IPSec Tunnel upward, but not accessible from local networks

Similar Questions

• ASA 5505 IPSEC VPN connected but cannot access the local network

  ASA: 8.2.5

  ASDM: 6.4.5

  LAN: 10.1.0.0/22

  Pool VPN: 172.16.10.0/24

  Hi, we purcahsed a new ASA 5505 and try to configure IPSEC VPN via ASDM; I simply run the wizards, installation vpnpool, split tunnelling, etc.

  I can connect to the ASA using the cisco VPN client and internet works fine on the local PC, but it can not access the local network (can not impossible. ping remote desktop). I tried the same thing on our Production ASA(those have both Remote VPN and Site-to-site VPN working), the new profile, I created worked very well.

  Here is my setup, wrong set up anything?

  ASA Version 8.2 (5)

  !

  hostname asatest

  domain XXX.com

  activate 8Fw1QFqthX2n4uD3 encrypted password

  g9NiG6oUPjkYrHNt encrypted passwd

  names of

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 10.1.1.253 255.255.252.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  address IP XXX.XXX.XXX.XXX 255.255.255.240

  !

  passive FTP mode

  clock timezone PST - 8

  clock summer-time recurring PDT

  DNS server-group DefaultDNS

  domain vff.com

  vpntest_splitTunnelAcl list standard access allowed 10.1.0.0 255.255.252.0

  access extensive list ip 10.1.0.0 inside_nat0_outbound allow 255.255.252.0 172.16.10.0 255.255.255.0

  pager lines 24

  Enable logging

  timestamp of the record

  logging trap warnings

  asdm of logging of information

  logging - the id of the device hostname

  host of logging inside the 10.1.1.230

  Within 1500 MTU

  Outside 1500 MTU

  IP local pool 172.16.10.1 - 172.16.10.254 mask 255.255.255.0 vpnpool

  no failover

  ICMP unreachable rate-limit 1 burst-size 1

  don't allow no asdm history

  ARP timeout 14400

  Global 1 interface (outside)

  NAT (inside) 0-list of access inside_nat0_outbound

  NAT (inside) 1 0.0.0.0 0.0.0.0

  Route outside 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  AAA-server protocol nt AD

  AAA-server host 10.1.1.108 AD (inside)

  NT-auth-domain controller 10.1.1.108

  Enable http server

  http 10.1.0.0 255.255.252.0 inside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

  Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

  Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

  Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

  life crypto ipsec security association seconds 28800

  Crypto ipsec kilobytes of life - safety 4608000 association

  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set

  Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

  outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

  outside_map interface card crypto outside

  crypto ISAKMP allow outside

  crypto ISAKMP policy 10

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  Telnet timeout 5

  SSH 10.1.0.0 255.255.252.0 inside

  SSH timeout 20

  Console timeout 0

  dhcpd outside auto_config

  !

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  WebVPN

  internal group vpntest strategy

  Group vpntest policy attributes

  value of 10.1.1.108 WINS server

  Server DNS 10.1.1.108 value

  Protocol-tunnel-VPN IPSec l2tp ipsec

  disable the password-storage

  disable the IP-comp

  Re-xauth disable

  disable the PFS

  IPSec-udp disable

  IPSec-udp-port 10000

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list vpntest_splitTunnelAcl

  value by default-domain XXX.com

  disable the split-tunnel-all dns

  Dungeon-client-config backup servers

  the address value vpnpool pools

  admin WeiepwREwT66BhE9 encrypted privilege 15 password username

  username user5 encrypted password privilege 5 yIWniWfceAUz1sUb

  the encrypted password privilege 3 umNHhJnO7McrLxNQ util_3 username

  tunnel-group vpntest type remote access

  tunnel-group vpntest General attributes

  address vpnpool pool

  authentication-server-group AD

  authentication-server-group (inside) AD

  Group Policy - by default-vpntest

  band-Kingdom

  vpntest group tunnel ipsec-attributes

  pre-shared-key BEKey123456

  NOCHECK Peer-id-validate

  !

  !

  privilege level 3 mode exec cmd command perfmon

  privilege level 3 mode exec cmd ping command

  mode privileged exec command cmd level 3

  logging of the privilege level 3 mode exec cmd commands

  privilege level 3 exec command failover mode cmd

  privilege level 3 mode exec command packet cmd - draw

  privilege show import at the level 5 exec mode command

  privilege level 5 see fashion exec running-config command

  order of privilege show level 3 exec mode reload

  privilege level 3 exec mode control fashion show

  privilege see the level 3 exec firewall command mode

  privilege see the level 3 exec mode command ASP.

  processor mode privileged exec command to see the level 3

  privilege command shell see the level 3 exec mode

  privilege show level 3 exec command clock mode

  privilege exec mode level 3 dns-hosts command show

  privilege see the level 3 exec command access-list mode

  logging of orders privilege see the level 3 exec mode

  privilege, level 3 see the exec command mode vlan

  privilege show level 3 exec command ip mode

  privilege, level 3 see fashion exec command ipv6

  privilege, level 3 see the exec command failover mode

  privilege, level 3 see fashion exec command asdm

  exec mode privilege see the level 3 command arp

  command routing privilege see the level 3 exec mode

  privilege, level 3 see fashion exec command ospf

  privilege, level 3 see the exec command in aaa-server mode

  AAA mode privileged exec command to see the level 3

  privilege, level 3 see fashion exec command eigrp

  privilege see the level 3 exec mode command crypto

  privilege, level 3 see fashion exec command vpn-sessiondb

  privilege level 3 exec mode command ssh show

  privilege, level 3 see fashion exec command dhcpd

  privilege, level 3 see the vpnclient command exec mode

  privilege, level 3 see fashion exec command vpn

  privilege level see the 3 blocks from exec mode command

  privilege, level 3 see fashion exec command wccp

  privilege see the level 3 exec command mode dynamic filters

  privilege, level 3 see the exec command in webvpn mode

  privilege control module see the level 3 exec mode

  privilege, level 3 see fashion exec command uauth

  privilege see the level 3 exec command compression mode

  level 3 for the show privilege mode configure the command interface

  level 3 for the show privilege mode set clock command

  level 3 for the show privilege mode configure the access-list command

  level 3 for the show privilege mode set up the registration of the order

  level 3 for the show privilege mode configure ip command

  level 3 for the show privilege mode configure command failover

  level 5 mode see the privilege set up command asdm

  level 3 for the show privilege mode configure arp command

  level 3 for the show privilege mode configure the command routing

  level 3 for the show privilege mode configure aaa-order server

  level mode 3 privilege see the command configure aaa

  level 3 for the show privilege mode configure command crypto

  level 3 for the show privilege mode configure ssh command

  level 3 for the show privilege mode configure command dhcpd

  level 5 mode see the privilege set privilege to command

  privilege level clear 3 mode exec command dns host

  logging of the privilege clear level 3 exec mode commands

  clear level 3 arp command mode privileged exec

  AAA-server of privilege clear level 3 exec mode command

  privilege clear level 3 exec mode command crypto

  privilege clear level 3 exec command mode dynamic filters

  level 3 for the privilege cmd mode configure command failover

  clear level 3 privilege mode set the logging of command

  privilege mode clear level 3 Configure arp command

  clear level 3 privilege mode configure command crypto

  clear level 3 privilege mode configure aaa-order server

  context of prompt hostname

  no remote anonymous reporting call

  Cryptochecksum:447bbbc60fc01e9f83b32b1e0304c6b4

  : end

  Captures we can see packets going from the pool to the internal LAN, but we do not reply back packages.

  The routing must be such that for 172.16.10.0/24 packages should reach the inside interface of the ASA.

  On client machines or your internal LAN switch, you need to add route for 172.16.10.0/24 pointing to the inside interface of the ASA.

• VM IP not accessible from outside network

  Hi guys

  This may be a matter of complete newbe, but I have been messing round with ESXi host and encountered a problem that I spent the last 2 days of troubleshooting. I have a box of ESXi running in my room which is connected to my network... what I'm trying to do, is to ensure that the virtual machines running on this computer is available to my PC outside the area of ESXi... the problem is I can't RDP all VMs from outside as they are being ADMINISTRATED by the VMswitch...

  I used wireshark to determine the source Ip when I ping my PC from the machine virtual and found that he was given the ESXI server static ip address...

  Does anyone know of a work around? I would like to assign a static ip address on the virtual computer for I can use it as FTP server for my network outside of the box of ESXI

  Thanks in advance!

  Once you have assigned the additional card on the movement of the virtual machine, you should be good to go.

  I use RDP among other modes, to manage different servers on my local network. If you want to have the accessible FTP server from outside the local network (for example, from a different location), then you will want to use the port forwarding on your router and the IP address of this virtual machine. Watch the free services of www.dyndns.com occurring via a url instead of having to worry about your public IP address change. I use their services (those that are free for the time being) to access my ftp server and web server (two different Linux servers that are virtual machines on my ESXi host). I put RDP in place for my DC and especially vCenter servers so that I can connect to them even if the other methods do not work properly.

  Feel free to reach out to me by PM if you need additional assistance, gets results online. Please keep in mind that the extra NIC you pick up is on the HCL. If I were you, I'd go with at least one card dual port. I support the Intel NETWORK card inside my ESX hosts. Right now, I use a port dual and quad port NIC inside my host. Adding that to the embedded (Broadcom NIC) gives me a total of seven NIC to play with.

  VCP4

• tunnel upward but not ping of the asa inside interface

  Dear all

  I am establishing a tunnel vpn between cisco asa 5510 and a cisco router. The tunnel is up, and I can ping both cryptographic interfaces. Also, from the console of the asa I can ping to the router lan interface but the router I can not ping the lan interface of the asa, this message appears in the log

  % ASA-3-713042: unable to find political initiator IKE: Intf liaison_BLR, Src: 128.2

  23.125.232, DST: 129.223.123.234

  Here is the config of the equipment.

  I was able to successfully establish an ipsec with an another ROUTER 1841 tunnel. I have 1 hub site and 3 remotes sites with asa as a hub.

  Help, please.

  Your crypto that ACLs are not matching. They must be exact mirror of the other.

  In addition, you can consider setting the levels of security for the interfaces. They are all at 0. The value internal/private those a higher value.

  Let me know how it goes.

  PS. If you find this article useful, please note it.

• Two questions - cannot save the printer shares with the error code 0x000006d9 and part of the Machine is not accessible from the network of working groups

  I think this are problems, but here is the separately questions, first of all - the basics:

  4 PC network using the working group with two Windows 7 (ultimate) and two xp.  Everything worked fine with the a previous vista / xp 3 network.  All except the Windows 7 Desktop behave well. The network is connected with a modem cable to a 5XT netscreen NS (firewall hardware to the outside and the inside hub), a netgear wireless access point and Windows workgroup use (as mentioned above).  Name all is correct on all machines, all the discovery settings are in place and each has Norton Internet security for its local protection services. Upgrades of Windows 7 have been computer vista laptop connected wireless and wired desktop previously running XP Professional sp3.  XP conversion was assisted on the desktop of the wizard upgrade Laplink PC Mover.  Applications executed in appearance on the two level computers.

  On the desktop - I can't share printers. When I use "networks and printers" in the start menu to share on a printer I get code 0x000006d9 error saying something like the configuration cannot be saved.  All local jobs printing works well.

  On the desktop - the name of the computer records also of all as on the network (it is discovered and mapped by each PC) but when I try to access it from any other machine I get a general error says something like "check your spelling of the name mannequin." This desktop computer Win 7 can browse shared folders on the network of and write about everything.  Somewhat added data - this device can ping all others in the network sucessfully but none get a ping successfully into the offending machine either with ip address or computer name (times out waiting for a response or said the name is not found).  He himself can ping successfully.  It accesses the internet very high hand.

  Solutions have been attempted without a firewall (Firewall Norton Smart Internet - 2010), with the firewall and various changes to authorization.  A final discovery was that Windows Firewall will not allow because BFE is not able to start - error 5 - access denied (this was discovered by train to allow a possible solution because of some internet chatter that the Windows Firewall must be running to implement shared printers).  All other dependencies are running to get a break on why BFE is not (it turns on the Win 7 laptop as well as the firewall).  Authorizations have been verified in the registry for settings of firewall and BFE (ports, permits, etc.) have also been looked at with a very critical eye.  SFC has been run with no problem.  All ports for net drivers, Win 7 networking and other actions are open in the firewall.

  Then people - I did some internet research and I tried a lot of suggested solutions nothing doesn't.  My apologies in advance if a person provides a solution and I say "tried".  Any help is very appreciated

  You can mark this as resolved problem!
  The program involved, causing this error is firewall Windows, here is what you need to do to fix this...
  If like me you have disabled windows firewall, I use Security Suite of ZoneAlarm, you will need to re-enable the firewall to share the printer.

  If you have disabled or turned off the Windows Firewall. (and in my case this error was caused by exactly that)
  Step #1 - disable any other firewall can be installed. Stop to load at startup and restart your PC.

  Step #2 - go to the tools of Admin folder > Services > Windows Firewall > double click and is it set to manual or automatic and keep it.

  Step #3 - open Control Panel > system & security > Windows Firewall > enable or disable the Windows Firewall > (Enable) turn on the Windows Firewall > save
  Then go to Restore Defaults > click on restore default button > save
  (you only do this IF you have changed the settings of the firewall, but it is always a good idea and will ensure that there are no problems during the proceeding)

  Step #4 - click Control Panel Home > view devices & Printers > Select / click on your printer > screen printer properties > share > share this printer > OK

  Step #5 - go back to firewall Windows and the tower he walks back > save

  Step #6 - go back to Services > and the Manual value Windows Firewall (or turn it off if you want, I recommend the manual)

  Step #7 - reboot and re-enable your firewall preferred to start at startup > Reboot

  Step #8 - take a deep breath and sigh of relief! :)

• RND4210 ReadyNAS 'your NETGEAR storage space is not accessible from this computer... »

  Hi all

  First time poster here.

  My uncle died in November and he had this NAS device in his office. On the back it says RND4210 ReadyNAS but do not know what version or model or something else.

  I got to download RAIDar, but now I have done that and it detects that the NAS very well on my network, it comes up with the following message appears:

  "Your NETGEAR storage space is not accessible from this computer. Please check your network settings. »

  Any help would be appreciated.

  Everything is now resolved.

  Although it is on the same network, it took my PC to also have a wired connection. I moved closer to my hub and plugged here rather than steal my PC ethernet and putting my PC into a Wi - Fi.

• Capsule of the airport is not accessible from the internet

  Capsule of the airport is not accessible from the internet

  He could be reached at any time and has now stopped working?

  How have you tried?

  Three common methods... that you use?

  Airport drive - remote (3 methods)

• How to restore pictures that have been deleted from Lightroom, but not removed from the 'drive '?

  How to restore pictures that have been deleted from Lightroom, but not removed from the 'drive '? Also, how can I restore photos after saving Lightroom. I started to remove some files and it removed ALL of them! I chose the option "cancel delete files" and them brought back, she says they are all "missing or offline. I tried to 'find' a different folder and it deleted the folder all together and now I don't know where he is. Help, please!

  How to restore pictures that have been deleted from Lightroom, but not removed from the 'drive '?

  You need a backup of your Lightroom catalog file before deleting the photos made. You have such a backup? If so, find the backup catalog, open it (double click on it) and then search for the photos you want and select them and then file-> export catalogue; Then go to your original catalog file, open it and select file-> import from another catalog and points to the catalog that you just exported.

  If you do not have a backup of your catalog file, then the only thing you can do is to import the photos again, and Lightroom will treat them as totally new photos with no editing and no metadata provided by the user.

  Moreover, the idea of importing photos into Lightroom and then later removing them to Lightroom should is limited to photos you will EVER want such a photos that are so overexposed or underexposed or blurred that they are essentially useless. The photos that you care enough to run a task on (including editing) should never be removed from Lightroom.

  Also, how can I restore photos after saving Lightroom.

  Is this the same problem as above, or another?

  I chose the option "cancel delete files" and them brought back, she says they are all "missing or offline.

  Is it possible that you actually deleted pictures from the hard disk, as well as from Lightroom? Anyway, Lightroom cannot find the photos and you first need to find photos on your hard drives and then direct Lightroom to the location of the photo on your hard drive, using these instructions Adobe Lightroom - find folders and files moved or missing

• Windows Vista Home Edition not accessible PC in network

  Hello

  I have Windows Vista Home edition installed on a PC. I shared a few folders on the network. I gave all security and permission to everyone to read and share share the contents of the folder.

  But when someone from the network wishes to access a shared folder on this computer by writing (\\abc-PC) in the Run dialog box, system gives an error "network path was not found".

  I disabled the firewall and anti-virus to this PC.

  Network is configured by a network of professionals expert. So no question of network.

  Some people said that this is a limitation of Vista Home, but I do not.

  Please help me.

  Thanks in advance.

  Thanks Krish

  Hi Krish,

  Work on a domain network?

  Make sure that the computer is turned on and that you have enabled file sharing and printers on your network

  Follow the steps mentioned in the link below

  Solve the problems - and printer-sharing files

  http://Windows.Microsoft.com/en-us/Windows-Vista/troubleshoot-file-and-printer-sharing

  Make sure network discovery is on

  1. open the network and sharing Center by clicking the Start button, clicking Control Panel, clicking Network and Internet, and then click Network and sharing Center.

  2. If network discovery is off, click the arrow to expand the section, click turn on network discovery, and then click on apply.  If you are prompted for an administrator password or a confirmation, type the password or provide confirmation.

  For more information, see the link below

  Network connection problems

  http://Windows.Microsoft.com/en-us/Windows-Vista/troubleshoot-network-connection-problems

  Networking of computers running different versions of Windows

  http://Windows.Microsoft.com/en-us/Windows-Vista/Networking-home-computers-running-different-versions-of-Windows

  Thank you, and in what concerns:

  Ajay K

  Microsoft Answers Support Engineer

  Visit our Microsoft answers feedback Forum and let us know what you think.

• Ipad Cisco ipsec VPN connects but not access to the local network

  Hi guys,.

  I am trying to connect our ipads to vpn to access network resources. IPSec cisco ipad connects but not lan access and cannot ping anything not even not the interfaces of the router.

  If I configure the vpn from cisco on a laptop, it works perfectly, I can ping all and can access resources on the local network if my guess is that the traffic is not going in the tunnel vpn between ipad and desktop.

  Cisco 877.

  My config is attached.

  Any ideas?

  Thank you

  Build-in iPad-client is not useful to your configuration.

  You have three options:

  (1) remove the ACL of your vpn group. Without split tunneling client will work.

  2) migrate legacy config crypto-map style. Here, you can use split tunneling

  3) migrate AnyConnect.

  The root of the problem is that the iPad Gets the split tunneling-information. But instead of control with routing traffic should pass through the window / the tunnel and which traffic is allowed without the VPN of the iPad tries to build a set of SAs for each line in your split-tunnel-ACL. But with the model-virtual, SA only is allowed.

• New virtual local network not accessible from the vpn

  Cisco ASA 5510 helps static routes.  I created a new vlan internal and added the path correct for the ASA.  Internally the vlan is fully accessible, but when I connect to the VPN I can't communicate with the systems in this regard.

  The access policy dynamics and associated ACLs are fine. A system related to this policy, but not on the new VLAN is accessible through this policy.

  What Miss me?

  Hello

  Please let us know what kind of tunnel are you talking about:

  1 lan to lan tunnel

  2. site of tunnel site

  You must ensure that the new VLAN is part of the interesting traffic and nat is free.

  Add the new vlan interesting traffic will ensure that the tunnel is trigged for the new VLAN.

  Do the new vlan a part of nat exemption ensures that traffic is through the tunnel and natted not routed to internet and so lost.

  Also you can check if the program and for the tunnel decaps multiply or not when you try to move traffic from the new VLAN. You can check which form the "sh cry counterpart his ips."

  I hope this helps.

  Kind regards

  Anisha

  P.S.: Please mark this thread as answered, if you feel that your query is resolved. Note the useful messages.

• Local database not accessible from the console of the enterprize Manager

  Hi all.. I have a strange problem, please help
  
  I have installed hv oracle 9i on my pc. It is related to a db server and a local database (for scott schema) is also installed on the pc. with console of oracle enterprise manager, I was and want to access the two databasses. (db server and local)
  I can access the database server of db as sys: attributes are...
  
  Host: 10.4.34.59
  Port: 1526
  SID: grid59
  
  attributes for local db
  ---------------------
  Host: e5687g7665
  Port: 1523
  SID: ora123
  
  the two dbs are accessible from sql plus, but when I write scott, tiger on the console, it says 'no listener'... on the net manager oracle I HAV already added the address for pc local db.
  Thanks in advance, please help

  Hello
  It's very strange, using tnsping you get the listener, so I don't understand why sqlplus returns 'no listener '.
  You have run the tnsping and sqlplus from the same computer and same ORACLE_HOME, right?
  You have several installed Oracle customers?

  Liron Amitzi
  Consultant senior s/n
  [www.dbsnaps.com]
  [www.orbiumsoftware.com]

• Site to site VPN upward but not pass traffic (ASA 5505 8.3.1 and 9.2.3 version)

  Hello

  I'll put up a tunnel vpn site-to-site between two locations.  Both have cisco ASA 5505 running a different version, I'll explain in more detail below.  so far, I was able to get the tunnel to come but I can't seem to pass traffic, I work at this for days now and have not been able to understand why he will not pass traffic.  Needless to say that the customer's PO would be on the fact that their VPN is not upward and they had to do by hand.  I'll put the configs below, if possible can someone help me as soon as POSSIBLE, I really want to get this site up and running so that we do not lose the customer.

  An IP address of 0.0.0.0 = site
  Site B IP = 1.1.1.1

  A Version of the site = 8.3.1
  Version of the site B = 9.2.3

  __________________________

  _________

  A RACE OF THE SITE CONFIGURATION

  Output of the command: "sh run".

  : Saved
  :
  ASA Version 8.3 (1)
  !
  hostname SDMCLNASA01
  SDMCLNASA01 domain name. LOCAL
  Select 5E8js/Fs7qxjxWdp of encrypted password
  2KFQnbNIdI.2KYOU encrypted passwd
  names of
  !
  interface Vlan1
  nameif inside
  security-level 100
  the IP 192.168.0.1 255.255.255.0
  !
  interface Vlan2
  nameif outside
  security-level 0
  the IP 0.0.0.0 255.255.255.252
  !
  interface Ethernet0/0
  switchport access vlan 2
  !
  interface Ethernet0/1
  !
  interface Ethernet0/2
  !
  interface Ethernet0/3
  !
  interface Ethernet0/4
  !
  interface Ethernet0/5
  !
  interface Ethernet0/6
  !
  interface Ethernet0/7
  !
  passive FTP mode
  clock timezone CST - 6
  clock to summer time recurring CDT
  DNS lookup field inside
  DNS domain-lookup outside
  DNS server-group DefaultDNS
  SDMCLNASA01 domain name. LOCAL
  permit same-security-traffic inter-interface
  permit same-security-traffic intra-interface
  network of the NETWORK_OBJ_192.168.0.0_24 object
  192.168.0.0 subnet 255.255.255.0
  network of the NETWORK_OBJ_192.168.1.0_24 object
  subnet 192.168.1.0 255.255.255.0
  network lan_internal object
  192.168.0.0 subnet 255.255.255.0
  purpose of the smtp network
  Home 192.168.0.245
  Network http object
  Home 192.168.0.245
  rdp network object
  Home 192.168.0.245
  network ssl object
  Home 192.168.0.245
  network camera_1 object
  host 192.168.0.13
  network camerahttp object
  host 192.168.0.13
  service object 8081
  source eq 8081 destination eq 8081 tcp service
  Dvr description
  network camera-http object
  host 192.168.0.13
  network dvr-http object
  host 192.168.0.13
  network dvr-mediaport object
  host 192.168.0.13
  object-group Protocol DM_INLINE_PROTOCOL_1
  object-protocol udp
  object-tcp protocol
  object-group Protocol TCPUDP
  object-protocol udp
  object-tcp protocol
  DM_INLINE_TCP_1 tcp service object-group
  EQ port 3389 object
  port-object eq www
  EQ object of the https port
  EQ smtp port object
  DM_INLINE_TCP_2 tcp service object-group
  port-object eq 34567
  port-object eq 34599
  EQ port 8081 object
  permit access ip 192.168.0.0 scope list outside_1_cryptomap 255.255.255.0 192.168.1.0 255.255.255.0
  outside_access_in list extended access permit tcp any any eq smtp
  outside_access_in list extended access permit tcp any any DM_INLINE_TCP_1 object-group
  outside_access_in list extended access permit tcp any any DM_INLINE_TCP_2 object-group
  permit access ip 192.168.0.0 scope list inside_nat0_outbound 255.255.255.0 192.168.1.0 255.255.255.0
  pager lines 24
  Enable logging
  asdm of logging of information
  Within 1500 MTU
  Outside 1500 MTU
  ICMP unreachable rate-limit 1 burst-size 1
  ICMP allow any inside
  ICMP allow all outside
  don't allow no asdm history
  ARP timeout 14400
  NAT (inside, outside) static static source NETWORK_OBJ_192.168.1.0_24 destination NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.1.0_24
  NAT (exterior, Interior) static static source NETWORK_OBJ_192.168.0.0_24 destination NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.0.0_24
  !

  
  network lan_internal object
  NAT dynamic interface (indoor, outdoor)
  purpose of the smtp network
  NAT (all, outside) interface static tcp smtp smtp service
  Network http object
  NAT (all, outside) interface static tcp www www service
  rdp network object
  NAT (all, outside) interface static service tcp 3389 3389
  network ssl object
  NAT (all, outside) interface static tcp https https service
  network dvr-http object
  NAT (all, outside) interface static 8081 8081 tcp service
  network dvr-mediaport object
  NAT (all, outside) interface static 34567 34567 tcp service
  Access-group outside_access_in in interface outside
  Route outside 0.0.0.0 0.0.0.0 71.42.194.209 1
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-registration DfltAccessPolicy
  http server enable 8080
  http 192.168.0.0 255.255.255.0 inside
  http 192.168.1.0 255.255.255.0 inside
  http 192.168.1.0 255.255.255.0 outside
  http 71.40.221.136 255.255.255.252 inside
  http 71.40.221.136 255.255.255.252 outside
  http 192.168.0.0 255.255.255.0 outside
  http 97.79.197.42 255.255.255.255 inside
  http 97.79.197.42 255.255.255.255 outside
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
  life crypto ipsec security association seconds 28800
  Crypto ipsec kilobytes of life - safety 4608000 association
  card crypto outside_map 1 match address outside_1_cryptomap
  card crypto outside_map 1 set peer 1.1.1.1
  card crypto outside_map 1 set of transformation-ESP-3DES-SHA
  outside_map interface card crypto outside
  crypto isakmp identity address
  crypto ISAKMP allow outside
  crypto ISAKMP policy 65535
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  Telnet timeout 5
  SSH timeout 5
  Console timeout 0
  dhcpd address 192.168.0.50 - 192.168.0.150 inside
  dhcpd dns 192.168.0.245 209.18.47.62 interface inside
  dhcpd SDMCLNASA01 field. LOCAL inside interface
  dhcpd allow inside
  !

  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  WebVPN
  attributes of Group Policy DfltGrpPolicy
  Protocol-tunnel-VPN IPSec l2tp ipsec
  tunnel-group 1.1.1.1 type ipsec-l2l
  tunnel-group 1.1.1.1 ipsec-attributes
  pre-shared key *.
  !
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  maximum message length automatic of customer
  message-length maximum 512
  !
  context of prompt hostname
  call-home
  Profile of CiscoTAC-1
  no active account
  http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
  email address of destination [email protected] / * /
  destination-mode http transport
  Subscribe to alert-group diagnosis
  Subscribe to alert-group environment
  Subscribe to alert-group monthly periodic inventory
  monthly periodicals to subscribe to alert-group configuration
  daily periodic subscribe to alert-group telemetry
  Cryptochecksum:462428c25e9748896e98863f2d8aeee7
  : end

  ________________________________

  SITE B RUNNING CONFIG

  Output of the command: "sh run".

  : Saved
  :
  : Serial number: JMX1635Z1BV
  : Material: ASA5505, 512 MB RAM, 500 MHz Geode Processor
  :
  ASA Version 9.2 (3)
  !
  ciscoasa hostname
  activate qddbwnZVxqYXToV9 encrypted password
  volatile xlate deny tcp any4 any4
  volatile xlate deny tcp any4 any6
  volatile xlate deny tcp any6 any4
  volatile xlate deny tcp any6 any6
  volatile xlate deny udp any4 any4 eq field
  volatile xlate deny udp any4 any6 eq field
  volatile xlate deny udp any6 any4 eq field
  volatile xlate deny udp any6 any6 eq field
  names of
  !
  interface Ethernet0/0
  switchport access vlan 2
  !
  interface Ethernet0/1
  !
  interface Ethernet0/2
  !
  interface Ethernet0/3
  !
  interface Ethernet0/4
  !
  interface Ethernet0/5
  !
  interface Ethernet0/6
  !
  interface Ethernet0/7
  !
  interface Vlan1
  nameif inside
  security-level 100
  IP 192.168.1.1 255.255.255.0
  !
  interface Vlan2
  nameif outside
  security-level 0
  IP 1.1.1.1 255.255.255.252
  !
  passive FTP mode
  clock timezone CST - 6
  clock to summer time recurring CDT
  permit same-security-traffic inter-interface
  permit same-security-traffic intra-interface
  network camera_http object
  host 192.168.1.13
  network camera_media object
  host 192.168.1.13
  network of the NETWORK_OBJ_192.168.0.0_24 object
  192.168.0.0 subnet 255.255.255.0
  network of the NETWORK_OBJ_192.168.1.0_24 object
  subnet 192.168.1.0 255.255.255.0
  outside_access_in list extended access permit tcp any any eq 9000
  outside_access_in list extended access permit tcp any any eq www
  outside_access_in list extended access permit icmp any one
  outside_cryptomap to access ip 192.168.1.0 scope list allow 255.255.255.0 object NETWORK_OBJ_192.168.0.0_24
  pager lines 24
  Enable logging
  asdm of logging of information
  Within 1500 MTU
  Outside 1500 MTU
  no failover
  ICMP unreachable rate-limit 1 burst-size 1
  ICMP allow any inside
  ICMP allow all outside
  ASDM image disk0: / asdm - 732.bin
  don't allow no asdm history
  ARP timeout 14400
  no permit-nonconnected arp
  NAT (inside, outside) static static source NETWORK_OBJ_192.168.0.0_24 destination NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.0.0_24
  NAT (exterior, Interior) static static source NETWORK_OBJ_192.168.1.0_24 destination NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.1.0_24
  !
  network camera_http object
  NAT (all, outside) interface static tcp www www service
  network camera_media object
  NAT (all, outside) interface static 9000 9000 tcp service
  !
  NAT source auto after (indoor, outdoor) dynamic one interface
  Access-group outside_access_in in interface outside
  Route outside 0.0.0.0 0.0.0.0 71.40.221.137 1
  Timeout xlate 03:00
  Pat-xlate timeout 0:00:30
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  Floating conn timeout 0:00:00
  dynamic-access-policy-registration DfltAccessPolicy
  identity of the user by default-domain LOCAL
  Enable http server
  http 192.168.1.0 255.255.255.0 inside
  No snmp server location
  No snmp Server contact
  Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-TRANS-aes - esp esp-md5-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transit
  Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
  Crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
  Crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
  Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-DES-SHA-TRANS esp - esp-sha-hmac
  Crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-DES-MD5-TRANS esp - esp-md5-hmac
  Crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transit
  Crypto ipsec ikev2 AES256 ipsec-proposal
  Protocol esp encryption aes-256
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 ipsec-proposal AES192
  Protocol esp encryption aes-192
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 ipsec-proposal AES
  Esp aes encryption protocol
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 proposal ipsec 3DES
  Esp 3des encryption protocol
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 ipsec-proposal OF
  encryption protocol esp
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec pmtu aging infinite - the security association
  card crypto outside_map 1 match address outside_cryptomap
  card crypto outside_map 1 peer set 0.0.0.0
  card crypto outside_map 1 set transform-set ESP-3DES-SHA ikev1
  outside_map interface card crypto outside
  trustpool crypto ca policy
  IKEv2 crypto policy 1
  aes-256 encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 10
  aes-192 encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 20
  aes encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 30
  3des encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 40
  the Encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  Crypto ikev1 allow outside
  IKEv1 crypto policy 120
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  Telnet timeout 5
  SSH stricthostkeycheck
  SSH timeout 5
  SSH group dh-Group1-sha1 key exchange
  Console timeout 0

  dhcpd address 192.168.1.50 - 192.168.1.150 inside
  dhcpd dns 192.168.0.245 209.18.47.61 interface inside
  dhcpd SDPHARR field. LOCAL inside interface
  dhcpd allow inside
  !
  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  WebVPN
  AnyConnect essentials
  attributes of Group Policy DfltGrpPolicy
  Ikev1 VPN-tunnel-Protocol
  internal GroupPolicy_0.0.0.0 group strategy
  attributes of Group Policy GroupPolicy_0.0.0.0
  VPN-tunnel-Protocol ikev1, ikev2
  tunnel-group 0.0.0.0 type ipsec-l2l
  tunnel-group 0.0.0.0 ipsec-attributes
  IKEv1 pre-shared-key *.
  remote control-IKEv2 pre-shared-key authentication *.
  pre-shared-key authentication local IKEv2 *.
  !
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  maximum message length automatic of customer
  message-length maximum 512
  !
  context of prompt hostname
  no remote anonymous reporting call
  call-home
  Profile of CiscoTAC-1
  no active account
  http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
  email address of destination [email protected] / * /
  destination-mode http transport
  Subscribe to alert-group diagnosis
  Subscribe to alert-group environment
  Subscribe to alert-group monthly periodic inventory
  monthly periodicals to subscribe to alert-group configuration
  daily periodic subscribe to alert-group telemetry
  Cryptochecksum:19031ab1e3bae21d7cc8319fb7ecf0eb
  : end

  Sorry my mistake.

  Delete this if it's still there

  card crypto external_map 1 the value reverse-road

  Add this to both sides

  card crypto outside_map 1 the value reverse-road

  Sorry about that.

  Mike

• vmware site is not accessible from other hosts

  The host is Windows 7, and the guest is CentOS. I managed to put in

  openSSH and apache on the rise and the site is visible to the host, but I can't

  access it from outside my LAN (I have a router) or inside my local network (since one

  another computer of course). How to configure Vmware & window7 then I have

  can access my virtual server on the internet?

  If you did what I said in my reply to you the other day this subject, you should be able to access by other computers on your local network, but not in itself for WAN connections and you will need to set up your router correctly to enable connectivity on the Internet virtual computer.

  You did as I suggested and read Chapter 14 you have a knowledge of virtual networks and then bridged Network Adapter to the virtual machine value and disable auto fill in the virtual network Editor?

  If this is not the case, go back and read: Re: vmware is accessible from the host machine, but not on other computers

  BTW, in the future do not start a second thread for discussion of the matter.

• I can't open the .jpg files from the desktop using "Windows Photo Gallery" as the default program. They open normally from nowhere elsewhere, but not directly from the desktop. No error, nothing happens.

  If I right click 'open with' open with other programs like IE but not "Windows Photo Gallery". It is not a specific .jpg file, this is all .jpg files. For example... I have a .jpg file in a folder on my desktop, open folder double click, it will open in the "Windows Photo Gallery". Copy and paste the SAME file on the desktop, double-click on, nothing happens. I tried to restart, change the default value of IE, open the file, it opens, by default change to "Windows Photo Gallery" doesn't work... I am confused?

  Hello

  Welcome to the community of Windows Vista answers.

  Method 1:

  This can happen in the database that keeps track of all the photos and videos in your collection is damaged. You can rebuild your database by:

  (1) close Windows Live Photo Gallery

  (2) · Click Start

  (3) · Click on my computer

  (4) · Paste this address into the address field %userprofile%\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery

  (5) · Right-click Pictures.pd5

  (6) click on rename

  (7) · Change the name of the file to OLD_Pictures.pd5

  (8) · Restart the computer and then try to open the Windows Photo Gallery.

  Method 2:
  Try using the tool (SFC.exe) System File Checker to check and repair corrupt system files.  To do this, follow these steps:

  How to run scan SFC

  1. click on the Start button

  2. on the Start Menu, click all programs followed by accessories

  3. in the menu accessories, right-click on command line option

  4. in the drop-down menu that appears, click the "Run as Administrator" option

  5 If you have the enabled User Account Control (UAC) you will be asked to consent to the opening of the command line. You simply press the button continue if you are the administrator or insert password etc.

  6. in the command prompt window, type: sfc/scannow then press enter

  7. a message is displayed to indicate that "the analysis of the system will start.

  8. be patient because the analysis may take some time

  9. If all of the necessary files any replacement SFC will replace them. You may be asked to insert your Vista DVD for this process to continue

  10. If all goes although you should, after the analysis, see the following message "Windows resource protection not found any breach of integrity.

  11 after the scan finished, close the command prompt window reboot the computer and check.

  For more information, see the link below.
  http://support.Microsoft.com/kb/936212

  Let us know if this helps

  Concerning
  Anthony.