Failure review tunnel
Hi I'm never face the same problems in the past, it's because the APN setting is not a correct basis on the carrier, in my application, I used not only HTTP post or get but also TCP, and WAP, to solve the connection problem when HTTP is problem... The method to get the URL data is getDatafromUrl call using HTTP, this is the code:
public String getDataFromUrl(String url) throws IOException { String result = ""; HttpConnection connection = null; InputStream inputstream = null; // I've created a PHP script at this URL connection = (HttpConnection) Connector.open(url); connection.setRequestMethod(HttpConnection.GET); if (connection.getResponseCode() == HttpConnection.HTTP_OK) { inputstream = connection.openInputStream(); int length = (int) connection.getLength(); if (length != -1) { byte incomingData[] = new byte[length]; inputstream.read(incomingData); result = new String(incomingData); } else { ByteArrayOutputStream bytestream = new ByteArrayOutputStream(); int ch; while ((ch = inputstream.read()) != -1) { bytestream.write(ch); } result = new String(bytestream.toByteArray()); bytestream.close(); } } else { result = "Connection not OK. " + connection.getResponseMessage(); } return result;
and you can use the code below to get to the connectionSuffix:
public void getConnectionSuffix() { if (coverageTCP) { connectionSuffix = ";deviceside=true"; if (tcpAPN.length() > 0) { connectionSuffix += ";apn=" + tcpAPN; } if (tcpAPNUser.length() > 0) { connectionSuffix += ";TunnelAuthUsername=" + tcpAPNUser; } if (tcpAPNPassword.length() > 0) { connectionSuffix += ";TunnelAuthPassword=" + tcpAPNPassword; } } else if (coverageWAP2) { connectionSuffix = ";deviceside=true" + ";ConnectionUID=" + srWAP2.getUid(); } else if (coverageWiFi) { connectionSuffix = ";interface=wifi"; } }
Tags: BlackBerry Developers
Similar Questions
-
BB 9000 - critical failure error Tunnel
I believe that, when roaming, AFN information is always the carrier 'House', is therefore your correct APN information for the SIM card?
Internet browser does not direct TCP, which is what you are trying to use. So the fact that it works is not an indication that the direct TCP connection should work.
-
BlackBerry Smartphones Epocrates install error message "failure of tunnel.
I tried to install the software of Epocrates.com. Pharmaceutical database for physicians. I get to the point where the software tries to "AutoUpdate" to complete the installation and I get the above error message. I spent an hour on the phone with the support of Epocrates, but could not solve the problem. Anyone who is familiar with this program install or have similar problems?
Thank you
Mike
Thank you all for your suggestions. All your suggestions had been tried without success. However; When I added the Blackberry Email, for some reason, the problem itself. The program now works seamlessly.
-
The Backup Wizard says it's time for a full backup. But my Version of Vista doesn't have a full backup. Now what?
You can ignore the message, buy a backup program or use a freeware program. (In general), there is no need to worry. Periodically, Windows Vista creates system restore points that can be used to restore your system in working order. It does not back up your personal files, however. More on the restoration of the system can be found here.
Full backup is necessary, for example, in the event of hard drive failure or operating system failure reviews which cannot be resolved by another means (for example, by using the methods described here). -
Settings of the AFN for a direct TCP (3G v.s. GPRS) connection
Today, I read a lot of articles about the transportation options for the Blackberry network.
I installed the Tool of Network Diagnostics on my device (BlackBerry 9300 v5.0).
I'm Tournai on "Mobile network" and disabled the "WiFi". Therefore, my device must use the direct TCP (HTTP protocol) only.
According to this article, for a cell TCP connection, we need to set up the APN settings, otherwise we will have 'Tunnel failed' error
http://docs.BlackBerry.com/en/developers/deliverables/21128/Network_transport_options_1293321_11.jsp
However, without specifying the AFN, I was still able to have labour Direct TCP (HTTP).
I'm in New Zealand, I tested the Network Diagnostic tool with 2 dgree and vodafone sim cards. Two of them work properly. Two of them are 3 G networks
However, a lot of people on the internet saying that if they do not specify the APN for GPRS or EDGE networks, they would get the error "failure of Tunnel.
So, I had the impression that with 3G networks, don't need us to specify the APN.
I don't know if that's okay?
One of the really annoying things on the treatment on the Blackberry network is its inconsistency. I think you've hit one of them. I saw this in the past with Vodafone, I wasn't sure that this has happened with other networks but maybe so.
The inconsistency is the following.
If your connection URL looks like
If you think that this will force the connection to use the carrier TCP aka Direct TCP. However, on some phones of brands, including Vodafone, is not correct. On these phones a connection as it goes actually on WAP.
To force the direct TCP, you must follow the instructions in this post:
http://supportforums.BlackBerry.com/T5/Java-development/Vodafone-UK-direct-TCP/m-p/463081#M92387
-
Connection HTTP - tried and tried, but I still can't make it work!
I am building this application that needs to get a XML from a web server. I got to work on the Simulator successfully, but were unable to make it work on my 8310. I have read on different transport and used the following code to try and choose the appropriate option.
Simple function to obtain the registration of WAP service.
private ServiceRecord getWAP2ServiceRecord() { ServiceBook sb = ServiceBook.getSB(); ServiceRecord[] records = sb.getRecords(); for (int i = 0; i < records.length; i++) { String cid = records[i].getCid().toLowerCase(); String uid = records[i].getUid().toLowerCase(); if (cid.indexOf("wap") != -1 && uid.indexOf("wifi") == -1 && uid.indexOf("mms") == -1 && uid.indexOf("browser") == -1 && uid.indexOf("push") == -1 ) { return records[i]; } } return null; }
Conditions used to build the string.
String connectionParameters = ""; // JDE 4.3 is required to get WLANInfo if (WLANInfo.getWLANState() == WLANInfo.WLAN_STATE_CONNECTED) { // Connected to a WiFi access point connectionParameters = ";interface=wifi"; } else { int coverageStatus = CoverageInfo.getCoverageStatus(); ServiceRecord record = getWAP2ServiceRecord(); if (record != null // In JDE 4.5 CoverageInfo changed the name of COVERAGE_CARRIER to COVERAGE_DIRECT // The constant value for both is the same, '1', so you can use that to avoid any // dependency on JDE 4.5 && (coverageStatus & CoverageInfo.COVERAGE_DIRECT) == CoverageInfo.COVERAGE_DIRECT) { // Have network coverage and a WAP 2.0 service book record connectionParameters = ";deviceside=true;ConnectionUID=" + record.getUid(); } else if ((coverageStatus & CoverageInfo.COVERAGE_MDS) == CoverageInfo.COVERAGE_MDS) { // Have an MDS service book and network coverage connectionParameters = ";deviceside=false"; } else if ((coverageStatus & CoverageInfo.COVERAGE_DIRECT) == CoverageInfo.COVERAGE_DIRECT) { // Have network coverage but no WAP 2.0 service book record connectionParameters = ";deviceside=true"; } } _url += connectionParameters; HttpConnection connection = (HttpConnection)Connector.open(_url, Connector.READ_WRITE, true);
I get an error "Failure of Tunnel" when the application is running but I have tried in vain to fix.
Feature: 8310
OS: 4.5.0.182
Carrier: Digicel Jamaica
The logic in the code above was added successfully; deviceside = true; ConnectionUID = secure WAPtrans
I'm ideas here any help would be really appreciated.
Ask a really stupid question, if you look at what he told you to use this article I mentioned in my last Post
How - to specify APN information for a direct TCP connection
Article number: DB-00532and compare that with what you actually used, did you notice a difference?
May I suggest that read you the two articles again and specify either direct TCP APN values or WAP, not both? In fact, I'd forget the WAP values, you are better using the code in the article to extract a COnnecitionUID and use the WAP 2.
-
Help trying to set up the ADF security for an application
Hello
I create in my application a masterTemplate.jsf page, then a page home.jsf which has the page masterTemplate.jsf as its model.
I activated the ADF security in my application and set the permission of "view" for the anonymous role homePageDef.
When I run the app on JDeveloper integrated server with debugging options, this is what I get in the console:
[JpsAuth] Check permissions
PolicyContext: [related]
Goal/resources: [view.pageDefs.homePageDef]
Action: [see]
Permissions class: [oracle.adf.share.security.authorization.RegionPermission]
Result: [FAILURE]
Reviewer: [VAC]
ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@68ffab0a failed
CodeSource=file:/C:/oracle/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
School principals total = 2 principals)
1 JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl 'anonymous' GUID = null DN = null
(2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl 'anonymous-role' GUID = null DN = null)
Permissions =)
("java.io.FilePermission" '\C:\oracle\Middleware\oracle_common\modules\oracle.adf.share_11.1.1\adf-share-support.jar', 'read')
("oracle.security.jps.service.credstore.CredentialAccessPermission" "context = SYSTEM, mapName = *, keyName = * ' ' * ')
("java.util.PropertyPermission" "line.separator" 'read')
("java.util.PropertyPermission" 'java.vm.specification.version', 'read')
("java.util.PropertyPermission" 'java.vm.version', 'read')
("java.util.PropertyPermission" 'java.vendor.url', 'read')
("java.util.PropertyPermission" 'java.vm.specification.vendor', 'read')
("java.util.PropertyPermission" "java.vm.name", "read")
("java.util.PropertyPermission" "os.name" 'read')
("java.util.PropertyPermission" 'java.vm.vendor', 'read')
("java.util.PropertyPermission" 'path.separator' 'read')
("java.util.PropertyPermission" 'os.version' 'read')
("java.util.PropertyPermission" 'java.specification.name', 'read')
("java.util.PropertyPermission" 'mds.store.filesystem.path', 'read')
("java.util.PropertyPermission" 'os.arch' 'read')
("java.util.PropertyPermission" "java.version", "read")
("java.util.PropertyPermission" 'java.class.version', 'read')
("java.util.PropertyPermission" "java.vendor" 'read')
("java.util.PropertyPermission" 'file.separator' 'read')
("java.util.PropertyPermission" 'java.vm.specification.name', 'read')
("java.util.PropertyPermission" 'java.specification.version', 'read')
("java.util.PropertyPermission" 'java.specification.vendor', 'read')
("java.lang.RuntimePermission" "stopThread")
("java.lang.RuntimePermission" "exitVM")
("java.net.SocketPermission' 'localhost:1024' - 'Listen, resolve')
(oracle.security.jps.service.policystore.PolicyStoreAccessPermission name of the context: APPLICATION: * Actions: getApplicationPolicy)
)
Call stack: java.security.AccessControlException: access denied oracle.adf.share.security.authorization.RegionPermission/view.pageDefs.homePageDef/view
If the page has no definition of the pages behind, the application starts correctly because it does not need to check security for this page. The minute I create a page for the home page definition and set the permission for anonymous role, the failure message above rises.
Can you please help me solve this problem? Is this something that is not in the configuration steps?
Thank you
MirceaHello
If the model also has a file PageDef, this file need to go to grantedb as well
Frank
-
SSL Tunneling Application outgoing failure
Outgoing SSL Tunneling Application error Hello dear colleagues,
I have UTM5 with the latest firmware. The unit works fine now with 3 VLANS / subnets, routing inter - VLAN, SSL VPN configuration, etc. I have an interesting question, but probably one of these questions to someone else experienced and solved (I hope).Medical practice I have set this up for actually needs of outgoing VPN tunnel/SSL. I encouraged the VPN on UTM protocols so the initial remote OUTGOING connection goes off flawlessly and allows users to authenticate. My question is when we try to show the remote Citrix server/published apps page. I get an error "request the Tunneling SSL - Failed to connect to server" . I know that the issue must be understood with the ProSecure UTM because I've temporarily removed the UTM equation and put in a D-Link DIR - 655 and Citrix published apps portal page launches very well. I am able to launch a published application and function normally. I pass on the D-Link with the Prosecure and I get the same question.
I really don't understand what prevents to launch published applications page.
I'd be more than happy to provide more information that I need to solve this problem.
Not that it is important, but all endpoint devices are XPSP3/IE8. Yet once, shouldn't matter that customers can bring to the top of the published page no problem when the D-Link is used.
Thank you
MEDADIT, I've really hemmed and best enemy cela and managed to get a solution in place. Curious, if you have an idea on the terminal services question license I have known which I'll explain a little.
So, I have disabled HTTPS scanning as you said and it helped the citrix portal page to come; However, the user received an error of connection application failure when they launched an app on the page. The error said that there are not enough licenses available Terminal Server. I am as there is no way in hell that all licenses are in use.
So I completely disconnected from the remote network via SSL - VPN and not connected from my home network this site remote to see if I would have the same result and no problems to launch the applications of the portal page... basically no problem license Terminal Server services. I tried connecting from the prosecure and received the same error message.
I wanted to keep HTTPS enabled analysis despite connect it secure by nature implemented with 443, so I spotted around based on your advice and added 4 remote domains to exclusions scan tab (my eyes completely spent during this 1st 10 x (very annoying). I tested the outgoing connection and it helped me successfully citrix portal page, but applications would not launch successfully. I received once again the same error of license to the Terminal Server services, but we expected it because it didn't start with the scanning to disabled .
so I connected to the remote network and thought that I would allow my client to its remote desktop RDP access. I have configured RDP on his computer to Office XP and the connected failed. I thought at this stage that he had something to do with trying to RDP through the Microsoft UAG gateway used by the remote site. Rather than trying to work through sets of rules with the specialist support network out there, we decided to allow my client to run an IP network connector dry which was all ready helped the UAG. This enabled him successfully to RDP to his remote desktop and run any distance needed applications on the remote network.
So, it's not what I really wanted to do. I really want to start individual applications of the closed Citrix portal page, but why this issue licenses arose himself the Terminal Server services is a mystery to me. The specialist in support of the remote side has been also blocked down there. He informed me that he has other clients that connect out through boxes of CISCO ASA and they have any problems launches applications of the portal page. If they scan you 80/443 traffic is not relevant because I disabled it completely on the UTM and it did not help.
So any thoughts on that would be great and I once again thank you for your expertise.
-
Hello guys,.
I have an ASA 5505 firewall tries to create a VPN tunnel from site to site with a router of 2621 running Advanced IP services. The tunnel keeps do not and I don't know why. Below is the config.
!
hostname SeCuReWaLL
domain default.domain.invalid
activate 2KFQnbNIdI.2KYOU encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
name 192.168.2.0 outside
name 192.168.3.0 inside
!
interface Vlan1
Description of network links extended to outside of the
nameif outside
security-level 0
192.168.2.101 IP address 255.255.255.0
!
interface Vlan2
Description within a private network
nameif inside
security-level 100
address 192.168.3.1 IP 255.255.255.0
!
interface Ethernet0/0
!
interface Ethernet0/1
switchport access vlan 2
!
interface Ethernet0/2
Shutdown
!
interface Ethernet0/3
Shutdown
!
interface Ethernet0/4
Shutdown
!
interface Ethernet0/5
Shutdown
!
interface Ethernet0/6
Shutdown
!
interface Ethernet0/7
Shutdown
!
boot system Disk0: / asa822 - k8.bin
passive FTP mode
DNS server-group DefaultDNS
domain default.domain.invalid
allow inside_access_in to access extended list ip inside outside 255.255.255.0 255.255.255.0
outside_access_in list extended access permit icmp any any echo response
site_router to access extended list ip inside 255.255.255.0 allow 192.168.5.0 255.255.255.0
pager lines 24
Outside 1500 MTU
Within 1500 MTU
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 625.bin
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0-list of access site_router
NAT (inside) 1 inside 255.255.255.0
Access-group outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 192.168.2.1 1
Outdoor 192.168.5.0 255.255.255.0 192.168.2.107 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
Enable http server
HTTP inside 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-3des esp-sha-hmac secure_set
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
peer set card crypto ipsec_map 10 192.168.2.107
card crypto ipsec_map 10 transform-set secure_set
ipsec_map interface card crypto outside
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
md5 hash
Group 5
lifetime 28800
Telnet timeout 5
SSH timeout 5
Console timeout 0
dhcpd dns 192.168.2.1
!
dhcpd address 192.168.3.10 - 192.168.3.40 inside
dhcpd allow inside
!a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
username admin privilege 15 encrypted password f3UhLvUj1QsXsuK7
tunnel-group 192.168.2.107 type ipsec-l2l
IPSec-attributes tunnel-group 192.168.2.107
pre-shared key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the netbios
inspect the rsh
inspect the rtsp
inspect the skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect the tftp
inspect the sip
inspect xdmcp
Review the ip options
!
global service-policy global_policy
context of prompt hostname
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:a6ffc4e9572dbee8e526c3013a96a510
: end!
InternetRouter hostname
!
boot-start-marker
boot-end-marker
!
!
No aaa new-model
no location network-clock-participate 1
No network-clock-participate wic 0
IP cef
!
!
!
!
no ip domain search
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto ISAKMP policy 10
BA 3des
md5 hash
preshared authentication
Group 5
lifetime 28800
key cisco address 192.168.2.101 crypto ISAKMP xauth No.
!
!
Crypto ipsec transform-set esp-3des secure_set
!
ipsec_map 10 ipsec-isakmp crypto map
defined peer 192.168.2.101
Set transform-set secure_set
match the address router_site
!
!
!
!
interface Loopback0
192.168.5.1 IP address 255.255.255.0
!
interface FastEthernet0/0
IP 192.168.2.107 255.255.255.0
automatic duplex
automatic speed
ipsec_map card crypto
!
interface Serial0/0
no ip address
Shutdown
!
interface FastEthernet0/1
no ip address
Shutdown
automatic duplex
automatic speed
!
interface Serial0/1
no ip address
Shutdown
!
IP route 192.168.3.0 255.255.255.0 192.168.2.101
!
!
IP http server
no ip http secure server
!
router_site extended IP access list
ip licensing 192.168.5.0 0.0.0.255 192.168.3.0 0.0.0.255
!
!
!
!
control plan
!
!
!
Voice-port 1/0/0
!
Voice-port 1/0/1
!
Voice-port 1/1/0
!
Voice-port 1/1/1
!
!
!
!
!
!
!
!
Line con 0
exec-timeout 0 0
Synchronous recording
line to 0
line vty 0 4
opening of session
!
!
endInternetRouter #debug isakmp crypto
Crypto ISAKMP debug is on
InternetRouter #ping
Protocol [ip]:
Target IP address: 192.168.3.10
Number of repetitions [5]:
Size of datagram [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Address source or interface: 192.168.5.1
Type of service [0]:
Set the DF bit in the IP header? [None]:
Validate the response data? [None]:
Data model [0xABCD]:
In bulk, Strict, Record, Timestamp, Verbose [no]:
Scan the range of sizes [n]:
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 192.168.3.10, time-out is 2 seconds:
Packet sent with the address source 192.168.5.1* 01:49:47.699 Mar 1: ISAKMP: ke received message (1/1)
* 01:49:47.699 Mar 1: ISAKMP: (0:0:N / A:0): THE application profile is (NULL)
* 01:49:47.699 Mar 1: ISAKMP: created a struct peer 192.168.2.101, peer port 500
* 01:49:47.699 Mar 1: ISAKMP: new created position = 0x8553C778 peer_handle = 0 x 80000013
* 01:49:47.699 Mar 1: ISAKMP: lock struct 0x8553C778, refcount IKE peer 1 for isakmp_initiator
* 01:49:47.699 Mar 1: ISAKMP: 500 local port, remote port 500
* 01:49:47.699 Mar 1: ISAKMP: set new node 0 to QM_IDLE
* 01:49:47.703 Mar 1: insert his with his 84074CC8 = success
* 01:49:47.703 Mar 1: ISAKMP: (0:0:N / A:0): cannot start aggressive mode, try the main mode.
* 01:49:47.703 Mar 1: ISAKMP: (0:0:N / A:0): found peer pre-shared key matching 192.168.2.101
* 01:49:47.703 Mar 1: ISAKMP: (0:0:N / A:0): built the seller-07 ID NAT - t
* 01:49:47.703 Mar 1: ISAKMP: (0:0:N / A:0): built of NAT - T of the seller-03 ID
* 01:49:47.703 Mar 1: ISAKMP: (0:0:N / A:0): built the seller-02 ID NAT - t
* 01:49:47.703 Mar 1: ISAKMP: (0:0:N / A:0): entry = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
* 01:49:47.707 Mar 1: ISAKMP: (0:0:N / A:0): former State = new State IKE_READY = IKE_I_MM1* 01:49:47.707 Mar 1: ISAKMP: (0:0:N / A:0): early changes of Main Mode
* 01:49:47.707 Mar 1: ISAKMP: (0:0:N / A:0): send package to 192.168.2.101 my_port 500 peer_port 500 (I) MM_NO_STATE
* 01:49:47.711 Mar 1: ISAKMP (0:0): packet received 192.168.2.101 dport 500 sport Global 500 (I) MM_NO_STATE
* 01:49:47.711 Mar 1: ISAKMP: (0:0:N / A:0): entry = IKE_MESG_FROM_PEER, IKE_MM_EXCH
* 01:49:47.711 Mar 1: ISAKMP: (0:0:N / A:0): former State = new State IKE_I_MM1 = IKE_I_MM2* 01:49:47.715 Mar 1: ISAKMP: (0:0:N / A:0): treatment ITS payload. Message ID = 0
* 01:49:47.715 Mar 1: ISAKMP: (0:0:N / A:0): load useful vendor id of treatment
* 01:49:47.715 Mar 1: ISAKMP: (0:0:N / A:0): supplier code seems the unit/DPD but major incompatibilite.123
* 01:49:47.715 Mar 1: ISAKMP: (0:0:N / A:0): provider ID is NAT - T v2
* 01:49:47.719 Mar 1: ISAKMP: (0:0:N / A:0): load useful vendor id of treatment
* 01:49:47.719 Mar 1: ISAKMP: (0:0:N / A:0): supplier code seems the unit/DPD but major incompatibility of 194
* 01:49:47.719 Mar 1: ISAKMP: (0:0:N / A:0): found peer pre-shared key matching 192.168.2.101
* 01:49:47.719 Mar 1: ISAKMP: (0:0:N / A:0): pre-shared key local found
* 01:49:47.719 Mar 1: ISAKMP: analysis of the profiles for xauth...
* 01:49:47.719 Mar 1: ISAKMP: (0:0:N / A:0): audit ISAKMP transform 1 against the policy of priority 10
* 01:49:47.719 Mar 1: ISAKMP: 3DES-CBC encryption
* 01:49:47.719 Mar 1: ISAKMP: MD5 hash
* 01:49:47.719 Mar 1: ISAKMP: group by default 5
* 01:49:47.719 Mar 1: ISAKMP: pre-shared key auth
* 01:49:47.723 Mar 1: ISAKMP: type of life in seconds
* 01:49:47.723 Mar 1: ISAKMP: life (basic) of 28800
* 01:49:47.723 Mar 1: ISAKMP: (0:0:N / A:0): atts are acceptable. Next payload is 0
* 1 Mar 01:49:48.119: ISAKMP:(0:1:SW:1): load useful vendor id of treatment
* 1 Mar 01:49:48.119: ISAKMP:(0:1:SW:1): vendor ID seems the unit/DPD but major incompatibility of 123
* 1 Mar 01:49:48.123: ISAKMP:(0:1:SW:1): vendor ID is NAT - T v2
* 1 Mar 01:49:48.123: ISAKMP:(0:1:SW:1): load useful vendor id of treatment
* 1 Mar 01:49:48.123: ISAKMP:(0:1:SW:1): vendor ID seems the unit/DPD but major incompatibility of 194
* 01:49:48.123 Mar 1: ISAKMP: (0:1:SW:1): entry = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
* 01:49:48.123 Mar 1: ISAKMP: (0:1:SW:1): former State = new State IKE_I_MM2 = IKE_I_MM2* 1 Mar 01:49:48.127: ISAKMP:(0:1:SW:1): sending package to 192.168.2.101 my_port 500 peer_port 500 (I) MM_SA_SETUP
* 01:49:48.127 Mar 1: ISAKMP: (0:1:SW:1): entry = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
* 01:49:.48.131 Mar 1: ISAKMP: (0:1:SW:1): former State = new State IKE_I_MM2 = IKE_I_MM3* 01:49:48.383 Mar 1: ISAKMP (0:134217729): packet received 192.168.2.101 dport 500 sport Global 500 (I) MM_SA_SETUP
* 01:49:48.383 Mar 1: ISAKMP: (0:1:SW:1): entry = IKE_MESG_FROM_PEER, IKE_MM_EXCH
* 01:49:48.383 Mar 1: ISAKMP: (0:1:SW:1): former State = new State IKE_I_MM3 = IKE_I_MM4* 1 Mar 01:49:48.387: ISAKMP:(0:1:SW:1): processing KE payload. Message ID = 0
* 1 Mar 01:49:48.887: ISAKMP:(0:1:SW:1): processing NONCE payload. Message ID = 0
* 01:49:48.887 Mar 1: ISAKMP: (0:1:SW:1): found peer pre-shared key matching 192.168.2.101
* 01:49:48.891 Mar 1: ISAKMP: (0:1:SW:1): SKEYID generated State
* 1 Mar 01:49:48.891: ISAKMP:(0:1:SW:1): load useful vendor id of treatment
* 1 Mar 01:49:48.891: ISAKMP:(0:1:SW:1): vendor ID is the unit
* 1 Mar 01:49:48.891: ISAKMP:(0:1:SW:1): load useful vendor id of treatment
* 1 Mar 01:49:48.891: ISAKMP:(0:1:SW:1): vendor ID seems the unit/DPD but major incompatibility of 145
* 1 Mar 01:49:48.891: ISAKMP:(0:1:SW:1): vendor ID is XAUTH
* 1 Mar 01:49:48.895: ISAKMP:(0:1:SW:1): load useful vendor id of treatment
* 1 Mar 01:49:48.895: ISAKMP:(0:1:SW:1): speaking to another box of IOS!
* 1 Mar 01:49:48.895: ISAKMP:(0:1:SW:1): load useful vendor id of treatment
* 01:49:48.895 Mar 1: ISAKMP: (0:1:SW:1): supplier code seems the unit/DPD but hash mismatch
* 01:49:48.895 Mar 1: ISAKMP: receives the payload type 20
* 01:49:48.895 Mar 1: ISAKMP: receives the payload type 20
* 01:49:48.895 Mar 1: ISAKMP: (0:1:SW:1): entry = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
* 01:49:48.899 Mar 1: ISAKMP: (0:1:SW:1): former State = new State IKE_I_MM4 = IKE_I_MM4* 01:49:48.899 Mar 1: ISAKMP: (0:1:SW:1): send initial contact
* 01:49:48.899 Mar 1: ISAKMP: (0:1:SW:1): ITS been pr.e using id ID_IPV4_ADDR type shared-key authentication
* 01:49:48.899 Mar 1: ISAKMP (0:134217729): payload ID
next payload: 8
type: 1
address: 192.168.2.107
Protocol: 17
Port: 500
Length: 12
* 01:49:48.903 Mar 1: ISAKMP: (0:1:SW:1): the total payload length: 12
* 1 Mar 01:49:48.903: ISAKMP:(0:1:SW:1): sending package to 192.168.2.101 my_port 500 peer_port 500 (I) MM_KEY_EXCH
* 01:49:48.907 Mar 1: ISAKMP: (0:1:SW:1): entry = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
* 01:49:48.907 Mar 1: ISAKMP: (0:1:SW:1): former State = new State IKE_I_MM4 = IKE_I_MM5* 01:49:48.907 Mar 1: ISAKMP (0:134217729): packet received 192.168.2.101 dport 500 sport Global 500 (I) MM_KEY_EXCH
* 1 Mar 01:49:48.911: ISAKMP:(0:1:SW:1): payload ID for treatment. Message ID = 0
* 01:49:48.911 Mar 1: ISAKMP (0:134217729): payload ID
next payload: 8
type: 1
address: 192.168.2.101
Protocol: 17
Port: 0
Length: 12
* 1 Mar 01:49:48.911: ISAKMP:(0:1:SW:1): peer games * no * profiles
* 1 Mar 01:49:48.911: ISAKMP:(0:1:SW:1): HASH payload processing. Message ID = 0
* 01:49:48.915 Mar 1: ISAKMP: received payload type 17
* 1 Mar 01:49:48.915: ISAKMP:(0:1:SW:1): load useful vendor id of treatment
* 1 Mar 01:49:48.915: ISAKMP:(0:1:SW:1): vendor ID is DPD
* 01:49:48.915 Mar 1: ISAKMP: (0:1:SW:1): SA authentication status:
authenticated
* 01:49:48.915 Mar 1: ISAKMP: (0:1:SW:1): SA has been authenticated with 192.168.2.101
* 01:49:48.915 Mar 1: ISAKMP: attempts to insert a 192.168.2.107/192.168.2.101/500/ peer and inserted 8553 778 successfully.
* 01:49:48.919 Mar 1: ISAKMP: (0:1:SW:1): entry = IKE_MESG_FROM_PEER, IKE_MM_EXCH
* 01:49:48.919 Mar 1: ISAKMP: (0:1:SW:1.): O State of LD = new State IKE_I_MM5 = IKE_I_MM6* 01:49:48.919 Mar 1: ISAKMP: (0:1:SW:1): entry = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
* 01:49:48.919 Mar 1: ISAKMP: (0:1:SW:1): former State = new State IKE_I_MM6 = IKE_I_MM6* 01:49:48.923 Mar 1: ISAKMP: (0:1:SW:1): entry = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
* 01:49:48.923 Mar 1: ISAKMP: (0:1:SW:1): former State = new State IKE_I_MM6 = IKE_P1_COMPLETE* 01:49:48.927 Mar 1: ISAKMP: (0:1:SW:1): start Quick Mode Exchange, M - ID of 590019425
* 1 Mar 01:49:48.931: ISAKMP:(0:1:SW:1): sending package to 192.168.2.101 my_port 500 peer_port 500 (I) QM_IDLE
* 01:49:48.931 Mar 1: ISAKMP: (0:1:SW:1): entrance, node-590019425 = IKE_MESG_INTERNAL, IKE_INIT_QM
* 01:49:48.931 Mar 1: ISAKMP: (0:1:SW:1): former State = new State IKE_QM_READY = IKE_QM_I_QM1
* 01:49:48.931 Mar 1: ISAKMP: (0:1:SW:1): entry = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
* 01:49:48.935 Mar 1: ISAKMP: (0:1:SW:1): former State = new State IKE_P1_COMPLETE = IKE_P1_COMPLETE* 01:49:48.939 Mar 1: ISAKMP (0:134217729): packet received 192.168.2.101 dport 500 sport Global 500 (I) QM_IDLE
* 01:49:48.939 Mar 1: ISAKMP: node set 330122531 to QM_IDLE
* 1 Mar 01:49:48.943: ISAKMP:(0:1:SW:1): HASH payload processing. Message ID = 330122531
* 1 Mar 01:49:48.943: ISAKMP:(0:1:SW:1): treatment protocol NOTIFIER INVALID_ID_INFO 1
0, message ID SPI = 330122531, a = 84074CC8
* 01:49:48.943 Mar 1: ISAKMP: (0:1:SW:1): the peer is not paranoid KeepAlive.* 01:49:48.943 Mar 1: ISAKMP: (0:1:SW:1): remove the reason for HIS "fatal Recevied of information' State (I) QM_IDLE (ext. 192.168.2.101)
* 01:49:48.943 Mar 1: ISAKMP: (0:1:SW:1): remove error node 330122531 FALSE reason 'informational (en) st.
Success rate is 0% (0/5)
InternetRouter #ate 1 "
* 01:49:48.943 Mar 1: ISAKMP: (0:1:SW:1): entry = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
* 01:49:48.947 Mar 1: ISAKMP: (0:1:SW:1): former State = new State IKE_P1_COMPLETE = IKE_P1_COMPLETE* 01:49:48.947 Mar 1: ISAKMP (0:134217729): packet received 192.168.2.101 dport 500 sport Global 500 (I) QM_IDLE
* 01:49:48.951 Mar 1: ISAKMP: node set-412204705 to QM_IDLE
* 1 Mar 01:49:48.951: ISAKMP:(0:1:SW:1): sending package to 192.168.2.101 my_port 500 peer_port 500 (I) QM_IDLE
* 01:49:48.951 Mar 1: ISAKMP: (0:1:SW:1): purge the node-412204705
* 01:49:48.955 Mar 1: ISAKMP: (0:1:SW:1): entry = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
* 01:49:48.955 Mar 1: ISAKMP: (0:1:SW:1): former State = new State IKE_P1_COMPLETE = IKE_DEST_SA* 01:49:48.955 Mar 1: ISAKMP: (0:1:SW:1): removal of HIS State "No reason" why (I) QM_IDLE (ext. 192.168.2.101)
* 01:49:48.955 Mar 1: ISAKMP: Unlocking IKE struct 0x8553C778 for isadb_mark_sa_deleted(), count 0
* 01:49:48.959 Mar 1: ISAKMP: delete peer node by peer_reap for 192.168.2.101: 8553 778
* 01:49:48.959 Mar 1: ISAKMP: (0:1:SW:1): error in node-590019425 FALSE reason for deletion "deleted IKE."
* 01:49:48.959 Mar 1: ISAKMP: (0:1:SW:1): node error 330122531 FALSE reason for deletion "removed IKE."
* 01:49:48.959 Mar 1: ISAKMP: (0:1:SW:1): entry = IKE_MESG_FROM_PEER, IKE_MM_EXCH
* 01:49:48.959 Mar 1: ISAKMP: (0:1:SW:1): former State = new State IKE_DEST_SA = IKE_DEST_SAHello
I gave a quick scan here for the configuration on both devices, found two or three commands are missing from the configuration of the ASA
ASA
---card crypto ipsec_map 10 correspondence address site_router
outside_access_in list extended access udp allowed any any eq 500
outside_access_in list extended access udp allowed any any eq 4500
outside_access_in list extended access allow esp a wholeI'm assuming pre shared key defined on ASA cisco is the same on router
On router
---------Try running the following commands: -.
No crypto ipsec transform-set esp-3des secure_set
Crypto ipsec transform-set esp-3des esp-sha-hmac secure_setAt the time of the opening of the tunnel, please gather at the debug crypto isa 127 output and debug crypto ipsec 127 of ASA
You can also check the configuration below document link
http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00805e8c80.shtml
Ignore the map route on router configuration contained in the above document *.
HTH...
Kind regards
Mohit -
BlackBerry Smartphones Vodafone India: Open tunnel failure
Hello
Can someone tell me about "EDGE".
I have Blackberry Pearl 8110 and develop an application in which
I m trying to connect to the internet.I plan to vodafone India 1099 Rs and my BB showing "EDGE" on the screen.
I put my APN as "portalnmms" & no username and password.
But when I'm trying to interact with net it displays 'open tunnel failure '.
Is there a problem with the services of Blackberry in India or some special plans are there.
Why is this?
Please someone say...
Thnx.
Thakur
I got the solution
-
Direct TCP - Tunnel connection failure
Yes, I already read a lot of discussions with the same problem, but unfortunally, I can't solve my problem.
I tried all this URL
String url = 'socket://url.com:80; deviceside = true; »
String url = "socket://url.com:80; deviceside = true; NPA = apnumt.movistar.com.uy.
and the last one also with "TunnelAuthUserName = movistar; TunnelAuthPassword = movistar.
String url = 'socket://url.com:21; deviceside = true; »
String url = 'socket://url.com:4444; deviceside = true; »
Con StreamConnection = Connector.open (url) (StreamConnection);
or
String url = "http://url.com;deviceside=true;"
String url = "http://url.com;deviceside=true;apn=apnumt.movistar.com.uy".
and the last one also with "TunnelAuthUserName = movistar; TunnelAuthPassword = movistar.
HttpConnection con = Connector.open (url) (HttpConnection)
Yes, I also re-branded the apn, user & password in the options of my camera and I removed also.
Yes, I hava a data plan and my browser work properly.
I've always had "Tunnel fail."
Yes, I hate blackberry. :/
EDIT: This can be a problem of my data plan?
mmm...
ConnectionFactory cf = new ConnectionFactory(); ConnectionDescriptor cd = cf.getConnection("http://blackberry.com"); final String url = cd.getURL(); HttpConnection con = cd.getConnection(); UiApplication.getUiApplication.invokeLater(new Runnable(){ public void run(){ Dialog.alert(url); } });
And printed to the console:
http://blackberry.com;deviceside=true;ConnectionUID=WAP2 trans2
So, this has been fixed, my browser use wap too.
-
Does anyone know if an ASA5505 sends a trap when / if a L2L tunnel fails?
We are about to use the L2L tunnel as our backup route and it would be really nice if we had notification when / if the tunnel down.
You have got it. Which for webvpn/anyconnect. I'm sure that for the L2L tunnels it has already activated (and not seen in the \windows\system32\conifg\system).
-
Failure, try to install toredo tunneling adapter
Original title - toredo tunneling adapter
Hi can someone enlighten me on how to solve this problem the toredo tunneling adapter I troubleshoot it that a TI tells me that I need to reinstall but evry time I try it keeps telling me to install failed
Hi Johnmclaughlinvx,
To provide the proper resolution, I would need more information on your side.
1. what exactly is the problem you're having with "toredo tunneling adapter?
2. do you receive any error messages? If Yes, what is the exact and complete error message?
3. what version of operating system do you use?
4. did you of recent changes on the computer before this problem?
I suggest you to update the drivers that are associated with defective devices.
a. in Device Manager, click on the element of Microsoft Teredo Tunneling adapter and select Uninstall.
b. always in Manager devices, click Action , and then select Add legacy hardware.
c. click Next, then select install hardware manually select from a list (advanced user), click Next.
d. Select network adapters , and then click Next.
f. Select Microsoft in the left panel and Microsoft Teredo Tunneling adapter in the right panel.
g. click Next and follow the steps to complete the remaining wizard.Hope this information helps. Answer the post with an up-to-date issue report to help you further.
-
BlackBerry Smartphones Tunnel failure message...
Hello
I have problems to run an application downloaded on my Torch. Initially just got a statement saying "APN not specified" I haver spent most of the morning going through the various forums of o2 and found their codes (APN = wap.o2.co.uk, username = o2wap, password = password).
Now, when I run the application, I get a simple message that says "the Tunnel failed '.
Can someone help me to go beyond that? I'm not a programmer...
Thank you very much
Confirm that the APN settings are saved and always present when you entered the now to do a simple reboot on the BlackBerry this way:
With the BlackBerry powereddevice, remove the battery for a minute and then reinsert the battery to restart. A reboot in this way is prescirbed for most the gltiches and operating system errors, and you will lose any data on the device doing so.
Now try to run your application again.
-
It must be simple. I have not had the problem before.
5.5 CAP, I have a quiz question, a question of T/F.
When answered correctly, the test results page opens.
After the failure, it nothing happens; quiz question just sits there. I want to display the results.
I continue indicated that action for a note of failure.
Geez. I don't see the problem.
Duh. Infinite tent had lit.
Maybe you are looking for
-
Airport Time Capsule 3 to port usb2 and usb3
Is the usb to Time Capsule on the new Time Capsule 3 to port a port USB2 and USB3?
-
I am the only user on my computer, why I am not a system administrator?
I am the only user on my computer, why I am not systemadministrator
-
Win Media Player will not play video.
Get following error message Win Media Player has stopped working A problem caused the blocking of the program works correctly. Win will close the program and notify you if a solution is available. I have never been notified of the solution
-
Serial number of Photoshop CS6
Hello, I bought the Photoshop CS6 Extended full online version and recently, when I try to re - install on my PC, it keeps asking me to enter the serial number, however, I don't have the license key and can not find the serial number in the email. C
-
Adapter - OSB 12 c - rest unknown protocol: servicebus
HelloI try to call the REST of OSB 12 c using RestAdatper service. Sucessfully created the service of business using the w & adapter but everything by deploying business services had error below.Note: I can successfully invoke the rest service even t