Cryptomap interface
If we apply a cryptographic card for an interface he interrupts traffic flowing through this interface, distned for a different network.
Hello Claudia,.
No, as long as the ACL crypto doesn't have a permit ip any one.
I mean the crypto ACL in the Crypto Card will match only traffic between two subnets so that this will not affect any other traffic through this interface.
Kind regards
Note all useful posts
Julio
Tags: Cisco Security
Similar Questions
-
Problem with the VPN site to site for the two cisco asa 5505
Starting with cisco asa. I wanted to do a vpn site-to site of cisco. I need help. I can't ping from site A to site B and vice versa.
Cisco Config asa1
interface Ethernet0/0
switchport access vlan 1
!
interface Ethernet0/1
switchport access vlan 2
!
interface Vlan1
nameif outside
security-level 0
IP address 172.xxx.xx.4 255.255.240.0
!
interface Vlan2
nameif inside
security-level 100
IP 192.168.60.2 255.255.255.0
!
passive FTP mode
network of the Lan_Outside object
192.168.60.0 subnet 255.255.255.0
network of the NETWORK_OBJ_192.168.1.0_24 object
subnet 192.168.1.0 255.255.255.0
network of the NETWORK_OBJ_192.168.60.0_24 object
192.168.60.0 subnet 255.255.255.0
object-group Protocol DM_INLINE_PROTOCOL_1
ip protocol object
icmp protocol object
object-group Protocol DM_INLINE_PROTOCOL_2
ip protocol object
icmp protocol object
object-group Protocol DM_INLINE_PROTOCOL_3
ip protocol object
icmp protocol object
Access extensive list ip 192.168.60.0 Outside_cryptomap allow 255.255.255.0 192.168.1.0 255.255.255.0
Outside_cryptomap list extended access allow DM_INLINE_PROTOCOL_3 of object-group a
Outside_access_in list extended access allow DM_INLINE_PROTOCOL_1 of object-group a
Inside_access_in list extended access allow DM_INLINE_PROTOCOL_2 of object-group a
network of the Lan_Outside object
NAT (inside, outside) interface dynamic dns
Access-group Outside_access_in in interface outside
Inside_access_in access to the interface inside group
Route outside 0.0.0.0 0.0.0.0 172.110.xx.1 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
AAA authentication http LOCAL console
Enable http server
http 192.168.60.0 255.255.255.0 inside
http 96.xx.xx.222 255.255.255.255 outside
No snmp server location
No snmp Server contact
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-TRANS-aes - esp esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-DES-SHA-TRANS esp - esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-DES-MD5-TRANS esp - esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transit
Crypto ipsec ikev2 ipsec-proposal OF
encryption protocol esp
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 proposal ipsec 3DES
Esp 3des encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES
Esp aes encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES192
Protocol esp encryption aes-192
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 AES256 ipsec-proposal
Protocol esp encryption aes-256
Esp integrity sha - 1, md5 Protocol
Crypto ipsec pmtu aging infinite - the security association
card crypto Outside_map 1 corresponds to the address Outside_cryptomap
card crypto Outside_map 1 set peer 96.88.75.222
card crypto Outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
card crypto Outside_map 1 set ikev2 AES256 AES192 AES 3DES ipsec-proposal OF
Outside_map interface card crypto outside
trustpool crypto ca policy
IKEv2 crypto policy 1
aes-256 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 10
aes-192 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 20
aes encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 30
3des encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 40
the Encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
Crypto ikev2 allow outside
Crypto ikev1 allow outside
IKEv1 crypto policy 10
authentication crack
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 20
authentication rsa - sig
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 30
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 40
authentication crack
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 50
authentication rsa - sig
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 60
preshared authentication
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 70
authentication crack
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 80
authentication rsa - sig
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 90
preshared authentication
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 100
authentication crack
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 110
authentication rsa - sig
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 120
preshared authentication
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 130
authentication crack
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 140
authentication rsa - sig
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 150
preshared authentication
the Encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH stricthostkeycheck
SSH timeout 5
SSH group dh-Group1-sha1 key exchange
Console timeout 0
inside access managementdhcpd address 192.168.60.50 - 192.168.60.100 inside
dhcpd allow inside
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
AnyConnect essentials
internal GroupPolicy_96.xx.xx.222 group strategy
attributes of Group Policy GroupPolicy_96.xx.xx.222
VPN-tunnel-Protocol ikev1, ikev2
username admin privilege 15 encrypted password f3UhLvUj1QsXsuK7
tunnel-group 96.xx.xx.222 type ipsec-l2l
tunnel-group 96.xx.xx.222 General-attributes
Group - default policy - GroupPolicy_96.xx.xx.222
96.XX.XX.222 group of tunnel ipsec-attributes
IKEv1 pre-shared-key *.
remote control-IKEv2 pre-shared-key authentication *.
pre-shared-key authentication local IKEv2 *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
inspect the icmp
inspect the icmp error---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Cisco ASA 2 config
interface Ethernet0/0
switchport access vlan 1
!
interface Ethernet0/1
switchport access vlan 2
!
interface Vlan1
nameif outside
security-level 0
IP address 96.xx.xx.222 255.255.255.248
!
interface Vlan2
nameif inside
security-level 100
IP 192.168.1.254 255.255.255.0
!
passive FTP mode
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
network of the Lan_Outside object
subnet 192.168.1.0 255.255.255.0
network of the NETWORK_OBJ_192.168.60.0_24 object
192.168.60.0 subnet 255.255.255.0
network of the NETWORK_OBJ_192.168.1.0_24 object
subnet 192.168.1.0 255.255.255.0
object-group Protocol DM_INLINE_PROTOCOL_1
ip protocol object
icmp protocol object
object-group Protocol DM_INLINE_PROTOCOL_2
ip protocol object
icmp protocol object
object-group Protocol DM_INLINE_PROTOCOL_3
ip protocol object
icmp protocol object
object-group Protocol DM_INLINE_PROTOCOL_4
ip protocol object
icmp protocol object
Outside_cryptomap list extended access allow DM_INLINE_PROTOCOL_2 of object-group 192.168.1.0 255.255.255.0 192.168.60.0 255.255.255.0
Outside_cryptomap list extended access allow DM_INLINE_PROTOCOL_3 of object-group a
Outside_access_in list extended access allow DM_INLINE_PROTOCOL_1 of object-group a
Inside_access_in list extended access allow DM_INLINE_PROTOCOL_4 of object-group a
pager lines 24
Enable logging
asdm of logging of information
Outside 1500 MTU
Within 1500 MTU
no failover
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
no permit-nonconnected arp
NAT (inside, outside) static source NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.60.0_24 NETWORK_OBJ_192.168.60.0_24 non-proxy-arp-search of route static destination
!
network of the Lan_Outside object
dynamic NAT (all, outside) interface
Access-group Outside_access_in in interface outside
Inside_access_in access to the interface inside group
Route outside 0.0.0.0 0.0.0.0 96.xx.xx.217 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
AAA authentication http LOCAL console
Enable http server
http 192.168.1.0 255.255.255.0 inside
http 172.xxx.xx.4 255.255.255.255 outside
No snmp server location
No snmp Server contact
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-TRANS-aes - esp esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-DES-SHA-TRANS esp - esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-DES-MD5-TRANS esp - esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transit
Crypto ipsec ikev2 ipsec-proposal OF
encryption protocol esp
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 proposal ipsec 3DES
Esp 3des encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES
Esp aes encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES192
Protocol esp encryption aes-192
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 AES256 ipsec-proposal
Protocol esp encryption aes-256
Esp integrity sha - 1, md5 Protocol
Crypto ipsec pmtu aging infinite - the security association
card crypto Outside_map 1 corresponds to the address Outside_cryptomap
card crypto Outside_map 1 set peer 172.110.74.4
card crypto Outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
card crypto Outside_map 1 set ikev2 AES256 AES192 AES 3DES ipsec-proposal OF
Outside_map interface card crypto outside
trustpool crypto ca policy
IKEv2 crypto policy 1
aes-256 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 10
aes-192 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 20
aes encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 30
3des encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 40
the Encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
Crypto ikev2 allow outside
Crypto ikev1 allow outside
IKEv1 crypto policy 10
authentication crack
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 20
authentication rsa - sig
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 30
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 40
authentication crack
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 50
authentication rsa - sig
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 60
preshared authentication
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 70
authentication crack
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 80
authentication rsa - sig
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 90
preshared authentication
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 100
authentication crack
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 110
authentication rsa - sig
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 120
preshared authentication
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 130
authentication crack
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 140
authentication rsa - sig
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 150
preshared authentication
the Encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH stricthostkeycheck
SSH timeout 5
SSH group dh-Group1-sha1 key exchange
Console timeout 0dhcpd address 192.168.1.50 - 192.168.1.100 inside
dhcpd allow inside
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
AnyConnect essentials
internal GroupPolicy_172.xxx.xx.4 group strategy
attributes of Group Policy GroupPolicy_172.xxx.xx.4
L2TP ipsec VPN-tunnel-Protocol ikev1, ikev2
username admin privilege 15 encrypted password f3UhLvUj1QsXsuK7
tunnel-group 172.xxx.xx.4 type ipsec-l2l
tunnel-group 172.xxx.xx.4 General-attributes
Group - default policy - GroupPolicy_172.xxx.xx.4
172.xxx.XX.4 group of tunnel ipsec-attributes
IKEv1 pre-shared-key *.
remote control-IKEv2 pre-shared-key authentication *.
pre-shared-key authentication local IKEv2 *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
inspect the icmp
inspect the icmp error
inspect the httpFor IKEv2 configuration: (example config, you can change to encryption, group,...)
-You must add the declaration of exemption nat (see previous answer).
-set your encryption domain ACLs:
access-list-TRAFFIC IPSEC allowed extended LOCAL REMOTE - LAN LAN ip
-Set the Phase 1:
Crypto ikev2 allow outside
IKEv2 crypto policy 10
3des encryption
the sha md5 integrity
Group 5
FRP sha
second life 86400-Set the Phase 2:
Crypto ipsec ikev2 ipsec IKEV2-PROPOSAL
Esp aes encryption protocol
Esp integrity sha-1 protocol-set the Group of tunnel
tunnel-group REMOTE-PUBLIC-IP type ipsec-l2l
REMOTE-PUBLIC-IP tunnel-group ipsec-attributes
IKEv2 authentication remote pre-shared-key cisco123
IKEv2 authentication local pre-shared-key cisco123-Define the encryption card
address for correspondence CRYPTOMAP 10 - TRAFFIC IPSEC crypto map
card crypto CRYPTOMAP 10 peer set REMOTE-PUBLIC-IP
card crypto CRYPTOMAP 10 set ipsec ikev2-IKEV2-PROPOSAL
CRYPTOMAP interface card crypto outside
crypto isakmp identity addressOn your config, you have all these commands but on your VPN config, you mix ikev1 and ikev2. You have also defined political different ikev2. Just do a bit of cleaning and reached agreement on a 1 strategy for the two site (encryption, hash,...)
Thank you
-
Cisco ASA 5510 - Cisco Client can connect to the VPN but cannot Ping!
Hello
I have an ASA 5510 with the configuration below. I have configure the ASA as vpn server for remote access with cisco vpn client, now my problem is that I can connect but I can not ping.
Config
ciscoasa # sh run
: Saved
:
ASA Version 8.0 (3)
!
ciscoasa hostname
activate the 5QB4svsHoIHxXpF password / encrypted
names of
xxx.xxx.xxx.xxx SAP_router_IP_on_SAP name
xxx.xxx.xxx.xxx ISA_Server_second_external_IP name
xxx.xxx.xxx.xxx name Mail_Server
xxx.xxx.xxx.xxx IncomingIP name
xxx.xxx.xxx.xxx SAP name
xxx.xxx.xxx.xxx Web server name
xxx.xxx.xxx.xxx cms_eservices_projects_sharepointold name
isa_server_outside name 192.168.2.2
!
interface Ethernet0/0
nameif outside
security-level 0
address IP IncomingIP 255.255.255.248
!
interface Ethernet0/1
nameif inside
security-level 100
IP 192.168.2.1 255.255.255.0
!
interface Ethernet0/2
Shutdown
No nameif
no level of security
no ip address
!
interface Ethernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
nameif management
security-level 100
IP 192.168.1.253 255.255.255.0
management only
!
passwd 123
passive FTP mode
clock timezone IS 2
clock summer-time EEDT recurring last Sun Mar 03:00 last Sun Oct 04:00
TCP_8081 tcp service object-group
EQ port 8081 object
DM_INLINE_TCP_1 tcp service object-group
EQ port 3389 object
port-object eq ftp
port-object eq www
EQ object of the https port
EQ smtp port object
EQ Port pop3 object
port-object eq 3200
port-object eq 3300
port-object eq 3600
port-object eq 3299
port-object eq 3390
EQ port 50000 object
port-object eq 3396
port-object eq 3397
port-object eq 3398
port-object eq imap4
EQ port 587 object
port-object eq 993
port-object eq 8000
EQ port 8443 object
port-object eq telnet
port-object eq 3901
purpose of group TCP_8081
EQ port 1433 object
port-object eq 3391
port-object eq 3399
EQ object of port 8080
EQ port 3128 object
port-object eq 3900
port-object eq 3902
port-object eq 7777
port-object eq 3392
port-object eq 3393
port-object eq 3394
Equalizer object port 3395
port-object eq 92
port-object eq 91
port-object eq 3206
port-object eq 8001
EQ port 8181 object
object-port 7778 eq
port-object eq 8180
port-object 22222 eq
port-object eq 11001
port-object eq 11002
port-object eq 1555
port-object eq 2223
port-object eq 2224
object-group service RDP - tcp
EQ port 3389 object
3901 tcp service object-group
3901 description
port-object eq 3901
object-group service tcp 50000
50000 description
EQ port 50000 object
Enable_Transparent_Tunneling_UDP udp service object-group
port-object eq 4500
access-list connection to SAP Note inside_access_in
inside_access_in to access extended list ip 192.168.2.0 allow 255.255.255.0 host SAP_router_IP_on_SAP
access-list inside_access_in note outgoing VPN - PPTP
inside_access_in list extended access permitted tcp 192.168.2.0 255.255.255.0 any eq pptp
access-list inside_access_in note outgoing VPN - GRE
inside_access_in list extended access allow accord 192.168.2.0 255.255.255.0 any
Comment from inside_access_in-list of access VPN - GRE
inside_access_in list extended access will permit a full
access-list inside_access_in note outgoing VPN - Client IKE
inside_access_in list extended access permitted udp 192.168.2.0 255.255.255.0 any isakmp eq
Comment of access outgoing VPN - IPSecNAT - inside_access_in-list T
inside_access_in list extended access permitted udp 192.168.2.0 255.255.255.0 any eq 4500
Note to inside_access_in of outgoing DNS list access
inside_access_in list extended access udp allowed any any eq field
Note to inside_access_in of outgoing DNS list access
inside_access_in list extended access permit tcp any any eq field
Note to inside_access_in to access list carried forward Ports
inside_access_in list extended access permitted tcp 192.168.2.0 255.255.255.0 any DM_INLINE_TCP_1 object-group
access extensive list ip 172.16.1.0 inside_access_in allow 255.255.255.0 any
outside_access_in of access allowed any ip an extended list
outside_access_in list extended access permit tcp any any eq pptp
outside_access_in list extended access will permit a full
outside_access_in list extended access allowed grateful if any host Mail_Server
outside_access_in list extended access permit tcp any host Mail_Server eq pptp
outside_access_in list extended access allow esp a whole
outside_access_in ah allowed extended access list a whole
outside_access_in list extended access udp allowed any any eq isakmp
outside_access_in list of permitted udp access all all Enable_Transparent_Tunneling_UDP object-group
list of access allowed standard VPN 192.168.2.0 255.255.255.0
corp_vpn to access extended list ip 192.168.2.0 allow 255.255.255.0 172.16.1.0 255.255.255.0
pager lines 24
Enable logging
asdm of logging of information
Outside 1500 MTU
Within 1500 MTU
management of MTU 1500
pool POOL 172.16.1.10 - 172.16.1.20 255.255.255.0 IP mask
no failover
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 603.bin
don't allow no asdm history
ARP timeout 14400
NAT-control
Global (outside) 2 Mail_Server netmask 255.0.0.0
Global 1 interface (outside)
Global interface (2 inside)
NAT (inside) 0-list of access corp_vpn
NAT (inside) 1 0.0.0.0 0.0.0.0
static (inside, outside) tcp Mail_Server 8001 8001 ISA_Server_second_external_IP netmask 255.255.255.255
static (inside, outside) tcp Mail_Server 8000 ISA_Server_second_external_IP 8000 netmask 255.255.255.255
static (inside, outside) tcp Mail_Server pptp pptp netmask 255.255.255.255 isa_server_outside
public static tcp (indoor, outdoor) Mail_Server smtp smtp isa_server_outside mask 255.255.255.255 subnet
static (inside, outside) tcp 587 Mail_Server isa_server_outside 587 netmask 255.255.255.255
static (inside, outside) tcp Mail_Server 9444 isa_server_outside 9444 netmask 255.255.255.255
static (inside, outside) tcp 9443 Mail_Server 9443 netmask 255.255.255.255 isa_server_outside
static (inside, outside) tcp 3389 3389 netmask 255.255.255.255 isa_server_outside Mail_Server
static (inside, outside) tcp 3390 Mail_Server 3390 netmask 255.255.255.255 isa_server_outside
static (inside, outside) tcp Mail_Server 3901 isa_server_outside 3901 netmask 255.255.255.255
static (inside, outside) tcp SAP 50000 50000 netmask 255.255.255.255 isa_server_outside
static (inside, outside) tcp SAP 3200 3200 netmask 255.255.255.255 isa_server_outside
static (inside, outside) SAP 3299 isa_server_outside 3299 netmask 255.255.255.255 tcp
static (inside, outside) tcp Mail_Server www isa_server_outside www netmask 255.255.255.255
static (inside, outside) tcp Mail_Server https isa_server_outside https netmask 255.255.255.255
static (inside, outside) tcp Mail_Server pop3 pop3 netmask 255.255.255.255 isa_server_outside
static (inside, outside) tcp imap4 Mail_Server imap4 netmask 255.255.255.255 isa_server_outside
static (inside, outside) tcp cms_eservices_projects_sharepointold 9999 9999 netmask 255.255.255.255 isa_server_outside
public static 192.168.2.0 (inside, outside) - corp_vpn access list
Access-group outside_access_in in interface outside
inside_access_in access to the interface inside group
Route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout, uauth 0:05:00 absolute
dynamic-access-policy-registration DfltAccessPolicy
Enable http server
http 192.168.2.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp - esp-md5-hmac transet
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto-map dynamic dynmap 10 set pfs
Crypto-map dynamic dynmap 10 transform-set ESP-3DES-SHA transet
cryptomap 10 card crypto ipsec-isakmp dynamic dynmap
cryptomap interface card crypto outside
crypto isakmp identity address
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
crypto ISAKMP policy 30
preshared authentication
3des encryption
sha hash
Group 2
life 86400
No encryption isakmp nat-traversal
Telnet 192.168.2.0 255.255.255.0 inside
Telnet 192.168.1.0 255.255.255.0 management
Telnet timeout 5
SSH timeout 5
Console timeout 0
dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx interface inside
dhcpd domain.local domain inside interface
!
a basic threat threat detection
host of statistical threat detection
Statistics-list of access threat detection
Management Server TFTP 192.168.1.123.
internal group mypolicy strategy
mypolicy group policy attributes
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value VPN
Pseudo vpdn password 123
vpdn username attributes
VPN-group-policy mypolicy
type of remote access service
type mypolicy tunnel-group remote access
tunnel-group mypolicy General attributes
address-pool
strategy-group-by default mypolicy
tunnel-group mypolicy ipsec-attributes
pre-shared-key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
inspect the pptp
!
global service-policy global_policy
context of prompt hostname
Cryptochecksum:b8bb19b6cb05cfa9ee125ad7bc5444ac
: end
Thank you very much.
Hello
You probably need
Policy-map global_policy
class inspection_default
inspect the icmp
inspect the icmp error
Your Tunnel of Split and NAT0 configurations seem to.
-Jouni
-
Star topology to VPN, hub using two interfaces
Hello
I am facing a problem with Cisco ASA 5500 running 8.4 software.
I know, I know, VPN concentrator and talks has already been discussed many times. But all these discussions are on a hub by using only a single interface, the interfcae outside/public.
My topology is slightly different.
LAN - A - VPN peer a (Internet) <--> <-->(off if) - ASA - B-(if inside) <-->(corporate network) <-->(if outside) - ASA - C-(if inside) <-->RL - C
VPN communication must flow between LAN - A and LAN - C.
Phase i and phase II work on the two tunnels (A - B, B - C). Cryptomaps should be good.
IPsec security for A - B tunnel Association is explicit for LAN - A and LAN - C.
For tunnel B - C IPsec security association connects with the LAN - C.
What I can see on ASA - B is the traffic of LAN - A tunnel A - B.
Which does not trigger a SA for tunnel B - C!
Traffic launched c - LAN, I can see on ASA - B as incoming traffic, SA for LAN - A-LAN - C is encrusted tunnel b..
The traffic seems to enter the tunnel A - B I can see outgoing traffic on ASA - B.
Of course, exemption of NAT is configured for traffic between A - LAN and LAN - C.
Why not traffic entering the tunnel B - C LAN - A Insider SA?
It seems that the traffic of LAN - A between ASA-B and is abandoned or send anywhere but the right direction.
I admit that I am naïve.
Any help would be appreciated.
Thank you people.
Excellent. Thanks for the update. Pls kindly marks your message as answered while others may learn from it.
-->-->-->-->--> -
VPN site2site &; VPN client dailin on the question of a single interface
Hello dear colleagues,
First of all, the question of information subsequently:
Setup
C2801 race
(C2801-ADVENTERPRISEK9-M), Version 12.4 (25f)
---------- ----------
| Central | Di1 IP:80.153.xxx.xxx | DISTANCE | IP: 91.218.xxx.xxx
| Router | <-----------------------------------------> | Router |
-IPsec via GRE Tu1 - works | Debian |
^ | |
| ----------
| does not work
|---------------------------------------->-------------------
| Cisco VPN | Intellectual property: all
| Customer |
-------------------
!
AAA authentication login default local activate
AAA authentication login local VPN_Users
RADIUS group AAA authorization network default authenticated if
AAA authorization VPN_Users LAN
!
AAA - the id of the joint session
iomem 20 memory size
clock timezone THIS 1
clock summer-time EST recurring last Sun Mar 02:00 last Sun Oct 03:00
IP cef
!
username myVPN secret 5
----------------------------------------->!
!
crypto ISAKMP policy 1
BA 3des
preshared authentication
Group 2
life 3600
address
key crypto isakmp xauth No. 91.218.xxx.xxx ISAKMP crypto nat keepalive 20
!
Configuration group customer isakmp crypto VPN_dialin
key
DNS 192.168.198.4
domain example.com
pool VPN
ACL VPN
Crypto isakmp VPNclient profile
match of group identity VPN_dialin
client authentication list VPN_Users
ISAKMP authorization list VPN_Users
client configuration address respond
!
Crypto ipsec security association idle time 3600
!
Crypto ipsec transform-set esp-3des esp-sha-hmac hostb-transform
transport mode
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA-LZS, hmac-sha-esp esp - aes comp-lzs
!
!
crypto dynamic-map vpn-dynamic-map 10
game of transformation-ESP ESP-AES-128-SHA-AES-128-SHA-LZS
Define VPNclient isakmp-profile
!
!
!
HostB-cryptomap 1 ipsec-isakmp crypto map
the value of 91.218.xxx.xxx peer
the transform-set hostb-transform value
PFS group2 Set
corresponds to hostb-address list
!
dynamic map crypto hostb-crytomap 65535-isakmp ipsec vpn-dynamic-map
!
!
!
!
!
!
Tunnel1 interface
bandwidth 100000
IP vrf forwarding vl199
IP 10.0.201.2 255.255.255.0
IP 1400 MTU
IP nat inside
IP virtual-reassembly
IP ospf network point
source of Dialer1 tunnel
destination 91.218.xxx.xxx tunnel
bandwidth tunnel pass 10000
bandwidth tunnel receive 50000
!
interface Dialer1
Description # PPPoE T-Online.
MTU 1492
bandwidth 50000
IP ddns update hostname it-s - dd.dyndns.org
IP ddns update it-s-dd_dyndns_org
the negotiated IP address
NAT outside IP
IP virtual-reassembly max-pumping 512
encapsulation ppp
IP tcp adjust-mss 1452
no ip mroute-cache
Dialer pool 1
Dialer idle-timeout 0
persistent Dialer
KeepAlive 20
No cdp enable
Authentication callin PPP chap Protocol
PPP chap hostname
PPP chap password 7
PPP pap sent-username
password 7 PPP ipcp dns request
card crypto hostb-cryptomap
Crypto ipsec fragmentation after encryption
!
!
local pool IP VPN 192.168.196.30 192.168.196.60
IP forward-Protocol ND
IP route 0.0.0.0 0.0.0.0 Dialer1 track 1
IP route 0.0.0.0 0.0.0.0 Tunnel1 20 Track3
IP route 0.0.0.0 0.0.0.0 Dialer1 254
IP route vrf vl199 0.0.0.0 0.0.0.0 192.168.1.251
IP route vrf vl99 0.0.0.0 0.0.0.0 192.168.3.1
!
The dns server IP
!
no ip address of the http server
no ip http secure server
TCP-time translation nat IP 3600
translation of nat IP udp-timeout 600
IP nat Pat_for_192.168.198.4 192.168.198.4 pool 192.168.198.4 netmask 255.255.255.0 type
IP nat Pat_for_192.168.200.50 192.168.200.50 pool 192.168.200.50 netmask 255.255.255.0 type
IP nat inside source static 5060 udp interface 192.168.200.50 Dialer1 5060
IP nat inside source static tcp 192.168.200.51 3389 3389 Dialer1 interface
IP nat inside source static tcp 192.168.198.4 3389 interface Dialer1 3390
IP nat inside source static tcp 192.168.198.9 interface 5000 Dialer1 5000
IP nat inside source overload map route dialer1 interface Dialer1
IP nat inside interface 13001 static udp 192.168.199.3 source Dialer1 13001
IP nat inside interface 32768 static udp 192.168.179.2 source Dialer1 32768
IP nat inside source static udp 192.168.179.2 Dialer1 49152 49152 interface
IP nat inside interface 64206 static udp 192.168.179.2 source Dialer1 64206
IP nat inside source static udp 192.168.179.2 interface 7597 Dialer1 7597
IP nat inside source static tcp 192.168.179.2 9998 interface Dialer1 9998
IP nat inside source static tcp 192.168.179.2 7597 interface Dialer1 7597
IP nat inside source static tcp 192.168.179.2 64206 interface Dialer1 64206
IP nat inside source static tcp 192.168.179.2 Dialer1 49152 49152 interface
IP nat inside source static tcp 192.168.179.2 Dialer1 32768 32768 interface
IP nat inside source static tcp 192.168.198.4 interface 443 443 Dialer1
IP nat inside destination list Pat_for_192.168.198.4 pool Pat_for_192.168.198.4
IP nat inside destination list Pat_for_192.168.200.50 pool Pat_for_192.168.200.50
!
Pat_for_192.168.198.4 extended IP access list
Note = Pat_for_192.168.198.4 =-
permit tcp any any eq www
permit tcp any any eq 987
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq pop3
permit tcp any any eq 995
permit tcp any any eq 587
permit tcp any any eq ftp
permit tcp any any eq ftp - data
permit tcp any any eq smtp
Pat_for_192.168.200.50 extended IP access list
Note = Pat_for_192.168.200.50 =-
allow udp everything any 10000 20000 Beach
permit tcp everything any 5222 5223 Beach
allow udp any any eq 4569
permit any any eq 5060 udp
list of IP - VPN access scope
IP 192.168.198.0 allow 0.0.0.255 192.168.196.0 0.0.0.255
permit ip host 80.153.xxx.xxx 192.168.196.0 0.0.0.255
list hostb extended IP access list
permit ip host 91.218.xxx.xxx host 80.153.xxx.xxx
permit ip host 80.153.xxx.xxx host 91.218.xxx.xxx
permit ip host 10.0.201.2 10.0.201.1
!
!
access-list 10 permit 192.168.200.6
access-list 100 permit ip 192.168.0.0 0.0.255.255 everything
access-list 100 permit ip 10.1.0.0 0.0.255.255 everything
access-list 100 permit ip 10.0.0.0 0.0.255.255 everything
access-list 101 permit ip 192.168.199.3 host everything
access-list 101 permit ip 192.168.199.4 host everything
access-list 101 permit ip 192.168.199.13 host everything
access-list 101 permit ip 192.168.199.14 host everything
access list 101 ip allow any host 204.13.162.123
access-list 103 allow ip 10.0.1.0 0.0.0.255 any
!
dialer1 allowed 10 route map
corresponds to the IP 100
match interface Dialer1
!
!
####################################################################################################
SH crypto isakmp his:
status of DST CBC State conn-id slot
91.218.xxx.xxx 80.153.xxx.xxx QM_IDLE 7 0 ACTIVE
80.153.248.167
QM_IDLE 12 0 ASSETS ######################################################################################
SH encryption session
Current state of the session crypto
Interface: Virtual-Access5
The session state: down
Peer: port of 91.218.xxx.xxx 500
FLOW IPSEC: allowed ip host 10.0.201.2 10.0.201.1
Active sAs: 0, origin: card crypto
FLOW IPSEC: allowed ip host 80.153.xxx.xxx host 91.218.xxx.xxx
Active sAs: 0, origin: card crypto
FLOW IPSEC: allowed ip host 91.218.xxx.xxx host 80.153.xxx.xxx
Active sAs: 0, origin: card crypto
Interface: Dialer1
The session state: UP-NO-IKE
Peer: port of 91.218.xxx.xxx 500
IKE SA: local 80.153.xxx.xxx/500 remote 91.218.xxx.xxx/500 inactive
FLOW IPSEC: allowed ip host 10.0.201.2 10.0.201.1
Active sAs: 0, origin: card crypto
FLOW IPSEC: allowed ip host 80.153.xxx.xxx host 91.218.xxx.xxx
Active sAs: 4, origin: card crypto
FLOW IPSEC: allowed ip host 91.218.xxx.xxx host 80.153.xxx.xxx
Active sAs: 0, origin: card crypto
Interface: Dialer1
The session state: IDLE-UP
Peer: port of
55033 ITS IKE: local 80.153.xxx.xxx/4500 distance
55033 Active ################################################################################################################################
Error message:
020932: 2 Oct 21:55:14.459 CEST: IPSEC (validate_transform_proposal): No IPSEC cryptomap is to address local 80.153.xxx.xxx
020933: 2 Oct 21:55:14.459 CEST: IPSEC (validate_proposal_request): part #1 of the proposal
(Eng. msg key.) Local INCOMING = 80.153.xxx.xxx, distance =
,. local_proxy = 0.0.0.0/0.0.0.0/0/0 (type = 4),
remote_proxy = 192.168.196.32/255.255.255.255/0/0 (type = 1),
Protocol = ESP, transform = esp - esp-md5-hmac (Tunnel-UDP).
lifedur = 0 and 0kb in
SPI = 0 x 0 (0), id_conn = 0, keysize = 0, flags = 0 x 400
020934: 2 Oct 21:55:14.459 CEST: IPSEC (validate_transform_proposal): No IPSEC cryptomap is to address local 80.153.xxx.xxx
020935: 2 Oct 21:55:14.459 CEST: IPSEC (validate_proposal_request): part #1 of the proposal
(Eng. msg key.) Local INCOMING = 80.153.xxx.xxx, distance =
,. local_proxy = 0.0.0.0/0.0.0.0/0/0 (type = 4),
remote_proxy = 192.168.196.32/255.255.255.255/0/0 (type = 1),
Protocol = ESP, transform = null esp esp-md5-hmac (Tunnel-UDP).
lifedur = 0 and 0kb in
SPI = 0 x 0 (0), id_conn = 0, keysize = 0, flags = 0 x 400
#################################################################################################
I tried to understand where is my mistake, can someone help me find it?
Thank you very much
concerning
crypto map hostb-crytomap 65535 ipsec-isakmp dynamic vpn-dynamic-map
is the fault of typing in the name as in your original config?
--
Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
http://www.Kiva.org/invitedBy/karsteni -
Hello
On my router is is possible to create several site to site tunnels to different destinations? I think you have to create multiple cryptomaps and assign to the external interface?
see you soon
Tunnel interfaces too? A Cisco router should be able to handle this. How many rays are involved?
Design wise, you can proceed through several ways:
(A) HUB didn't need to open connections:
==================================
1 lever a tunnel type love [on the hub] aka DMVPN. Then we have 1 Multipoint tunnel interface.
2-use DVTI [speaks] / [hub] DVTI with EZVPN
3 use VTI on rays + DVTI on the hub with a routing protocol
(B) HUB must initiate connections:
============================
Tunnel to protect you, a tunnel by talking.
-
New Audio USB Interface lose sound on El Capitan
Hi all!
A few weeks ago that I upgraded my MacBook Pro retina 15 "end 2013 to El Capitan, after that my USB Audio Interfaces (Focusrite Scarlett 2i4) and Safire 6 USB stopped working properly. Both work correctly when they are connected to an iMac 5K running the same operating system.
I can listen to Audio for some time (about 10-2 Minutes, it is always different), when the Audio starts to crush und get outs, after a certain time there is only silence "click on" come out of the speakers.
Heres an Audio file of the sound that results from: https://www.dropbox.com/s/5nb96bmdh47kmi2/20160923%20141619.m4a?dl=0
I already tried to reinstall OS X (starting with CMD R and reinstall OS), reset PRAM and SMC. Nothing has changed the question. Any ideas where it comes from?
Greetings
Chris
It is most likely a software conflict. Note the time at which audio is running out. Open the Console and look for accidents or mistakes at this time.
The reason why it crashes on a mac, but not the others most likely is related to differences in software installed. Run Etrecheck on touch mac and post the report here.
-
The interface usb audio of Behringer U-Phoria UMC404HD work with Garageband?
I just got an interface USB 4 channels for recording guitars and microphones. It has no driver, but instead uses the Mac OS. I implemented the sound control panel to recognize the device input and output, can I use the Audio configuration utility and MIDI to fit a recording at 192000HZ.
My problem is that as soon as I open GarageBand 192000HZ setting falls down to it is more low 44100 HZ. It is a flaw with the audio interface Behringer or is it a problem of system software?
I will mix Behringer messages on this problem, a guy says that the interface has a bad component castigates other Garageband.
I would appreciate hearing from anyone with any interface from Behringer, who used it to 192000HZ using Garageband. Any other comments welcome.
I have this problem on 3 different computers using systems to a new installation of 10.11 10.6.8. A few different USB cables. More recently, on an I7 Mini with memory 16 concerts with 10.11.6. Currently on Garageband 10, but the same problem with Garageband 6
I talked to an Apple technician and the answer is that Apple has "capped" sampling in 441000HZ setting.
Thus, in spite of the box is designed to accept 192000Hz sampling, apparently GarageBand has been paralyzed for a lower sampling only to the adjustment system. Another program audio I, Amadeus Pro, has no difficulty with the parameter to 192000.
TSK, tsk Apple...
-
iPhone 5 s acting weird from the hotmail interface has changed
Hello
My 5's mail app iPhone acted as weird as the hotmail Web site interface has changed a few weeks ago. The Junk folder disappeared and now, when I get an email, the phone rings and vibrates as before, but it is there no preview on the lock screen, or the notification Center.
What is happening to someone else? How can I fix it?
Thank you
Hello
It can help to check your email notification settings:
- Go to settings > Notifications > mail > select an account to check the notification settings.
You can also update your iPhone to the latest version of the software (your post indicates that it is not up-to-date):
-
Audio interface Thunderbolt to crash Windows Boot Camp
Hello, my audio interface crashes Windows Boot Camp on my MBP 15 "retina. It works very well on the side of the BONE. I've updated everything (including the drivers and firmware for the device). The audio interface is the MOTU 828 x. It is designed for use with Windows via TB - my concern is that this does not mean Boot Camp Windows
When I turn on the device, Windows crashes immediately on a blue screen saying: "your PC has encountered a problem and needs to restart...» PNP_DETECTED_FATAL_ERROR ". I tried all combinations of plug etc. aside first turned off, turned on mac.
Thanks for any help or ideas!
Run a test and reset SMC and NVRAM.
-
Hard drives, Interface regularly ejected
Hi people,
Since the update to the latest El Capitan (10.11.6), all my external drives and the interface is constantly ejected. want to go back to the previous version, but the ejected disc always has this version. Options?
BOE
Try disabling put hard drives to sleep even when in energy saver preferences.
In addition, check with the manufacturer of drive for an update to fix the problem.
-
Hello, how is it possible to create the FAT32 BOOTCAMP on CoreStorage partition via the command line interface?
I mean ' diskutil cs * " and so on..."
Yes, you must use the resizeStack command. Please see Re: how to repair fsck "your drive could not be partitioned..." Bootcamp does not as an example.
-
How to change language in Firefox interface to English in Windows?
I have Canon find where to change the settings of the interface. I need English to be the language of the interface.
If the Firefox UI (toolbars) is in the wrong language or you want to change the current language then get Firefox in the language of your choice.
You can find the full version of the current version of Firefox (41.0.2) in all languages and all systems operating here:
-
Need a MAC interface to resize fonts in the dashboard of thunderbird?
In this expanding market of Hi-rez and retina display screens a user friendly interface is desperately needed to allow for the expansion of at least the sidebar font size, otherwise the menu s in thunderbird. Not everyone who uses a computer has 20/20 vision and surely after using thunderbird on a 13 "Macbook Pro, it won't be long before you'll need sunglasses!
Hey Mozilla, this necessary improvement is expected for a long time! Seriously! I was squinting at Tbird for almost 10 years, and now I need glasses thanks to what seems to be the apparent equivalent 8pt text! I really hope that someone to kiss my request before my prescriptions are transformed into coke bottles (a quick google shows that I'm not the only one having this problem)! If the answer to this request is to whip up a quick hack to a file that does not yet exist, you think, well I can tell you that GUI users will not even know on a file name, much less how to handle the details of this stylesheet to MIA cryptic deeply called userChrome.css! Come on, lets get real for a moment...
If there is someone out there who can get out of an interface module friendly user or an extension which will give the technicians or those of us who don't want to spend 1/2 day learning how and where create this masterpiece and the other 1/2 of the day manipulating its variables, I can assure you, many users of Tbird will be grateful!To adjust the fonts in menus, thread pane, folder pane etc. :
https://addons.Mozilla.org/en-us/Thunderbird/addon/theme-font-size-changer/
-
Crack suddenly / audio distortion via USB interface
Hello
I use an iMac of retina end of 2015, which is connected to a USB AG06 Yamaha interface. The interface provides an audio output to my studio monitors.
For these months, audio works flawless, but all of a sudden yesterday things got ugly. Briefly the sound works (often less than 30 seconds) then crackling / distortion occurs, causing finally audio fade out and back in. The problem is temporarily resolved if I disable the interface and turn it back on. I have not changed the settings or installed new applications - the question is just appeared from nowhere.
Initially, I assumed that it was the fault of the USB interface, but I tested it on another Mac and it works without any problem. I tried to restart, stop, uninstall all additional audio devices, and disconnect all other USB devices, but the problem is still there. I tried other USB devices, including a Schiit Audio USB DAC on the iMac even, and it also works without any problem.
Any idea is appreciated!
Thank you.
all USB audio devices act the role of being a card usb external audio such always needs a driver, don't know if there are any drivers for the card generic usb audio if I was you, then I go to yamaha and look for an osx for your version of driver for their product
Apple do not have drivers for hardware devices of third party if included in osx, then it is because the developers of hardware committed a pilot tested and improved Apple and became part of the osx installation
If a new version of Mac OS x is installed, and yamaha has not committed a driver or the same clerk driver than the last time and he could not test it because it displays the questions you experiences in some cases, and you are upgrading, then there is no new yamaha rider so your system just stick to previous driver
Maybe you are looking for
-
What is the list of the currently supported version of Firefox?
I would like to know what versions of Firefox are supported by Mozilla. These are the versions that you can download, or is there a different list, should I be looking at?
-
Satellite Pro A200 - peripheral display Hotkey Utility for XP is not available
I just got 6 x A200s (PSAE1E-00Q002EN). These have been pre-installed with Vista, however, because of the software platform in place in my institution, I've restored the operating system to Windows XP. All the drivers installed fine form the Toshiba
-
I recently tried to enter an email address in my address book, but found that I could not get into the "at sign". For example, instead of the "at sign" I got the variant of tiny, "I thought it was a mistake to keyboard and bought a new key board but
-
Microsoft Combat Flight Simulator
I straighten to use Microsoft Combat Flight simulator on Windows 7. Everything works in the settings to calibrate the Logitech Extreme 3D Pro joystick. When I try to play, the keyboard works, but not the gamepad. Have tried the Compatibility tab. Any
-
S2440L, task/black shadow won't go away
Hello Sorry, the previous post, I tried would not be in the forum so I had to try to post again. As you can see it the task of shadow would not disappear after the test. Only, I had it for a few weeks of use and was a gift from my fiancee. He ordered