  Portu.

  Please note all useful messages and mark this message as a response.

• How to end a vpn connection from site to site on ASA 5510

  Hi guys,.

  I would like to know if there is a command that I can use to break a connection from site to site and restart it whenever I want.

  I don't want to use the close command since I use the specific interface as an exit point on the internet.

  In this case, you can configure just one incomplete crypto map entry, for example: just keep 'peers set' not configured until you establish the vpn tunnel, and then add the command "set by the peers.

  If you disable the tunnel, just remove the 'set by the peers' command for this particular VPN tunnel.

• Firefox 4 b 7 is not remembering my automatic connection settings. I connect on a site and after that I have restart the browser, I need to re connect. It is very annoying. What is the problem?

  Any site, after I close and reopen the browser, it automatically connect.

  • Websites to remember you and automatically log you in are stored in a cookie.
  • You need a cookie exception allow (Tools > Options > privacy > Cookies: Exceptions) to keep this cookie, especially for secure Web sites and if we let the cookies expire when Firefox closes
  • Make sure that you do not remove the navigation, search and download history on Firefox to clear 'Cookies' and 'Site preferences.
  • Make sure that you do not run Firefox in private - browsing using Firefox without saving the story mode (permanent)