E due submission request known firewall/proxy

Similar Questions

• problems with vpn firewall/proxy configuration

  Hello

  I want to access vpn through firewall/proxy (Client VPN) client-side.

  I installed the vpn gateway as firewall pix 515 using Microsoft CA IKE SA.

  I want to establish the vpn tunnel to my vpn through a proxy/firewall client.

  I tried in some places of vpn client where the firewall acts as a linux machine in which he allowed with the ipsec and NAT esp feature. Its works perfectly. But only one concurrent vpn client. Also the first tunnel vpn disconnects when the second user tries without knowing the first established tunnel.

  I heard that we can drive this problem using "NAT Taversal" mode which is available in version ios 6.3 as concentrator 3000 Cisco pix.

  I want to know how NAT Traversal can solve my problem in which multiple concurrent users without support nat esp in a configuration only one simultaneous user without support nat esp in a configuration of firewall/proxy or firewall/proxy.

  Thank you

  Karthikeyan V

  The VPN client is able to detect that he's been through a NAT/PAT device on the way to the hub/PIX, and then if both ends support it, they will automatically start NAT - T and encapsulate the IPSec packets in UDP port 4500 packets. These can then be NAT would properly and you will not get disconnections or problems you currently see.

  You don't see that a client can connect and customers being disconnected when the other connects it is your PAT instrument cannot process the ISAKMP and IPSec packets correctly. It is a fairly common symptom.

  PIX v6.3 code will support NAT - T, should be available in March sometime.

• WinXP & company firewall/Proxy: why keep my account is deactivated?

  I work in a large corporate network environment, but my problem is not important enough for our company for assistance troubleshooting so I thought that I should reach out to the community for help.

  We have a standard Office corporate WinXP + SP3 and an Active Directory environment. To access the public Internet, a user must be a member of an Active Directory group, allowing it. The company also is Internet Explorer 8. It must also pass through a server proxy and firewall to access the public Internet.

  MY PROBLEM:

  • In the course of a day, I open Internet Explorer 8 and many other applications to do my job (Outlook, Winword, etc.). If I do not use Internet Explorer for a long period of time (an hour or more) then come back to use it (a Google search for example) I find that my Windows account has been disabled. Then, I need technical support to unlock my account to return to work. This has happened 5 times in one day once.

  I guess that something is trying to access a public Web site and I'm disabled because too many attempts to go through our firewall... but I can't isolate to prove.

  Can someone suggest how to solve this problem. Alternatively, provide a better place to ask this question?

  Thank you

  -Allen

  Hi Allen,.

  I suggest you to contact the network administrator for assistance that your computer is on a domain environment.

  I suggest that you post the question in the TechNet forums for better support.
  TechNet - Windows XP IT Pro

• OSB: How to send multiple requests to a proxy service.

  Hello
  
  I got a new requirement, I e, my power of Attorney must accept multiple applications of the source system and treat them sequentially. How to proceed in the proxy?
  
  Thanks in advance.

  As I am new to conditional branches,

  http://docs.Oracle.com/CD/E23943_01/admin.1111/e15867/proxy_messageflow.htm---article 21: 5

  http://docs.Oracle.com/CD/E17904_01/doc.1111/e15867/modelingmessageflow.htm#i1061669

  can u pls tell me how to do a loop for each incoming request?

  Use for each action
  http://abhinavgupta3.blogspot.in/2013/01/for-each-loop-in-OSB.html

  It could be useful!

  Kind regards
  Afonso Gupta

• Submission request new version file uncertain bundle

  Initially, we create an application using html5-webworks for only support Blackberry OS-10,.
  Now he has with Blackberry-Playbook 2.1 comparability, want add US 2 files (bundles) .bar (who compiled by ripple) for each operating system, one for BB-10 OS for Playbook OS? Or the person .bar is enough to download.

  Received response from [email protected]

  If you have 1 BAR file that will be executed on the device as a 10 BlackBerry PlayBook, you can very definitely just to create 1 package and target both devices.

• LabVIEW can access a HTTPS site behind a proxy?

  I tried to use LabVIEW to access an https through our firewall/proxy business site and were unable to operate. Anyone has any experience with this and or should this be possible?

  With success, I was able to get the LV websites (http and https) access without going through a firewall and through messages on these forums figured out how to access http site through the firewall, but have developed in white when you try all https sites. Here are a few test cases, I've tried. All these sites are easily accessible via browsers, so it is not because of the firewall/proxy iblocking.

  Any help would be appreciated,

  -Harold

  

  Well, now I understand your configuration. Unfortunately the HTTP client supports only the tunneling proxies (sometimes called gateway proxies, those who accept a connection and then move the application to another server without modifying it) because they occur without intervention of the customer. It is not supported for HTTP proxy servers (sometimes called proxies forward) which, as you have noticed, ask the customer to send a CONNECTION request to the proxy via the SSL protocol.

  To use the HTTP client here, you must configure your proxy to accept HTTPS connections on a different port using a valid SSL certificate and then forward these requests to the remote server as a proxy tunneling.

• After update to FF 30 I am no longer prompt proxy credentials

  I use FF behind a corporate firewall/proxy that requires us to enter our user credentials when you access most of the Internet sites. I've just updated v30 this morning, and immediately after the restart of all these sites were blocked with a message 'Access denied' proxy saying he lacked my credentials. In the past (and other browsers) FF popup would be a prompt asking you for my credentials. Since the v30 update prompt is no longer displayed, I don't have the ability to authenticate and proxy blocking my access.

  I tried to clear all caches, cookies, passwords, saved reset FF, and I even amazed my profile dir. Nothing seems to work. Advice, suggestions, etc. would be greatly appreciated.

  Thank you.

  Linux - RedHat Enterprise customer v6.5
  FF v30

  There was a change for Mac, but maybe the same change affects Linux? If please see this thread from yesterday and let me know if anything seems relevant to your operating system: "You are not authorized to view this page".

  Edit: By clicking on through the article on DND, the same issue affects users of Mac and Linux, so the workaround may well help you.

• HTTP through proxy connection

  I am trying to download an image from a Web site through a proxy server.  All the posts seem to refer to this article: How can I open a TCP/IP connection through a Proxy Server?  The only link that works on this article is that of the internet Toolbox, and it offers no help on proxy servers.  I have the Internet Toolbox, but there seems to be no screws that can work through a proxy.  Anyone could do this?

  Basic proxy support is not so difficult. You can change the screws to do that for you. All you need to do is to open the connection to the proxy server instead of on the destination server and change the URI in the HTTP Get request to contain the full URL at the time the name of the server and the path on this server.

  Thus, for example:

  Direct connection to the www.examples.com/mydoc.html

  You open the connection to (usually port 80) on www.examples.com and pass an HTTP GET mydoc.html request. That all screws of HTTP, you can find on the web.

  Connection through a proxy server:

  You open a connection to (any port your proxy uses for example 8080) for myproxy.mydomain.com and pass a www.examples.com/mydoc.html HTTP GET request to the proxy.

  Rolf Kalbermatter

• Windows 7 Vista 64 update fails with the error of McAfee Personal Firewall, which is not installed

  This question has been previously published, but doesn't seem to have not been resolved for my case. I have hired McAfee and they ran through their bag of tricks does not.

  The upgrade of Vista 64 Ultimate 64 Windowns fails due to McAfee Personal Firewall. However, this application has been uninstalled and also used the McAfee product removal tool. The error continues.

  I disabled all services at startup, which did not solve the problem.

  I am looking for the specific trigger for this error. What you looking for Win 7? It is a specific registry entry?

  Use the McAfee removal tool to remove it completely from your computer:

  McAfee removal tool - uninstall of McAfee

  Also search in Program Files and Program Files (x 86) for all McAfee files and delete them.

  Also perform a clean boot:

  http://support.Microsoft.com/kb/929135

• How can I add ports, proxy, white list so that I can finally install CC

  I have never been more frustrated with a program in my life. Try to install the creative cloud. I got the famous 205 error. I called adobe and they said it was a problem of internet service provider. They told me to try firstly download and install on another network, so I went to the library and still nothing. Adobe then said that they would write me a few ports to give to my Internet service provider (Windstream) and it should work. I called Windstream and they don't do that. I called adobe and they call me yet realized Windstream. I am everything on it.  Could someone explain how to do this email me asking:

  [Hey put
  

  Use the ports listed for Adobe to be added to the list of the network behind the firewall proxy.

  Please find a list of the URL of the server to the white list: -.

  ccmdls.Adobe.com:443

  IMS - na1.adobelogin.com:443

  na1r.Services.Adobe.com:443

  prod-rel-ffc - ccm.oobesaas.adobe.com:443

  LM.licenses.adobe.com:443

  In addition, the following host/port combinations are necessary to locate and download updates:

  ccmdl.Adobe.com:80

  swupmf.Adobe.com:80

  swupdl.Adobe.com:80

  Thank you and greetings]

  I also tried google & Youtube but here more confused than the original. I want to just install dreamweaver so that I can update my Web site for the love of GOD. It is not that difficult.

  Help

  Shamist32097529 the location of the download logs was referenced in the document, I offered in the #1 message.  If you want direct assistance locating and examining the logs for download so I would recommend contacting the Customer to Contactour support team.

• Consume message JMS work through proxy OSB service unit

  Hello

  Someone knows how to consume a unit of work (UOW) JMS message using a type of OSB Proxy Service of JMS?

  I can present a work unit JMS message (which is composed of several constituent messages) using a combination of service OSB proxy & business and defining the UOW transport headers properly. I can also separately produce and consume Java objects via a JMS queue where consumption is made via the proxy OSB (of type java request message), but these are not messages UOW.

  Apparently, as soon as it is a message of the UOW then consumed message is ObjectMessage ArrayList and we use the type of 'Java' request for the proxy consumer JMS message, but I'm not sure of how to create the jar of simultaneous customers for use in the transport configuration of the proxy service same JMS for output ObjectMessage ArrayList (message UOW).

  Ideally I would like to consume a single UOW XML message via a proxy OSB JMS service.

  Pointers would be appreciated.

  R

  Finally got this working!

  For posterity: necessary to insert messages JMS Java object on the side of the producer (Business Service) OSB JMS with UOW correct jms header set in the node of the transport route. Then consume the message of working group on the other side via the proxy service of jms with "java" request message type, with appropriate jar containing the class of the object as the 'Customer' jar in Transport JMS configuration. In the same JMS consumer proxy I had to make a legend of java, by transmitting the contents of $body, using java.util.ArrayList and javax.jms.ObjectMessage as entry in a method (.. decodeJavaMessage (ArrayList ...)). In this legend of java class, you can get to each ObjectMessage individual via the cast method get() on Arraylist to (ObjectMessage) and then just catalogued the getObject() on this Objectmessage in your original Java class (the same as what you have inserted initially on the queue).

  I hope someone saves some time in the future!

• OSB: Proxy proxy publish async

  Hello
  
  PS_1 publishes data of PS_2 (PS_2 wsdl has never leaving is asynchronous)
  I googled and found following http://victor-jan.blogspot.in/2012/06/osb-publish-routing-and-service-callout.html:
  
  
  Publish: Used for the only application scenarios where you do not expect a response back. The target service, that you call will depend on the nature of the action to publish (sync or async).
  Invoke an external service thanks to a business service, then publish action with quality of Service (QoS) as 'Best Effort' (default) will work as fire and forget and wire will not get blocked (asynchronous call).
  Calling a service local proxy (proxy with transport as 'local' Protocol) another proxy to help publish the action then it would be a blocking (synchronous) call and thread will be blocked until the local proxy finishes processing.
  
  The same information on multiple threads on the forum.
  
  I changed the Protocol of PS_2 for the proxy for http and tested service by publishing of PS_1.
  Then created a company of PS_2 service and published PS_1 to BS_2.
  
  
  All in vain. So is the Proxy service in Proxy Publish service IMPOSSIBLE in OSB?
  
  Can anyone confirm?
  
  Thanks and greetings
  Patricia Kharwadkar

  Patricia,

  Publish call will block if QoS is defined as exactly - once.

  If QoS is better and endpoint target is a proxy service go simple it is a call blocking (source proxy waits for the completion of flow target proxy message) and if QoS is Best-Effort and target endpoint is a request-response proxy service, then control returns to proxy source as soon as the request message of proxy target flow pipeline ends.

  Kind regards
  Anuj

• Setting up a proxy OUD to Active Directory

  As a proof of concept, I am configuring a Proxy OUD, pointed at our business environment AD (I can't control myself).
  I think I should then be able to the same ldapsearch queries I run against the AD environment to the proxy of the OUD instead and get the same results.
  
  When I ran oud-proxy-setup, I configure the instance as a load balancer, when choosing a pair of AD servers as targets and using what I believe to be the correct base DN.
  
  I have trouble to prove that this proxy is working however.
  
  This query to AD works very well.
  
  $ ldapsearch b 'OU = MyCompany, DC = company, DC = com' h [host ActiveDirectory] d 'AD_DOMAIN\fred.chagnon"w [password]-sAMAccountName ="Fred.Chagnon"
  
  but I can not send the same request to the proxy. This is probably a simple syntax error but I can't seem to fix.
  
  $ ldapsearch b "OU = MyCompany, DC = company, DC = com"-h [host of proxy oud] p - 1389 - D "AD_DOMAIN\fred.chagnon" w [password]-sAMAccountName = "Fred.Chagnon"
  ldap_bind: operations (1) error
  Additional info: the supplied value 'AD_DOMAIN\fred.chagnon' could not be parsed as a name unique valid because character '-' at position 3 is not allowed in an attribute name
  
  I also note in DOHAD, the instance is configured as a load balancer, but not as a Proxy.
  I did something wrong in my setup?

  I figured this out. I had to change the format of username (-D) to be "CN = fred.chagnon, or = company_group, dc = company, dc = com".

  Published by: fchagnon on July 11, 2012 09:57

• connections of RAW socket to the server inside the corporate network

  Hello!

  I have not found any documentation anywhere elsewhere I hope someone can help out me.

  o know for ftp/http there are a proxy that is used in the scope of work to access the servers inside the corporate network.

  But what is the best practice for an application installed on the perimeter of work to establish a raw socket connection to access network resources other than http/ftp behind my corporate firewall? so I want something like

  sock int = socket (AF_INET, SOCK_STREAM, 0);

  Connect (...) //using a host/ip within my company and port 1234

  Write (...)

  Close (sock)

  is this possible?

  and second: will it work if I use QTCPSocket?

  Hello.

  Yes, there is a recommended approach to do this for the current version of BES.  A HTTP proxy is used to connect to both corporate and external networks internal when in the scope of work.  To connect to a particular host and port, you HTTP CONNECT request to the proxy, and then once the connection is established, you have a connection with the remote server socket.  I wrote a sample application that covers the QTcpSocket / QSslSocket, BSD sockets, OpenSSL taken and connections of curvature (the species is supposed to be transparent, but there has been problems reported with some built OS).

  I'll clean up this sample application and submit for review before it is posted on GitHub.  If your need is urgent, I could share a few code snippets to help you to implement the solution for your specific use case.

• After upgrade no more VPNS to v3.6.3 (hub)

  Once we have updated version of 3.6.1 to 3.6.3 concentrator we are more able to set up a VPN session.

  Hereby the newspapers from the hub and the Cisco VPN Client.

  For security reasons, I replaced the following information:

  Concentrators c.c.c.c = IP address

  ISP of the assigned client IP = w.w.w.w.

  The client IP address assigned (from pool) Concentratot = internal g.g.g.g

  Primary DNS/WINS=D1.D1.D1.D1

  Secondary DNS/WINS=D2.D2.D2.D2

  Journal of the hub:

  2002-08-10 183 14:20:24.840 SEV = 5 IP/49 RPT = 5

  Transmitting station TCP SYN - ACK to client.w, port TCP dest 1677 pkt

  10/08/2002 184 14:20:24.850 SEV = 5 RPT IP/50 = 9

  Head of network TCP ACK from client.w, port TCP source 1677 pkt

  185 10/08/2002 14:20:24.890 SEV = 5 RPT IP/50 = 10

  Head of network TCP ACK from client.w, port TCP source 1677 pkt

  186 10/08/2002 14:20:25.190 SEV = 5 RPT IP 41 = 5

  Established client.w, the TCP source 1677 port TCP session.

  188 10/08/2002 14:20:37.170 SEV = 4 RPT IKE/52 = 5.w

  User group [TestGroup] [testuser]

  (Testuser) user authenticated.

  10/08/2002 189 14:20:37.280 SEV = 5 RPT IKE/184 = 5.w

  User group [TestGroup] [testuser]

  Client OS: Windows NT

  The client Application version: 3.6.2 (Rel) of

  192 10/08/2002 14:20:37.620 SEV = 4 RPT IKE/119 = 5.w

  User group [TestGroup] [testuser]

  PHASE 1 IS COMPLETE

  2002-08-10 193 14:20:37.630 SEV = 5 RPT IKE/25 = 5.w

  User group [TestGroup] [testuser]

  Data received from the Proxy host remote ID supported:

  Address g.g.g.g, protocol 0, Port 0

  196-10/08/2002 14:20:37.630 SEV = 5 RPT IKE/24 = 5.w

  User group [TestGroup] [testuser]

  Data received from the Proxy host local ID supported:

  Address c.c.c.c, protocol 0, Port 0

  199-10/08/2002 14:20:37.630 SEV = 5 RPT IKE/66 = 5.w

  User group [TestGroup] [testuser]

  Remote peer IKE configured for SA: ESP-AES128-SHA

  201 10/08/2002 14:20:37.630 SEV = IKE/0 4 RPT = 5.w

  User group [TestGroup] [testuser]

  All the proposals of the IPSec Security Association has deemed unacceptable!

  202-10/08/2002 14:20:37.630 SEV = 4. RPT = 5 IKEDBG/0

  Error of QM WSF (P2 struct & 0x1d150bc, mess id 0xbac8f29).

  203-10/08/2002 14:20:37.630 SEV = 4 IKEDBG/65 RPT = 5.w

  User group [TestGroup] [testuser]

  History of mistake IKE responder QM WSF (struct & 0x1d150bc)

  , :

  QM_DONE, EV_ERROR

  QM_BLD_MSG2, EV_NEGO_SA

  QM_BLD_MSG2, EV_IS_REKEY

  QM_BLD_MSG2, EV_CONFIRM_SA

  209 10/08/2002 14:20:37.640 SEV = 5 IP/43 RPT = 5

  Remove entry TCP peripheral pour.w IDE oucederomsurlesecondport 1677

  Journal of the client:

  5 14:20:24.786 08/10/02 Sev = Info/6 DIALER / 0 x 63300002

  Start the connection.

  6 14:20:24.796 08/10/02 Sev = Info/4 CM / 0 x 63100002

  Start the login process

  7 14:20:24.796 08/10/02 Sev = Info/4 CM / 0 x 63100004

  Establish a connection using Ethernet

  8 14:20:24.796 08/10/02 Sev = Info/4 CM / 0 x 63100026

  Attempt to connect with the server "c.c.c.c.

  9 14:20:24.796 10/08/02 Sev = Info/6 CM / 0 x 63100033

  Awarded the local TCP port 1677 for the TCP connection.

  10 14:20:24.866 10/08/02 Sev = Info/4 CM/0x6310002D

  TCP connection on port 10001 with Server "c.c.c.c.

  11 14:20:24.996 08/10/02 Sev = Info/4 CM / 0 x 63100026

  Attempt to connect with the server "c.c.c.c.

  12 14:20:24.996 08/10/02 Sev = Info/6 IKE/0x6300003B

  Try to establish a connection with c.c.c.c.

  13 14:20:25.017 08/10/02 Sev = Info/4 IKE / 0 x 63000013

  SEND to > ISAKMP OAK AG (SA, KE, NO, ID, VID, VID, VID) to c.c.c.c

  14 14:20:25.347 08/10/02 Sev = Info/6 IPSEC/0x6370001F

  TCP SYN sent to c.c.c.c, src port 1677, port dst 10001

  15 14:20:25.347 08/10/02 Sev = Info/6 IPSEC/0x6370001C

  TCP SYN - ACK received from c.c.c.c, src port 10001, port dst 1677

  16 14:20:25.347 08/10/02 Sev = Info/6 IPSEC / 0 x 63700020

  TCP ACK sent c.c.c.c, src port 1677, port dst 10001

  17 14:20:25.347 08/10/02 Sev = Info/4 IPSEC / 0 x 63700014

  Remove all keys

  18 14:20:25.597 08/10/02 Sev = Info/5 IKE/0x6300002F

  Received packet of ISAKMP: peer = c.c.c.c

  19 14:20:25.597 08/10/02 Sev = Info/4 IKE / 0 x 63000014

  RECEIVING< isakmp="" oak="" ag="" (sa,="" ke,="" non,="" id,="" hash,="" vid,="" vid,="" vid,="" vid,="" vid)="" from="">

  20 14:20:25.597 08/10/02 Sev = Info/5 IKE / 0 x 63000059

  Useful load Vendor ID = 12F5F28C457168A9702D9FE274CC0100

  21 14:20:25.597 08/10/02 Sev = Info/5 IKE / 0 x 63000001

  Peer is a compatible peer Cisco-Unity

  22 14:20:25.597 08/10/02 Sev = Info/5 IKE / 0 x 63000059

  Useful load Vendor ID = 09002689DFD6B712

  23 14:20:25.597 08/10/02 Sev = Info/5 IKE / 0 x 63000001

  Peer supports XAUTH

  24 14:20:25.597 08/10/02 Sev = Info/5 IKE / 0 x 63000059

  Useful load Vendor ID = AFCAD71368A1F1C96B8696FC77570100

  25 14:20:25.597 08/10/02 Sev = Info/5 IKE / 0 x 63000001

  Peer supports the DPD

  26 14:20:25.597 08/10/02 Sev = Info/5 IKE / 0 x 63000059

  Useful load Vendor ID = 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000

  27 14:20:25.597 10/08/02 Sev = Info/5 IKE / 0 x 63000059

  Useful load Vendor ID = 1F07F70EAA6514D3B0FA96542A500306

  28 14:20:25.617 08/10/02 Sev = Info/4 IKE / 0 x 63000013

  SEND to > ISAKMP OAK AG * (HASH, NOTIFY: STATUS_INITIAL_CONTACT) to c.c.c.c

  29 14:20:25.778 08/10/02 Sev = Info/5 IKE/0x6300002F

  Received packet of ISAKMP: peer = c.c.c.c

  30 14:20:25.778 08/10/02 Sev = Info/4 IKE / 0 x 63000014

  RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">

  31 14:20:25.778 08/10/02 Sev = Info/4 CM / 0 x 63100015

  Launch application xAuth

  32 14:20:34.671 08/10/02 Sev = Info/4 CM / 0 x 63100017

  xAuth application returned

  33 14:20:34.671 08/10/02 Sev = Info/4 IKE / 0 x 63000013

  SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to c.c.c.c

  34 14:20:37.194 08/10/02 Sev = Info/5 IKE/0x6300002F

  Received packet of ISAKMP: peer = c.c.c.c

  35 14:20:37.194 08/10/02 Sev = Info/4 IKE / 0 x 63000014

  RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">

  36 14:20:37.194 08/10/02 Sev = Info/4 CM/0x6310000E

  ITS established Phase 1. 1. ITS phase 1 in the system

  37 14:20:37.194 08/10/02 Sev = Info/4 IKE / 0 x 63000013

  SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to c.c.c.c

  38 14:20:37.204 08/10/02 Sev = Info/5 IKE/0x6300005D

  Customer address a request from firewall to hub

  39 14:20:37.204 08/10/02 Sev = Info/5 IKE/0x6300005C

  Firewall policy: product = Cisco integrated customer, capacity = (centralized Protection Policy).

  40 14:20:37.214 08/10/02 Sev = Info/4 IKE / 0 x 63000013

  SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to c.c.c.c

  41 14:20:37.375 08/10/02 Sev = Info/5 IKE/0x6300002F

  Received packet of ISAKMP: peer = c.c.c.c

  42 14:20:37.375 08/10/02 Sev = Info/4 IKE / 0 x 63000014

  RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">

  43 14:20:37.375 08/10/02 Sev = Info/5 IKE / 0 x 63000010

  MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS:, value = g.g.g.g

  44 14:20:37.375 10/08/02 Sev = Info/5 IKE / 0 x 63000010

  MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (1):, value = d1.d1.d1.d1

  45 14:20:37.375 08/10/02 Sev = Info/5 IKE / 0 x 63000010

  MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (2):, value = d2.d2.d2.d2

  46 14:20:37.375 08/10/02 Sev = Info/5 IKE / 0 x 63000010

  MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS (1) (a.k.a. WINS):, value = d1.d1.d1.d1

  47 14:20:37.375 08/10/02 Sev = Info/5 IKE / 0 x 63000010

  MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS (2) (a.k.a. WINS):, value = d2.d2.d2.d2

  48 14:20:37.375 08/10/02 Sev = Info/5 IKE/0x6300000E

  MODE_CFG_REPLY: Attribute = MODECFG_UNITY_BANNER, value = WARNING:

  Any use of this system may be recorded or monitored without further notice, and newspapers that results can be used as evidence in court.

  If you are not authorized to use this system disconnect now!

  49 14:20:37.375 08/10/02 Sev = Info/5 IKE/0x6300000D

  MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD:, value = 0x00000000

  50 14:20:37.375 08/10/02 Sev = Info/5 IKE/0x6300000D

  MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS:, value = 0x00000000

  51 14:20:37.375 08/10/02 Sev = Info/5 IKE/0x6300000E

  MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc. / VPN 3000 Concentrator Version 3.6.3.Rel created by vmurphy on October 4, 2002 16:23

  52 14:20:37.425 08/10/02 Sev = Info/4 CM / 0 x 63100019

  Data in mode Config received

  53 14:20:37.465 08/10/02 Sev = Info/5 IKE / 0 x 63000055

  Has received a request for Driver IP address c.c.c.c, GW IP = c.c.c.c key

  54 14:20:37.465 08/10/02 Sev = Info/4 IKE / 0 x 63000013

  SEND to > ISAKMP OAK QM * (HASH, SA, NO, ID, ID) to c.c.c.c

  55 14:20:37.465 08/10/02 Sev = Info/5 IKE / 0 x 63000055

  Received a key demand driver for IP 10.10.10.255, GW IP = c.c.c.c

  56 14:20:37.465 08/10/02 Sev = Info/4 IKE / 0 x 63000013

  SEND to > ISAKMP OAK QM * (HASH, SA, NO, ID, ID) to c.c.c.c

  57 14:20:37.675 08/10/02 Sev = Info/5 IKE/0x6300002F

  Received packet of ISAKMP: peer = c.c.c.c

  58 14:20:37.675 08/10/02 Sev = Info/4 IKE / 0 x 63000014

  RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:status_resp_lifetime)="" from="">

  59 14:20:37.675 08/10/02 Sev = Info/5 IKE / 0 x 63000044

  Answering MACHINE-LIFE notify has value of 86400 seconds

  60 14:20:37.675 10/08/02 Sev = Info/5 IKE / 0 x 63000046

  This SA has already been living for 13 seconds, setting expiration 86387 seconds now

  61 14:20:37.705 08/10/02 Sev = Info/5 IKE/0x6300002F

  Received packet of ISAKMP: peer = c.c.c.c

  62 14:20:37.705 08/10/02 Sev = Info/4 IKE / 0 x 63000014

  RECEIVING< isakmp="" oak="" info="" *(hash,="" del)="" from="">

  63 14:20:37.705 08/10/02 Sev = Info/5 IKE/0x6300003C

  A receipt a payload to DELETE for IKE SA with Cookies = 2CDEFD1BD3EFB19215350D42094312B8

  64 14:20:37.705 08/10/02 Sev = Info/5 IKE / 0 x 63000017

  Marking of IKE SA delete (COOKIES = 2CDEFD1BD3EFB192 15350D42094312B8) reason = DEL_REASON_PEER_DELETION

  65 14:20:38.066 08/10/02 Sev = Info/4 IPSEC / 0 x 63700014

  Remove all keys

  66 14:20:38.066 08/10/02 Sev = Info/6 IPSEC/0x6370002B

  Sent packets of 6, 0 were fragmented.

  67 14:20:38.066 08/10/02 Sev = Info/6 IPSEC/0x6370001D

  TCP RST from c.c.c.c, src port 10001, port dst 1677

  68 14:20:38.366 08/10/02 Sev = Info/4 CM / 0 x 63100012

  ITS phase 1 deleted before first Phase 2 SA is caused by "DEL_REASON_PEER_DELETION". 0 ITS phase 1 currently in the system

  69 14:20:38.366 08/10/02 Sev = Info/5 CM / 0 x 63100029

  Initializing CVPNDrv

  70 14:20:38.366 08/10/02 Sev = Info/4 CM / 0 x 63100031

  Reset the TCP connection on port 10001

  71 14:20:38.366 08/10/02 Sev = Info/6 CM / 0 x 63100034

  Removed the local TCP port 1677 for the TCP connection.

  72 14:20:38.416 08/10/02 Sev = WARNING/3 DIALER/0xE3300008

  GI VPNStart callback doesn't have a 'CM_IKE_RECEIVED_DELETE_NOTIFICATION' (15 h).

  73 14:20:39.418 08/10/02 Sev = Info/4 IPSEC / 0 x 63700012

  Delete all keys associated with peer c.c.c.c

  74 14:20:39.418 08/10/02 Sev = Info/4 IPSEC / 0 x 63700012

  Delete all keys associated with peer c.c.c.c

  75 14:20:39.418 08/10/02 Sev = Info/6 IPSEC / 0 x 63700022

  TCP RST sent to c.c.c.c, src port 1677, port dst 10001

  76 14:20:39.418 08/10/02 Sev = Info/4 IPSEC / 0 x 63700014

  Remove all keys

  77 14:20:39.418 08/10/02 Sev = Info/6 IPSEC/0x6370002B

  Sent 4 packets, 0 were fragmented.

  When I look at the proposals of active IKE SA or configurations all seems ok (so everything worked fine with 3.6.1. Concentrator release).

  Any suggestion would be appreciated.

  Marcel

  OK, I tried it myself and ran into the same issue. AES seems to be broken in 3.6.3. A bug has been created (CSCdy88797) and will be corrected shortly, but for now, you need to use 3.6.1 or change the encryption algorithms if you simply use 3.6.3.

  Sorry about that.