Impossible to establish a VPN to ASA 5505
I'm trying to set up a network VPN from Site to Site. Right now I'm doing this work in the laboratory. I have the Internet port on the Linksys connected directly to port 0 on the cisco that has been set up as the internet port.
My configuration is:
Remote site
Laptop 1 - IP 192.168.2.100 address 255.255.255.0 GW 192.168.2.1
The Router 1 (Linksys BEFSX41) - LAN IP 192.168.2.1 255.255.255.0
209.168.145.49 WAN IP address 255.255.255.0 GW 209.168.145.50
Host site
Laptop 2 - address 192.168.1.100 IP 255.255.255.0 GW 192.168.1.1
Router 2 (Cisco ASA 5505) - LAN IP 0 address 192.168.1.1 255.255.255.0
IP WAN (Port 0) 209.168.145.50 255.255.255.0
My problems:
I use ASDM 5.2 to configure the router of the SAA. With the configuration I currently have my linksys is not able to establish a VPN connection. The journal of ASA reported via the ASDM is as shown in the attachment ciscolog.txt.
My linksys journal is as listed in the attachment linksyslog.txt.
I also tried to create a Cisco VPN client connection using the cisco client software and a laptop connected directly to the internet port of the router cisco (port 0) and was not able to establish a connection with that either. I used the wizard of ASDM VPN to try to implement the Site-site as well as the scenarios of connection remotely. This has been unsuccessful in both cases.
The only one, I am really interested in getting to work is the site to site.
My current configuration of cisco is shown in the attachment cisco.txt.
If anyone has any input I would appreciate it a lot. I have been through the manuals of cisco as to scouring the internet and am unable to find an answer.
I enclose 3 files, cisco log (ciscolog.txt), linksys (linksyslog.txt) log and config cisco (cisco.txt) in the form of text files.
Thank you.
Sean
I hope that path statement solves your problem.
-Gilbert
Good job, Adam!
Tags: Cisco Security
Similar Questions
-
Error of customer Cisco VPN connection ASA 5505
I am unable to connect to the vpn I created on my ASA 5505 using the Cisco VPN Client on a Windows machine. The log of the vpn client and the config of the ASA 5505 is lower. Any help to solve this is appreciated.
CISCO VPN CLIENT LOG
Cisco Systems VPN Client Version 5.0.06.0160
Copyright (C) 1998-2009 Cisco Systems, Inc.. All rights reserved.
Customer type: Windows, Windows NT
Running: 6.1.7600
Config files directory: C:\Program Cisco Systems Client\
1 09:34:23.030 13/04/11 Sev = Info/4 CM / 0 x 63100002
Start the login process
2 09:34:23.061 13/04/11 Sev = Info/4 CM / 0 x 63100004
Establish a secure connection
3 09:34:23.061 13/04/11 Sev = Info/4 CM / 0 x 63100024
Attempt to connect with the server "71.xx.xx.253".
4 09:34:23.061 13/04/11 Sev = Info/6 IKE/0x6300003B
Attempts to establish a connection with 71.xx.xx.253.
5 09:34:23.061 13/04/11 Sev = Info/4 IKE / 0 x 63000001
From IKE Phase 1 negotiation
6 09:34:23.077 13/04/11 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK AG (SA, KE, NO, ID, VID (Xauth), VID (dpd), VID (Frag), VID(Nat-T), VID (Unity)) at 71.xx.xx.253
7 09:34:23.170 13/04/11 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = 71.xx.xx.253
8 09:34:23.170 13/04/11 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" ag="" (sa,="" ke,="" non,="" id,="" hash,="" vid(unity),="" vid(xauth),="" vid(dpd),="" vid(nat-t),="" nat-d,="" nat-d,="" vid(frag),="" vid(?))="" from="">
9 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000001
Peer is a compatible peer Cisco-Unity
10 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000001
Peer supports XAUTH
11 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000001
Peer supports the DPD
12 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000001
Peer supports NAT - T
13 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000001
Peer supports fragmentation IKE payloads
14 09:34:23.170 13/04/11 Sev = Info/6 IKE / 0 x 63000001
IOS Vendor ID successful construction
15 09:34:23.170 13/04/11 Sev = Info/4 IKE / 0 x 63000013
SENDING > ISAKMP OAK AG * (HASH, NOTIFY: NAT - D, NAT - D, VID (?), STATUS_INITIAL_CONTACT, VID (Unity)) at 71.xx.xx.253
16 09:34:23.170 13/04/11 Sev = Info/6 IKE / 0 x 63000055
Sent a keepalive on the IPSec Security Association
17 09:34:23.170 13/04/11 Sev = Info/4 IKE / 0 x 63000083
IKE port in use - Local Port = 0xEB07, Remote Port = 0 x 1194
18 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000072
Automatic NAT detection status:
Remote endpoint is NOT behind a NAT device
This effect is behind a NAT device
19 09:34:23.170 13/04/11 Sev = Info/4 CM/0x6310000E
ITS established Phase 1. 1 crypto IKE Active SA, 0 IKE SA authenticated user in the system
20 09:34:23.170 13/04/11 Sev = Info/4 CM/0x6310000E
ITS established Phase 1. 1 crypto IKE Active SA, 1 IKE SA authenticated user in the system
21 09:34:23.186 13/04/11 Sev = Info/5 IKE/0x6300005E
Customer address a request from firewall to hub
22 09:34:23.186 13/04/11 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to 71.xx.xx.253
23 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = 71.xx.xx.253
24 09:34:23.248 13/04/11 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">
25 09:34:23.248 13/04/11 Sev = Info/5 IKE / 0 x 63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS:, value = 172.26.6.1
26 09:34:23.248 13/04/11 Sev = Info/5 IKE / 0 x 63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK:, value = 255.255.0.0
27 09:34:23.248 13/04/11 Sev = Info/5 IKE / 0 x 63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (1):, value = 172.26.0.250
28 09:34:23.248 13/04/11 Sev = Info/5 IKE / 0 x 63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (2):, value = 172.26.0.251
29 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD:, value = 0x00000000
30 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN:, value = TLCUSA
31 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS:, value = 0x00000000
32 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc. ASA5505 Version 8.2 (1) built by manufacturers on Wednesday 5 May 09 22:45
33 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SMARTCARD_REMOVAL_DISCONNECT:, value = 0x00000001
34 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = received and by using the NAT - T port number, value = 0 x 00001194
35 09:34:23.248 13/04/11 Sev = Info/4 CM / 0 x 63100019
Data in mode Config received
36 09:34:23.264 13/04/11 Sev = Info/4 IKE / 0 x 63000056
Received a request from key driver: local IP = 172.26.6.1, GW IP = 71.xx.xx.253, Remote IP = 0.0.0.0
37 09:34:23.264 13/04/11 Sev = Info/4 IKE / 0 x 63000013
SEND to > QM ISAKMP OAK * (HASH, SA, NO, ID, ID) to 71.xx.xx.253
38 09:34:23.326 13/04/11 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = 71.xx.xx.253
39 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:status_resp_lifetime)="" from="">
40 09:34:23.326 13/04/11 Sev = Info/5 IKE / 0 x 63000045
Answering MACHINE-LIFE notify has value of 86400 seconds
41 09:34:23.326 13/04/11 Sev = Info/5 IKE / 0 x 63000047
This AA is already living from 0 seconds, setting the expiration to 86400 seconds right now
42 09:34:23.326 13/04/11 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = 71.xx.xx.253
43 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:no_proposal_chosen)="" from="">
44 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK INFO *(HASH, DEL) to 71.xx.xx.253
45 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000049
IPsec security association negotiation made scrapped, MsgID = 89EE7032
46 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000017
Marking of IKE SA delete (I_Cookie = 2617522400DC1763 R_Cookie = 029325381036CCD8) reason = DEL_REASON_IKE_NEG_FAILED
47 09:34:23.326 13/04/11 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = 71.xx.xx.253
48 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000058
Received an ISAKMP for a SA message no assets, I_Cookie = 2617522400DC1763 R_Cookie = 029325381036CCD8
49 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" info="" *(dropped)="" from="">
50 09:34:26.696 13/04/11 Sev = Info/4 IKE/0x6300004B
IKE negotiation to throw HIS (I_Cookie = 2617522400DC1763 R_Cookie = 029325381036CCD8) reason = DEL_REASON_IKE_NEG_FAILED
51 09:34:26.696 13/04/11 Sev = Info/4 CM / 0 x 63100012
ITS phase 1 deleted before first Phase 2 SA is caused by "DEL_REASON_IKE_NEG_FAILED". Crypto 0 Active IKE SA, 0 IKE SA authenticated user in the system
52 09:34:26.696 13/04/11 Sev = Info/5 CM / 0 x 63100025
Initializing CVPNDrv
53 09:34:26.696 13/04/11 Sev = Info/6 CM / 0 x 63100046
Set indicator established tunnel to register to 0.
54 09:34:26.696 13/04/11 Sev = Info/4 IKE / 0 x 63000001
Signal received IKE to complete the VPN connection
----------------------------------------------------------------------------------------
ASA 5505 CONFIG
: Saved
:
ASA Version 8.2 (1)
!
ciscoasa hostname
domain masociete.com
activate tdkuTUSh53d2MT6B encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface Vlan1
nameif inside
security-level 100
IP 172.26.0.252 255.255.0.0
!
interface Vlan2
nameif outside
security-level 0
IP address 71.xx.xx.253 255.255.255.240
!
interface Ethernet0/0
switchport access vlan 2
Speed 100
full duplex
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passive FTP mode
clock timezone IS - 5
clock to summer time EDT recurring
DNS server-group DefaultDNS
domain masociete.com
access-list LIMU_Split_Tunnel_List note the network of the company behind the ASA
Standard access list LIMU_Split_Tunnel_List allow 172.26.0.0 255.255.0.0
outside_access_in list extended access permit icmp any one
outside_access_in list extended access udp allowed any any eq 4500
outside_access_in list extended access udp allowed any any eq isakmp
outside_access_in list extended access permit tcp any host 71.xx.xxx.251 eq ftp
outside_access_in list extended access permit tcp any host 71.xx.xxx.244 eq 3389
inside_outbound_nat0_acl list of allowed ip extended access all 172.26.5.192 255.255.255.240
inside_outbound_nat0_acl list of allowed ip extended access all 172.26.6.0 255.255.255.128
pager lines 24
Enable logging
asdm of logging of information
Outside 1500 MTU
Within 1500 MTU
local pool VPN_POOL 172.26.6.1 - 172.26.6.100 255.255.0.0 IP mask
ICMP unreachable rate-limit 1 burst-size 1
enable ASDM history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0-list of access inside_outbound_nat0_acl
NAT (inside) 1 0.0.0.0 0.0.0.0
static (inside, outside) 71.xx.xxx.251 172.26.5.9 netmask 255.255.255.255
static (inside, outside) 71.xx.xxx.244 172.26.0.136 netmask 255.255.255.255
Access-group outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 71.xx.xxx.241 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
GANYMEDE + Protocol Ganymede + AAA-server
RADIUS Protocol RADIUS AAA server
Enable http server
http 172.26.0.0 255.255.0.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-3des esp-md5-hmac TRANS_ESP_3DES_MD5
Crypto ipsec transform-set transit mode TRANS_ESP_3DES_MD5
Crypto ipsec transform-set esp-3des esp-sha-hmac TRANS_ESP_3DES_SHA
Crypto ipsec transform-set transit mode TRANS_ESP_3DES_SHA
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
Crypto-map dynamic outside_dyn_map 20 game of transformation-TRANS_ESP_3DES_MD5
map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map
outside_map interface card crypto outside
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
crypto ISAKMP policy 30
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH timeout 5
Console timeout 0
dhcpd outside auto_config
!
no basic threat threat detection
no statistical access list - a threat detection
no statistical threat detection tcp-interception
WebVPN
internal DefaultRAGroup group strategy
attributes of Group Policy DefaultRAGroup
value of server WINS 172.26.0.250 172.26.0.251
value of 172.26.0.250 DNS server 172.26.0.251
Protocol-tunnel-VPN IPSec l2tp ipsec svc
value by default-field TLCUSA
internal LIMUVPNPOL1 group policy
LIMUVPNPOL1 group policy attributes
value of 172.26.0.250 DNS server 172.26.0.251
VPN-idle-timeout 30
Protocol-tunnel-VPN IPSec l2tp ipsec
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list LIMU_Split_Tunnel_List
the address value VPN_POOL pools
internal TLCVPNGROUP group policy
TLCVPNGROUP group policy attributes
value of 172.26.0.250 DNS server 172.26.0.251
Protocol-tunnel-VPN IPSec l2tp ipsec svc
Re-xauth disable
enable IPSec-udp
value by default-field TLCUSA
barry.julien YCkQv7rLwCSNRqra06 + QXg password user name is nt encrypted privilege 0
username barry.julien attributes
VPN-group-policy TLCVPNGROUP
Protocol-tunnel-VPN IPSec l2tp ipsec
bjulien bhKBinDUWhYqGbP4 encrypted password username
username bjulien attributes
VPN-group-policy TLCVPNGROUP
attributes global-tunnel-group DefaultRAGroup
address VPN_POOL pool
Group Policy - by default-DefaultRAGroup
IPSec-attributes tunnel-group DefaultRAGroup
pre-shared-key *.
tunnel-group DefaultRAGroup ppp-attributes
no authentication ms-chap-v1
ms-chap-v2 authentication
type tunnel-group TLCVPNGROUP remote access
attributes global-tunnel-group TLCVPNGROUP
address VPN_POOL pool
Group Policy - by default-TLCVPNGROUP
IPSec-attributes tunnel-group TLCVPNGROUP
pre-shared-key *.
ISAKMP ikev1-user authentication no
tunnel-group TLCVPNGROUP ppp-attributes
PAP Authentication
ms-chap-v2 authentication
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
!
global service-policy global_policy
context of prompt hostname
Cryptochecksum:b94898c163c59cee6c143943ba87e8a4
: end
enable ASDM history
can you try to change the transformation of dynamic value ESP-3DES-SHA map.
for example
remove the encryption scheme dynamic-map outside_dyn_map 20 transform-set TRANS_ESP_3DES_MD5
and replace with
Crypto-map dynamic outside_dyn_map 20 the value transform-set ESP-3DES-SHA
-
Cannot connect to internet after connecting to VPN Cisco ASA 5505
Hi all
I am an engineer of network, but haven't had any Experinece in the firewall for the moment, I'm under pressure to take care of a ASA 5505 were all VPN and incoming and out of bounds have been set up, recently I've had a few changes and re made the change, but unfortunately, he took some configurations that are ment for VPN now I am facing a problem,
VPN connection, but impossible to navigate on the internet is my problem, I tried inheriting tunneli Split, but I coudnt get through it seems, I did something in a bad way, I use here for most ASDM,.
I paste the Configuration for the investigation, although he's trying to help me.
ASA Version 8.0(4)16 ! hostname yantraind domain-name yantra.intra enable password vD1.re9JLbigXJxz encrypted passwd hVjSWvtgvNN21M./ encrypted names ! interface Vlan2 nameif outside security-level 0 ip address Outside_Interface 255.255.255.240 ospf cost 10 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 switchport access vlan 2 ! interface Ethernet0/6 switchport access vlan 2 shutdown ! interface Ethernet0/7 switchport access vlan 2 shutdown ! boot system disk0:/asa804-16-k8.bin boot system disk0:/asa724-k8.bin ftp mode passive clock timezone GMT 0 dns domain-lookup inside dns domain-lookup outside dns server-group DefaultDNS name-server 192.168.0.106 name-server 192.168.0.10 domain-name yantra.intra same-security-traffic permit intra-interface object-group service Email_In tcp port-object eq https port-object eq pop3 port-object eq smtp object-group service DM_INLINE_TCP_2 tcp port-object eq ftp port-object eq ftp-data port-object eq www object-group service RDP tcp port-object eq 3389 object-group service DM_INLINE_SERVICE_1 service-object icmp service-object icmp traceroute object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group service voip udp port-object eq domain object-group service DM_INLINE_TCP_1 tcp port-object eq ftp port-object eq ftp-data access-list outside_access_in extended permit tcp any host object-group Email_In access-list outside_access_in extended permit tcp any host FTP_Server_Ext object-group DM_INLINE_TCP_1 access-list outside_access_in extended permit icmp any any echo-reply access-list outside_access_in extended permit tcp any host ForSLT eq www access-list outside_access_in extended permit tcp any host Search object-group DM_INLINE_TCP_2 access-list outside_access_in extended permit tcp any host IMIPublic eq www access-list outside_access_in extended permit tcp any host eq www access-list outside_access_in extended permit tcp any host SLT_New_Public eq www access-list outside_access_in extended permit object-group TCPUDP any host 202.133.48.68 eq www access-list rvpn_stunnel standard permit 192.168.0.0 255.255.255.0 access-list rvpn_stunnel standard permit 192.168.1.0 255.255.255.0 access-list nat0 extended permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list nat0 extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list nat0 extended permit ip 192.168.100.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list nat0 extended permit ip 192.168.0.0 255.255.255.0 COLO 255.255.255.0 access-list nat0 extended permit ip host IT_DIRECT 192.168.0.0 255.255.255.0 access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 any any access-list inside_access_in extended permit ip any any access-list inside_access_in extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list inside_access_in extended permit ip 192.168.0.0 255.255.255.0 202.133.48.64 255.255.255.240 access-list inside_access_in extended permit ip 192.168.100.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list inside_access_in extended deny object-group TCPUDP host 192.168.0.252 202.133.48.64 255.255.255.240 access-list inside_access_in extended permit ip 192.168.0.0 255.255.255.0 COLO 255.255.255.0 access-list outside_1_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list outside_1_cryptomap extended permit ip 192.168.100.0 255.255.255.0 192.168.1.0 255.255.255.0 pager lines 24 logging enable logging timestamp logging console debugging logging buffered debugging logging trap debugging logging history emergencies logging asdm debugging logging host inside 192.168.0.187 logging permit-hostdown logging class ip buffered emergencies mtu inside 1500 mtu outside 1500 ip local pool rvpn-ip 192.168.100.1-192.168.100.25 mask 255.255.255.0 ip verify reverse-path interface inside ip verify reverse-path interface outside no failover icmp unreachable rate-limit 1 burst-size 1 icmp permit any traceroute outside asdm image disk0:/asdm-61551.bin no asdm history enable arp timeout 14400 nat-control global (outside) 1 interface nat (inside) 0 access-list nat0 nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) netmask 255.255.255.255 dns static (inside,outside) FTP_Server_Ext FTP_Server_Int netmask 255.255.255.255 dns static (inside,outside) ForSLT SLT_New netmask 255.255.255.255 static (inside,outside) Search LocalSearch netmask 255.255.255.255 static (inside,outside) IMIPublic IMI netmask 255.255.255.255 static (inside,outside) SLT_New_Public SLT_Local netmask 255.255.255.255 static (inside,outside) netmask 255.255.255.255 access-group inside_access_in in interface inside access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 202.133.48.65 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa authentication http console LOCAL aaa authentication ssh console LOCAL http server enable http 192.168.0.0 255.255.255.0 inside http 0.0.0.0 0.0.0.0 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map rvpn_map 65535 set pfs crypto dynamic-map rvpn_map 65535 set transform-set ESP-3DES-SHA crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set pfs crypto map outside_map 1 set peer crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map 2 match address outside_cryptomap crypto map outside_map 2 set pfs crypto map outside_map 2 set peer crypto map outside_map 2 set transform-set ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic rvpn_map crypto map outside_map interface outside crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=yantraind proxy-ldc-issuer crl configure crypto ca server shutdown crypto ca certificate chain ASDM_TrustPoint0 certificate f8684749 30820252 308201bb a0030201 020204f8 68474930 0d06092a 864886f7 0d010104 0500303b 31123010 06035504 03130979 616e7472 61696e64 31253023 06092a86 4886f70d 01090216 1679616e 74726169 6e642e79 616e7472 612e696e 74726130 1e170d30 38313231 36303833 3831365a 170d3138 31323134 30383338 31365a30 3b311230 10060355 04031309 79616e74 7261696e 64312530 2306092a 864886f7 0d010902 16167961 6e747261 696e642e 79616e74 72612e69 6e747261 30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00f6d1d0 d536624d de9e4a2e 215a3986 98087e65 be9f6c0f b8f6dc3e 151c5603 21afdebe 85b2917b 297b1d1c b3abf5c6 628afbbe dda1ca27 01282aff 6514f62f 2965c87c 8aab0273 ab59dac6 aa9f549b 846d93fd 44c7f84f b29545bb d0db8bbb 060dfbbf 592a15e3 3db126be 541003c4 38754847 0b472e62 d092fec2 d556f9e3 09020301 0001a363 3061300f 0603551d 130101ff 04053003 0101ff30 0e060355 1d0f0101 ff040403 02018630 1f060355 1d230418 30168014 9f66b685 2ebf0d5a 97a684ba 9a9518ca a8ed637e 301d0603 551d0e04 1604149f 66b6852e bf0d5a97 a684ba9a 9518caa8 ed637e30 0d06092a 864886f7 0d010104 05000381 81003b49 2a7ee503 79b47792 6ce90453 70cf200e 943eccd7 deab53e0 2348d566 fe6aa8e0 302b922c 12df802d 398674f3 b1bc55f2 fe2646d5 c59689c2 c6693b0f 14081661 bafb233b 1b296708 fc2b6cbb ba1a005e 37073d72 4156b582 4521e673 ba6c7f7d 2d6941c4 9e076c39 73de21b9 712f69ed 7aab4bda 365d7eb3 39c05d27 e2dd quit crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet timeout 5 ssh 192.168.0.0 255.255.255.0 inside ssh 0.0.0.0 0.0.0.0 outside ssh timeout 15 ssh version 2 console timeout 0 dhcpd address 192.168.0.126-192.168.0.150 inside dhcpd dns 192.168.0.106 192.168.0.10 interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 webvpn group-policy DfltGrpPolicy attributes dns-server value 192.168.0.106 vpn-tunnel-protocol IPSec l2tp-ipsec svc split-dns value 192.168.0.106 group-policy rvpn internal group-policy rvpn attributes dns-server value 192.168.0.106 vpn-tunnel-protocol IPSec webvpn split-tunnel-policy tunnelspecified split-tunnel-network-list value rvpn_stunnel default-domain value yantra.intra username rreddy password 6p4HjBmf02hqbnrL encrypted privilege 15 username bsai password 41f5/8EINw6VQ5Os encrypted username bsai attributes service-type remote-access username Telnet password U.eMKTkIYZQA83Al encrypted privilege 15 username prashantt password BdrzfvDcOsnHBIdz encrypted username prashantt attributes service-type remote-access username m.shiva password p5YdC3kTJcnceaT/ encrypted username m.shiva attributes service-type remote-access username Senthil password qKYIiJ9NmC8NYvCA encrypted username Senthil attributes service-type remote-access username agupta password p3slrWEH1ye5/P2u encrypted username agupta attributes service-type remote-access username Yogesh password uQ3pfHI2wLvg8B8. encrypted username Yogesh attributes service-type remote-access username phanik password inZN0zXToeeR9bx. encrypted username phanik attributes service-type remote-access username murali password Ckpxwzhdj5RRu2tF encrypted privilege 15 username mgopi password stAEoJodb2CfgruZ encrypted privilege 15 username bill password Z1KSXIEPQkLN3OdQ encrypted username bill attributes service-type remote-access username Shantala password aCvfO5/PcsZc3Z5S encrypted username Shantala attributes service-type remote-access username maheshm password Fry56.leIsT9VHsv encrypted username maheshm attributes service-type remote-access username dhanj password zotUI9D6WWrMAh8T encrypted username dhanj attributes service-type remote-access username npatel password vOfMuOZg0vSkICyF encrypted username npatel attributes service-type remote-access username bmandakini password Y5UZuahgr6vd6ccE encrypted username bmandakini attributes service-type remote-access tunnel-group rvpn type remote-access tunnel-group rvpn general-attributes address-pool rvpn-ip tunnel-group rvpn ipsec-attributes pre-shared-key * tunnel-group type ipsec-l2l tunnel-group ipsec-attributes pre-shared-key * tunnel-group type ipsec-l2l tunnel-group ipsec-attributes pre-shared-key * ! class-map global-class match default-inspection-traffic class-map inspection_default ! ! policy-map global_policy policy-map global-policy class global-class inspect esmtp inspect sip inspect pptp inspect ftp inspect ipsec-pass-thru ! service-policy global-policy global prompt hostname context Cryptochecksum:7042504fefd0d22ce4de7f6fa4da14fa : end
Thanking you in advance
Hello
If you want to have Split-tunnelin in use. One you have patterns for.
Then you will need to fix the configured "private group policy" under the "tunnel - private-group
tunnel-group private general-attributes
strategy - by default-private group
Then reconnect the VPN Client connection and try again.
After that the VPN Client connection only transmits traffic directed to the LAN on the VPN Client connection and all Internet traffic beyond the VPN connection directly to the Internet through the current connection of the users.
-Jouni
-
Problem with remote access VPN on ASA 5505
I currently have a problem of an ASA 5505 configuration to connect via VPN remote access by using the Cisco VPN Client 5.0.07.0440 under Windows 8 Pro x 64. The VPN client will prompt you for the user name and password during the connection process, but fails soon after.
The VPN client connects is as follows:
---------------------------------------------------------------------------------------------------------------------------------------
Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc.. All rights reserved.
Customer type: Windows, Windows NT
Running: 6.2.9200
2 15:09:21.240 11/12/12 Sev = Info/4 CM / 0 x 63100002
Start the login process
3 15:09:21.287 11/12/12 Sev = Info/4 CM / 0 x 63100004
Establish a secure connection
4 15:09:21.287 11/12/12 Sev = Info/4 CM / 0 x 63100024
Attempt to connect with the server "*." **. ***. *** »
5 15:09:21.287 11/12/12 Sev = Info/6 IKE/0x6300003B
Try to establish a connection with *. **. ***. ***.
6 15:09:21.287 11/12/12 Sev = Info/4 IKE / 0 x 63000001
From IKE Phase 1 negotiation
7 15:09:21.303 11/12/12 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK AG (SA, KE, NO, ID, VID (Xauth), VID (dpd), VID (Frag), VID(Nat-T), VID (Unity)) to *. **. ***. ***
8 15:09:21.365 11/12/12 Sev = Info/6 GUI/0x63B00012
Attributes of the authentication request is 6: 00.
9 15:09:21.334 11/12/12 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = *. **. ***. ***
10 15:09:21.334 11/12/12 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" ag="" (sa,="" ke,="" non,="" id,="" hash,="" vid(unity),="" vid(xauth),="" vid(dpd),="" vid(nat-t),="" nat-d,="" nat-d,="" vid(frag),="" vid(?))="" from="">
11 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000001
Peer is a compatible peer Cisco-Unity
12 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000001
Peer supports XAUTH
13 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000001
Peer supports the DPD
14 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000001
Peer supports NAT - T
15 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000001
Peer supports fragmentation IKE payloads
16 15:09:21.334 11/12/12 Sev = Info/6 IKE / 0 x 63000001
IOS Vendor ID successful construction
17 15:09:21.334 11/12/12 Sev = Info/4 IKE / 0 x 63000013
SENDING > ISAKMP OAK AG * (HASH, NOTIFY: NAT - D, NAT - D, VID (?), STATUS_INITIAL_CONTACT, VID (Unity)) to *. **. ***. ***
18 15:09:21.334 11/12/12 Sev = Info/6 IKE / 0 x 63000055
Sent a keepalive on the IPSec Security Association
19 15:09:21.334 11/12/12 Sev = Info/4 IKE / 0 x 63000083
IKE port in use - Local Port = 0xFBCE, Remote Port = 0 x 1194
20 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000072
Automatic NAT detection status:
Remote endpoint is NOT behind a NAT device
This effect is behind a NAT device
21 15:09:21.334 11/12/12 Sev = Info/4 CM/0x6310000E
ITS established Phase 1. 1 crypto IKE Active SA, 0 IKE SA authenticated user in the system
22 15:09:21.365 11/12/12 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = *. **. ***. ***
23 15:09:21.365 11/12/12 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">
24 15:09:21.365 11/12/12 Sev = Info/4 CM / 0 x 63100015
Launch application xAuth
25 15:09:21.474 11/12/12 Sev = Info/4 IPSEC / 0 x 63700008
IPSec driver started successfully
26 15:09:21.474 11/12/12 Sev = Info/4 IPSEC / 0 x 63700014
Remove all keys
27 15:09:27.319 11/12/12 Sev = Info/4 CM / 0 x 63100017
xAuth application returned
28 15:09:27.319 11/12/12 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to *. **. ***. ***
29 15:09:27.365 11/12/12 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = *. **. ***. ***
30 15:09:27.365 11/12/12 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">
31 15:09:27.365 11/12/12 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to *. **. ***. ***
32 15:09:27.365 11/12/12 Sev = Info/4 CM/0x6310000E
ITS established Phase 1. 1 crypto IKE Active SA, 1 IKE SA authenticated user in the system
33 15:09:27.365 11/12/12 Sev = Info/5 IKE/0x6300005E
Customer address a request from firewall to hub
34 15:09:27.365 11/12/12 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to *. **. ***. ***
35 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = *. **. ***. ***
36 15:09:27.397 11/12/12 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">
37 15:09:27.397 11/12/12 Sev = Info/5 IKE / 0 x 63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS:, value = 192.168.2.70
38 15:09:27.397 11/12/12 Sev = Info/5 IKE / 0 x 63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK:, value = 255.255.255.0
39 15:09:27.397 11/12/12 Sev = Info/5 IKE / 0 x 63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (1):, value = 192.168.2.1
40 15:09:27.397 11/12/12 Sev = Info/5 IKE / 0 x 63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (2):, value = 8.8.8.8
41 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD:, value = 0x00000001
42 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN:, value = NCHCO
43 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS:, value = 0x00000000
44 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc. ASA5505 Version 8.2 (5) built by manufacturers on Saturday, May 20, 11 16:00
45 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SMARTCARD_REMOVAL_DISCONNECT:, value = 0x00000001
46 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = received and by using the NAT - T port number, value = 0 x 00001194
47 15:09:27.397 11/12/12 Sev = Info/4 CM / 0 x 63100019
Data in mode Config received
48 15:09:27.412 11/12/12 Sev = Info/4 IKE / 0 x 63000056
Received a request from key driver: local IP = 192.168.2.70, GW IP = *. **. ***. remote IP address = 0.0.0.0
49 15:09:27.412 11/12/12 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK QM * (HASH, SA, NO, ID, ID) to *. **. ***. ***
50 15:09:27.444 11/12/12 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = *. **. ***. ***
51 15:09:27.444 11/12/12 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:status_resp_lifetime)="" from="">
52 15:09:27.444 11/12/12 Sev = Info/5 IKE / 0 x 63000045
Answering MACHINE-LIFE notify has value of 86400 seconds
53 15:09:27.444 11/12/12 Sev = Info/5 IKE / 0 x 63000047
This SA was already alive for 6 seconds, setting expiration 86394 seconds now
54 15:09:27.459 11/12/12 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = *. **. ***. ***
55 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:no_proposal_chosen)="" from="">
56 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK INFO *(HASH, DEL) to *. **. ***. ***
57 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000049
IPsec security association negotiation made scrapped, MsgID = CE99A8A8
58 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000017
Marking of IKE SA delete (I_Cookie = A3A341F1C7606AD5 R_Cookie = F1F403018625E924) reason = DEL_REASON_IKE_NEG_FAILED
59 15:09:27.459 11/12/12 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = *. **. ***. ***
60 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000058
Received an ISAKMP for a SA message no assets, I_Cookie = A3A341F1C7606AD5 R_Cookie = F1F403018625E924
61 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" info="" *(dropped)="" from="">
62 15:09:27.490 11/12/12 Sev = Info/4 IPSEC / 0 x 63700014
Remove all keys
63 15:09:30.475 11/12/12 Sev = Info/4 IKE/0x6300004B
IKE negotiation to throw HIS (I_Cookie = A3A341F1C7606AD5 R_Cookie = F1F403018625E924) reason = DEL_REASON_IKE_NEG_FAILED
64 15:09:30.475 11/12/12 Sev = Info/4 CM / 0 x 63100012
ITS phase 1 deleted before first Phase 2 SA is caused by "DEL_REASON_IKE_NEG_FAILED". Crypto 0 Active IKE SA, 0 IKE SA authenticated user in the system
65 15:09:30.475 11/12/12 Sev = Info/5 CM / 0 x 63100025
Initializing CVPNDrv
66 15:09:30.475 11/12/12 Sev = Info/6 CM / 0 x 63100046
Set indicator established tunnel to register to 0.
67 15:09:30.475 11/12/12 Sev = Info/4 IKE / 0 x 63000001
Signal received IKE to complete the VPN connection
68 15:09:30.475 11/12/12 Sev = Info/4 IPSEC / 0 x 63700014
Remove all keys
69 15:09:30.475 11/12/12 Sev = Info/4 IPSEC / 0 x 63700014
Remove all keys
70 15:09:30.475 11/12/12 Sev = Info/4 IPSEC / 0 x 63700014
Remove all keys
71 15:09:30.475 11/12/12 Sev = Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
---------------------------------------------------------------------------------------------------------------------------------------
The running configuration is the following (there is a VPN site-to-site set up as well at an another ASA 5505, but that works perfectly):
: Saved
:
ASA Version 8.2 (5)
!
hostname NCHCO
Select hTjwXz/V8EuTw9p9 of encrypted password
hTjwXz/V8EuTw9p9 of encrypted passwd
names of
description of NCHCO name 192.168.2.0 City offices
name 192.168.2.80 VPN_End
name 192.168.2.70 VPN_Start
!
interface Ethernet0/0
switchport access vlan 2
Speed 100
full duplex
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.2.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP address **. ***. 255.255.255.248
!
boot system Disk0: / asa825 - k8.bin
passive FTP mode
access extensive list ip NCHCO 255.255.255.0 outside_nat0_outbound allow 192.168.1.0 255.255.255.0
access extensive list ip NCHCO 255.255.255.0 inside_nat0_outbound allow 192.168.1.0 255.255.255.0
inside_nat0_outbound list of allowed ip extended access all 192.168.2.64 255.255.255.224
access extensive list ip NCHCO 255.255.255.0 outside_1_cryptomap allow 192.168.1.0 255.255.255.0
access extensive list ip NCHCO 255.255.255.0 outside_1_cryptomap_1 allow 192.168.1.0 255.255.255.0
Standard access list LAN_Access allow NCHCO 255.255.255.0
LAN_Access list standard access allowed 0.0.0.0 255.255.255.0
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
mask of VPN_Pool VPN_Start VPN_End of local pool IP 255.255.255.0
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 645.bin
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0-list of access inside_nat0_outbound
NAT (inside) 1 0.0.0.0 0.0.0.0
NAT (outside) 0-list of access outside_nat0_outbound
Route outside 0.0.0.0 0.0.0.0 74.219.208.49 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
network-acl outside_nat0_outbound
WebVPN
SVC request to enable default svc
Enable http server
http 192.168.1.0 255.255.255.0 inside
http *. **. ***. 255.255.255.255 outside
http 74.218.158.238 255.255.255.255 outside
http NCHCO 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set esp-3des esp-sha-hmac l2tp-transform
Crypto ipsec transform-set l2tp-transformation mode transit
Crypto ipsec transform-set vpn-transform esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set esp-3des esp-sha-hmac TRANS_ESP_3DES_SHA
Crypto ipsec transform-set transit mode TRANS_ESP_3DES_SHA
Crypto ipsec transform-set esp-3des esp-md5-hmac TRANS_ESP_3DES_MD5
Crypto ipsec transform-set transit mode TRANS_ESP_3DES_MD5
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map dyn-map 10 set pfs Group1
crypto dynamic-map dyn-map transform 10-set, vpn l2tp-transformation-transformation
dynamic-map encryption dyn-map 10 value reverse-road
Crypto-map dynamic outside_dyn_map 20 game of transformation-TRANS_ESP_3DES_MD5
card crypto outside_map 1 match address outside_1_cryptomap
card crypto outside_map 1 set pfs Group1
peer set card crypto outside_map 1 74.219.208.50
card crypto outside_map 1 set of transformation-ESP-3DES-SHA
map outside_map 20-isakmp ipsec crypto dynamic outside_dyn_map
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
inside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
inside crypto map inside_map interface
card crypto vpn-map 1 match address outside_1_cryptomap_1
card crypto vpn-card 1 set pfs Group1
set vpn-card crypto map peer 1 74.219.208.50
card crypto vpn-card 1 set of transformation-ESP-3DES-SHA
dynamic vpn-map 10 dyn-map ipsec isakmp crypto map
crypto isakmp identity address
crypto ISAKMP allow inside
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
crypto ISAKMP policy 15
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 35
preshared authentication
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP ipsec-over-tcp port 10000
enable client-implementation to date
Telnet 192.168.1.0 255.255.255.0 inside
Telnet NCHCO 255.255.255.0 inside
Telnet timeout 5
SSH 192.168.1.0 255.255.255.0 inside
SSH NCHCO 255.255.255.0 inside
SSH timeout 5
Console timeout 0
dhcpd address 192.168.2.150 - 192.168.2.225 inside
dhcpd dns 216.68.4.10 216.68.5.10 interface inside
lease interface 64000 dhcpd inside
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
internal DefaultRAGroup group strategy
attributes of Group Policy DefaultRAGroup
value of server DNS 192.168.2.1
Protocol-tunnel-VPN IPSec l2tp ipsec
nchco.local value by default-field
attributes of Group Policy DfltGrpPolicy
value of server DNS 192.168.2.1
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
allow password-storage
enable IPSec-udp
enable dhcp Intercept 255.255.255.0
the address value VPN_Pool pools
internal NCHVPN group policy
NCHVPN group policy attributes
value of 192.168.2.1 DNS Server 8.8.8.8
Protocol-tunnel-VPN IPSec l2tp ipsec
value by default-field NCHCO
admin LbMiJuAJjDaFb2uw encrypted privilege 15 password username
username privilege 15 encrypted password yB1lHEVmHZGj5C2Z 8njferg
username, encrypted NCHvpn99 QhZZtJfwbnowceB7 password
attributes global-tunnel-group DefaultRAGroup
address (inside) VPN_Pool pool
address pool VPN_Pool
authentication-server-group (inside) LOCAL
authentication-server-group (outside LOCAL)
LOCAL authority-server-group
authorization-server-group (inside) LOCAL
authorization-server-group (outside LOCAL)
Group Policy - by default-DefaultRAGroup
band-Kingdom
band-band
IPSec-attributes tunnel-group DefaultRAGroup
pre-shared key *.
NOCHECK Peer-id-validate
tunnel-group DefaultRAGroup ppp-attributes
No chap authentication
no authentication ms-chap-v1
ms-chap-v2 authentication
tunnel-group DefaultWEBVPNGroup ppp-attributes
PAP Authentication
ms-chap-v2 authentication
tunnel-group 74.219.208.50 type ipsec-l2l
IPSec-attributes tunnel-group 74.219.208.50
pre-shared key *.
type tunnel-group NCHVPN remote access
attributes global-tunnel-group NCHVPN
address pool VPN_Pool
Group Policy - by default-NCHVPN
IPSec-attributes tunnel-group NCHVPN
pre-shared key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
Cryptochecksum:15852745977ff159ba808c4a4feb61fa
: end
ASDM image disk0: / asdm - 645.bin
ASDM VPN_Start 255.255.255.255 inside location
ASDM VPN_End 255.255.255.255 inside location
don't allow no asdm history
Anyone have any idea why this is happening?
Thank you!
Add, crypto dynamic-map outside_dyn_map 20 value reverse-road.
With respect,
Safwan
-
Client VPN Cisco ASA 5505 Cisco 1841 router
Hello. I'm doing a connection during a cisco vpn client and a vpn on one server asa 5505 behind a 1841 router (internet adsl2 + and NAT router).
My topology is almost as follows
customer - tunnel - 1841 - ASA - PC
ASA is the endpoint vpn (outside interface) device. I forward udp port 500 and 4500 on my router to the ASA and the tunnel rises. I exempt nat'ting on the asa and the router to the IP in dhcp vpn pool. I can connect to my tunnel but I can't "see" anything in the internal network. I allowed all traffic from the outside inwards buy from the ip vpn pool and I still send packets through the tunnel and I get nothing. I take a look at the statistics on the vpn client and I 2597 bytes (ping traffic) and there are no bytes. Any idea?
Where you you logged in when you took the "crypto ipsec to show his"? If this isn't the case then try again, also this option allows IPSEC over UDP 4500 and it is disabled, enable it.
ISAKMP nat-traversal crypto
Just enter the command as it is, then try to connect again after activation of this option and get the same result to see the.
-
Hei guys,.
Please help me on this one because I'm stuck enough on her...
I am trying to connect to a Cisco 3700 router configured as a VPN server by using a VPN client and the VPN connection does not settle.
This is an extract from the log:
130 12:48:30.585 07/01/11 Sev = Info/5 IKE / 0 x 63000001
Peer supports XAUTH
131 12:48:30.585 07/01/11 Sev = WARNING/3 IKE/0xE3000057
The HASH payload received cannot be verified
132 12:48:30.600 07/01/11 Sev = WARNING/2 IKE/0xE300007E
Failed the hash check... may be configured with password invalid group.
133 12:48:30.600 07/01/11 Sev = WARNING/2 IKE/0xE300009B
Impossible to authenticate peers (Navigator: 904)
134 12:48:30.600 07/01/11 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK INFO (NOTIFY: INVALID_HASH_INFO) for 200.100.50.173I enclose the whole journal extract... The message "BOLD" is quite obvious, you mean, but I'm 100% sure, in the login entry, I typed correctly the group password: pass
My topology is very basic, as I am setting this up only to get a clue of the operation of the Cisco VPN. It is built in GNS3:
-2 3700 routers: one of them holds the configuration of the VPN server and the other would be the ISP through which the remote worker would try to establish a VPN connection. I am also attaching the configuration file for the router configured as a VPN router.Behind the second router there is a virtual XP machine on which I have installed VPN client...
My connection entry in the customer is to have the following parameters:
Host: 200.100.50.173 , //which is the IP address of the VPNServer
Authentication-> authentication-> name group: grup1 password: pass / / I'm quite positive that I typed the correct password... even if the log messages are linked to a misidentification.I use public addresses only, because I noticed there is a question about behind the NAT VPN connections and is not not very familiar to the NAT.
Another aspect which can be of any importance is that "allow Tunneling of Transport" in the tab Transport to the input connection is disabled
and the VPNServer router logs the following error message when you try to establish the connection:
* 01:08:47.147 Mar 1: % CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE 200.100.50.34 package was not encrypted and it should have been.
* 01:08:47.151 Mar 1: % CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE 200.100.50.34 package was not encrypted and it should have been.You have no idea why I can't connect? Y at - it something wrong with my configuration of VPN server... or with the connection entry in the VPN client?
Thank you
Iulia
Depending on the configuration of the router, the group name is grup1 and the password is baby.
You also lack the ipsec processing game that you would need to apply to the dynamic map.
Here is an example configuration for your reference:
http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a0080235197.shtml
Hope that helps.
-
Install two the separate IPSec VPNS on ASA 5505
Hello
I'll have set up a second tunnel IPSec VPN on my Cisco ASA 5505 to another office. I was able to configure one without problem through the ASDM, but were not able to get the second.
The IPSec tunnel connects to a WRVS4400N router to the other office. I tried the debug crypto isakmp and ipsec crypto, but I get nothing. Here is the config. Something seems wrong on my end? I've also attached a screenshot of the configuration settings on the remote router.
Output of the command: "show run".
: Saved
:
ASA Version 8.2 (5)
!
hostname WayneASA!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP 70.91.18.205 255.255.255.252
!
interface Vlan5
Shutdown
No nameif
security-level 50
IP 192.168.10.1 255.255.255.0
!
passive FTP mode
clock timezone IS - 5
clock to summer time EDT recurring
DNS lookup field inside
DNS domain-lookup outside
DNS server-group DefaultDNS
75.75.75.75 server name
75.75.76.76 server name
domain 3gtms.com
object-group Protocol TCPUDP
object-protocol udp
object-tcp protocol
inside_access_in of access allowed any ip an extended list
IPSec_Access to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.2.0 255.255.255.0
inside_nat0 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.10.0 255.255.255.224
inside_nat0 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.2.0 255.255.255.0
inside_nat0 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.5.0 255.255.255.0
TunnelSplit1 list standard access allowed 192.168.10.0 255.255.255.224
TunnelSplit1 list standard access allowed 192.168.1.0 255.255.255.0
outside_1_cryptomap to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.2.0 255.255.255.0
outside_2_cryptomap to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.5.0 255.255.255.0
outside_cryptomap to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.5.0 255.255.255.0
RemoteTunnel_splitTunnelAcl list standard access allowed 192.168.1.0 255.255.255.0
RemoteTunnel_splitTunnelAcl_1 list standard access allowed 192.168.1.0 255.255.255.0pager lines 24
Enable logging
Within 1500 MTU
Outside 1500 MTU
IP mask 255.255.255.224 local pool VPNPool 192.168.10.1 - 192.168.10.30
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0-list of access inside_nat0
NAT (inside) 1 0.0.0.0 0.0.0.0inside_access_in access to the interface inside group
Access-group out_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 70.91.18.206 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
the ssh LOCAL console AAA authentication
Enable http server
http 0.0.0.0 0.0.0.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set esp-3des esp-md5-hmac VPNTransformSet
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
card crypto IPSec_map 1 corresponds to the address IPSec_Access
card crypto IPSec_map 1 set peer 50.199.234.229
card crypto IPSec_map 1 the transform-set VPNTransformSet value
card crypto IPSec_map 2 corresponds to the address outside_2_cryptomap
card crypto IPSec_map 2 set pfs Group1
card crypto IPSec_map 2 set peer 98.101.139.210
card crypto IPSec_map 2 the transform-set VPNTransformSet value
card crypto IPSec_map 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
IPSec_map interface card crypto outside
card crypto outside_map 1 match address outside_1_cryptomap
peer set card crypto outside_map 1 50.199.234.229crypto ISAKMP allow outside
crypto ISAKMP policy 1
preshared authentication
3des encryption
sha hash
Group 2
life 43200
Telnet 192.168.1.0 255.255.255.0 inside
Telnet timeout 5
SSH 0.0.0.0 0.0.0.0 inside
SSH timeout 60
Console timeout 0
management-access inside
dhcpd outside auto_config
!
dhcpd address 192.168.1.100 - 192.168.1.199 inside
dhcpd dns 75.75.75.75 75.75.76.76 interface inside
dhcpd allow inside
!a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
internal RemoteTunnel group strategy
attributes of Group Policy RemoteTunnel
value of server DNS 75.75.75.75 75.75.76.76
Protocol-tunnel-VPN IPSec
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list RemoteTunnel_splitTunnelAcl_1
3gtms.com value by default-field
eric 0vcSd5J/TLsFy7nU password user name encrypted privilege 15
username password encrypted URsSXKLozQMSeCBk privilege 5 lestofts
username lestofts attributes
type of remote access service
algobel lBWy5eNbHMCDPzuL encrypted password username
username algobel attributes
type of remote access service
type tunnel-group RemoteTunnel remote access
attributes global-tunnel-group RemoteTunnel
address pool VPNPool
Group Policy - by default-RemoteTunnel
IPSec-attributes tunnel-group RemoteTunnel
pre-shared key *.
tunnel-group 50.199.234.229 type ipsec-l2l
IPSec-attributes tunnel-group 50.199.234.229
pre-shared key *.
tunnel-group 98.101.139.210 type ipsec-l2l
IPSec-attributes tunnel-group 98.101.139.210
pre-shared key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the icmp
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the netbios
inspect the tftp
Review the ip options
inspect the dns
inspect the pptp
inspect the sip
!
global service-policy global_policy
context of prompt hostname
anonymous reporting remote call
Cryptochecksum:a86adc4b23977672679b6fb72d0bc187
: endYou are also missing the NAT0 rule
inside_nat0 to access extended list ip 192.168.2.0 allow 255.255.255.0 192.168.5.0 255.255.255.0
-Jouni
-
Impossible to reconnect the VPN to ASA on the internet
Hello
I ASA5540 running IOS 8.04 - K8, users are able to the VPN connection over the internet but impossible to reconnect the VPN when users disconnected abnormally (abnormally means they are not manually disconnect, VPN disconnect everything manually without problem occur). ASA showing an active session of the disconnected user and the user having reason 433 at the re-login VPN.
Any suggestion and recommendation for this case.
Awaiting your repies.
Thank you very much.
Kind regards
Arsalan
Hello
under the tunnel-group, try to reduce the keepalive interval... Can help detect that the peer is down faster...
Best wishes
McLaughlin
-
Impossible to establish a VPN between AG241 and WAG54GP2 tunnel
Hello
This is my first post on this forum and I send my best regards to everyone!
I signed up because I have a problem with establishing a VPN tunnel between an AG241 modem/router and a modem/router WAG54GP2 with wireless and VoIP.
The scenario is simple: both ends have dynamic IP, so I set up an account with dyndns.org for both routers.
WAG54GP2 has 192.168.1.1/255.255.255.0 AG241 has 192.168.3.254/255.255.255.0 IP and IP.
In both routers, I turned block anonymous internet requests, so I can ping both routers.
This is the configuration of WAG54GP2:
VPN Passthrough
IPSec PassThrough: activate
Intercommunication PPPoE: activate
PPTP PassThrough: enable
L2TP PassThrough: enableIPSec VPN tunnel
Select the Tunnel: 1
VPN IPSec tunnel: enabled
Tunnel name: OfficeLocal security group:
Subnet
IP: 192.168.1.0
Mask: 255.255.255.0Local security gateway: PVC 1 (ppp0)
Remote secure group:
IP: 192.168.3.0
Mask: 255.255.255.0Remote security gateway:
IP Addr.
The remote router's public IP address IP address: w.x.y.z.
Encryption: THE (I also tried 3DES and disabled)
Authentication: SHAKey management:
Auto. (IKE)
PFS: enabled
Pre-shared Key: the password I chose
Life key: 3600 Sec.Advanced settings
Phase 1
Mode of operation: main mode (I also tried aggressive mode)Proposal1
Encryption: A
Authentication: SHA
Group: 768 bits
Life key: 3600 sec.Proposition2
Encryption: ESP_NULL
Authentication: SHA
Group: 768 bits
Life key: 3600 sec.Another parameter
NAT traversal not verified
NetBIOS broadcast Checked
Anti-reponse not checked
Keep-Alive not verified
If IKE 5 times failedmore
Not checkedThis is the AG241 configuration:
VPN Passthrough
IPSec PassThrough: activate
Intercommunication PPPoE: activate
PPTP PassThrough: enable
L2TP PassThrough: enableIPSec VPN tunnel
Select the Tunnel: 1
VPN IPSec tunnel: enabled
Name of the tunnel: user 1Local security group:
Subnet
IP: 192.168.3.0
Mask: 255.255.255.0Local security gateway: PVC 1 (ppp0)
Remote secure group:
IP: 192.168.1.0
Mask: 255.255.255.0Remote security gateway:
AnyKey management:
Auto. (IKE)
PFS: enabled
Pre-shared Key: the same password I put on the WAG54GP2
Life key: 3600 Sec.Advanced settings
Phase 1
Mode of operation: main mode (I also tried aggressive mode)Proposal1
Encryption: A
Authentication: SHA
Group: 768 bits
Life key: 3600 sec.Proposition2
Encryption: A
Authentication: SHA
Group: 768 bits
Life key: 3600 sec.Another parameter
NAT traversal not verified
NetBIOS broadcast Checked
Anti-reponse not checked
Keep-Alive not verified
If IKE 5 times failedmore
Not checkedWhen I click on Connect the WAG54GP2 router, do not access and in the newspapers, I see:
2009 07-30 T 16: 16:10 + 01:00 IKE ["Board"] Tx > MM_I1: SA w.x.y.z.
2009 07-30 T 16: 16:20 + 01:00 IKE ["Board"] ERROR: message w.x.y.z. port 500: connection refused
If I use the dynamic FQDN instead of the dynamic IP (w.x.y.z.) change of message for:
2009 07-30 T 16: 46:16 + 01:00 IKE ["Board"] ERROR: problem of remote domain name Security Gateway!
Is there someone who could help me build this tunnel?
A big thank you to everyone who will help me!
Cinghiuz
If you are Encountering difficulties connecting to the VPN Tunnel using a router ADSL modem you should see this
Also, make sure that you have the latest firmware installed on your entry door and change the MTU setting...
-
Configuration of Cisco for Cisco VPN Client ASA 5505
Our firm has finally made the move from Sonicwall Cisco for our SMB customers. Got our first customer with a VPN site-to site solid and you have configured the main router for connections via the Cisco VPN Client VPN Wizard.
When I install the VPN Client on desktop computers that does not capture all the necessary options (unless you have a SSL VPN). I guess that there is a process that I am missing to export a connection profile that Cisco VPN Client users can import for their connection.
There step by step guides to create the connection profile file to distribute to customers?
Hello
The ASDM wizard is for the configuration on the SAA. This wizard will help you complete the VPN configuration on the end of the ASA.
You will need to set the same in the client, so that they can negotiate and connect.
Input connection in the client field, that's what you want to be seen that on the VPN client - it can be any name
Host will be the external ip address of the ASA.
Group options:
name - same tunnel as defined on the ASA group
Password - pre-shared as on ASA.Confirm password - same pre-shared key.
Once this is over, you will see the customer having an entry same as a login entry. You must click on connect there. He will be a guest user and the password. Please enter the login crendentials. VPN connects.
You can distribute the .pcf file that is formed at the place mentioned in the post above. Once the other client receive the .pcf, they need to import it by clicking this tab on the VPN client.
Kind regards
Anisha
-
Site to Site VPN problem ASA 5505
Hello
I have a strange problem with a site to site VPN. I configured it completely and I added 3 of my internal networks to be encrypted and access the remote network across the tunnel.
For some reason, I can access the remote network of only two of the three internal networkls that I've specified.
Here is a copy of my config - if anyone has any info I would be happy of course.
Thank you
Kevin
FK - U host name. S. - Raleigh - ASA
domain appdrugs.com
activate 08PI8zPL2UE41XdH encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
name Maridian-primary-Net 192.168.237.0
Meridian-backup-Net 192.168.237.128 name
name 10.239.192.141 AccessSwitch1IDFB
name 10.239.192.143 AccessSwitch1IDFC
name 10.239.192.140 AccessSwitch1MDFA
name 10.239.192.142 AccessSwitch2IDFB
name CiscoCallManager 10.195.64.206
name 10.239.192.2 CoreSwitch1
name 10.239.192.3 CoreSwitch2
name 10.195.64.17 UnityVM
name 140.239.116.162 Outside_Interface
name 65.118.69.251 Meridian-primary-VPN
name 65.123.23.194 Meridian_Backup_VPN
DNS-guard
!
interface Ethernet0/0
Shutdown
No nameif
security-level 100
no ip address
!
interface Ethernet0/1
nameif outside
security-level 60
address IP Outside_Interface 255.255.255.224
!
interface Ethernet0/2
nameif Inside1
security-level 100
IP 10.239.192.7 255.255.255.128
!
interface Ethernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
nameif management
security-level 50
IP 192.168.1.1 255.255.255.0
management only
!
boot system Disk0: / asa804 - k8.bin
Disk0: / asa804.bin starting system
passive FTP mode
DNS domain-lookup outside
DNS domain-lookup Inside1
management of the DNS domain-lookup service
DNS server-group DefaultDNS
Server name 10.239.192.10
domain appdrugs.com
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
the DM_INLINE_NETWORK_1 object-group network
object-network 10.195.64.0 255.255.255.0
object-network 10.239.192.0 255.255.255.0
object-network 10.239.192.128 255.255.255.128
object-group service DM_INLINE_SERVICE_1
the purpose of the ip service
ICMP service object
the purpose of the echo icmp message service
response to echo icmp service object
the DM_INLINE_NETWORK_2 object-group network
object-network 10.195.64.0 255.255.255.0
object-network 10.239.192.0 255.255.255.128
object-network 10.239.192.128 255.255.255.128
the DM_INLINE_NETWORK_3 object-group network
network-object 10.195.64.0 255.255.255.192
object-network 10.239.192.0 255.255.255.128
object-network 10.239.192.128 255.255.255.128
the DM_INLINE_NETWORK_5 object-group network
Maridian-primary-Net network object 255.255.255.128
Meridian-backup-Net network object 255.255.255.128
the DM_INLINE_NETWORK_6 object-group network
Maridian-primary-Net network object 255.255.255.128
Meridian-backup-Net network object 255.255.255.128
object-group network Vital-network-hardware-access
host of the object-Network UnityVM
host of the CiscoCallManager object-Network
host of the object-Network AccessSwitch1MDFA
host of the object-Network AccessSwitch1IDFB
host of the object-Network AccessSwitch2IDFB
host of the object-Network AccessSwitch1IDFC
host of the object-Network CoreSwitch1
host of the object-Network CoreSwitch2
object-group service RDP - tcp
EQ port 3389 object
the DM_INLINE_NETWORK_7 object-group network
Maridian-primary-Net network object 255.255.255.128
Meridian-backup-Net network object 255.255.255.128
host of network-object Meridian-primary-VPN
host of the object-Network Meridian_Backup_VPN
the DM_INLINE_NETWORK_9 object-group network
host of the object-Network Outside_Interface
Group-object Vital-equipment-access to the network
object-group service DM_INLINE_SERVICE_2
will the service object
ESP service object
the purpose of the service ah
the eq isakmp udp service object
object-group service DM_INLINE_SERVICE_3
ICMP service object
the purpose of the echo icmp message service
response to echo icmp service object
the DM_INLINE_NETWORK_4 object-group network
object-network 10.195.64.0 255.255.255.0
object-network 10.239.192.0 255.255.255.128
object-network 10.239.192.128 255.255.255.128
the DM_INLINE_NETWORK_8 object-group network
object-network 10.195.64.0 255.255.255.0
object-network 10.239.192.0 255.255.255.128
object-network 10.239.192.128 255.255.255.128
Outside_access_in list extended access permit icmp any any echo response
Access extensive list Maridian-primary-Net ip Outside_access_in 255.255.255.128 DM_INLINE_NETWORK_8 object-group enable
Access extensive list Meridian-backup-Net ip Outside_access_in 255.255.255.128 DM_INLINE_NETWORK_3 object-group enable
Inside_nat0_outbound to access ip 10.0.0.0 scope list allow 255.0.0.0 10.0.0.0 255.0.0.0
Access extensive list ip 10.239.192.0 Inside_nat0_outbound allow Maridian-primary-Net 255.255.255.0 255.255.255.128
Inside_access_in to access ip 10.0.0.0 scope list allow 255.0.0.0 all
Inside1_nat0_outbound to access ip 10.0.0.0 scope list allow 255.0.0.0 10.0.0.0 255.0.0.0
Inside1_nat0_outbound list extended access allowed object-group DM_INLINE_NETWORK_1 Maridian-primary-Net 255.255.255.128 ip
Inside1_nat0_outbound list extended access permitted ip object-group Meridian-backup-Net DM_INLINE_NETWORK_2 255.255.255.128
Access extensive list ip 10.239.192.0 Inside1_nat0_outbound allow 255.255.255.0 10.239.199.0 255.255.255.192
Access extensive list ip 10.195.64.0 Inside1_nat0_outbound allow 255.255.255.192 10.239.199.0 255.255.255.192
Inside1_access_in to access ip 10.0.0.0 scope list allow 255.0.0.0 all
Outside_1_cryptomap list extended access allowed object-group DM_INLINE_SERVICE_1-DM_INLINE_NETWORK_1 Maridian-primary-Net 255.255.255.128 objects
Outside_2_cryptomap list extended access permitted ip object-group Meridian-backup-Net DM_INLINE_NETWORK_2 255.255.255.128
permitted access Vital-network-Access_splitTunnelAcl-list standard 10.239.192.0 255.255.255.128
permitted access Vital-network-Access_splitTunnelAcl-list standard 10.195.64.0 255.255.255.0
permitted access Vital-network-Access_splitTunnelAcl-list standard 10.239.192.128 255.255.255.128
Access extensive list ip 10.239.199.0 Vital_VPN allow 255.255.255.192 object-group Vital-equipment-access to the network
Vital_VPN list extended access allow icmp 10.239.199.0 255.255.255.192 object-group Vital-equipment-access to the network
Vital_VPN of access allowed any ip an extended list
Outside_cryptomap_1 list extended access allowed object-group DM_INLINE_NETWORK_4 Maridian-primary-Net 255.255.255.128 ip
access list Vital-Site-to-site access extended allow ip object-DM_INLINE_NETWORK_5 group Vital-network-hardware-access object
Vital-Site-to-Site-access extended access list permits object-group DM_INLINE_SERVICE_3-group of objects DM_INLINE_NETWORK_6 object-group Vital-equipment-access to the network
Vital-Site-to-Site-access extended access list permits object-group objects object-group DM_INLINE_NETWORK_9 DM_INLINE_NETWORK_7 DM_INLINE_SERVICE_2-group
pager lines 24
Enable logging
exploitation forest asdm warnings
Outside 1500 MTU
MTU 1500 Inside1
management of MTU 1500
mask IP local pool access remote 10.239.199.11 - 10.239.199.62 255.255.255.192
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 621.bin
don't allow no asdm history
ARP timeout 14400
Global (1 interface external)
NAT (Inside1) 0-list of access Inside1_nat0_outbound
NAT (Inside1) 1 10.0.0.0 255.0.0.0
Access-group Outside_access_in in interface outside
Access-group Inside1_access_in in interface Inside1
Route outside 0.0.0.0 0.0.0.0 140.239.116.161 1
Route Inside1 10.192.52.0 255.255.255.0 10.239.192.1 1
Route Inside1 10.195.64.0 255.255.240.0 10.239.192.1 1
Route Inside1 10.239.0.0 255.255.0.0 10.239.192.1 1
Route Inside1 10.239.192.0 255.255.248.0 10.239.192.1 1
Route out of the Maridian-primary-Net 255.255.255.0 Outside_Interface 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-registration DfltAccessPolicy
Enable http server
http 66.104.209.192 255.255.255.224 outside
http 192.168.1.0 255.255.255.0 management
http 10.239.172.0 255.255.252.0 Inside1
SNMP-server host Inside1 10.239.132.225 community appfirestarter * #*.
location of Server SNMP Raleigh
contact Server SNMP Kevin mcdonald
Server SNMP community appfirestarter * #*.
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Server SNMP traps enable entity config change
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
Dynamic crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
Dynamic crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define security association lifetime 28800 seconds
cryptographic kilobytes 4608000 life of the set - the association of security of the 65535 SYSTEM_DEFAULT_CRYPTO_MAP of the dynamic-map
card crypto Outside_map 1 corresponds to the address Outside_cryptomap_1
card crypto Outside_map 1 peer set VPN-primary-Meridian
Outside_map 1 transform-set ESP-3DES-MD5 crypto card game
card crypto Outside_map 1 defined security-association life seconds 28800
card crypto Outside_map 1 set security-association kilobytes of life 4608000
card crypto Outside_map 2 corresponds to the address Outside_2_cryptomap
card crypto Outside_map 2 set peer Meridian_Backup_VPN
map Outside_map 2 game of transformation-ESP-3DES-MD5 crypto
card crypto Outside_map 2 defined security-association life seconds 28800
card crypto Outside_map 2 set security-association kilobytes of life 4608000
card crypto Outside_map 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
Outside_map interface card crypto outside
crypto ISAKMP allow outside
crypto ISAKMP policy 5
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
crypto ISAKMP policy 30
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH timeout 5
Console timeout 0
outside access management
management of 192.168.1.2 - dhcpd address 192.168.1.254
enable dhcpd management
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
allow outside
tunnel-group-list activate
internal strategy of State civil-access to the network group
Group Policy attributes Vital access to the network
value of server DNS 10.239.192.10
value of VPN-filter Vital_VPN
Protocol-tunnel-VPN IPSec webvpn
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value vital-network-Access_splitTunnelAcl
value of remote access address pools
internal state civil-Site-to-Site-GroupPolicy group strategy
Civil-site-a-site-grouppolicy-strategie status of group attributes
value of VPN-filter Vital-Site-to-Site-access
Protocol-tunnel-VPN IPSec l2tp ipsec webvpn
username APPRaleigh encrypted password m40Ls2r9N918trxp
username APPRaleigh attributes
VPN-group-policy Vital-network access
type of remote access service
username, password kmadmin u8urNz44/I.ugcF. encrypted privilege 15
tunnel-group 65.118.69.251 type ipsec-l2l
tunnel-group 65.118.69.251 General-attributes
Group Policy - by Defaut-vital-site-a-site-grouppolicy
IPSec-attributes tunnel-group 65.118.69.251
pre-shared-key *.
tunnel-group 65.123.23.194 type ipsec-l2l
tunnel-group 65.123.23.194 General-attributes
Group Policy - by Defaut-vital-site-a-site-grouppolicy
IPSec-attributes tunnel-group 65.123.23.194
pre-shared-key *.
remote access of type tunnel-group Vital access to the network
tunnel-group Vital access to the network general-attributes
Access to distance-address pool
Group Policy - by default-state civilian access to the network
tunnel-group Vital access to the network ipsec-attributes
pre-shared-key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns migrated_dns_map_1
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the migrated_dns_map_1 dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
!
global service-policy global_policy
context of prompt hostname
Cryptochecksum:a080b1759b57190ba65d932785ad4967
: endcan you confirm if we have the exact reflection of crypto acl at the other end
I feel may be you have a 24 10.239.192.0 255.255.255.0 on the other end in the remote network
can you please confirm that
also a reason, why you use 10.239.192.0 255.255.255.128 and 10.239.192.128 255.255.255.128 instead of 10.239.192.0 255.255.255.0
-
Cannot establish the Tunnel on ASA 5505 Vlan please help!
I can not get a tunnel to establish from (see config). I don't think I'm getting the phase 1. Am I missing something simple? Help, please
volatile xlate deny tcp any4 any4volatile xlate deny tcp any4 any6volatile xlate deny tcp any6 any4volatile xlate deny tcp any6 any6volatile xlate deny udp any4 any4 eq fieldvolatile xlate deny udp any4 any6 eq fieldvolatile xlate deny udp any6 any4 eq fieldvolatile xlate deny udp any6 any6 eq fieldnames of!interface Ethernet0/0Inet description!interface Ethernet0/1Shutdown!interface Ethernet0/2Shutdown!interface Ethernet0/3Shutdown!interface Ethernet0/4Shutdown!interface Ethernet0/5switchport access vlan 8!interface Ethernet0/6Shutdown!interface Ethernet0/7switchport access vlan 155!interface Vlan1Inet descriptionnameif outsidesecurity-level 0IP address xxx!interface Vlan8no interface before Vlan155nameif [email protected]security-level 100IP 10.8.18.6 255.255.255.248!interface Vlan155Private descriptionnameif insidesecurity-level 50192.168.200.254 IP address 255.255.255.0!passive FTP modeclock timezone IS - 5clock to summer time EDT recurringthe object to the Interior-net network192.168.200.0 subnet 255.255.255.0network of the LocalLAN objectsubnet 10.8.18.0 255.255.255.248the RemoteVPNObjects object-group networkobject-network 10.0.0.0 255.0.0.0network-host xxxxxxxxx objectaccess extensive list ip 10.8.18.0 acl_iwdn allow 255.255.255.248 10.0.0.0 255.0.0.0access extensive list ip 10.8.18.0 acl_iwdn allow 255.255.255.248 host xxxxxxxxacl_outside list extended access permit icmp any any echo responseacl_outside list extended access permit icmp any one time exceedaccess extensive list ip 10.8.18.0 acl_inside allow 255.255.255.248 10.0.0.0 255.0.0.0access extensive list ip 10.8.18.0 acl_inside allow 255.255.255.248 host xxxxxxxxpager lines 24Enable loggingasdm of logging of informationOutside 1500 MTUWithin 1500 MTU[email protected] MTU 1500ICMP unreachable rate-limit 1 burst-size 1don't allow no asdm historyARP timeout 14400no permit-nonconnected arpNAT dynamic interface of Interior-net source (indoor, outdoor)NAT ([email protected], any) static static source to destination LocalLAN LocalLAN RemoteVPNObjects RemoteVPNObjectsNAT ([email protected], outside) no matter what source dynamic interfacethe object to the Interior-net networkNAT dynamic interface (indoor, outdoor)Access-group acl_inside in the [email protected] interfaceRoute outside 0.0.0.0 0.0.0.0 publicTimeout xlate 03:00Pat-xlate timeout 0:00:30Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00Floating conn timeout 0:00:00dynamic-access-policy-registration DfltAccessPolicyidentity of the user by default-domain LOCALthe ssh LOCAL console AAA authenticationNo snmp server locationNo snmp Server contactServer enable SNMP traps snmp authentication linkup, linkdown warmstart of cold startCrypto ipsec transform-set esp-3des esp-sha-hmac P2PVPNSet ikev1Crypto ipsec pmtu aging infinite - the security associationcard crypto DynamicMap 10 corresponds to the address acl_iwdnDynamicMap 10 set crypto map peer xxxxxxxxxxcard crypto DynamicMap 10 set transform-set P2PVPNSet ikev1DynamicMap interface card crypto outsidetrustpool crypto ca policycrypto isakmp identity addressCrypto ikev1 allow outsideIKEv1 crypto policy 10preshared authentication3des encryptionsha hashGroup 2life 86400Console timeout 0management-access insidea basic threat threat detectionStatistics-list of access threat detectionno statistical threat detection tcp-interceptionNTP server 132.163.4.103 prefer external sourceNTP server 192.43.244.18 prefer external sourceTunnel-Group XXX type ipsec-l2ltunnel-group ipsec-attributes xxxxxxxxxIKEv1 pre-shared-key *.!class-map inspection_defaultmatch default-inspection-traffic!!type of policy-card inspect dns preset_dns_mapparametersmaximum message length automatic of customermessage-length maximum 512Policy-map global_policyclass inspection_defaultinspect the preset_dns_map dnsinspect the ftpinspect h323 h225inspect the h323 rasReview the ip optionsinspect the netbiosinspect the rshinspect the rtspinspect the skinnyinspect esmtpinspect sqlnetinspect sunrpcinspect the tftpinspect the sipinspect xdmcpinspect the icmp!Delete this;
no nat dynamic interface of Interior-net source (indoor, outdoor)
Add this;
network of the object OBJ-NAT-ALL
subnet 0.0.0.0 0.0.0.0
NAT dynamic interface (indoor, outdoor)Try again, after the results of
Show cry isa
Pete
-
I set up a site to Site VPN using ASA 5505, but when I submit the order
"sh crypto ipsec his ' it says 'there are no ipsec security associations.
I have attached the configurations.
Hello
I saw you nat nat of entry (inside) 2-list of access limenat, would you change to, nat (inside) 0-list of access limenat. See which make all the difference.
Do you want to take a capture of packets when the remote IP address ping?
course list (Local subnet) host (remote subnet) host allowed access
Cap list of allowed access host host (remote subnet) (Local subnet)
Course access-list in hidden inside
Show Cap Hat
Now you can see the list of access capture
Debug crypto isakmp 200
Debug crypto ipsec 200
-
SSLv3 disable on Cisco ASA 5505
Hello friends,
Because of the vulnerability of sslv3. I would like to disable sslv3 on ASA 5505. you please help me to do so. Second, I would like to know how the option field X can set up on it.
We use the web VPN on ASA 5505 firewall running IOS 8.2.3.
Thank you..
You must enable TLS only:
ASA (config) # ssl version tlsv1 only client
-
Impossible to establish vpn site to site between asa 5505 5510 year
Hi all experts
We are now plan to form an IPSec VPN tunnel from site to site between ASA 5505 (ASA Version 8.4) and ASA 5510 (ASA Version 8.0) but failed, would you please show me how to establish? A reference guide?
Hugo
Here are the links to the guides-cisco config:
http://www.Cisco.com/en/us/docs/security/ASA/asa80/configuration/guide/site2sit.html
http://www.Cisco.com/en/us/docs/security/ASA/asa84/configuration/guide/vpn_site2site.html
In addition to VPN, you need to consider in NAT exemption:
http://www.Cisco.com/en/us/docs/security/ASA/asa80/configuration/guide/cfgnat.html#wp1043541
http://www.Cisco.com/en/us/docs/security/ASA/asa84/configuration/guide/nat_overview.html#wpxref25608
http://www.Cisco.com/en/us/docs/security/ASA/asa84/configuration/guide/nat_rules.html#wp1232160
And many examples:
http://www.Cisco.com/en/us/products/ps6120/prod_configuration_examples_list.html
--
Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
http://www.Kiva.org/invitedBy/karsteni
Maybe you are looking for
-
Satellite U940 - SSD drive shows only 11.22 GB
Hello I had a new Satellite U940 - B484 Ultrabook.The first thing I did was finishing the wizard, then I created the recovery media (using external DVD drive) on three discs 4.7 GB DVD We have Windows 8 Pro license, so my friend formatted the system
-
Hello world I own a E600 liquid Acer (my first smartphone) and I would like to transfer my data (contacts,...) of my mobile phone (Sony Ericsson T715) on my smartphone. I would use my PC because my mobile phone is no longer in good working condition.
-
Compaq Presario F700 laptop PN # KC489VA Reinstalled the o/s from the recovery cd. No problem. Reinstalled the Application and Driver Recovery DVD. No problem - except - None of the drivers is installed. Device Manager indicates that the driver i
-
Unlock blackBerry Blackberry Z30 Z30 problems
Hello First post on the forum but have lurked for awhile reading problems. I have a microphone this question Z10 works do not - I had a BB Z30 of a member of the family that a screen was bricked since the update of black screen battery drain. BlackB
-
My ASUS desktop computer is VERY slow
Computer = CM5571 ASUS PC desktop Win7 Home Premium ServPk 1 Pentium (R) Dual Core 2.70GH 64-bit operating system Hook-up through Verizon phone My computer works as if it was in the dark ages. Extremely slow. Thank you in advance for any help you can