Don't type flow HP 13
Hi I recently factory zero my pc and reinstalled the wifi drivers and other at hp and made the keyboard type please help
Hello @LePixel,
Welcome to the Forums of HP Support!
I read your post about the problem of keyboard and wanted to help you!
For starters, can you provide me with the product number of the laptop? Here is a link that you can use that will help you find your model and product number:
How can I find my model number or product number?
In the meantime, please consult the following document and let me know how it goes:
HP - computer keyboard laptops laptop troubleshooting (Windows, 10, 8)
Please let me know if this information helps you solve the problem by marking this message as 'accept as Solution' , this will help others easily find the information they seek. In addition, by clicking on the Thumbs up below is a great way to say thank you!
Happy new year!
Tags: Notebooks
Similar Questions
-
don't type in the empty fields as search engines or login information
Hello
I installed firefox for android, but the problem is that noting happens when I try to type anything in the empty fields.
for example, in google.com when I tap on edit search to write s.th. to perform a search, the QWERTY keyboard appears, but no letter is threre when I type!
It also happens when in a forum, I want to enter my login details; new keyboard is displayed but no letter does when I type.
but in the address bar, I can write without any problem.
my camera is galaxy notes with android 4.0.4
Thank you.Try turning off "Don't keep the activities" of the Android settings.
- Press the home button
- Press the menu key
- Select settings
- Scroll down to developer
- Scroll down to 'Don't keep activities' and uncheck the box
-
What happens is I type something, in general, I accidentally hit the 'Shift' or something happens that otherwise made me decide to go back and change a letter to a lowercase letter, but after a BACKSPACE on a capitalized letter, I type a new letter, only that the new letter is now capitalized. So I back the thought of this letter I must have accidentally hit the 'Shift' key while typing again... I'm not. So I don't move the caps lock... no luck. It takes a return back a space behind the letter, I'm changing character before the character space will allow a lowercase to appear.
This behavior started after upgrading to iOS 9.2 (and I use a Smart keyboard). I already checked and turned off "Auto-capitalisation" and "AutoCorrect". At this point, I can't think of another setting that could consistently produce this behavior. All the world experienced and/or sounds like a bug?
Just an update so it doesn't matter which allows to diagnose a problem, this bug does not happen in mailboxes mailbox for these forums (such as the boxes provided to type your answers in), but it does in native applications.
-
Wireless 800 keyboard some keys don't type symbol
I just installed 800 wireless keyboard. Some keyboard keys not typing the symbol displayed on the key. For example when I try to type the question mark when you press shift and the button with a question mark for this _. I have a problem with a number of keys.
I installed the drivers will and still experience this problem. All advice given graciously received.
Hi Wairds,
Have you changed the keyboard to another language?
This kind of problem occurs if the keyboard layout is changed to another format like English (United Kingdom) or other non-English of the provision.
Try to define the layout of the English (United States) and check if you face this problem.
http://Windows.Microsoft.com/en-CA/Windows/change-keyboard-layout#1TC=Windows-Vista
-
the mouse does not well, typing is slow and have to wait for the words to catch up, internet or disable, this has just begun, I can't select things very well, it takes time to play a game or write a letter
Hi Kandikane,
A. are you referring to the touch pad or external mouse?
B. What is a USB or a wireless mouse?
C. who is the manufacturer of your computer?
D. recent changes made on your computer?You can try to update the drivers and let us know the result
1. click on Start.
2 type devmgmt.msc in the start search box and press on enter.
3. right click on the driver, and then choose Update.
Previous post: the result.
Bindu S - Microsoft Support
[If this post can help solve your problem, please click the 'Mark as answer' or 'Useful' at the top of this message.] [Marking a post as answer, or relatively useful, you help others find the answer more quickly.]
-
BlackBerry Classic no police don't type on Classic
I can change the font size on my new classic, however there is no font type to select from. Please someone comment on this topic.
Font size is available. Font type is NOT on the Q10, or any other device BB10 and has never been.,.
-
keyboard by clicking on sounds and sometimes don't type repeated letters
I was watching TV with my fiance and his foot kept hitting the laptop. He started making rattling noises so I went to check. the screen was a message to the top sticky keys or something, I pressed cancel and now all my keyboards, looted. I have to wait a second before you type the same letter and it made a noise of rattling for each key pressed. What is - this and how to fix it?
Hi Russ,
-What is the brand and model of the laptop?
I suggest you to disable sticky keys and check if it helps.
Make the keyboard easier to use
Please post back with the results and we will be happy to help you further.
-
wireless keyboards that do not answer or type incorrect characters
Hello, I contacted Dell a couple of times and everything they have done has tried to update my drivers that did not work, or they had me use a wired keyboard that still had the problem.
When typing my keyboard makes a break, don't type, types the same character repeatedly, takes up to 30 seconds between the characters to be able to type a different and at other times, there is zero problem. This can happen several times a day. It happens with IE, Firefox, type in word, try to access a Web site. Its very frustrating.
I use Windows 7 with a wireless keyboard. If anyone has any ideas on how to solve this problem, I would appreciate it!
Hello
Welcome to Microsoft Community where you can find the answers related to Windows.
According to the description, it looks like you are facing a problem with the keyboard.
It would be great if you could answer these questions to help you further.
1. What is the brand and model of the keyboard?
2 have you made changes on the computer before this problem?I suggest to see the steps in the following methods and check if it helps.
Mouse, touchpad and keyboard under Windows problems: http://windows.microsoft.com/en-US/windows/help/mouse-touchpad-and-keyboard-problems-in-windows?T1=tab05
Troubleshoot the incidents of the response to the mouse or wireless keyboard: http://support.microsoft.com/kb/838398
If you need Windows guru, do not hesitate to post your questions and we will be happy to help you.
-
When I type a font (any kind) and then stroke it, it looks good, until I ask to vectorize (before you send it to a print shop), it seems bad.
is there a way to keep the look?
Type described will look worse then the original because well done vector type has 'hinting '. They are better at low resolution.
There is no way to prevent this. Actually, things like newsletter created by InDesign, etc. will fall completely because they are not part of the police.
Many of us, but also professionals from Adobe, do not believe that there should be no reason of vector fonts. Create a PDF file properly should provide all the information needed to print it. See this announcement I made a few years previously to InDesignSecrets.com:
http://InDesignSecrets.com/outlining-fonts-is-it-necessary.php
Not everyone agrees, including printers that have very old RIPs and very old workflows, as you can read in the reviews below the display.
-
Issue of pagination on the flow of a new user
I'm pretty new to ID, but am making progress. I created my documents and were assembled in my book. When I export the book in PDF format, the documents don't always flow together. I don't care if a document starts on the left or right, just that it works continuously. I took the attached screen shot, because I'm not as sure as if I know the right vocabulary to express what I see so that see you it too.
Propagation labeled 1 is correct and it flows towards 2 correctly or I should say that I expect to work. What I want, it's marked page 3 to sink to 4 in the same spread, even if they are in different documents. Hope this helps.
In my mind all documents were created in the same way and all share the same Master Page... Thank you in advance.
Jeff
You can post a screenshot of the book panel, please?
I suspect that the problem is you are tyring to export pasta to spread instead of single pages, and you can not combine pages of documents in a spread when you export the book, but I can't tell from the picture you have posted.
-
Type get lost...
I came across an ad from back in 2006 - the individual was having this problem, but it received no response. Don't know if he was using FW CS3, but I when I open a Photoshop in FW file, any type in the file gets beat - box type is greatly expanded and if I don't type ANYTHING in the box, everything blows up. The type developed (increased attack) to fill the extended area.
Why is this happening? Is there a way to fix this? VERY frustrating, but I love everything else about FW.
-bryanSome tests and it seems that this happens regardless of the font used. BUT it also seems that Fireworks simply cannot understand a leader 'AUTO' in Photoshop. Fireworks blowing the main way or completely it is falling apart. Set a font to, say, 12/14 and it imports and Fireworks very well. Looks like I have to specify leader and not leave it to 'AUTO '.
-
Try to find what happened. I had the remote end raise the tunnel, as they can ping resources on my side. I am unable to ping 10.90.238.148 through this tunnel. I used to be able to until the interface of K_Inc has been added. The network behind this interface is 10/8.
I asked a question earlier in another post and advises him to play opposite road of Cryptography. And who did it. I was able to ping 10.90.238.148 of 192.168.141.10, with the config below.
I am at a loss to why I can't all of a sudden. A bit of history, given routes have not changed. By adding the command set opposite road to cryptography, I find myself with a static entry for the 10.90.238.0 network is what fixed it initially so I don't think it's a problem of route. The remote end had an overlap with the 192.168.141.0/24 that is why my side is natted on the 10.40.27.0. None of the nats have changed so if adding the reverse route worked for a day, it should still work. Any thoughts?
interface GigabitEthernet0/3.10
VLAN 10
nameif K_Inc
security-level 100
IP address 192.168.10.254 255.255.255.0
interface GigabitEthernet0/3.141
VLAN 141
cold nameif
security-level 100
IP 192.168.141.254 255.255.255.0
(Cold) NAT 0 access-list sheep
NAT (cold) 1 192.168.141.0 255.255.255.0
Access extensive list ip 192.168.141.0 CSVPNOFFSITE allow 255.255.255.0 10.90.238.0 255.255.255.0
Access extensive list ip 10.40.27.0 CSVPNOFFSITE allow 255.255.255.0 10.90.238.0 255.255.255.0
Access extensive list ip 192.168.141.0 CSVPNNAT allow 255.255.255.0 10.90.238.0 255.255.255.0
IP 10.40.27.0 allow Access-list extended sheep 255.255.255.0 10.90.238.0 255.255.255.0
static 10.40.27.0 (cold, outside) - CSVPNNAT access list
card crypto Outside_map 5 corresponds to the address CSVPNOFFSITE
card crypto Outside_map 5 the value reverse-road
card crypto Outside_map 5 set pfs
card crypto Outside_map 5 set peer 20.x.x.3
Outside_map 5 transform-set ESP-3DES-MD5 crypto card game
card crypto Outside_map 5 defined security-association life seconds 28800
card crypto Outside_map 5 set security-association kilobytes of life 4608000
tunnel-group 20.x.x.3 type ipsec-l2l
20.x.x.3 Group of tunnel ipsec-attributes
pre-shared-key *.
Route outside 0.0.0.0 0.0.0.0 7.x.x.1 1
Route 10.0.0.0 K_Inc 255.192.0.0 192.168.10.252 1
Route K_Inc 10.64.0.0 255.224.0.0 192.168.10.252 1
Route K_Inc 10.100.100.0 255.255.255.0 192.168.10.252 1
Route K_Inc 10.128.0.0 255.128.0.0 192.168.10.252 1
Tunnel is up:
14 peer IKE: 20.x.x.243
Type: L2L role: answering machine
Generate a new key: no State: MM_ACTIVE
EDIT:
I just noticed when tracer packet i run I don't get a phase VPN or encrypt:
Packet-trace entry cold tcp 192.168.141.10 80 80 10.90.238.148 det
Phase: 1
Type: FLOW-SEARCH
Subtype:
Result: ALLOW
Config:
Additional information:
Not found no corresponding stream, creating a new stream
Phase: 2
Type:-ROUTE SEARCH
Subtype: entry
Result: ALLOW
Config:
Additional information:
in 10.90.238.0 255.255.255.0 outside
Phase: 3
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional information:
Direct flow from returns search rule:
ID = 0xad048d08, priority = 0, sector = option-ip-enabled, deny = true
hits = 2954624, user_data = 0 x 0, cs_id = 0 x 0, reverse, flags = 0 x 0 = 0 protocol
SRC ip = 0.0.0.0 mask 0.0.0.0, port = 0 =
DST ip = 0.0.0.0 mask = 0.0.0.0, port = 0, dscp = 0 x 0
Phase: 4
Type: QOS
Subtype:
Result: ALLOW
Config:
Additional information:
Direct flow from returns search rule:
ID = 0xb2ed4b80, priority = 72, domain = qos by class, deny = false
hits = 2954687, user_data = 0xb2ed49d8, cs_id = 0 x 0, reverse, flags = 0 x 0 = 0 protocol
SRC ip = 0.0.0.0 mask 0.0.0.0, port = 0 =
DST ip = 0.0.0.0 mask = 0.0.0.0, port = 0, dscp = 0 x 0
Phase: 5
Type: FOVER
Subtype: Eve-updated
Result: ALLOW
Config:
Additional information:
Direct flow from returns search rule:
ID = 0xad090180, priority = 20, area = read, deny = false
hits = 618776, user_data = 0 x 0, cs_id = 0 x 0, flags = 0 x 0, Protocol = 6
SRC ip = 0.0.0.0 mask 0.0.0.0, port = 0 =
DST ip = 0.0.0.0 mask = 0.0.0.0, port = 0, dscp = 0 x 0
Phase: 6
Type: NAT
Subtype:
Result: ALLOW
Config:
static (ColdSpring, external) 74.x.x.50 192.168.141.10 netmask 255.255.255.255
match ip host 192.168.141.10 ColdSpring outside of any
static translation at 74.x.x.50
translate_hits = 610710, untranslate_hits = 188039
Additional information:
Definition of static 192.168.141.10/0 to 74.112.122.50/0 using subnet mask 255.255.255.255
Direct flow from returns search rule:
ID = 0xac541e50, priority = 5, area = nat, deny = false
hits = 610742, user_data = 0xac541c08, cs_id = 0 x 0, flags = 0 x 0 = 0 protocol
SRC ip = 192.168.141.10, mask is 255.255.255.255, port = 0
DST ip = 0.0.0.0 mask = 0.0.0.0, port = 0, dscp = 0 x 0
Phase: 7
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (ColdSpring, dmz) 192.168.141.0 192.168.141.0 netmask 255.255.255.0
match ip ColdSpring 192.168.141.0 255.255.255.0 dmz all
static translation at 192.168.141.0
translate_hits = 4194, untranslate_hits = 20032
Additional information:
Direct flow from returns search rule:
ID = 0xace2c1a0, priority = 5, area = host, deny = false
hits = 2954683, user_data = 0xace2ce68, cs_id = 0 x 0, reverse, flags = 0 x 0 = 0 protocol
SRC ip = 192.168.141.0, mask is 255.255.255.0, port = 0
DST ip = 0.0.0.0 mask = 0.0.0.0, port = 0, dscp = 0 x 0
Phase: 8
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional information:
Reverse flow from returns search rule:
ID = 0xaacbcb90, priority = 0, sector = option-ip-enabled, deny = true
hits = 282827537, user_data = 0 x 0, cs_id = 0 x 0, reverse, flags = 0 x 0 = 0 protocol
SRC ip = 0.0.0.0 mask 0.0.0.0, port = 0 =
DST ip = 0.0.0.0 mask = 0.0.0.0, port = 0, dscp = 0 x 0
Phase: 9
Type: QOS
Subtype:
Result: ALLOW
Config:
Additional information:
Reverse flow from returns search rule:
ID = 0xb2ed5c78, priority = 72, domain = qos by class, deny = false
hits = 4749562, user_data = 0xb2ed5ad0, cs_id = 0 x 0, reverse, flags = 0 x 0 = 0 protocol
SRC ip = 0.0.0.0 mask 0.0.0.0, port = 0 =
DST ip = 0.0.0.0 mask = 0.0.0.0, port = 0, dscp = 0 x 0
Phase: 10
Type: CREATING STREAMS
Subtype:
Result: ALLOW
Config:
Additional information:
New workflow created with the 339487904 id, package sent to the next module
Information module for forward flow...
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_fp_tracer_drop
snp_ifc_stat
Information for reverse flow...
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_adjacency
snp_fp_fragment
snp_fp_tracer_drop
snp_ifc_stat
Phase: 11
Type:-ROUTE SEARCH
Subtype: output and contiguity
Result: ALLOW
Config:
Additional information:
found 7.x.x.1 of next hop using ifc of evacuation outside
contiguity Active
0007.B400.1402 address of stretch following mac typo 51982146
Result:
input interface: cold
entry status: to the top
entry-line-status: to the top
output interface: outside
the status of the output: to the top
output-line-status: to the top
Action: allow
What version are you running to ASA?
My guess is that your two static NAT is configured above policy nat you have configured for the VPN? If this is the case, move your above these static NAT NAT policy and you should see the traffic start to flow properly.
--
Please note all useful posts
-
Site-to-Site VPN Ping does not
I configured a vpn site-to site between two firewalls ASA 5505. Establishes the tunnel, but the icmp traffic does not pass. In fact, ping worked twice, but only at random. I need to work on a regular basis. I have attached the configurations as well as an output of the packet - trace both of the ASA and the IPSec and its ISAKMP. Thanks for any help you can provide.
ASA Configuration 1:
ASA Version 8.0 (3)
!
hostname asa1
activate the encrypted password of A.zMQonBIU0NmOC0
names of
!
interface Vlan1
nameif inside
security-level 100
IP 10.1.50.253 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP 1.1.1.1 255.255.255.240
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
OMV1AjIsWknnKr9H encrypted passwd
boot system Disk0: / asa803 - k8.bin
passive FTP mode
acl_out list extended access permit tcp any host 63.76.12.195 eq smtp
acl_out list extended access permit tcp any host 63.76.12.195 eq www
acl_out list extended access permit tcp any host 63.76.12.195 eq 3389
acl_out list extended access permit tcp any host 63.76.12.195 eq ftp
acl_out list extended access permit tcp any host 63.76.12.195 eq ftp - data
acl_out list extended access permit tcp any host 63.76.12.195 eq telnet
acl_out list extended access permit tcp any host 63.76.12.195 eq 5800
acl_out list extended access permit tcp any host 63.76.12.195 eq 5900
acl_out list extended access permit tcp any host 63.76.12.195 eq https
acl_out list extended access permit tcp any host 63.76.12.196 eq www
acl_out list extended access permit tcp any host 63.76.12.196 eq https
acl_out list extended access permit tcp any host 63.76.12.196 eq smtp
acl_out list extended access permit tcp any host 63.76.12.196 eq 3389
acl_out list extended access permit icmp any one
access-list 101 extended allow ip 10.1.50.0 255.255.255.0 10.1.40.0 255.255.255.0
access-list 101 extended allow ip 10.1.50.0 255.255.255.0 10.1.51.0 255.255.255.0
vpn-fargo extended ip 10.1.50.0 access list allow 255.255.255.0 10.1.51.0 255.255.255.0
pager lines 24
Enable logging
debug logging in buffered memory
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
IP local pool ippool 10.1.40.1 - 10.1.40.254
ICMP unreachable rate-limit 1 burst-size 1
ICMP allow any inside
ICMP allow all outside
ASDM image disk0: / asdm - 523.bin
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
(Inside) NAT 0-list of access 101
NAT (inside) 1 0.0.0.0 0.0.0.0
static (inside, outside) 1.1.1.2 tcp ftp 10.1.50.3 ftp netmask 255.255.255.255
static (inside, outside) 1.1.1.2 tcp ftp - data 10.1.50.3 ftp - data netmask 255.255.255.255
static (inside, outside) 1.1.1.2 tcp telnet 10.1.50.3 telnet netmask 255.255.255.255
static (inside, outside) tcp 1.1.1.2 5800 10.1.50.102 5800 netmask 255.255.255.255
static (inside, outside) 1.1.1.2 tcp 5900 10.1.50.102 5900 netmask 255.255.255.255
static (inside, outside) 1.1.1.2 tcp 3389 10.1.50.5 3389 netmask 255.255.255.255
static (inside, outside) 1.1.1.3 10.1.50.6 netmask 255.255.255.255
Access-group acl_out in interface outside
Route outside 0.0.0.0 0.0.0.0 1.1.1.0 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout, uauth 0:05:00 absolute
dynamic-access-policy-registration DfltAccessPolicy
Enable http server
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-3des esp-md5-hmac RIGHT
Crypto-map dynamic dynmap 10 transform-set RIGHT
map mymap 10-isakmp ipsec crypto dynamic dynmap
card crypto mymap 20 match address vpn-fargo
card crypto mymap 20 peers set 2.2.2.2
card crypto mymap 20 transform-set RIGHT
crypto mymap 20 card value reverse-road
mymap outside crypto map interface
crypto isakmp identity address
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
crypto ISAKMP policy 20
preshared authentication
aes-256 encryption
sha hash
Group 5
life 86400
crypto ISAKMP ipsec-over-tcp port 10000
Telnet timeout 5
SSH 0.0.0.0 0.0.0.0 inside
SSH timeout 5
Console timeout 0
management-access inside
dhcpd outside auto_config
!
a basic threat threat detection
Statistics-list of access threat detection
internal group vpn3000 strategy
attributes of the strategy group vpn3000
value of server WINS 10.1.50.5
value of 10.1.50.5 DNS server 10.1.50.6
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value 101
asa1.com value by default-field
disable authentication of the user
the address value ippool pools
encrypted vpn Tw.atDK7GScnXkMJ password username
vpn tunnel-group type remote access
VPN tunnel-group general attributes
Group Policy - by default-vpn3000
jtvpn group of tunnel ipsec-attributes
pre-shared-key *.
tunnel-group 2.2.2.2 type ipsec-l2l
2.2.2.2 tunnel-group ipsec-attributes
pre-shared-key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
inspect the icmp
inspect the icmp error
!
global service-policy global_policy
context of prompt hostname
: end
ASA 2 configuration:
ASA Version 8.2 (1)
!
hostname asa2
activate the encrypted password of A.zMQonBIU0NmOC0
1vU9VISnc.IQ6OSN encrypted passwd
names of
!
interface Vlan1
nameif inside
security-level 100
IP 10.1.51.253 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP address 2.2.2.2 255.255.255.240
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passive FTP mode
vpn - dsm extended ip 10.1.51.0 access list allow 255.255.255.0 10.1.50.0 255.255.255.0
IP 10.1.51.0 allow Access-list extended sheep 255.255.255.0 10.1.50.0 255.255.255.0
access outside-access list extended icmp permitted an echo
outside-access extended access list permit icmp any any echo response
outside-access extended access list permit all all unreachable icmp
access outside-access allowed list icmp exceed all once
pager lines 24
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
ICMP unreachable rate-limit 1 burst-size 1
ICMP allow any inside
ICMP allow all outside
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0 access-list sheep
NAT (inside) 1 0.0.0.0 0.0.0.0
access-outside group access component software snap-in interface outside
Route outside 0.0.0.0 0.0.0.0 2.2.2.0 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
the ssh LOCAL console AAA authentication
Enable http server
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set ESP-3DES esp-3des esp-md5-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
card crypto mymap 10 correspondence address vpn - dsm
card crypto mymap 10 set peer 1.1.1.1
card crypto mymap 10 game of transformation-ESP-3DES
crypto mymap 10 card value reverse-road
mymap outside crypto map interface
crypto isakmp identity address
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
crypto ISAKMP policy 20
preshared authentication
aes-256 encryption
sha hash
Group 5
life 86400
Telnet 0.0.0.0 0.0.0.0 inside
Telnet timeout 5
SSH 0.0.0.0 0.0.0.0 inside
SSH timeout 5
Console timeout 0
management-access inside
dhcpd outside auto_config
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
tunnel-group 1.1.1.1 type ipsec-l2l
tunnel-group 1.1.1.1 ipsec-attributes
pre-shared-key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
inspect the icmp
inspect the icmp error
!
global service-policy global_policy
context of prompt hostname
: end
Packet trace of ASA1:
asa1 (config) # entry packet - trace within the icmp 10.1.50.253 1 1 detailed 10.1.51.253
Phase: 1
Type: FLOW-SEARCH
Subtype:
Result: ALLOW
Config:
Additional information:
Not found no corresponding stream, creating a new stream
Phase: 2
Type:-ROUTE SEARCH
Subtype: entry
Result: ALLOW
Config:
Additional information:
in 0.0.0.0 0.0.0.0 outdoors
Phase: 3
Type: ACCESS-LIST
Subtype:
Result: DECLINE
Config:
Implicit rule
Additional information:
Direct flow from returns search rule:
ID = 0xd49dcce0, priority = 500, area = allowed, deny = true
Hits = 5, user_data = 0 x 6, cs_id = 0 x 0, reverse, flags = 0 x 0 = 0 protocol
SRC ip = 10.1.50.253, mask is 255.255.255.255, port = 0
DST ip = 0.0.0.0 mask 0.0.0.0, port = 0 =
Result:
input interface: inside
entry status: to the top
entry-line-status: to the top
output interface: outside
the status of the output: to the top
output-line-status: to the top
Action: drop
Drop-reason: flow (acl-drop) is denied by the configured rule
Packet trace of ASA2:
asa2 (config) # entry packet - trace within the icmp 10.1.51.253 1 1 detailed 10.1.50.253
Phase: 1
Type: FLOW-SEARCH
Subtype:
Result: ALLOW
Config:
Additional information:
Not found no corresponding stream, creating a new stream
Phase: 2
Type:-ROUTE SEARCH
Subtype: entry
Result: ALLOW
Config:
Additional information:
in 10.1.50.0 255.255.255.0 outside
Phase: 3
Type: ACCESS-LIST
Subtype:
Result: DECLINE
Config:
Implicit rule
Additional information:
Direct flow from returns search rule:
ID = 0xc9583648, priority = 500, area = allowed, deny = true
hits = 9, user_data = 0 x 6, cs_id = 0 x 0, reverse, flags = 0 x 0 = 0 protocol
SRC ip = 10.1.51.253, mask is 255.255.255.255, port = 0
DST ip = 0.0.0.0 mask = 0.0.0.0, port = 0, dscp = 0 x 0
Result:
input interface: inside
entry status: to the top
entry-line-status: to the top
output interface: outside
the status of the output: to the top
output-line-status: to the top
Action: drop
Drop-reason: flow (acl-drop) is denied by the configured rule
ASA 1 IPSec security association:
peer address: 2.2.2.2
Tag crypto map: dynmap, seq num: 10, local addr: 1.1.1.1
local ident (addr, mask, prot, port): (10.1.50.0/255.255.255.0/0/0)
Remote ident (addr, mask, prot, port): (10.1.51.0/255.255.255.0/0/0)
current_peer: 2.2.2.2
#pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
decaps #pkts: 5, #pkts decrypt: 5, #pkts check: 5
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 0, comp #pkts failed: 0, #pkts Dang failed: 0
success #frag before: 0, failures before #frag: 0, #fragments created: 0
Sent #PMTUs: 0, #PMTUs rcvd: 0, reassembly: 20th century / of frgs #decapsulated: 0
#send errors: 0, #recv errors: 0
endpt local crypto. : 1.1.1.1, remote Start crypto. : 2.2.2.2
Path mtu 1500, fresh ipsec generals 58, media, mtu 1500
current outbound SPI: 1F3E7E3A
SAS of the esp on arrival:
SPI: 0x1DFAE5E0 (502982112)
transform: esp-3des esp-md5-hmac no
running parameters = {L2L, Tunnel}
slot: 0, id_conn: 77824, crypto-card: dynmap
calendar of his: service life remaining (KB/s) key: (3824999/28036)
Size IV: 8 bytes
support for replay detection: Y
outgoing esp sas:
SPI: 0x1F3E7E3A (524189242)
transform: esp-3des esp-md5-hmac no
running parameters = {L2L, Tunnel}
slot: 0, id_conn: 77824, crypto-card: dynmap
calendar of his: service life remaining (KB/s) key: (3825000/28034)
Size IV: 8 bytes
support for replay detection: Y
ASA 1 ISAKMP Security Association:
1 peer IKE: 2.2.2.2
Type: L2L role: answering machine
Generate a new key: no State: MM_ACTIVE
ASA 2 IPSec security association:
peer address: 1.1.1.1
Tag crypto map: mymap, seq num: 10, local addr: 2.2.2.2
list of access vpn - dsm allowed ip 10.1.51.0 255.255.255.0 10.1.50.0 255.255.255.0
local ident (addr, mask, prot, port): (10.1.51.0/255.255.255.0/0/0)
Remote ident (addr, mask, prot, port): (10.1.50.0/255.255.255.0/0/0)
current_peer: 63.76.12.194
#pkts program: 5, #pkts encrypt: 5, #pkts digest: 5
#pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 5, comp #pkts failed: 0, #pkts Dang failed: 0
success #frag before: 0, failures before #frag: 0, #fragments created: 0
Sent #PMTUs: 0, #PMTUs rcvd: 0, reassembly: 20th century / of frgs #decapsulated: 0
#send errors: 0, #recv errors: 0
endpt local crypto. : 2.2.2.2, remote Start crypto. : 1.1.1.1
Path mtu 1500, fresh ipsec generals 58, media, mtu 1500
current outbound SPI: 1DFAE5E0
SAS of the esp on arrival:
SPI: 0x1F3E7E3A (524189242)
transform: esp-3des esp-md5-hmac no compression
running parameters = {L2L, Tunnel}
slot: 0, id_conn: 81920, crypto-map: mymap
calendar of his: service life remaining (KB/s) key: (4374000/27900)
Size IV: 8 bytes
support for replay detection: Y
Anti-replay bitmap:
0x00000000 0x00000001
outgoing esp sas:
SPI: 0x1DFAE5E0 (502982112)
transform: esp-3des esp-md5-hmac no compression
running parameters = {L2L, Tunnel}
slot: 0, id_conn: 81920, crypto-map: mymap
calendar of his: service life remaining (KB/s) key: (4373999/27900)
Size IV: 8 bytes
support for replay detection: Y
Anti-replay bitmap:
0x00000000 0x00000001
ASA 2 ISAKMP Security Association:
1 peer IKE: 1.1.1.1
Type: L2L role: initiator
Generate a new key: no State: MM_ACTIVE
Hi Mike,.
I see the following in your configuration:
map mymap 10-isakmp ipsec crypto dynamic dynmap
Sequence number of Th for the peer 2.2.2.2 is 20 so we first hit the dynamic map that could cause this problem.
To avoid this, I suggest you do the following:
No map mymap 10-isakmp ipsec crypto dynamic dynmap
map mymap 65535-isakmp ipsec crypto dynamic dynmap
To validate this fact, if you look at the SA on ASA1 ipsec, you will find that it was negotiated with dymap (card crypto seq 10) and not 20!
ASA 1 IPSec security association:
peer address: 2.2.2.2
Tag crypto map: dynmap, seq num: 10, local addr: 1.1.1.1
local ident (addr, mask, prot, port): (10.1.50.0/255.255.255.0/0/0)
Remote ident (addr, mask, prot, port): (10.1.51.0/255.255.255.0/0/0)
current_peer: 2.2.2.2
#pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
decaps #pkts: 5, #pkts decrypt: 5, #pkts check: 5
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 0, comp #pkts failed: 0, #pkts Dang failed: 0
success #frag before: 0, failures before #frag: 0, #fragments created: 0
Sent #PMTUs: 0, #PMTUs rcvd: 0, reassembly: 20th century / of frgs #decapsulated: 0
#send errors: 0, #recv errors: 0
Hope this helps!
See you soon,.
Manasi!
-
VPN Cisco ASA 5540 L2L - one-way traffic only for the pair to a network
Hello
I'm a little confused as to which is the problem. This is the premise for the problem I have face.
One of our big clients has a Cisco ASA5540 (8.2 (2)) failover (active / standby). Early last year, we have configured a VPN from Lan to Lan to a 3rd party site (a device of control point on their end). He worked until early this week when suddenly the connection problems.
Only 1 of the 3 networks the / guests can access a remote network on the other side. 2 others have suddenly stopped working. We do not know of any change on our side and the remote end also insists that their end configurations are correct (and what information they sent me it seems to be correct)
So essentially the encryption field is configured as follows:
access-list
line 1 permit extended ip 10.238.57.21 host 10.82.0.202 (hitcnt = 2)
access-listline 2 extended permit ip 10.207.0.0 255.255.0.0 10.82.0.200 255.255.255.252 (hitcnt = 198)
access-listline 3 extended permit ip 10.231.191.0 255.255.255.0 10.82.0.200 255.255.255.252 (hitcnt = 173) Free NAT has been configured as follows (names modified interfaces):
NAT (interface1) 0-list of access to the INTERIOR-VPN-SHEEP
the INTERIOR-VPN-SHEEP line 1 permit access list extended ip 10.231.191.0 255.255.255.0 10.82.0.200 255.255.255.252
permit for Access-list SHEEP-VPN-INSIDE line lengthened 2 ip host 10.238.57.21 10.82.0.202NAT (interface2) 0-list of access VPN-SHEEP
VPN-SHEEP line 1 permit access list extended ip 10.207.0.0 255.255.0.0 10.82.0.200 255.255.255.252
After the problem started only 10.207.0.0/16 network connections worked for the site remote 10.82.0.200/30. All other connections do not work.
There has been no change made on our side and on the side remote also insists there has been no change. I also checked how long the ASAs have been upward and how long the same device has been active in the failover. Both have been at the same time (about a year)
The main problem is that users of the 10.231.191.0/24 cant access remote network network. However, the remote user can initiate and implement the VPN on their side but usually get any return traffic. Ive also checked that the routes are configured correctly in the routers in core for the return of their connections traffic should go back to the firewall.
Also used of "packet - trace" event raising the VPN tunnel (even if it passes the phases VPN). For my understanding "packet - trace" alone with the IP source and destination addresses must activate the VPN connection (even if it generates no traffic to the current tunnel).
This is printing to the following command: "packet - trace entry interface1 tcp 10.231.191.100 1025 10.82.0.203 80.
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit rule
Additional information:
MAC access listPhase: 2
Type: FLOW-SEARCH
Subtype:
Result: ALLOW
Config:
Additional information:
Not found no corresponding stream, creating a new streamPhase: 3
Type:-ROUTE SEARCH
Subtype: entry
Result: ALLOW
Config:
Additional information:
in 10.82.0.200 255.255.255.252 outsidePhase: 4
Type: ACCESS-LIST
Subtype: Journal
Result: ALLOW
Config:Access-group interface interface1
access-list extendedallow ip 10.231.191.0 255.255.255.0 10.82.0.200 255.255.255.252
Additional information:Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional information:Phase: 6
Type: INSPECT
Subtype: np - inspect
Result: ALLOW
Config:
class-map inspection_default
match default-inspection-traffic
Policy-map global_policy
class inspection_default
inspect the http
global service-policy global_policy
Additional information:Phase: 7
Type: FOVER
Subtype: Eve-updated
Result: ALLOW
Config:
Additional information:Phase: 8
Type: NAT-FREE
Subtype:
Result: ALLOW
Config:
NAT-control
is the intellectual property inside 10.231.191.0 255.255.255.0 outside 10.82.0.200 255.255.255.252
Exempt from NAT
translate_hits = 32, untranslate_hits = 35251
Additional information:-Phase 9 is a static nat of the problem to another network interface. Don't know why his watch to print.
Phase: 9
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (interface1, interface3) 10.231.0.0 10.231.0.0 255.255.0.0 subnet mask
NAT-control
is the intellectual property inside 10.231.0.0 255.255.0.0 interface3 all
static translation at 10.231.0.0
translate_hits = 153954, untranslate_hits = 88
Additional information:-Phase 10 seems to be the default NAT for the local network configuration when traffic is to the Internet
Phase: 10
Type: NAT
Subtype:
Result: ALLOW
Config:
NAT (interface1) 5 10.231.191.0 255.255.255.0
NAT-control
is the intellectual property inside 10.231.191.0 255.255.255.0 outside of any
dynamic translation of hen 5 (y.y.y.y)
translate_hits = 3048900, untranslate_hits = 77195
Additional information:Phase: 11
Type: VPN
Subtype: encrypt
Result: ALLOW
Config:
Additional information:Phase: 12
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional information:Phase: 13
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional information:Phase: 14
Type: CREATING STREAMS
Subtype:
Result: ALLOW
Config:
Additional information:
New workflow created with the 1047981896 id, package sent to the next moduleResult:
input interface: interface1
entry status: to the top
entry-line-status: to the top
output interface: outside
the status of the output: to the top
output-line-status: to the top
Action: allowSo, basically, the connection should properly go to connect VPN L2L but yet is not. I tried to generate customer traffic of base (with the source IP address of the client network and I see the connection on the firewall, but yet there is absolutely no encapsulated packets when I check "crypto ipsec to show his" regarding this connection VPN L2L.) Its almost as if the firewall only transfers the packets on the external interface instead of encapsulating for VPN?
And as I said, at the same time the remote end can activate the connection between these 2 networks very well, but just won't get any traffic back to their echo ICMP messages.
access-list extended
allow ip 10.231.191.0 255.255.255.0 10.82.0.200 255.255.255.252
local ident (addr, mask, prot, port): (10.231.191.0/255.255.255.0/0/0)
Remote ident (addr, mask, prot, port): (10.82.0.200/255.255.255.252/0/0)
current_peer: y.y.y.y#pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
#pkts decaps: 131, #pkts decrypt: 131, #pkts check: 131
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 0, comp #pkts failed: 0, #pkts Dang failed: 0
success #frag before: 0, failures before #frag: 0, #fragments created: 0
Sent #PMTUs: 0, #PMTUs rcvd: 0, reassembly: 20th century / of frgs #decapsulated: 0
#send errors: 0, #recv errors: 0If it was just a routing problem it would be a simple thing to fix, but it is not because I can see the connection I have to confirm it by the router base on the firewall, but they don't just get passed on to the VPN connection.
Could this happen due to a bug in the Software ASA? Would this be something with Checkpoint VPN device? (I have absolutely no experience with devices of control point)
If there is any essential information that I can give, please ask.
-Jouni
Jouni,
8.2.4.1 is the minimum - 8.2.4 had some issues (including TCP proxy).
If this does not resolve the problem - I suggest open TAC box to get to the bottom of this ;-)
Marcin
-
iPad IOS 10 - AutoCorrect keyboard does not turn off?
I don't know if it is a problem of IOS 10 or if it is a question of the iPad. One of the first things I do when I get a new device is turn off easily. I hate to correct automatically, but it seems not turning off itself. I was typing a message to a friend of mine and to instead keep the word I typed (Pervy) it replaces (Percy).
I just upgraded to IOS 10 and checked to see if the AutoCorrect has been disabled or if she has it on again. Even with typing this message, it keeps replacing words on me with words that I don't type and are not what they should be. It is not a question of spelling either, so I don't know what to do to fix, but it's very annoying.
Hello. You may also need to disable predictive. If you are using a physical keyboard, there are different settings for it. They appear only when it is connected.
Maybe you are looking for
-
MY iphone6 had problems and rather then download all of my info icloud we brought back down to 90 days of photos and contacts. But I want to bring everything up to a separate phone so that I can make the photo cd
-
How to import a photo online unique genealogy program?
I have already imported unique photos in a genealogy online program by dragging from iPhoto. However, when I drag an image from Photos, I get "there is no file to import" the program online. How can I do this - I don't think that this program has an
-
Can annotate is no longer in the preview
To take notes in class, I used to save PowerPoint slides in PDF format in the format '3 slides per page with notes. Previously, I had no problem opening the PDF file in preview and clicking on the lines that would automatically provide a text field f
-
Pavilion 13-b080sa: main (internal) battery HP Pavillion 13-b080sa
Whenever I start my laptop, I get an alert of battery (601). I tried to perform the battery check, but that doesn't seem to work. It does not get one plus far only 1%, 2 minutes left. By pressing the ESC key to stop checking the battery does not eith
-
I bought this new laptop, HP Pavilion 14-v052tx, recently. I am running Windows 8.1 64 bit on this device. I want to downgrade to Windows 7 64-bit. It comes with 2 GB Nvidia GeForce 830 M dedicated GPU and Alps Touchpad. When I go to the device drive