GRE tunnels will not come on VPN IPsec/GRE

Similar Questions

• Static L2L Tunnel - will not come to the top

  Hi all

  Currently have a very big problem with a site that I can't go there for the moment.

  We have one HUB ASA5505 SEC + a few other ASA connected via VPN L2L. We have static L2L 1 active, 1 dynamic L2L Active, and I am currently trying to add a second static Tunnel L2L.

  I checked that each WAN Interface can ping each other, and both devices have full internet connectivity. There is no double nat or being content filtering. I noticed that my Client remote access VPN Cisco will not properly connect through the ASA despite full internet connectivity, but when I connect directly to a modem, I was able to connect properly. So apparently the ISP isn't blocking IPSEC traffic as far as I KNOW.

  Static2 uses currently a temporary license of TAC since our license is currently waiting for arrival, but a release of version see the watch all VPN/3des features are enabled.

  Here are the configs:

  ASA5505-HUB hostname
  domain xxxxxxx.local
  activate the password xxxxxxxxxxx
  names of
  name 192.168.9.50 xxxxxxxxx
  name 192.168.9.51 xxxxxxxxx xxxxxxxxxx description
  !
  interface Vlan1
  nameif inside
  security-level 100
  IP 192.168.9.1 255.255.255.0
  !
  interface Vlan2
  nameif outside
  security-level 0
  IP address xxxxxxxxxxxxx 255.255.255.248
  !
  interface Vlan3
  nameif dmz
  security-level 50
  IP 10.10.9.1 255.255.255.0
  !
  interface Ethernet0/0
  switchport access vlan 2
  !
  interface Ethernet0/1
  !
  interface Ethernet0/2
  !
  interface Ethernet0/3
  !
  interface Ethernet0/4
  switchport access vlan 3
  !
  interface Ethernet0/5
  switchport access vlan 3
  !
  interface Ethernet0/6
  !
  interface Ethernet0/7
  !
  passwd xxxxxxxxxxxx
  passive FTP mode
  clock timezone CST - 6
  clock to summer time recurring CDT
  DNS lookup field inside
  DNS server-group DefaultDNS
  Server name xxxxxxxxxx
  Server name xxxxxxxxxxxxxxx
  domain xxxxxxxxxxxx.local
  permit same-security-traffic intra-interface
  permit inside_nat0_outbound to access extended list ip 192.168.0.0 255.255.0.0 192.168.0.0 255.255.0.0
  access-list 101 extended allow icmp a whole
  access-list standard split allow 192.168.0.0 255.255.0.0
  permit to_static1 to access extended list ip 192.168.0.0 255.255.0.0 192.168.14.0 255.255.255.0
  permit to_static2 to access extended list ip 192.168.0.0 255.255.0.0 192.168.16.0 255.255.255.0< this="" is="" the="" problem="">
  RTP list extended access udp any permitted any 10000 20000 Beach
  RTP list extended access permitted tcp everything any 10000 20000 Beach
  pager lines 24
  monitor debug logging
  asdm of logging of information
  Within 1500 MTU
  Outside 1500 MTU
  MTU 1500 dmz
  mask IP local RA-pool 192.168.99.1 - 192.168.99.126 255.255.255.128
  no failover
  ICMP unreachable rate-limit 1 burst-size 1
  don't allow no asdm history
  ARP timeout 14400
  Global 1 interface (outside)
  NAT (inside) 0-list of access inside_nat0_outbound
  NAT (inside) 1 0.0.0.0 0.0.0.0
  Route outside 0.0.0.0 0.0.0.0 75.146.188.94 1
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout, uauth 0:05:00 absolute
  dynamic-access-policy-registration DfltAccessPolicy
  Enable http server
  http 192.168.0.0 255.255.0.0 inside
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
  set of 20 SYSTEM_DEFAULT_CRYPTO_MAP crypto dynamic-map transform-set ESP-3DES-SHA
  card crypto outside_map 10 correspondence address to_static1
  card crypto outside_map 10 peers set xxxxxxxxxx
  outside_map crypto 10 card value transform-set ESP-3DES-SHA
  card crypto outside_map 11 match address to_static2
  card crypto outside_map 11 counterpart set xxxxxxxxxxxxx< problem="">
  card crypto outside_map 11 game of transformation-ESP-3DES-SHA
  outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
  outside_map interface card crypto outside
  crypto ISAKMP allow outside
  crypto ISAKMP policy 10
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  Telnet 192.168.0.0 255.255.0.0 inside
  Telnet timeout 5
  SSH timeout 5
  Console timeout 0
  management-access inside
  dhcpd outside auto_config
  !
  dhcpd address 192.168.9.101 - 192.168.9.199 inside
  dhcpd dns 192.168.9.2 xxxxxxxxxxx interface inside
  dhcpd xxxxxxxxx.local area inside interface
  xxxxxxxx dhcpd option 66 ip inside interface
  dhcpd allow inside
  !

  a basic threat threat detection
  Statistics-list of access threat detection
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  message-length maximum 512
  type of policy-card inspect sip default_sip
  parameters
  Journal of decline in the shares of Max-forwards-validation
  Policy-map global_policy
  class inspection_default
  inspect the preset_dns_map dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the rsh
  inspect esmtp
  inspect sqlnet
  inspect the skinny
  inspect sunrpc
  inspect xdmcp
  inspect the netbios
  inspect the rtsp
  inspect the default_sip sip
  !
  global service-policy global_policy
  Group xxxxx-RA internal policy
  xxxxx-RA group policy attributes
  Server DNS value 192.168.9.2 xxxxxxxxxxxxx
  Protocol-tunnel-VPN IPSec l2tp ipsec
  Split-tunnel-policy tunnelspecified
  Split-tunnel-network-list value split
  xxxxxxxxx.local value by default-field
  allow to NEM
  IPSec-attributes tunnel-group DefaultL2LGroup
  pre-shared-key *.
  type tunnel-group xxxxx-RA remote access
  Tunnel-Group global xxxxxx-RA-attributes
  address-RA-pool
  Group Policy - by default-xxxxx-RA
  tunnel-group xxxxxx-ipsec-attributes
  pre-shared-key *.
  tunnel-group STATIC2_WANIP type ipsec-l2l< problem="">
  IPSec-attributes tunnel-group STATIC2_WANIP
  pre-shared-key *.
  tunnel-group STATIC1_WANIP type ipsec-l2l
  IPSec-attributes tunnel-group STATIC1_WANIP
  pre-shared-key *.
  context of prompt hostname

  and...

  ASA5505-STATIC2 host name
  domain xxxxxxxx.local
  activate the password XXXXXX
  passwd xxxxxxxxxxx
  names of
  !
  interface Ethernet0/0
  switchport access vlan 3
  !
  interface Ethernet0/1
  switchport access vlan 2
  !
  interface Ethernet0/2
  switchport access vlan 2
  !
  interface Ethernet0/3
  switchport access vlan 2
  !
  interface Ethernet0/4
  switchport access vlan 2
  !
  interface Ethernet0/5
  switchport access vlan 2
  !
  interface Ethernet0/6
  switchport access vlan 2
  !
  interface Ethernet0/7
  switchport trunk allowed vlan 1-2
  switchport trunk vlan 1 native
  switchport mode trunk
  !
  interface Vlan1
  nameif dmz
  security-level 50
  IP 10.10.0.1 address 255.255.255.0
  !
  interface Vlan2
  nameif inside
  security-level 100
  192.168.16.1 IP address 255.255.255.0
  !
  interface Vlan3
  nameif outside
  security-level 0
  IP address xxxxxxxxxxx 255.255.254.0
  !
  passive FTP mode
  clock timezone CST - 6
  clock to summer time recurring CDT
  DNS lookup field inside
  DNS server-group DefaultDNS
  Server name xxxxxxxxxx
  Server name xxxxxxxxxx
  domain xxxxxxxxxx.local
  access extensive list ip 192.168.16.0 to_hq allow 255.255.255.0 192.168.0.0 255.
  255.0.0
  192.168.16.0 IP Access-list extended sheep 255.255.255.0 allow 192.168.0.0 255.
  255.0.0
  pager lines 24
  MTU 1500 dmz
  Within 1500 MTU
  Outside 1500 MTU
  no failover
  ICMP unreachable rate-limit 1 burst-size 1
  don't allow no asdm history
  ARP timeout 14400

  Route outside 0.0.0.0 0.0.0.0 xxxxxxxxxxx
  Global 1 interface (outside)
  NAT (dmz) 1 0.0.0.0 0.0.0.0
  NAT (inside) 0 access-list sheep
  NAT (inside) 1 0.0.0.0 0.0.0.0
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  Floating conn timeout 0:00:00
  dynamic-access-policy-registration DfltAccessPolicy
  Enable http server
  http 192.168.0.0 255.255.0.0 inside
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
  life crypto ipsec security association seconds 28800
  Crypto ipsec kilobytes of life - safety 4608000 association
  card crypto cmap1 match 10 address to_hq
  card crypto cmap1 10 peers set xxxxxxxxxxxxxx
  cmap1 crypto 10 card value transform-set ESP-3DES-SHA
  crypto ISAKMP policy 10
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  crypto ISAKMP policy 65535
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  No encryption isakmp nat-traversal
  Telnet 192.168.0.0 255.255.0.0 inside
  Telnet timeout 5
  SSH timeout 5
  Console timeout 0
  management-access inside
  dhcpd dns 192.168.9.2 xxxxxxxxxxxx
  !
  dhcpd address dmz 10.10.0.100 - 10.10.0.199
  dhcpd lease 10800 dmz interface
  dhcpd enable dmz
  !
  dhcpd address 192.168.16.101 - 192.168.16.131 inside
  lease interface 10800 dhcpd inside
  dhcpd xxxxxxxxxx.local area inside interface
  dhcpd ip interface 192.168.9.50 option 66 inside
  dhcpd allow inside
  !

  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  WebVPN
  tunnel-group HUB_WANIP type ipsec-l2l
  IPSec-attributes tunnel-group HUB_WANIP
  pre-shared-key *.
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  maximum message length automatic of customer
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the preset_dns_map dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  Review the ip options
  inspect the netbios
  inspect the rsh
  inspect the rtsp
  inspect the skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect the tftp
  inspect the sip
  inspect xdmcp
  inspect the icmp
  !
  global service-policy global_policy
  context of prompt hostname

  Any help is appreciated

  Hello

  Seems to me that the ASA named STATIC2-ASA5505 lack some essential associated VPN configurations.

  The encryption card is not attached to any interface

  Configure this

  cmap1 interface card crypto outside

  The Crypto ISAKMP is not enabled on any interface

  Configure this

  crypto ISAKMP allow outside

  Hope this helps

  -Jouni

• Site to Site VPN tunnel is not come between 2 routers

  Dear all,

  I have 2 routers for branch which is configured for VPN site-to-site, but the tunnel does not come!

  I ran debug and I enclose herwith output for your kind review and recommendation. I also enclose here the 2 routers configs branch.

  Any idea on why the Site to site VPN is not coming?

  Kind regards

  Haitham

  You guessed it!

  Just because you have re-used the same card encryption for LAN to LAN and vpn-client traffic.

  This from the DOC CD

  No.-xauth

  (Optional) Use this keyword if the router to router IP Security (IPSec) is on the same card encryption as a virtual private network (VPN) - client - to-Cisco-IOS IPSec. This keyword prevents the router causing the peer for the information of extended authentication (Xauth) (username and password).

• My IPad will not come

  MY IPAD WILL NOT COME BECAUSE I MADE THE UPDATE YESTERDAY?

  If you are sure that the appliance is loaded, then press and hold the home and sleep/wake buttons until you see the Apple logo and then release. It could take up to 30 seconds of operation.

• IE8 will not come to the top. I get diagnose problems when router connection bed Excellent 54 Mbps

  Internet Explorer will not come to the top.  My router says I 54mpbs Exellent, but I can't go on the internet.  Diagnose the problem button appears.  When I run it, it says that my router is not working.  I have wifi and my friend has the router and its connection is good.  I also have a propellant that works great too.

  Can you get far enough in IE to access the Tools Menu?  If so try clicking Tools | Internet Options | Advanced and clicking the reset button.

  -B-
  http://www.officeforlawyers.com | http://www.OneNote-tips.com
  Author: Guide to counsel for Microsoft Outlook

• I updated adobe and now windows vista will not come to the top!

  I was doing something that requires adobe 9 or higher, so I updated to 10. Now my main screen will not come to the top. I can't do all the suggestions for troubleshooting because I can't get to my computer at all.  I validated and it says windows Pascal more send activationsetc. and I can't update because I can't.

  Try to start in safe mode (press F8 immediately and repeatedly after Power Up Self Test and before Windows starts) and uninstall Adobe Reader X.  Then try to restart normally.

• Color Laserjet CP5525 will not come on loan

  Printer will not loan and the error log has 49.2F. E3. From what I could find, this is a firmware error. But how I've updated the firmware if the printer will not come on loan?

  Ended up be the firmware. I had to replace the format because that I couldn't get a ready status to update the firmware. Printer works fine. Thank you

• My Dell is power saving mode and will not come out

  My Dell is power saving mode and will not come out? Any suggestions? I can't get anything else than a screen that says it is in power save mode and press a key or move the mouse. No one who does nothing. Don't disconnect.

  Hi Ma32206,

  Monitors Dell will automatically mode energy saving after a predetermined time amount when the computer is idle. The Dell monitor will go completely black, rather than display a screen saver. This allows your monitor to essentially turn off until it takes again.

  A. Press any key on the keyboard or move the mouse. Either will automatically turn off the power saving mode. Alternatively, you can press the power button on your Dell computer tower or laptop.

  B. press one button a second time if the monitor goes power saving in standby mode. Standby mode allows the screen saver appears.

  Bindu R - Microsoft technical support.
  Visit our Microsoft answers feedback Forum and let us know what you think.

• Security Windows will not come to the top

  lost all my programs, firewall windows, I click on the setting change a white csreen rises then real quick stop... click on Security Center, c:\windows]system32\run1132.exe comes upand said parameter is in good... lost my windows live sign on... my norton will not come up... i think I may have been hack in to

  lost all my programs, firewall windows, I click on the setting change a white csreen rises then real quick stop... click on Security Center, c:\windows]system32\run1132.exe comes upand said parameter is in good... lost my windows live sign on... my norton will not come up... i think I may have been hack in to

  It seems that your system has been infected:

  Preform Malwarebyte s scanning:

  http://www.Malwarebytes.org/ recommended

  then the use of scan of preform

  a-squared Emergency USB Stick files http://www.emsisoft.com/en/software/download/

  After that, make sure that your system is free of viruses:

  http://www.Avira.com/en/download/index.php

  If you can not install anti virus Software, then try to scan online

  http://housecall.trendmicro.com/UK/

  and spyware:

  http://www.systweak.com/AntiSpyware/

  http://www.SurfRight.nl/en/downloads/ recommended

• Interface 1130ag WLAN AP will not come to the top?

  Hi all

  For the first time, I installed a 1130ag and I can't bring up the interface without wire/radio?

  I have connected it via http at the moment and have tried to activate the radio via the GUI, but it does not come to the top? (This is normally upward in this way with the year 1200)

  Can anyone suggest anything?

  Thank you very much

  Nathan.

  UK.

  Have you defined a SSID? If you have not the radio will not come to the top.

• Windows Media Player will not come

  Windows Media Player will not come

  Windows Media Player will not come

  In the Find box type copy paste the following command and press the Enter key.

  "%programfiles%\Windows media player\wmplayer.exe".

  If the above doesn't help, try a system restore - select any restore point when it did not have this problem.

• Dell 1230c do not - print jobs go to the queue printing but will not come to buffer

  Dell 1230c do not - print jobs go to the queue printing but will not come to buffer

  Hey Joe,

  Try duration to remove print jobs to remove Job feel stuck in the queue, and then restart your computer.

  Also refer to:

  Cancel printing

  Maybe you have that impression break.

  View, pause, or cancel printing

  You can also see the troubleshooting steps in Dell for Dell printers.

  Please post back with the State of the question.

• Variables will not come through mailer

  I have a php mailer on my site mortgagemaestro.net and variables will not come through when I send the form to any computer but mine. I just get a blank form in my email.
  Here are the two codes
  
  Thanks for any help
  
  Stop();
  
  var b1Load:LoadVars = new LoadVars();
  var receiveLoad: LoadVars = new LoadVars();
  
  This.B1.onRelease = function() {}
  If (theEmail.text == null | theEmail.text == "" | ") theName.text == null | theName.text == "" | " homePhone.text == null | HomePhone.text =="") {}
  gotoAndStop ("error");
  } else {}
  b1Load.theName = theName.text;
  b1Load.homePhone = homePhone.text;
  b1Load.workPhone = workPhone.text;
  b1Load.theEmail = theEmail.text;
  b1Load.theAddress = theAddress.text;
  b1Load.theCity = theCity.text;
  b1Load.TheState = theState.text;
  b1Load.theZip = theZip.text;
  b1Load.theCall = theCall.text;
  b1Load.sendAndLoad (" http://www.mortgagemaestro.net/lib/phpmailer/email.php", receiveload);
  getURL (" http://l-h1.com/richard_white_lending/destpage/thankyou.php", "_self");
  }
  
  <? PHP
  require ("Class.PHPMailer.php");
  
  $mail = new PHPMailer();
  
  $mail-> IsSMTP(); send via SMTP
  $mail-> host = "mail.mortgagemaestro.net"; SMTP servers
  $mail-> SMTPAuth = true; enable SMTP authentication
  $mail-> Username = "[email protected]"; SMTP Username
  $mail-> password = "32bf1a3"; SMTP password
  
  $mail-> from = '[email protected] ';
  $mail-> FromName = "drive";
  $mail-> AddAddress ("[email protected]");
  
  $mail-> object = "Mortgage Maestro lead";
  $mail-> body = "name:"; "
  $mail-> body. = $_POST [theName];
  $mail-> body. = "\nEmail: «;»»
  $mail-> body. = $_POST [theEmail];
  $mail-> body. = ' \nHomePhone: '; "
  $mail-> body. = $_POST [homePhone];
  $mail-> body. = ' \nWorkPhone: '; "
  $mail-> body. = $_POST [as workPhone];
  $mail-> body. = "\nAddress: «;»»
  $mail-> body. = $_POST [theAddress];
  $mail-> body. = ' \nCity: '; "
  $mail-> body. = $_POST [theCity];
  $mail-> body. = "\nState: «;»»
  $mail-> body. = $_POST [the State];
  $mail-> body. = ' \nZip: '; "
  $mail-> body. = $_POST [theZip];
  $mail-> body. = ' \nCall: '; "
  $mail-> body. = $_POST [theCall];
  
  If (! $mail-> Send())
  {
  echo "Message was sent not < p > ';
  echo "Mailer error:". "." $mail-> ErrorInfo;
  "exit";
  }
  
  echo "Message was sent;"
  
  ? >

  OK, here it is incase anyone ever have this problem. I changed all the instance names as theCall and theName to variables. For this change in the area titled var: sort of in the lower right corner of the properties. I also changed the shape of the POST method and made my form a clip called sendWork

  Well here are the scripts.
  I'm still having a problem with my if statements. They stopped working after I changed everything to variables. He would still put me to the error screen that I put in place even when I had all of the information entered.

  I know it's because they are implemented by using the instance names (see above the script), but when I say that everything will work smooth, if all goes well

  Stop();

  This.B1.onRelease = function() {}
  sendWork.loadVariables ("email.php", "POST");
  getURL (" http://l-h1.com/richard_white_lending/destpage/thankyou.php", "_self");
  };

  <>
  require ("Class.PHPMailer.php");

  $mail = new PHPMailer();

  $mail-> IsSMTP(); send via SMTP
  $mail-> host = "mail.mortgagemaestro.net"; SMTP servers
  $mail-> SMTPAuth = true; enable SMTP authentication
  $mail-> Username = "[email protected]"; SMTP Username
  $mail-> password = "32bf1a3"; SMTP password

  $mail-> from = '[email protected] ';
  $mail-> FromName = "drive";
  $mail-> AddAddress ("[email protected]");

  $mail-> subject = "Mortgage Maestro lead";
  $mail-> body = "name:"; "
  $mail-> body. = $_POST [theName];
  $mail-> body. = "\nEmail: «;»»
  $mail-> body. = $_POST [theEmail];
  $mail-> body. = ' \nHomePhone: '; "
  $mail-> body. = $_POST [homePhone];
  $mail-> body. = $_POST [homePhone02];
  $mail-> body. = $_POST [homePhone03];
  $mail-> body. = ' \nWorkPhone: '; "
  $mail-> body. = $_POST [as workPhone];
  $mail-> body. = $_POST [workPhone02];
  $mail-> body. = $_POST [workPhone03];
  $mail-> body. = "\nAddress: «;»»
  $mail-> body. = $_POST [theAddress];
  $mail-> body. = ' \nCity: '; "
  $mail-> body. = $_POST [theCity];
  $mail-> body. = "\nState: «;»»
  $mail-> body. = $_POST [the State];
  $mail-> body. = ' \nZip: '; "
  $mail-> body. = $_POST [theZip];
  $mail-> body. = ' \nCall: '; "
  $mail-> body. = $_POST [theCall];

  if(!$mail->Send())
  {
  echo "Message has not been sent.

  ";
  echo "Mailer error:". "." $mail-> ErrorInfo;
  "exit";
  }

• IPSec tunnel do not come between two ASA - 5540 s.

  I've included the appropriate configuration of the two ASA lines - 5540 s that I'm trying to set up a tunnel of 2 lan lan between. The first few lines show the messages that are generated when I try to ping another host on each side.

  Did I miss something that will prevent the tunnel to come?

  4 IP = 10.10.1.147, error: cannot delete PeerTblEntry

  3 IP = 10.10.1.147, Removing peer to peer table has not, no match!

  6 IP = 10.10.1.147, P1 retransmit msg sent to the WSF MM

  5 IP is 10.10.1.147, in double Phase 1 detected package. Retransmit the last packet.

  6 IP = 10.10.1.147, P1 retransmit msg sent to the WSF MM

  5 IP is 10.10.1.147, in double Phase 1 detected package. Retransmit the last packet.

  4 IP = 10.10.1.147, error: cannot delete PeerTblEntry

  3 IP = 10.10.1.147, Removing peer to peer table has not, no match!

  6 IP = 10.10.1.147, Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.

  6 IP = 10.10.1.147, Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.

  6 IP = 10.10.1.147, Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.

  5 IP = 10.10.1.147, IKE initiator: New Phase 1, Intf inside, IKE Peer 10.10.1.147 address Proxy local 10.10.1.135, Proxy address remote 10.10.1.155, Card Crypto (outside_map0)

  ROC-ASA5540-A # sh run

  !

  ASA Version 8.0 (3)

  !

  CRO-ASA5540-A host name

  names of

  10.10.1.135 GHC_Laptop description name to test the VPN

  10.10.1.155 SunMed_pc description name to test the VPN

  !

  interface GigabitEthernet0/0

  Speed 100

  full duplex

  nameif inside

  security-level 100

  IP 10.10.1.129 255.255.255.240

  !

  interface GigabitEthernet0/3

  nameif outside

  security-level 0

  IP 10.10.1.145 255.255.255.248

  !

  !

  outside_2_cryptomap list extended access permit ip host host GHC_Laptop SunMed_pc

  !

  ASDM image disk0: / asdm - 603.bin

  !

  Route outside 255.255.255.248 10.10.1.152 10.10.1.147 1

  !

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  card crypto game 2 outside_map0 address outside_2_cryptomap

  outside_map0 crypto map peer set 2 10.10.1.147

  card crypto outside_map0 2 the value transform-set ESP-3DES-SHA

  outside_map0 card crypto 2 set nat-t-disable

  outside_map0 interface card crypto outside

  crypto ISAKMP allow outside

  crypto ISAKMP policy 5

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  !

  Group Policy Lan-2-Lan_only internal

  attributes of Lan-2-Lan_only-group policy

  VPN-filter no

  Protocol-tunnel-VPN IPSec

  tunnel-group 10.10.1.147 type ipsec-l2l

  IPSec-attributes tunnel-group 10.10.1.147

  pre-shared-key *.

  !

  ROC-ASA5540-A #.

  ----------------------------------------------------------

  ROC-ASA5540-B # sh run

  : Saved

  :

  ASA Version 8.0 (3)

  !

  name of host ROC-ASA5540-B

  !

  names of

  name 10.10.1.135 GHC_laptop

  name 10.10.1.155 SunMed_PC

  !

  interface GigabitEthernet0/0

  Speed 100

  full duplex

  nameif inside

  security-level 100

  IP 10.10.1.153 255.255.255.248

  !

  interface GigabitEthernet0/3

  nameif outside

  security-level 0

  IP 10.10.1.147 255.255.255.248

  !

  outside_cryptomap list extended access permit ip host host SunMed_PC GHC_laptop

  !

  ASDM image disk0: / asdm - 603.bin

  !

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  card crypto outside_map2 1 match address outside_cryptomap

  outside_map2 card crypto 1jeu peer 10.10.1.145

  outside_map2 card crypto 1jeu transform-set ESP-3DES-SHA

  outside_map2 card crypto 1jeu nat-t-disable

  outside_map2 interface card crypto outside

  crypto ISAKMP allow inside

  crypto ISAKMP policy 5

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  !

  internal Lan-2-Lan group strategy

  Lan Lan 2-strategy of group attributes

  Protocol-tunnel-VPN IPSec

  tunnel-group 10.10.1.145 type ipsec-l2l

  IPSec-attributes tunnel-group 10.10.1.145

  pre-shared-key *.

  !

  ROC-ASA5540-B #.

  On the ASA of ROC-ASA5540-B, you have "isakmp allows inside", it should be "enable isakmp outside."

  Please reconfigure the ASA and let me know how it goes.

  Kind regards

  Arul

  * Please note the useful messages *.

• I have two monitors and Firefox will not come on the screen.

  When I try to open Firefox it will not load on each screen. Looks like he's trying to go to the secondary screen, but is not visible. The OS is Windows 7 Home first Service Pack 1. Firefox version 37.0.1
  Thanks for your help.
  Jerry

  You get a sticker or other indication on the Windows task bar that there is a window of Firefox "somewhere", but it is not visible anywhere?

  If there is a tile (or a title of the window above the Firefox button in the task bar):

  The Firefox window sometimes opens off screen. If you have a multiple monitor configuration, make sure that both monitors are on. Other users have reported that sometimes Firefox acts strangely while the second monitor is turned off. You mentioned that both monitors are on in your case.

  In all other cases: you can often force the Firefox window is displayed on the screen by double clicking on the thumbnail image just above the taskbar and choose expand. Does it work?

  A possible cause for this is that the file that stores the positions and sizes of window is corrupt.

  #1 method: If you can get a zoomed window:

  Open the settings folder (AKA Firefox profile) current Firefox help

  • button "3-bar" menu > "?" button > troubleshooting information
  • (menu bar) Help > troubleshooting information
  • type or paste everything: in the address bar and press Enter

  In the first table of the page, click on the view file"" button. This should launch a new window that lists the various files and folders in Windows Explorer.

  Leave this window open, switch back to Firefox and output, either:

  • "3-bar" menu button > button "power".
  • (menu bar) File > Exit

  Pause while Firefox finishing its cleanup, then rename xulstore.json to something like xulstore.old. If you see a file named localstore.rdf, rename this to localstore.old as well.

  Launch Firefox back up again. Windows normally appear again?

  #2 method: If you can not get a Firefox window for all:

  Close Firefox by right clicking the icon in the taskbar > close all windows.

  Using the Run dialog box (windows key + R) or search from the start menu (bar (or, in Windows 8 may bar charms bar research?) type or paste the following and press ENTER to drill down to the profiles folder):

  %APPDATA%\Mozilla\Firefox\Profiles
  

  Here you can see a folder - in this case, double-click that - or more than one case - in this case, double-click on in what looks like the most recently updated.

  Scroll down and rename xulstore.json to something like xulstore.old. If you see a file named localstore.rdf, rename this to localstore.old as well.

  Launch Firefox back up again. Windows normally appear again?