IPSEC + GRE at Cisco 3925
Dear!
When I start to download data - tunnel breaks down, when my speed more then 50 Mbps. In addition, my Cisco 3925 will restart and makes the crashdump file after that (it is empty). This occurs only when the speed more than 50 Mbit/s. At other times - it works very well.
Friends, give me please a few ideas... I need help
Between routers MPLS cloud.
Router
interface Tunnel20
Xxx description
bandwidth 100000
IP vrf forwarding has
IP 192.168.199.51 255.255.255.254
IP 1400 MTU
Security LAN of the Member's area
IP tcp adjust-mss 1360
delay of 40000
QoS before filing
tunnel source 192.168.199.49
tunnel destination 192.168.199.48
tunnel path-mtu-discovery
Profile of tunnel ipsec protection has
Interface Port - channel1.200
MPLS-LINK description
bandwidth 100000
encapsulation dot1Q 200
IP 192.168.199.49 255.255.255.254
Security LAN of the Member's area
service-policy output Shaper
class-map correspondence nyc
traffic SMB Description
game group-access 192
voice of match class-map
traffic of voice Description
match ip rtp 16384 to 16383
game group-access 191
match class-map signaling
Description
game group-access 190
Expand the list to access IP 190
10 permit tcp any any eq 5060
20 permit udp any how any eq 5060
Expand IP 191 access list
10 permit udp everything any 16384 32767 Beach (298122 matches)
20 permit udp any any priority critical
30 permit udp any any ef dscp
Expand the IP 192 access list
10 permit ip 192.168.46.0 0.0.0.255 (1842151 matches)
20 ip allow any 192.168.46.0 0.0.0.255
policy-SPEECH card
voice of the class
percentage of priority 5
New York class
percentage of priority 35
signalling of class
percentage of priority 2
class class by default
Fair/fair-queue
Policy-map Shaper
class class by default
form average 100000000
VOICE of service-policy
SH ver
Cisco IOS software, software of C3900e (C3900e-UNIVERSALK9-M), Version 15.3 (3) M6, RELEASE SOFTWARE (fc1)
Technical support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Router B
As a router has but the IP 192.168.199.50 255.255.255.254
Crypto
Profile of crypto ipsec has
game of transformation-ESP-3DES-SHA
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
tunnel mode
You almost certainly have the buggy software. I would recommend that you pass to the output 15.4.3M5 gold star. You need a Cisco maintenance contract to get the software, for example a SmartNet.
Tags: Cisco Security
Similar Questions
-
DMVPN/IPSEC, GRE and IPSEC Multi Point
Hi all
I have a project of construction of 50 locations connectivity to my data center 2. Each location has Internet with router 877 with image dry.
my DC has 1900 router. Now I want what tunnel I go with. DMVPN IPSEC or IPSEC GRE.
The data will come from DC locations only. No inter connections location. I want to know the pros and cons as well as any change of required equipment.
Kind regards
Satya.M
Given your criteria, I would say THAT DMVPN would be best suited
Cisco - Configuration dynamic Multipoint Virtual Private Networks DMVPN
Pete
-
basic configuration question IPSec GRE
the Sub test config has been entered at R1 (router left mostly). R4 has a similar to the inverse IP address config. R1 is able to ping R4 loopback at the present time.
crypto ISAKMP policy 10
BA aes
preshared authentication
Group 2
life 120
address of cisco crypto isakmp 203.115.34.4 keys
!
!
Crypto ipsec transform-set MY_TRANSFORM ah-sha-hmac esp - aes
!
MY_MAP 10 ipsec-isakmp crypto map
defined by peer 203.115.34.4
game of transformation-MY_TRANSFORM
match address 100
!
!
!
!
interface Loopback0
192.168.10.1 IP address 255.255.255.255
!
interface Tunnel0
IP 192.168.14.1 255.255.255.0
source of tunnel Serial1/2
tunnel destination 203.115.34.4
card crypto MY_MAP!
!
interface Serial1/2
IP 203.115.12.1 255.255.255.0
series 0 restart delay
!
!
Router eigrp 100
network 192.168.0.0 0.0.255.255
Auto-resume
!
router ospf 100
router ID 1.1.1.1
Log-adjacency-changes
network 203.115.0.0 0.0.255.255 area 0
!!
access-list 100 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255 connect
!
!
I see cisco samples configurations include an access list entry as follows...
access-list 100 permit gre 203.115.12.1 host 203.115.34.4
I understand the purpose of the ACL above regarding the test configuration that I posted here.
Let me explain.
LAN - router - WAN - router - LAN
Communication between the two LANs can be on a GRE tunnel to an IPsec tunnel or IPsec/GRE tunnel.
If you simply want to communicate between them unicast IP traffic, IPsec is recommended because it will encrypt the traffic.
If you need non-unicast or non - IP traffic through, then you can create a GRE tunnel.
If you want IPsec encryption for the GRE tunnel and then configure IPsec/GRE.
The ACL you mention will not work because the GRE traffic is only between tunnel endpoints.
The traffic that flows between local networks is the IP (not the GRE traffic) traffic where a permit GRE ACL will not work.
It will be useful.
Federico.
-
GRE tunnels will not come on VPN IPsec/GRE
Hi all
We have 400 + remote sites that connect to our central location (and a backup site) using Cisco routers with vpn IPSec/GRE tunnels. We use a basic model for the creation of tunnels, so there is very little chance of a bad configuration on each router. Remote sites use Cisco 831 s, central sites use Cisco 2821 s. There is a site where the tunnels WILL refuse just to come.
Routers are able to ping their public IP addresses, so it is not a routing problem, but gre endpoints cannot ping. There is no NATing involved, two routers directly accessing the Internet. The assorded display orders seem to indicate that the SAs are properly built, but newspapers, it seems that last part just don't is finished, and the GRE tunnels come not only upward.
The attached log file, it seems that both its IPSEC & ISAKMP are created @ 00:25:14, then QM_PHASE2 end @ 00:25:15.
00:25:15: ISAKMP: (0:10:HW:2): node error 1891573546 FALSE reason for deletion "(wait) QM.
00:25:15: ISAKMP: (0:10:HW:2): entrance, node 1891573546 = IKE_MESG_FROM_PEER, IKE_QM_EXCH
00:25:15: ISAKMP: (0:10:HW:2): former State = new State IKE_QM_R_QM2 = IKE_QM_PHASE2_COMPLETE
00:25:15: ISAKMP (0:268435467): received 208.XX packet. Dport 500 sport Global 500 (I) QM_IDLE yy.11
00:25:15: IPSEC (key_engine): had an event of the queue with 1 kei messages
00:25:15: IPSEC (key_engine_enable_outbound): rec would prevent ISAKMP
00:25:15: IPSEC (key_engine_enable_outbound): select SA with spinnaker 1572231461/50
00:25:15: ISAKMP: (0:11:HW:2): error in node-1931380074 FALSE reason for deletion "(wait) QM.
00:25:15: ISAKMP: (0:11:HW:2): entrance, node-1931380074 = IKE_MESG_FROM_PEER, IKE_QM_EXCH
00:25:15: ISAKMP: (0:11:HW:2): former State = new State IKE_QM_R_QM2 = IKE_QM_PHASE2_COMPLETE
00:25:15: IPSEC (key_engine): had an event of the queue with 1 kei messages
00:25:15: IPSEC (key_engine_enable_outbound): rec would prevent ISAKMP
00:25:15: IPSEC (key_engine_enable_outbound): select SA with spinnaker 310818168/50I don't have the remote router log file, and is very long, so I joined her. Before that I captured the log file, I enabled debugging ipsec & isakmp and immediately authorized the SAs.
Assorted useful details and matching orders of show results:
Cisco IOS Software, C831 (C831-K9O3SY6-M), Version 12.4 (25), RELEASE SOFTWARE (fc1)
There are 2 connections of IPSEC/GRE tunnel:
Tunnel101: KC (208.YY. ZZ.11) - remote control (74.WW. XX.35)
Tunnel201: Dallas (208.XX. YY.11) - remote control (74.WW. XX.35)Site-382-831 #sho ip int br
Interface IP-Address OK? Method State Protocol
FastEthernet1 unassigned YES unset down down
FastEthernet2 unassigned YES unset upward, upward
FastEthernet3 unassigned YES unset upward, upward
FastEthernet4 unassigned YES unset upward, upward
Ethernet0 10.3.82.10 YES NVRAM up up
Ethernet1 74.WW. XX.35 YES NVRAM up up
Ethernet2 172.16.1.10 YES NVRAM up up
Tunnel101 1.3.82.46 YES NVRAM up toward the bottom<>
Tunnel201 1.3.82.62 YES NVRAM up toward the bottom<==== ="">
NVI0 unassigned don't unset upward upwardsSite-382-831 #.
Site-382-831 #sho run int tunnel101
Building configuration...Current configuration: 277 bytes
!
interface Tunnel101
Description % connected to the 2nd KC BGP 2821 - PRI - B
IP 1.3.82.46 255.255.255.252
IP mtu 1500
IP virtual-reassembly
IP tcp adjust-mss 1360
KeepAlive 3 3
source of tunnel Ethernet1
destination of the 208.YY tunnel. ZZ.11
endSite-382-831 #.
Site-382-831 #show isakmp crypto his
status of DST CBC State conn-id slot
208.XX. YY.11 74.WW. XX.35 QM_IDLE ASSETS 0 11
208.YY. ZZ.11 74.WW. XX.35 QM_IDLE 10 0 ACTIVE
Site-382-831 #.Site-382-831 #.
Site-382-831 #show detail of the crypto isakmp
Code: C - IKE configuration mode, D - Dead Peer Detection
NAT-traversal - KeepAlive, N - K
X - IKE extended authentication
PSK - GIPR pre-shared key - RSA signature
renc - RSA encryptionC - id Local Remote I have VRF status BA hash Auth DH lifetime limit.
11 74.WW. XX.35 208.XX. YY.11 ACTIVE 3des sha psk 1 23:56:09
Connection-id: motor-id = 11:2 (hardware)
74.WW 10. XX.35 208.YY. ZZ.11 ACTIVE 3des sha psk 1 23:56:09
Connection-id: motor-id = 10:2 (hardware)
Site-382-831 #.Site-382-831 #.
Site-382-831 #show crypto ipsec hisInterface: Ethernet1
Tag crypto map: IPVPN_MAP, local addr 74.WW. XX.35protégé of the vrf: (none)
ident (addr, mask, prot, port) local: (74.WW. XX.35/255.255.255.255/47/0)
Remote ident (addr, mask, prot, port): (208.YY. ZZ.11/255.255.255.255/47/0)
current_peer 208.YY. ZZ.11 port 500
LICENCE, flags is {origin_is_acl},
#pkts program: 2333, #pkts encrypt: 2333, #pkts digest: 2333
#pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 0, #pkts compr. has failed: 0
#pkts not unpacked: 0, #pkts decompress failed: 0
#send 21, #recv errors 0local crypto endpt. : 74.WW. XX.35, remote Start crypto. : 208.YY. ZZ.11
Path mtu 1500, mtu 1500 ip, ip mtu IDB Ethernet1
current outbound SPI: 0x45047D1D (1157922077)SAS of the esp on arrival:
SPI: 0x15B97AEA (364477162)
transform: esp-3des esp-sha-hmac.
running parameters = {Tunnel}
Conn ID: 2004, flow_id: C83X_MBRD:4, crypto card: IPVPN_MAP
calendar of his: service life remaining (k/s) key: (4486831/1056)
Size IV: 8 bytes
support for replay detection: Y
Status: ACTIVEthe arrival ah sas:
SAS of the CFP on arrival:
outgoing esp sas:
SPI: 0x45047D1D (1157922077)
transform: esp-3des esp-sha-hmac.
running parameters = {Tunnel}
Conn ID: 2003, flow_id: C83X_MBRD:3, crypto card: IPVPN_MAP
calendar of his: service life remaining (k/s) key: (4486744/1056)
Size IV: 8 bytes
support for replay detection: Y
Status: ACTIVEoutgoing ah sas:
outgoing CFP sas:
protégé of the vrf: (none)
ident (addr, mask, prot, port) local: (74.WW. XX.35/255.255.255.255/47/0)
Remote ident (addr, mask, prot, port): (208.XX. YY.11/255.255.255.255/47/0)
current_peer 208.XX. YY.11 port 500
LICENCE, flags is {origin_is_acl},
#pkts program: 2333, #pkts encrypt: 2333, #pkts digest: 2333
#pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 0, #pkts compr. has failed: 0
#pkts not unpacked: 0, #pkts decompress failed: 0
#send 21, #recv errors 0local crypto endpt. : 74.WW. XX.35, remote Start crypto. : 208.XX. YY.11
Path mtu 1500, mtu 1500 ip, ip mtu IDB Ethernet1
current outbound SPI: 0xE82A86BC (3895101116)SAS of the esp on arrival:
SPI: 0x539697CA (1402378186)
transform: esp-3des esp-sha-hmac.
running parameters = {Tunnel}
Conn ID: 2008, flow_id: C83X_MBRD:8, crypto card: IPVPN_MAP
calendar of his: service life remaining (k/s) key: (4432595/1039)
Size IV: 8 bytes
support for replay detection: Y
Status: ACTIVEthe arrival ah sas:
SAS of the CFP on arrival:
outgoing esp sas:
SPI: 0xE82A86BC (3895101116)
transform: esp-3des esp-sha-hmac.
running parameters = {Tunnel}
Conn ID: 2001, flow_id: C83X_MBRD:1, crypto card: IPVPN_MAP
calendar of his: service life remaining (k/s) key: (4432508/1039)
Size IV: 8 bytes
support for replay detection: Y
Status: ACTIVEoutgoing ah sas:
outgoing CFP sas:
Site-382-831 #.Site-382-831 #.
Site-382-831 #show crypto ipsec his | Pkts Inc. | life
#pkts program: 2397, #pkts encrypt: 2397, #pkts digest: 2397
#pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 0, #pkts compr. has failed: 0
#pkts not unpacked: 0, #pkts decompress failed: 0
calendar of his: service life remaining (k/s) key: (4486831/862)
calendar of his: service life remaining (k/s) key: (4486738/862)
#pkts program: 2397, #pkts encrypt: 2397, #pkts digest: 2397
#pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 0, #pkts compr. has failed: 0
#pkts not unpacked: 0, #pkts decompress failed: 0
calendar of his: service life remaining (k/s) key: (4432595/846)
calendar of his: service life remaining (k/s) key: (4432501/846)
Site-382-831 #.Site-382-831 #.
Site-382-831 #show crypto isakmp policyWorld IKE policy
Priority protection Suite 10
encryption algorithm: three key triple a
hash algorithm: Secure Hash Standard
authentication method: pre-shared Key
Diffie-Hellman group: #1 (768 bits)
lifetime: 86400 seconds, no volume limit
Default protection suite
encryption algorithm: - Data Encryption STANDARD (56-bit keys).
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman group: #1 (768 bits)
lifetime: 86400 seconds, no volume limit
Site-382-831 #.Site-382-831 #show crypto card
"IPVPN_MAP" 101-isakmp ipsec crypto map
Description: at the 2nd KC BGP 2821 - PRI - B
Peer = 208.YY. ZZ.11
Extend the PRI - B IP access list
access list PRI - B allowed will host 74.WW. XX.35 the host 208.YY. ZZ.11
Current counterpart: 208.YY. ZZ.11
Life safety association: 4608000 Kbytes / 3600 seconds
PFS (Y/N): N
Transform sets = {}
IPVPN,
}"IPVPN_MAP" 201-isakmp ipsec crypto map
Description: 2nd Dallas BGP 2821 - s-B
Peer = 208.XX. YY.11
Expand the list of IP SEC-B access
s - B allowed will host 74.WW access list. XX.35 the host 208.XX. YY.11
Current counterpart: 208.XX. YY.11
Life safety association: 4608000 Kbytes / 3600 seconds
PFS (Y/N): N
Transform sets = {}
IPVPN,
}
Interfaces using crypto card IPVPN_MAP:
Ethernet1
Site-382-831 #.Tunnel between KC & the remote site configuration is:
Distance c831 - KC
crypto ISAKMP policy 10
BA 3des
preshared authentication
!
PRI-B-382 address 208.YY isakmp encryption key. ZZ.11
!
Crypto ipsec transform-set esp-3des esp-sha-hmac IPVPN
transport mode
!
IPVPN_MAP 101 ipsec-isakmp crypto map
Description of 2nd KC BGP 2821 - PRI - B
set of peer 208.YY. ZZ.11
game of transformation-IPVPN
match address PRI - B
!
interface Tunnel101
Description % connected to the 2nd KC BGP 2821 - PRI - B
IP 1.3.82.46 255.255.255.252
IP mtu 1500
KeepAlive 3 3
IP virtual-reassembly
IP tcp adjust-mss 1360
source of tunnel Ethernet1
destination of the 208.YY tunnel. ZZ.11
!
interface Ethernet0
private network Description
IP 10.3.82.10 255.255.255.0
IP mtu 1500
no downtime
!
interface Ethernet1
IP 74.WW. XX.35 255.255.255.248
IP mtu 1500
automatic duplex
IP virtual-reassembly
card crypto IPVPN_MAP
no downtime
!
PRI - B extended IP access list
allow accord 74.WW the host. XX.35 the host 208.YY. ZZ.11
!KC-2821 *.
PRI-B-382 address 74.WW isakmp encryption key. XX.35
!
PRI-B-382 extended IP access list
allow accord 208.YY the host. ZZ.11 the host 74.WW. XX.35
!
IPVPN_MAP 382 ipsec-isakmp crypto map
Description % connected to the 2nd KC BGP 2821
set of peer 74.WW. XX.35
game of transformation-IPVPN
match address PRI-B-382
!
interface Tunnel382
Description %.
IP 1.3.82.45 255.255.255.252
KeepAlive 3 3
IP virtual-reassembly
IP tcp adjust-mss 1360
IP 1400 MTU
delay of 40000
tunnel of 208.YY origin. ZZ.11
destination of the 74.WW tunnel. XX.35
!
endAny help would be much appreciated!
Mark
Hello
logs on Site-382-831, only see the crypt but none decrypts, could you check a corresponding entry on the peer and see if has any questions send return traffic?
Site-382-831 #show crypto ipsec his | Pkts Inc. | life
#pkts program: 2397, #pkts encrypt: 2397, #pkts digest: 2397
#pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 0, #pkts compr. has failed: 0
#pkts not unpacked: 0, #pkts decompress failed: 0
calendar of his: service life remaining (k/s) key: (4486831/862)
calendar of his: service life remaining (k/s) key: (4486738/862)
#pkts program: 2397, #pkts encrypt: 2397, #pkts digest: 2397
#pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 0, #pkts compr. has failed: 0
#pkts not unpacked: 0, #pkts decompress failed: 0
calendar of his: service life remaining (k/s) key: (4432595/846)
calendar of his: service life remaining (k/s) key: (4432501/846)
Site-382-831 #.Kind regards
Averroès.
-
Hi guys,.
I'm trying to connect 2 1841 routers using ipsec/gre.
the situation is as below:
router a router - Internet - b
router config:
crypto ISAKMP policy 1
BA 3des
preshared authentication
Group 2
ISAKMP crypto key cisco address bb.bb.bb.bbCrypto ipsec transform-set esp-3des esp-md5-hmac TFMset
!
Profile of crypto ipsec ToB
game of transformation-TFMset!
interface Tunnel0
Description * to B *.
IP 100.100.100.1 255.255.255.252
tunnel source aa.aa.aa.aa
destination bb.bb.bb.bb tunnel
ipv4 ipsec tunnel mode
Profile of tunnel ToB ipsec protectioninterface FastEthernet0/0
IP address aa.aa.aa.aa 255.255.255.252
NAT outside IP
!
interface FastEthernet0/1
11.11.11.11 IP address 255.255.255.0
IP nat insideIP route 0.0.0.0 0.0.0.0 FastEthernet0/0
IP nat inside source map route SHEEP interface FastEthernet0/0 overload
IPNAT extended IP access list
deny ip 11.11.11.0 0.0.0.255 22.22.22.0 0.0.0.255
IP 11.11.11.0 allow 0.0.0.255 any
!
SHEEP allowed 10 route map
corresponds to the IP IPNATConfig router B:
crypto ISAKMP policy 1
BA 3des
preshared authentication
Group 2
ISAKMP crypto key cisco address aa.aa.aa.aaCrypto ipsec transform-set esp-3des esp-md5-hmac TFMset
!
Profile of crypto ipsec ToA
game of transformation-TFMset!
interface Tunnel0
Description * to A *.
IP 100.100.100.1 255.255.255.252
tunnel source bb.bb.bb.bb
destination aa.aa.aa.aa tunnel
ipv4 ipsec tunnel mode
Profile of tunnel ToA ipsec protectioninterface FastEthernet0/0
IP address bb.bb.bb.bb 255.255.255.252
NAT outside IP
!
interface FastEthernet0/1
IP 22.22.22.22 255.255.255.0
IP nat insideIP route 0.0.0.0 0.0.0.0 FastEthernet0/0
IP nat inside source map route SHEEP interface FastEthernet0/0 overload
IPNAT extended IP access list
deny ip 22.22.22.0 0.0.0.255 11.11.11.0 0.0.0.255
IP 22.22.22.0 allow 0.0.0.255 any
!
SHEEP allowed 10 route map
corresponds to the IP IPNAT
I managed to see the crypto isakmp and tunnel upward, but I'm not able to ping to the Remote LAN ip...
have you guys any idea on this?
Thank you...
Hello
Try to create a static route on a router for remote network pointing to the source of the tunnel as its front door.
Here is a useful link: -.
https://learningnetwork.Cisco.com/docs/doc-2457
Thank you
Shilpa
-
IPSec VPN between Cisco ASA and Fortigate1000
Hello
I find a useful document on how to create a tunnel VPN IPSec with ASA 5510 firewall Fortigate 1000...
the configuration of the coast FG is done without any problem, BUT the document (. doc FG) said I must configure the ASA with a GRE interface and assign an internal IP address in order to communicate with the FG...
The question is: How do I configure the interface on the SAA ACCORD?
Thanks in advance, Experts...
Kind regards...
ASA firewall does not support the interface/GRE GRE tunnel.
If you need to have GRE configured, you will need to complete the GRE tunnel on router IOS.
If you want to configure just pure tunnel VPN IPSec (lan-to-lan), here is an example of configuration on the side of the ASA:
http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a0080950890.shtml
Hope that helps.
-
How to disable a particular IPSec tunnel on Cisco router
Hi guys,.
Someone knows a way to termporarily disable an IPSec tunnel on a Cisco router provided individual:
-No configuration changes
-Without affecting the other IPSec tunnels running
-GRE is not used, so there is no tunnel interface to close
Or in any event nearest to you to meet the requirement above?
Thank you
Andrew
Andrew,
There is no way to 'turn off' the tunnel without changing the config.
I think the easiest would be to get the card crypto for this particular tunnel and remove the peer or the ACL:
for example:
labmap 10 ipsec-isakmp crypto map
no counterpart set 10.0.0.1
labmap 10 ipsec-isakmp crypto map
no correspondence address 100
or you can remove the key isakmp for this tunnel, that would, for example:
No cisco123 key crypto isakmp 10.0.0.1 address
That would prevent the tunnel to come without affecting the other tunnels.
I hope this helps.
Raga
-
ISA500 site by site ipsec VPN with Cisco IGR
Hello
I tried a VPN site by site work with Openswan and Cisco 2821 router configuration an Ipsec tunnel to site by site with Cisco 2821 and ISA550.
But without success.
my config for openswan, just FYI, maybe not importand for this problem
installation of config
protostack = netkey
nat_traversal = yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%4:!$RIGHT_SUBNET
nhelpers = 0
Conn rz1
IKEv2 = no
type = tunnel
left = % all
leftsubnet=192.168.5.0/24
right =.
rightsourceip = 192.168.1.2
rightsubnet=192.168.1.0/24
Keylife 28800 = s
ikelifetime 28800 = s
keyingtries = 3
AUTH = esp
ESP = aes128-sha1
KeyExchange = ike
authby secret =
start = auto
IKE = aes128-sha1; modp1536
dpdaction = redΘmarrer
dpddelay = 30
dpdtimeout = 60
PFS = No.
aggrmode = no
Config Cisco 2821 for dynamic dialin:
crypto ISAKMP policy 1
BA aes
sha hash
preshared authentication
Group 5
lifetime 28800
!
card crypto CMAP_1 1-isakmp dynamic ipsec DYNMAP_1
!
access-list 102 permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
!
Crypto ipsec transform-set ESP-AES-SHA1 esp - aes esp-sha-hmac
crypto dynamic-map DYNMAP_1 1
game of transformation-ESP-AES-SHA1
match address 102
!
ISAKMP crypto key
address 0.0.0.0 0.0.0.0 ISAKMP crypto keepalive 30 periodicals
!
life crypto ipsec security association seconds 28800
!
interface GigabitEthernet0/0.4002
card crypto CMAP_1
!
I tried ISA550 a config with the same constelations, but without suggesting.
Anyone has the same problem?
And had anyone has a tip for me, or has someone expirense with a site-by-site with ISA550 and Cisco 2821 ipsec tunnel?
I can successfully establish a tunnel between openswan linux server and the isa550.
Patrick,
as you can see on newspapers, the software behind ISA is also OpenSWAN
I have a facility with a 892 SRI running which should be the same as your 29erxx.
Use your IOS Config dynmap, penny, you are on the average nomad. If you don't have any RW customer you shoul go on IOS "No.-xauth" after the isakmp encryption key.
Here is my setup, with roardwarrior AND 2, site 2 site.
session of crypto consignment
logging crypto ezvpn
!
crypto ISAKMP policy 1
BA 3des
preshared authentication
Group 2
lifetime 28800
!
crypto ISAKMP policy 2
BA 3des
md5 hash
preshared authentication
Group 2
lifetime 28800
!
crypto ISAKMP policy 3
BA 3des
preshared authentication
Group 2
!
crypto ISAKMP policy 4
BA 3des
md5 hash
preshared authentication
Group 2
!
crypto ISAKMP policy 5
BA 3des
preshared authentication
Group 2
life 7200
ISAKMP crypto address XXXX XXXXX No.-xauth key
XXXX XXXX No.-xauth address isakmp encryption key
!
ISAKMP crypto client configuration group by default
key XXXX
DNS XXXX
default pool
ACL easyvpn_client_routes
PFS
!
!
Crypto ipsec transform-set esp-3des esp-sha-hmac FEAT
!
dynamic-map crypto VPN 20
game of transformation-FEAT
market arriere-route
!
!
card crypto client VPN authentication list by default
card crypto VPN isakmp authorization list by default
crypto map VPN client configuration address respond
10 VPN ipsec-isakmp crypto map
Description of VPN - 1
defined peer XXX
game of transformation-FEAT
match the address internal_networks_ipsec
11 VPN ipsec-isakmp crypto map
VPN-2 description
defined peer XXX
game of transformation-FEAT
PFS group2 Set
match the address internal_networks_ipsec2
card crypto 20-isakmp dynamic VPN ipsec VPN
!
!
Michael
Please note all useful posts
-
IPSec Tunnel between Cisco 2801 and Netscren 50 with NAT and static
Hello
My problem isn't really the IPSec connection between two devices (it is already done...) But my problem is that I have a mail server on the site of Cisco, who have a static NAT from inside to outside. Due to the static NAT, I do not see the server in the VPN tunnel. I found a document that almost describes the problem:
"Configuration of a router IPSEC Tunnel private-to-private network with NAT and static" (Document ID 14144)
NAT takes place before the encryption verification!
In this document, the solution is 'routing policy' using the loopback interface. But, how can I handle this with the Netscreen firewall. Someone has an idea?
Thanks for any help
Best regards
Heiko
Hello
Try to change your static NAT with static NAT based policy.
That is to say the static NAT should not be applicable for VPN traffic
permissible static route map 1
corresponds to the IP 104
access-list 104 refuse host ip 10.1.110.10 10.1.0.0 255.255.0.0
access-list 104 allow the host ip 10.1.110.10 all
IP nat inside source static 10.1.110.10 81.222.33.90 map of static route
HTH
Kind regards
GE.
-
IPsec VPN with Cisco AnyConnect and 1921 ISR G2 router
Hello
Is it possible to establish a remote access VPN IPSec using Cisco Anyconnect client with router Cisco ISR G2 1921.
If someone does share it please the sample configuration. as I've been on this topic since last week a.
My Cisco rep recommended I have not try AnyConnect a router ISR or ASR. So I used an Open Source client. Don't say that AnyConnect won't work, just the route I took on my project. I work good known configuration for a 1921 with strongSwan as a Client. It is with IPSEC and IKEV2 using certificates for authentication.
-
IPsec tunnel on cisco 3750 Switch
Guys... I just wanted to know, is - it possible to configure/close the tunnel vpn ipsec on cisco switch 3750.
Thanks in advance.
NO u cant, you can on CAT 6500 with VPN module!
-
Hi all
I am trying to create a VPN between a PIX and a Cisco 877W tunnel but can't seem to get the tunnel. When I do a 'sho crypto session"on the Cisco 877, I get, he said session state is declining, then changed to NEGOTIATE DOWN, but it is now down again... Please find attached the configs for both ends... Are there commands to confirm that the tunnel is up other than to try to ping the remote end? I would greatly appreciate any help lift this tunnel.
Kind regards
REDA
Hello
Based on the configurations of joined, to do some changes. For example:
1. the isakmp policies do not match on the router and the pix. Make sure the hash group Diffie-Hellman and life correspond on the 877 and pix.
2. the access list for the ipsec traffic must be images of mirror of the other.
3. make sure life of ipsec on the two peers.
I hope it helps.
Kind regards
Arul
Rate if this can help.
-
The IOS IPSec VPN configuration Cisco router
Hi experts,
I have not configured the VPN for a long time on the routers so I want your recommendation on best practices.
I need to run OSPF over it, so it must be GRE over IPSec
I googled and I see the old type of config that I used to do with the use of the crypto map. Then I see config with profile Ipsec that is applied to the interface of tunnel (tunnel protection). I also see on the manual on isakmp profile...
Is there an example of configuration that you can provide? This is site to site VPN with PAT most basic on the interface for the remote desktop for surfing the Internet. My routers are fairly recent. One is 2821 with new 12.4 T code and another 2921 router.
Thank you
Hello!
I didn't have a corresponding exactly to your needs, but I did a. I set it up by hand while there might be errors in config.
-
IPSec VPN between Cisco and ScreenOS
Hello
I'm trying to set up a simple IPSec VPN between a Cisco 2911 router and a Juniper Netscreen ScreenOS (not exactly now the model) device. Initially the debbuging seems good (QM_IDLE), but the ISAKMP Security Association is deleted.
The guy managing the Juniper device send me an extract from his diary:
###########################################################################
2012-08-28 10:24:16 info 00536 IKE Phase 2 msg ID
System 9b 839579: negotiations failed.
2012-08-28 10:24:16 info system 00536 rejected a package of IKE loopback.11
of
: 500 to 217.150.152.45:500 with cookies
87960e39d074ca49 and 9302d26c7ce324a5
because there is no acceptable Phase
2 proposals...
It has defined the following phase 2 proposals:
IKE the value p2-proposal "G2_esp_aes256_sha_1800s" group2 esp aes256-sha-1, 1800 second
###########################################################################
And I use these:
###########################################################################
crypto ISAKMP policy 1
BA aes 256
preshared authentication
Group 2
!
ISAKMP crypto key
address 217.150.152.45 Crypto ipsec transform-set esp - aes esp - aes 256 esp-sha-hmac
card crypto ipsec vpn 2 isakmp
Description * VPN Anbindung nach PKI in Magdeburg *.
defined by peer 217.150.152.45
define security-association life seconds 1800
the value of the transform-set esp - aes
match address PKI-TRAFFIC
!
###########################################################################
Here is my Log:
#################################################################################################################
28 August 08:23:46.416: ISAKMP: (0): profile of THE request is (NULL)
28 August 08:23:46.416: ISAKMP: created a struct peer 217.150.152.45, peer port 500
28 August 08:23:46.416: ISAKMP: new position created post = 0x2A2D7150 peer_handle = 0x8000003A
28 August 08:23:46.416: ISAKMP: lock struct 0x2A2D7150, refcount 1 to peer isakmp_initiator
28 August 08:23:46.416: ISAKMP: 500 local port, remote port 500
28 August 08:23:46.416: ISAKMP: set new node 0 to QM_IDLE
28 August 08:23:46.416: ISAKMP: (0): insert his with his 31627E04 = success
28 August 08:23:46.416: ISAKMP: (0): cannot start aggressive mode, try the main mode.
28 August 08:23:46.416: ISAKMP: (0): pair found pre-shared key matching 217.150.152.45
28 August 08:23:46.416: ISAKMP: (0): built of NAT - T of the seller-rfc3947 ID
28 August 08:23:46.416: ISAKMP: (0): built the seller-07 ID NAT - t
28 August 08:23:46.416: ISAKMP: (0): built of NAT - T of the seller-03 ID
28 August 08:23:46.416: ISAKMP: (0): built the seller-02 ID NAT - t
28 August 08:23:46.416: ISAKMP: (0): entry = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
28 August 08:23:46.416: ISAKMP: (0): former State = new State IKE_READY = IKE_I_MM1
28 August 08:23:46.416: ISAKMP: (0): Beginner Main Mode Exchange
28 August 08:23:46.416: ISAKMP: (0): lot of 217.150.152.45 sending my_port 500 peer_port 500 (I) MM_NO_STATE
28 August 08:23:46.416: ISAKMP: (0): sending a packet IPv4 IKE.
28 August 08:23:46.448: ISAKMP (0): received 217.150.152.45 packet dport 500 sport Global 500 (I) MM_NO_STATE
28 August 08:23:46.448: ISAKMP: (0): entry = IKE_MESG_FROM_PEER, IKE_MM_EXCH
28 August 08:23:46.448: ISAKMP: (0): former State = new State IKE_I_MM1 = IKE_I_MM2
28 August 08:23:46.448: ISAKMP: (0): treatment ITS payload. Message ID = 0
28 August 08:23:46.448: ISAKMP: (0): load useful vendor id of treatment
28 August 08:23:46.448: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 239
28 August 08:23:46.448: ISAKMP: (0): load useful vendor id of treatment
28 August 08:23:46.448: ISAKMP: (0): provider ID is DPD
28 August 08:23:46.448: ISAKMP: (0): load useful vendor id of treatment
28 August 08:23:46.448: ISAKMP: (0): IKE frag vendor processing id payload
28 August 08:23:46.448: ISAKMP: (0): IKE Fragmentation support not enabled
28 August 08:23:46.448: ISAKMP: (0): pair found pre-shared key matching 217.150.152.45
28 August 08:23:46.448: ISAKMP: (0): pre-shared key local found
28 August 08:23:46.448: ISAKMP: analysis of the profiles for xauth...
28 August 08:23:46.448: ISAKMP: (0): audit ISAKMP transform 1 against the policy of priority 1
28 August 08:23:46.448: ISAKMP: AES - CBC encryption
28 August 08:23:46.448: ISAKMP: SHA hash
28 August 08:23:46.448: ISAKMP: group by default 2
28 August 08:23:46.448: ISAKMP: pre-shared key auth
28 August 08:23:46.448: ISAKMP: keylength 256
28 August 08:23:46.448: ISAKMP: type of life in seconds
28 August 08:23:46.448: ISAKMP: life (IPV) 0 x 0 0 x 1 0 x 51 0x80
28 August 08:23:46.448: ISAKMP: (0): atts are acceptable. Next payload is 0
28 August 08:23:46.448: ISAKMP: (0): Acceptable atts: real life: 0
28 August 08:23:46.448: ISAKMP: (0): Acceptable atts:life: 0
28 August 08:23:46.448: ISAKMP: (0): fill atts in his vpi_length:4
28 August 08:23:46.448: ISAKMP: (0): fill atts in his life_in_seconds:86400
28 August 08:23:46.448: ISAKMP: (0): return real life: 86400
28 August 08:23:46.448: ISAKMP: (0): timer life Started: 86400.
28 August 08:23:46.448: ISAKMP: (0): load useful vendor id of treatment
28 August 08:23:46.448: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 239
28 August 08:23:46.448: ISAKMP: (0): load useful vendor id of treatment
28 August 08:23:46.448: ISAKMP: (0): provider ID is DPD
28 August 08:23:46.448: ISAKMP: (0): load useful vendor id of treatment
28 August 08:23:46.448: ISAKMP: (0): IKE frag vendor processing id payload
28 August 08:23:46.448: ISAKMP: (0): IKE Fragmentation support not enabled
28 August 08:23:46.448: ISAKMP: (0): entry = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
28 August 08:23:46.448: ISAKMP: (0): former State = new State IKE_I_MM2 = IKE_I_MM2
28 August 08:23:46.448: ISAKMP: (0): lot of 217.150.152.45 sending my_port 500 peer_port 500 (I) MM_SA_SETUP
28 August 08:23:46.448: ISAKMP: (0): sending a packet IPv4 IKE.
28 August 08:23:46.452: ISAKMP: (0): entry = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
28 August 08:23:46.452: ISAKMP: (0): former State = new State IKE_I_MM2 = IKE_I_MM3
28 August 08:23:46.484: ISAKMP (0): received 217.150.152.45 packet dport 500 sport Global 500 (I) MM_SA_SETUP
28 August 08:23:46.484: ISAKMP: (0): entry = IKE_MESG_FROM_PEER, IKE_MM_EXCH
28 August 08:23:46.484: ISAKMP: (0): former State = new State IKE_I_MM3 = IKE_I_MM4
28 August 08:23:46.484: ISAKMP: (0): processing KE payload. Message ID = 0
28 August 08:23:46.508: ISAKMP: (0): processing NONCE payload. Message ID = 0
28 August 08:23:46.508: ISAKMP: (0): pair found pre-shared key matching 217.150.152.45
28 August 08:23:46.508: ISAKMP: (1049): entry = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
28 August 08:23:46.508: ISAKMP: (1049): former State = new State IKE_I_MM4 = IKE_I_MM4
28 August 08:23:46.508: ISAKMP: (1049): send initial contact
28 August 08:23:46.508: ISAKMP: (1049): ITS been pre-shared key, using id ID_IPV4_ADDR type authentication
28 August 08:23:46.508: ISAKMP (1049): payload ID
next payload: 8
type: 1
address: 92.67.80.237
Protocol: 17
Port: 500
Length: 12
28 August 08:23:46.508: ISAKMP: (1049): the total payload length: 12
28 August 08:23:46.508: ISAKMP: (1049): lot of 217.150.152.45 sending my_port 500 peer_port 500 (I) MM_KEY_EXCH
28 August 08:23:46.508: ISAKMP: (1049): sending a packet IPv4 IKE.
28 August 08:23:46.508: ISAKMP: (1049): entry = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
28 August 08:23:46.508: ISAKMP: (1049): former State = new State IKE_I_MM4 = IKE_I_MM5
28 August 08:23:46.540: ISAKMP (1049): received 217.150.152.45 packet dport 500 sport Global 500 (I) MM_KEY_EXCH
28 August 08:23:46.540: ISAKMP: (1049): payload ID for treatment. Message ID = 0
28 August 08:23:46.540: ISAKMP (1049): payload ID
next payload: 8
type: 1
address: 217.150.152.45
Protocol: 17
Port: 500
Length: 12
28 August 08:23:46.540: ISAKMP: (0): peer games * no * profiles
28 August 08:23:46.540: ISAKMP: (1049): HASH payload processing. Message ID = 0
28 August 08:23:46.540: ISAKMP: (1049): SA authentication status:
authenticated
28 August 08:23:46.540: ISAKMP: (1049): SA has been authenticated with 217.150.152.45
28 August 08:23:46.540: ISAKMP: try inserting a peer
/217.150.152.45/500/ and inserted 2A2D7150 successfully. 28 August 08:23:46.540: ISAKMP: (1049): entry = IKE_MESG_FROM_PEER, IKE_MM_EXCH
28 August 08:23:46.540: ISAKMP: (1049): former State = new State IKE_I_MM5 = IKE_I_MM6
28 August 08:23:46.540: ISAKMP: (1049): entry = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
28 August 08:23:46.540: ISAKMP: (1049): former State = new State IKE_I_MM6 = IKE_I_MM6
28 August 08:23:46.540: ISAKMP: (1049): entry = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
28 August 08:23:46.540: ISAKMP: (1049): former State = new State IKE_I_MM6 = IKE_P1_COMPLETE
28 August 08:23:46.540: ISAKMP: (1049): start Quick Mode Exchange, M - ID of 1582159006
28 August 08:23:46.552: ISAKMP: (1049): initiator QM gets spi
28 August 08:23:46.552: ISAKMP: (1049): lot of 217.150.152.45 sending my_port 500 peer_port 500 (I) QM_IDLE
28 August 08:23:46.552: ISAKMP: (1049): sending a packet IPv4 IKE.
28 August 08:23:46.552: ISAKMP: (1049): entrance, node-1582159006 = IKE_MESG_INTERNAL, IKE_INIT_QM
28 August 08:23:46.552: ISAKMP: (1049): former State = new State IKE_QM_READY = IKE_QM_I_QM1
28 August 08:23:46.552: ISAKMP: (1049): entry = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
28 August 08:23:46.552: ISAKMP: (1049): former State = new State IKE_P1_COMPLETE = IKE_P1_COMPLETE
28 August 08:23:46.584: ISAKMP (1049): received 217.150.152.45 packet dport 500 sport Global 500 (I) QM_IDLE
28 August 08:23:46.584: ISAKMP: node set-452721455 to QM_IDLE
28 August 08:23:46.584: ISAKMP: (1049): HASH payload processing. Message ID =-452721455
28 August 08:23:46.584: ISAKMP: (1049): treatment protocol NOTIFIER PROPOSAL_NOT_CHOSEN 1
SPI 0, message ID =-452721455, his 0x31627E04 =
28 August 08:23:46.584: ISAKMP: (1049): peer does not paranoid KeepAlive.
28 August 08:23:46.584: ISAKMP: (1049): remove the reason for HIS "fatal Recevied of information' State (I) QM_IDLE (post 217.150.152.45)
28 August 08:23:46.584: ISAKMP: (1049): node-452721455 error suppression FALSE reason 'informational (en) State 1.
28 August 08:23:46.584: ISAKMP: (1049): entry = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
28 August 08:23:46.584: ISAKMP: (1049): former State = new State IKE_P1_COMPLETE = IKE_P1_COMPLETE
28 August 08:23:46.584: ISAKMP: node set 494253780 to QM_IDLE
28 August 08:23:46.584: ISAKMP: (1049): lot of 217.150.152.45 sending my_port 500 peer_port 500 (I) QM_IDLE
28 August 08:23:46.584: ISAKMP: (1049): sending a packet IPv4 IKE.
28 August 08:23:46.584: ISAKMP: (1049): purge the node 494253780
28 August 08:23:46.584: ISAKMP: (1049): entry = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
28 August 08:23:46.584: ISAKMP: (1049): former State = new State IKE_P1_COMPLETE = IKE_DEST_SA
28 August 08:23:46.584: ISAKMP: (1049): remove the reason for HIS "fatal Recevied of information' State (I) QM_IDLE (post 217.150.152.45)
Intertoys_Zentrale_Waddinxveen_01 #.
28 August 08:23:46.584: ISAKMP: Unlocking counterpart struct 0x2A2D7150 for isadb_mark_sa_deleted(), count 0
28 August 08:23:46.584: ISAKMP: delete peer node by peer_reap for 217.150.152.45: 2A2D7150
28 August 08:23:46.584: ISAKMP: (1049): node-1582159006 error suppression FALSE reason 'IKE deleted.
28 August 08:23:46.584: ISAKMP: (1049): entry = IKE_MESG_FROM_PEER, IKE_MM_EXCH
28 August 08:23:46.584: ISAKMP: (1049): former State = new State IKE_DEST_SA = IKE_DEST_SA
#################################################################################################################
Is there something special that needs to be addressed when creating a VPN for Juniper devices?
Greetings
Thomas
The peer IPSec a PFS enabled, do the same in your crypto-map:
card crypto ipsec vpn 2 isakmp
PFS group2 Set
--
Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
http://www.Kiva.org/invitedBy/karsteni -
Hello, I have a radio link with a branch, but the link to the provider is not approved to set up a Tunnel GRE + IPSec, but I get that this log in my router.
% CRYPTO-4-PKT_REPLAY_ERR: decrypt: re-read the verification failed
The topology is:
Router 1 C3825 IOS 12.4 (25f) Fa0/2/2 - link radio - router 2 C3825 IOS 15.1 (4) M4 Gi0/1
I get the logs into the Router 1 only.
Configurations are:
Router 1:
crypto ISAKMP policy 1
BA aes
md5 hash
preshared authentication
Group 2
ISAKMP crypto key Andina12 address 172.20.127.114
invalid-spi-recovery crypto ISAKMP
!
!
Crypto ipsec transform-set TS aes - esp esp-md5-hmac
!
Profile of crypto ipsec protected-gre
86400 seconds, life of security association set
game of transformation-TS
interface Tunnel0
Description IPSec Tunnel of GRE a Víbora
bandwidth 2000
IP 172.20.127.117 255.255.255.252
IP 1400 MTU
IP tcp adjust-mss 1360
tunnel source 172.20.127.113
tunnel destination 172.20.127.114
protection ipsec profile protected-gre tunnel
interface FastEthernet0/2/2
Description RadioEnlace a Víbora
switchport access vlan 74
bandwidth 2000
No cdp enable
interface Vlan74
bandwidth 2000
IP 172.20.127.113 255.255.255.252
Router eigrp 1
network 172.20.127.116 0.0.0.3
Router 2:
crypto ISAKMP policy 1
BA aes
md5 hash
preshared authentication
Group 2
ISAKMP crypto key Andina12 address 172.20.127.113
!
!
Crypto ipsec transform-set TS aes - esp esp-md5-hmac
!
Profile of crypto ipsec protected-gre
86400 seconds, life of security association set
game of transformation-TS
interface Tunnel0
Description IPSec Tunnel of GRE a CSZ
bandwidth 2000
IP 172.20.127.118 255.255.255.252
IP 1400 MTU
IP tcp adjust-mss 1360
tunnel source 172.20.127.114
tunnel destination 172.20.127.113
protection ipsec profile protected-gre tunnel
interface GigabitEthernet0/1
Description Radio Enlace a CSZ
bandwidth 2000
IP 172.20.127.114 255.255.255.252
automatic duplex
automatic speed
media type rj45
No cdp enable
Router eigrp 1
network 172.20.127.116 0.0.0.3
Thanks for the help.
Yes, you can have just as configured:
Crypto ipsec transform-set esp - aes TS
transport mode
Be sure to change it on both routers.
Maybe you are looking for
-
Missing old messages in the folder / let's go to the balls
I have a Macbook Pro running OSX 10.10.5 Yosemite. I have my e-mail Application set up for my Gmail account. I'm Secretary of an association and I have a lot of emails with each year having its own folder/mailbox. All my emails before July 10, 2015 a
-
Pavilion model: 17-f114dx: memory upgrade
My new laptop with 6 GB of RAM, I would like to upgrade, but some say documentation 6 GB is the maximum.Tell me crucial it will load 16 GB. Why can I only the memory?
-
2007 database file access Windows suddenly appeared on my desk.
Original title: I was working on my pc when a file access 2007 database window has just appeared on my desk. I think someone is hacking my pc or stalking me online. Access can be used for this? I have Windows Vista.
-
Failure by improving from XP to Vista Home Premium
I am trying to upgrade my PC laptop Windows XP to Windows Vista Home Premium. During the phase of "Windows Installer", I get a message error that says "Windows cannot update configuration to start the computer. Installation cannot continue. What sh
-
MKV files, show 0 seconds and cannot be seen by sharing.
Windows media player started randomly showing all my MKV files in 0 seconds. In addition to this, all these files are more able to be seen by the sharing of systems; I have an Archos Tablet and the xbox 360. He worked and nothing has been replaced by