Similar Questions

• IPSec tunnels does not work

  I have 2 Cat6, with IPsec SPA card, while the other did not.

  I tried setting IPsec tunnel between them, but somehow can't bring up the tunnel, can someone help me to watch set it up?

  A (with SPA):

  crypto ISAKMP policy 1

  BA aes 256

  preshared authentication

  Group 5

  ISAKMP crypto cisco123 key address 0.0.0.0 0.0.0.0

  ISAKMP crypto keepalive 10

  Crypto ipsec transform-set esp - aes 256 esp-sha-hmac testT1

  !

  Crypto ipsec profile P1

  Set transform-set testT1

  !

  Crypto call admission limit ike his 3000

  !

  Crypto call admission limit ike in-negotiation-sa 115

  !

  interface Tunnel962

  Loopback962 IP unnumbered

  tunnel GigabitEthernet2/37.962 source

  tunnel destination 172.16.16.6

  ipv4 ipsec tunnel mode

  Profile of tunnel P1 ipsec protection

  interface GigabitEthernet2/37.962

  encapsulation dot1Q 962

  IP 172.16.16.5 255.255.255.252

  interface Loopback962

  1.1.4.200 the IP 255.255.255.255

  IP route 2.2.4.200 255.255.255.255 Tunnel962

  B (wuthout SPA):

  crypto ISAKMP policy 1

  BA aes 256

  preshared authentication

  Group 5

  ISAKMP crypto cisco123 key address 0.0.0.0 0.0.0.0

  !

  !

  Crypto ipsec transform-set esp - aes 256 esp-sha-hmac T1

  !

  Crypto ipsec profile P1

  game of transformation-T1

  interface Tunnel200

  Loopback200 IP unnumbered

  tunnel GigabitEthernet2/1.1 source

  tunnel destination 172.16.16.5

  ipv4 ipsec tunnel mode

  Profile of tunnel T1 ipsec protection

  interface Loopback200

  2.2.4.200 the IP 255.255.255.255

  interface GigabitEthernet2/1.1

  encapsulation dot1Q 962

  IP 172.16.16.6 255.255.255.252

  IP route 1.1.4.200 255.255.255.255 Tunnel200

  I can ping from 172.16.16.6 to 172.16.16.5, but the tunnel just can not upwards. When I turned on "debugging ipsec cry ' and ' debug cry isa", nothing comes out, when I trun on 'cry of debugging sciences', I got:

  "00:25:17: crypto_engine_select_crypto_engine: can't handle more."

  Hello

  You need a map of IPSEC SPA on chassis B do IPSEC encryption. Please see the below URL for more details.

  Without a SPA-IPSEC - 2G or IPsec VPN Services Module of acceleration, the IPsec network security feature (configured with the crypto ipsec command) is supported in the software only for administrative for Catalyst 6500 series switches and routers for the Cisco 7600 Series connections.

  http://www.Cisco.com/en/us/docs/switches/LAN/catalyst6500/IOS/12.2SXF/native/release/notes/OL_4164.html

  Kind regards

  Arul

  * Rate pls if it helps *.

• IPSec tunnel does not work

  Hi all

  We have an IPSec tunnel that does not work. I think that Phase 2 is not established but I don't know why.

  Add the output and the newspaper.

  Thanks for your help

  ASA-VPN-PRI/act/pri # sh crypto isakmp his
  !
  13 peer IKE: 91.209.243.5
  Type: L2L role: answering machine
  Generate a new key: no State: MM_ACTIVE

  !

  ASA-VPN-PRI/act/pri # sh crypto isakmp his | include the 91.209.243.5
  12 peer IKE: 91.209.243.5
  ASA-VPN-PRI/act/pri #.

  ASA-VPN-PRI/act/pri # sh crypto ipsec his | include the 91.209.243.5
  ASA-VPN-PRI/act/pri #.

  7. December 17, 2014 | 15: 40:48 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = c516994b) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
  7. December 17, 2014 | 15: 40:48 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
  7. December 17, 2014 | 15: 40:48 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
  7. December 17, 2014 | 15: 40:48 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d6c)
  7. December 17, 2014 | 15: 40:48 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d6c)
  7. December 17, 2014 | 15: 40:48 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
  7. December 17, 2014 | 15: 40:48 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
  7. December 17, 2014 | 15: 40:48 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = 29bf4142) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
  7. December 17, 2014 | 15: 40:43 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = b72ddf0a) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
  7. December 17, 2014 | 15: 40:43 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
  7. December 17, 2014 | 15: 40:43 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
  7. December 17, 2014 | 15: 40:43 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d6b)
  7. December 17, 2014 | 15: 40:43 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d6b)
  7. December 17, 2014 | 15: 40:43 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
  7. December 17, 2014 | 15: 40:43 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
  7. December 17, 2014 | 15: 40:43 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = ae5305df) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
  7. December 17, 2014 | 15: 40:38 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = b796798d) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
  7. December 17, 2014 | 15: 40:38 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
  7. December 17, 2014 | 15: 40:38 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
  7. December 17, 2014 | 15: 40:38 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d6a)
  7. December 17, 2014 | 15: 40:38 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d6a)
  7. December 17, 2014 | 15: 40:38 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
  7. December 17, 2014 | 15: 40:38 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
  7. December 17, 2014 | 15: 40:38 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = 98241c 63) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
  7. December 17, 2014 | 15: 40:33 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = e233621d) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
  7. December 17, 2014 | 15: 40:33 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
  7. December 17, 2014 | 15: 40:33 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
  7. December 17, 2014 | 15: 40:33 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d69)
  7. December 17, 2014 | 15: 40:33 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d69)
  7. December 17, 2014 | 15: 40:33 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
  7. December 17, 2014 | 15: 40:33 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
  7. December 17, 2014 | 15: 40:33 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = 36ecdf6a) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
  7. December 17, 2014 | 15: is.40:28 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = cb1b978d) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
  7. December 17, 2014 | 15: is.40:28 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
  7. December 17, 2014 | 15: is.40:28 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
  7. December 17, 2014 | 15: is.40:28 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d68)
  7. December 17, 2014 | 15: is.40:28 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d68)
  7. December 17, 2014 | 15: is.40:28 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
  7. December 17, 2014 | 15: is.40:28 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
  7. December 17, 2014 | 15: is.40:28 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = f25bcdb5) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
  7. December 17, 2014 | 15: 40:23 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = 32bca075) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
  7. December 17, 2014 | 15: 40:23 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
  7. December 17, 2014 | 15: 40:23 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
  7. December 17, 2014 | 15: 40:23 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d67)
  7. December 17, 2014 | 15: 40:23 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d67)
  7. December 17, 2014 | 15: 40:23 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
  7. December 17, 2014 | 15: 40:23 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
  7. December 17, 2014 | 15: 40:23 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = a3f0e3f9) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84

  Please repeat the debug with "debug crypto isakmp 100". And compare the config of the Phase 2 on both sides:

  1. Is what ACL crypto exactly in the opposite direction on both sides?
  2. Your transformation sets include exactly the same algorithms?

• ASA 5505 VPN to IPSec website DOES NOT CONNECT

  I spent 2 days already to try to get 2 ASA 5505 to connect by using an IPSec vpn tunnel. I can't understand what im doing wrong, I'm using 192.168.97.0 and 192.168.100.0 as my internal networks that I am trying to connect via a link directly connected on the outside with 50.1.1.1 and 50.1.1.2 interfaces such as addresses (all 24). I also tried with and without active NAT. Here is for both of the ASA configs, the vpn config was conducted by the ASDM, but I also tried the approach of the command-line without success. I followed various guides to the letter online, starting with an empty config and factory default. I also tried the IOS 8.4.

  ASA 1 Config

  ASA 8.3 Version (2) ! VIC hostname activate 8Ry2YjIyt7RRXU24 encrypted password 2KFQnbNIdI.2KYOU encrypted passwd names of ! interface Vlan1 nameif inside security-level 100 IP 192.168.97.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 IP 50.1.1.1 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 Shutdown ! interface Ethernet0/3 Shutdown ! interface Ethernet0/4 Shutdown ! interface Ethernet0/5 Shutdown ! interface Ethernet0/6 Shutdown ! interface Ethernet0/7 Shutdown ! boot system Disk0: / asa832 - k8.bin passive FTP mode pager lines 24 Within 1500 MTU Outside 1500 MTU ICMP unreachable rate-limit 1 burst-size 1 don't allow no asdm history ARP timeout 14400 Timeout xlate 03:00 Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00 Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00 Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-registration DfltAccessPolicy Enable http server http 192.168.97.0 255.255.255.0 inside No snmp server location No snmp Server contact life crypto ipsec security association seconds 28800 Crypto ipsec kilobytes of life - safety 4608000 association Telnet timeout 5 SSH timeout 5 Console timeout 0 a basic threat threat detection Statistics-list of access threat detection no statistical threat detection tcp-interception WebVPN ! class-map inspection_default match default-inspection-traffic ! ! type of policy-card inspect dns preset_dns_map parameters maximum message length automatic of customer message-length maximum 512 Policy-map global_policy class inspection_default inspect the preset_dns_map dns inspect the ftp inspect h323 h225 inspect the h323 ras Review the ip options inspect the netbios inspect the rsh inspect the rtsp inspect the skinny inspect esmtp inspect sqlnet inspect sunrpc inspect the tftp inspect the sip inspect xdmcp ! global service-policy global_policy context of prompt hostname call-home Profile of CiscoTAC-1 no active account http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email address of destination [email protected] / * / destination-mode http transport Subscribe to alert-group diagnosis Subscribe to alert-group environment Subscribe to alert-group monthly periodic inventory monthly periodicals to subscribe to alert-group configuration daily periodic subscribe to alert-group telemetry Cryptochecksum:4745f7cd76c82340ba1e7920dbfd2395

  Config ASA2
  ASA 8.3 Version (2) ! hostname QLD

  activate 8Ry2YjIyt7RRXU24 encrypted password

  2KFQnbNIdI.2KYOU encrypted passwd

  names of

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 192.168.100.1 address 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP 50.1.1.2 255.255.255.0

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  Shutdown

  !

  interface Ethernet0/3

  Shutdown

  !

  interface Ethernet0/4

  Shutdown

  !

  interface Ethernet0/5

  Shutdown

  !

  interface Ethernet0/6

  Shutdown

  !

  interface Ethernet0/7

  Shutdown

  !

  passive FTP mode

  network of the SITEA object

  192.168.97.0 subnet 255.255.255.0

  network of the NETWORK_OBJ_192.168.100.0_24 object

  255.255.255.0 subnet 192.168.100.0

  outside_1_cryptomap to access extended list ip 192.168.100.0 allow 255.255.255.0 object SITEA

  pager lines 24

  Within 1500 MTU

  Outside 1500 MTU

  ICMP unreachable rate-limit 1 burst-size 1

  don't allow no asdm history

  ARP timeout 14400

  NAT (inside, outside) static source NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.100.0_24 static destination SITEA SITEA

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  dynamic-access-policy-registration DfltAccessPolicy

  Enable http server

  http 192.168.100.0 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  life crypto ipsec security association seconds 28800

  Crypto ipsec kilobytes of life - safety 4608000 association

  card crypto outside_map 1 match address outside_1_cryptomap

  card crypto outside_map 1 set pfs Group1

  peer set card crypto outside_map 1 50.1.1.1

  card crypto outside_map 1 set of transformation-ESP-3DES-SHA

  outside_map interface card crypto outside

  crypto ISAKMP allow outside

  crypto ISAKMP policy 10

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 65535

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  Telnet timeout 5

  SSH timeout 5

  Console timeout 0

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  WebVPN

  tunnel-group 50.1.1.1 type ipsec-l2l

  IPSec-attributes tunnel-group 50.1.1.1

  pre-shared key *.

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  maximum message length automatic of customer

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  Review the ip options

  inspect the netbios

  inspect the rsh

  inspect the rtsp

  inspect the skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect the tftp

  inspect the sip

  inspect xdmcp

  !

  global service-policy global_policy

  context of prompt hostname

  call-home

  Profile of CiscoTAC-1

  no active account

  http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address

  email address of destination [email protected] / * /

  destination-mode http transport

  Subscribe to alert-group diagnosis

  Subscribe to alert-group environment

  Subscribe to alert-group monthly periodic inventory

  monthly periodicals to subscribe to alert-group configuration

  daily periodic subscribe to alert-group telemetry

  Cryptochecksum:d987f3446fe780ab5fbb9d4213b3adff

  : end

  Hello Mitchell,

  Thanks for letting us know the resolution of this topic.

  Please answer the question as answered so future users can learn from this topic.

  Kind regards

  Julio

• DMVPN GRE tunnel does not connect a failed encapsulate

  Hello

  I'm trying to set up the tunnel WILL map HWIC Verizon - 3 G-CDMA per Verizons document. Does anyone have a backup on EVDO working?

  PDF schema - attached

  Verizons - plug

  The relevant commands are below

  HUB END

  interface Tunnel0
  IP 192.168.255.89 255.255.255.0
  no ip redirection
  dynamic multicast of IP PNDH map
  PNDH id network IP-100
  tunnel source 152.176.219.158
  multipoint gre tunnel mode

  interface Serial1/0
  Verizon MPLS VPN T3 description
  IP 152.176.219.158 255.255.255.252
  penetration of the IP stream
  encapsulation ppp
  DSU bandwidth 44210

  SPOKE ABOUT END

  interface Tunnel0
  description on the Hub GRE tunnel
  IP 192.168.255.29 255.255.255.0
  no ip redirection
  property intellectual PNDH card 192.168.255.89 152.176.219.158
  map of PNDH IP multicast 152.176.219.158
  PNDH id network IP-100
  property intellectual PNDH nhs 152.176.219.158
  registration of the PNDH non-unique IP
  source of tunnel Cellular0/1/0
  multipoint gre tunnel mode

  the Cellular0/1/0 interface
  Description * VzW EVDO Interface *.
  the negotiated IP address
  encapsulation ppp
  Broadband Dialer
  Dialer idle-timeout 0
  EVDO Dialer string
  Dialer-Group 1
  interactive asynchronous mode
  PPP chap password 7 120F1F00

  IP route 152.176.219.158 255.255.255.255 Cellular0/1/0

  in the radius of the command... IP PNDH nhs 152.176.219.158 is bad, you need to use the IP tunnel... .IP PNDH nhs 192.168.255.89.

  Just in case, here is an example configuration.

  http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a008014bcd7.shtml

• ASA 5505. VPN Site-to-Site does not connect!

  Hello!
  Already more than a week there, as we had a new channel of communication of MGTSa (Ontario terminal Sercomm RV6688BCM, who barely made in the 'bridge' - had to do the provider in order to receive our white Cisco Ip address), and now I train as well more that one week to raise between our IKEv1 IPsec Site-to-Site VPN tunnel closes offices.
  Configurable and use the wizard in ASDM and handles in the CLI, the result of a year, the connection does not rise.
  Cisco version 9.2 (2), the image of the Cisco asa922 - k8.bin, Security Plus license version, version 7.2 AMPS (2).
  What I'll never know...
  Debugging and complete configuration enclose below.
  Help, which can follow any responses, please! I was completely exhausted!

  Config:

  Output of the command: "sh run".

  : Saved
  :
  : Serial: XXXXXXXXXXXX
  : Material: ASA5505, 512 MB RAM, 500 MHz Geode Processor
  :
  ASA Version 9.2 (2)
  !
  hostname door-71
  activate the encrypted password of F6OJ0GOws7WHxeql
  names of
  IP local pool vpnpool 10.1.72.100 - 10.1.72.120 mask 255.255.255.0
  !
  interface Ethernet0/0
  switchport access vlan 2
  !
  interface Ethernet0/1
  !
  interface Ethernet0/2
  !
  interface Ethernet0/3
  !
  interface Ethernet0/4
  !
  interface Ethernet0/5
  !
  interface Ethernet0/6
  !
  interface Ethernet0/7
  !
  interface Vlan1
  nameif inside
  security-level 100
  IP 10.1.72.254 255.255.255.0
  !
  interface Vlan2
  nameif outside_mgts
  security-level 0
  62.112.100.R1 255.255.255.252 IP address
  !
  passive FTP mode
  clock timezone 3 MSK/MSD
  clock to DST MSK/MDD recurring last Sun Mar 02:00 last Sun Oct 03:00
  DNS lookup field inside
  DNS server-group MGTS
  Server name 195.34.31.50
  permit same-security-traffic inter-interface
  permit same-security-traffic intra-interface
  network obj_any object
  subnet 0.0.0.0 0.0.0.0
  network of the NET72 object
  10.1.72.0 subnet 255.255.255.0
  network object obj - 0.0.0.0
  host 0.0.0.0
  network of the Nafanya object
  Home 10.1.72.5
  network object obj - 10.1.72.0
  10.1.72.0 subnet 255.255.255.0
  network of the NET61 object
  10.1.61.0 subnet 255.255.255.0
  network of the NETWORK_OBJ_10.1.72.96_27 object
  subnet 10.1.72.96 255.255.255.224
  network of the NETT72 object
  10.1.72.0 subnet 255.255.255.0
  network of the NET30 object
  10.1.30.0 subnet 255.255.255.0
  network of the NETWORK_OBJ_10.1.72.0_24 object
  10.1.72.0 subnet 255.255.255.0
  object-group service OG INET
  the purpose of the echo icmp message service
  response to echo icmp service object
  service-object icmp traceroute
  service-object unreachable icmp
  service-purpose tcp - udp destination eq echo
  the DM_INLINE_NETWORK_1 object-group network
  network-object NET30
  network-object, object NET72
  DM_INLINE_TCP_1 tcp service object-group
  port-object eq www
  EQ object of the https port
  inside_access_in extended access list permit ip object NET72 object-group DM_INLINE_NETWORK_1
  access extensive list ip 10.1.72.0 inside_access_in allow 255.255.255.0 any
  inside_access_in extended access list permit ip object Nafanya any idle state
  inside_access_in list extended access allowed object-group OG INET an entire
  inside_access_in of access allowed any ip an extended list
  inside_access_in list extended access deny ip any alerts on any newspaper
  outside_mgts_access_in list extended access allowed object-group OG INET an entire
  outside_mgts_access_in list extended access permit tcp any any DM_INLINE_TCP_1 object-group
  outside_mgts_access_in list extended access deny ip any alerts on any newspaper
  access extensive list ip 10.1.72.0 outside_mgts_cryptomap allow 255.255.255.0 object NET61
  VPN-ST_splitTunnelAcl permit 10.1.72.0 access list standard 255.255.255.0
  pager lines 24
  Enable logging
  asdm of logging of information
  Within 1500 MTU
  outside_mgts MTU 1500
  IP check path reverse interface outside_mgts
  no failover
  ICMP unreachable rate-limit 1 burst-size 1
  don't allow no asdm history
  ARP timeout 14400
  no permit-nonconnected arp
  NAT (inside outside_mgts) static source NET72 NET72 NETWORK_OBJ_10.1.72.96_27 NETWORK_OBJ_10.1.72.96_27 non-proxy-arp-search of route static destination
  NAT (inside outside_mgts) static source NETWORK_OBJ_10.1.72.0_24 NETWORK_OBJ_10.1.72.0_24 NET61 NET61 non-proxy-arp-search of route static destination
  !
  network obj_any object
  NAT (inside outside_mgts) dynamic obj - 0.0.0.0
  network of the NET72 object
  NAT (inside outside_mgts) interface dynamic dns
  inside_access_in access to the interface inside group
  Access-group outside_mgts_access_in in the outside_mgts interface
  Route 0.0.0.0 outside_mgts 0.0.0.0 62.112.100.R 1
  Timeout xlate 03:00
  Pat-xlate timeout 0:00:30
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  Floating conn timeout 0:00:00
  dynamic-access-policy-registration DfltAccessPolicy
  without activating the user identity
  identity of the user by default-domain LOCAL
  AAA authentication http LOCAL console
  the ssh LOCAL console AAA authentication
  Enable http server
  http 10.1.72.0 255.255.255.0 inside
  No snmp server location
  No snmp Server contact
  Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-TRANS-aes - esp esp-md5-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transit
  Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
  Crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
  Crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
  Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-DES-SHA-TRANS esp - esp-sha-hmac
  Crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-DES-MD5-TRANS esp - esp-md5-hmac
  Crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transit
  Crypto ipsec ikev2 AES256 ipsec-proposal
  Protocol esp encryption aes-256
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 ipsec-proposal AES192
  Protocol esp encryption aes-192
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 ipsec-proposal AES
  Esp aes encryption protocol
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 proposal ipsec 3DES
  Esp 3des encryption protocol
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 ipsec-proposal OF
  encryption protocol esp
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec pmtu aging infinite - the security association
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev2 AES256 AES192 AES 3DES ipsec-proposal OF
  card crypto outside_mgts_map 1 match address outside_mgts_cryptomap
  card crypto outside_mgts_map 1 set pfs Group1
  peer set card crypto outside_mgts_map 1 91.188.180.42
  card crypto outside_mgts_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
  outside_mgts_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
  card crypto outside_mgts_map interface outside_mgts
  inside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
  inside crypto map inside_map interface
  Crypto ca trustpoint ASDM_TrustPoint0
  registration auto
  E-mail [email protected] / * /
  name of the object CN = door-71
  Serial number
  IP address 62.112.100.42
  Proxy-loc-transmitter
  Configure CRL
  Crypto ca trustpoint ASDM_TrustPoint1
  registration auto
  ASDM_TrustPoint1 key pair
  Configure CRL
  trustpool crypto ca policy
  string encryption ca ASDM_TrustPoint0 certificates
  certificate eff26954
  30820395 3082027d a0030201 020204ef f2695430 0d06092a 864886f7 0d 010105
  019
  6460ae26 ec5f301d 0603551d 0e041604 14c9a3f2 d70e6789 38fa4b01 465d 1964
  60ae26ec 5f300d06 092 has 8648 01050500 03820101 00448753 7baa5c77 86f70d01
  62857b 65 d05dc91e 3edfabc6 7b3771af bbedee14 673ec67d 3d0c2de4 b7a7ac05
  5f203a8c 98ab52cf 076401e5 1a2c6cb9 3f7afcba 52c617a5 644ece10 d6e1fd7d
  28b57d8c aaf49023 2037527e 9fcfa218 9883191f 60b221bf a561f2be d6882091
  0222b7a3 3880d6ac 49328d1f 2e085b15 6d1c1141 5f850e5c b6cb3e67 0e373591
  94a 82781 44493217 and 38097952 d 003 5552 5c445f1f 92f04039 a23fba20 b9d51b13
  f511f311 d1feb2bb 6d056a15 7e63cc1b 1f134677 8124c 024 3af56b97 51af8253
  486844bc b1954abe 8acd7108 5e4212df db835d76 98ffdb2b 8c8ab915 193b 8167
  0db3dd54 c8346b96 c4f4eff7 1e7cd576 a8b1f86e 3b868a6e 89
  quit smoking
  string encryption ca ASDM_TrustPoint1 certificates
  certificate a39a2b54
  3082025f 30820377 a0030201 020204 has 3 9a2b5430 0d06092a 864886f7 0d 010105
  0500304 06035504 03130767 36313137 30120603 55040513 6174652d 3110300e b
     
  c084dcd9 d250e194 abcb3eb8 1da93bd0 fb0dba1a b1c35b43 d547a841 5d4ee1a4
  14bdb207 7dd790a4 0cd 70471 5f3a896a 07bd56dc ea01b3dd 254cde88 e1490e97
  f3e54c05 551adde0 66aa3782 c85880c2 b162ec29 4e49346a df71062d 6d6d8f49
  62b9de93 ba07b4f7 a50e77e1 8f54b32b 6627cb27 e982b36f a 362973, 0 88de3272
  9bd6d4d2 8ca1e11f 214f20a9 78bdea95 78fdc45c d6d45674 6acb9bcb d0bd930e
  638eedfe cd559ab1 e1205c48 3ee9616f e631db55 e82b623c 434ffdc1 11020301
  0001 has 363 3061300f 0603551d 130101ff 0101ff30 04053003 0e060355 1d0f0101
  ff040403 1f060355 02018630 230418 30168014 0cea70bf 0d0e0c4b eb34a0b1 1 d
  8242 has 549 0603 551d0e04 1604140c ea70bf0d 0e0c4beb 34a0b182 301D 5183ccf9
  42a 54951 010105 05000382 0101004e 7bfe054a 0d 864886f7 0d06092a 83ccf930
  d434a27c 1d3dce15 529bdc5f 70a2dff1 98975de9 2a97333b 96077966 05a8e9ef
  bf320cbd ecec3819 ade20a86 9aeb5bde bd129c7b 29341e4b edf91473 f2bf235d
  9aaeae21 a629ccc6 3c79200b b9a89b08 bf38afb6 ea56b957 4430f692 a 4745, 411
  34d71fad 588e4e18 2b2d97af b2aae6b9 b6a22350 d031615b 49ea9b9f 2fdd82e6
  ebd4dccd df93c17e deceb796 f268abf1 881409b 5 89183841 f484f0e7 bd5f7b69
  ebf7481c faf69d3e 9d24df6e 9c2b0791 785019f7 a0d20e95 2ef35799 66ffc819
  4a77cdf2 c6fb4380 fe94c13c d4261655 7bf3d6ba 6289dc8b f9aad4e1 bd918fb7
  32916fe1 477666ab c2a3d591 a84dd435 51711f6e 93e2bd84 89884c
  quit smoking
  crypto isakmp identity address
  IKEv2 crypto policy 1
  aes-256 encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 10
  aes-192 encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 20
  aes encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 30
  3des encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 40
  the Encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  Crypto ikev2 activate outside_mgts port 443 customer service
  Crypto ikev2 access remote trustpoint ASDM_TrustPoint0
  Crypto ikev1 allow inside
  Crypto ikev1 enable outside_mgts
  IKEv1 crypto policy 10
  authentication crack
  aes-256 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 20
  authentication rsa - sig
  aes-256 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 30
  preshared authentication
  aes-256 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 40
  authentication crack
  aes-192 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 50
  authentication rsa - sig
  aes-192 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 60
  preshared authentication
  aes-192 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 70
  authentication crack
  aes encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 80
  authentication rsa - sig
  aes encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 90
  preshared authentication
  aes encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 100
  authentication crack
  3des encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 110
  authentication rsa - sig
  3des encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 120
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 130
  authentication crack
  the Encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 140
  authentication rsa - sig
  the Encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 150
  preshared authentication
  the Encryption
  sha hash
  Group 2
  life 86400
  Telnet timeout 5
  without ssh stricthostkeycheck
  SSH 10.1.72.0 255.255.255.0 inside
  SSH timeout 60
  SSH group dh-Group1-sha1 key exchange
  Console timeout 0
  vpnclient Server 91.188.180.X
  vpnclient mode network-extension-mode
  vpnclient nem-st-autoconnect
  VPN - L2L vpnclient vpngroup password *.
  vpnclient username aradetskayaL password *.
  dhcpd auto_config outside_mgts
  !
  dhcpd update dns replace all two interface inside
  !
  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  SSL-trust ASDM_TrustPoint0 inside point
  SSL-trust ASDM_TrustPoint0 outside_mgts point
  WebVPN
  Select outside_mgts
  internal GroupPolicy_91.188.180.X group strategy
  attributes of Group Policy GroupPolicy_91.188.180.X
  Ikev1 VPN-tunnel-Protocol
  internal group VPN - ST strategy
  attributes of group VPN - ST policy
  value of 195.34.31.50 DNS Server 8.8.8.8
  Ikev1 VPN-tunnel-Protocol
  Split-tunnel-policy tunnelspecified
  Split-tunnel-network-list value VPN-ST_splitTunnelAcl
  by default no
  aradetskayaL encrypted HR3qeva85hzXT6KK privilege 15 password username
  tunnel-group 91.188.180.X type ipsec-l2l
  attributes global-tunnel-group 91.188.180.X
  Group - default policy - GroupPolicy_91.188.180.42
  IPSec-attributes tunnel-group 91.188.180.X
  IKEv1 pre-shared-key *.
  remote control-IKEv2 pre-shared-key authentication *.
  remotely IKEv2 authentication certificate
  pre-shared-key authentication local IKEv2 *.
  remote access to tunnel-group VPN - ST type
  VPN-general ST-attributes tunnel-group
  address vpnpool pool
  Group Policy - by default-VPN-ST
  tunnel-group ipsec VPN ST-attributes
  IKEv1 pre-shared-key *.
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  maximum message length automatic of customer
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the preset_dns_map dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the rsh
  inspect the rtsp
  inspect sqlnet
  inspect the skinny
  inspect sunrpc
  inspect xdmcp
  inspect the sip
  inspect the netbios
  inspect the tftp
  Review the ip options
  inspect the icmp
  inspect the icmp error
  !
  global service-policy global_policy
  context of prompt hostname
  no remote anonymous reporting call
  Cryptochecksum:212e4f5035793d1c219fed57751983d8
  : end

  door-71 # sh crypto ikev1 his

  There are no SAs IKEv1

  door-71 # sh crypto ikev2 his

  There are no SAs IKEv2

  door-71 # sh crypto ipsec his

  
  There is no ipsec security associations
  door-71 # sh crypto isakmp

  There are no SAs IKEv1

  There are no SAs IKEv2

  Global statistics IKEv1
  The active Tunnels: 0
  Previous Tunnels: 0
  In bytes: 0
  In the packages: 0
  In packs of fall: 0
  In Notifys: 0
  In the constituencies of P2: 0
  In P2 invalid Exchange: 0
  In P2 Exchange rejects: 0
  Requests for removal in his P2: 0
  Bytes: 0
  Package: 0
  Fall packages: 0
  NOTIFYs out: 0

  
  Exchanges of P2: 0
  The Invalides Exchange P2: 0
  Exchange of P2 rejects: 0
  Requests to remove on P2 Sa: 0
  Tunnels of the initiator: 0
  Initiator fails: 0
  Answering machine fails: 0
  Ability system breaks down: 0
  AUTH failed: 0
  Decrypt failed: 0
  Valid hash fails: 0
  No failure his: 0

  IKEV1 statistics for Admission appeals
  In negotiating SAs Max: 25
  In negotiating SAs: 0
  In negotiating SAs Highwater: 0
  In negotiating SAs rejected: 0

  Global statistics IKEv2
  The active Tunnels: 0
  Previous Tunnels: 0
  In bytes: 0
  In the packages: 0
  In packs of fall: 0
  In Fragments of fall: 0
  In Notifys: 0
  In Exchange for the P2: 0
  In P2 invalid Exchange: 0
  In P2 Exchange rejects: 0
  In IPSEC delete: 0
  In delete IKE: 0
  Bytes: 0
  Package: 0
  Fall packages: 0
  Fragments of fall: 0
  NOTIFYs out: 0
  Exchange of P2: 0
  The Invalides Exchange P2: 0
  Exchange of P2 rejects: 0
  On IPSEC delete: 0
  The IKE Delete: 0
  Locally launched sAs: 0
  Locally launched sAs failed: 0
  SAs remotely initiated: 0
  SAs remotely initiated failed: 0
  System capacity: 0
  Authentication failures: 0
  Decrypt failures: 0
  Hash failures: 0
  Invalid SPI: 0
  In the Configs: 0
  Configs: 0
  In the Configs rejects: 0
  Configs rejects: 0
  Previous Tunnels: 0
  Previous Tunnels wraps: 0
  In the DPD Messages: 0
  The DPD Messages: 0
  The NAT KeepAlive: 0
  IKE recomposition launched locally: 0
  IKE returned to the remote initiated key: 0
  Generate a new key CHILD initiated locally: 0
  CHILD given to the remote initiated key: 0

  IKEV2 statistics for Admission appeals
  Max active SAs: no limit
  Max in negotiating SAs: 50
  Challenge cookie line: never
  Active sAs: 0
  In negotiating SAs: 0
  Incoming requests: 0
  Accepted incoming requests: 0
  A rejected incoming requests: 0
  Out of requests: 0
  Out of the applications accepted: 0
  The outgoing rejected requests: 0
  A rejected queries: 0
  Rejected at the SA: 0 Max limit
  Rejected low resources: 0
  Rejected the current reboot: 0
  Challenges of cookie: 0
  Cookies transmitted challenges: 0
  Challenges of cookie failed: 0

  IKEv1 global IPSec over TCP statistics
  --------------------------------
  Embryonic connections: 0
  Active connections: 0
  Previous connections: 0
  Incoming packets: 0
  Inbound packets ignored: 0
  Outgoing packets: 0
  Outbound packets ignored: 0
  The RST packets: 0
  Heartbeat Recevied ACK packets: 0
  Bad headers: 0
  Bad trailers: 0
  Chess timer: 0
  Checksum errors: 0
  Internal error: 0

   
  door-71 # sh statistical protocol all cryptographic
  [Statistics IKEv1]
  Encrypt packets of requests: 0
  Encapsulate packets of requests: 0
  Decrypt packets of requests: 0
  Decapsulating requests for package: 0
  HMAC calculation queries: 0
  ITS creation queries: 0
  SA asked to generate a new key: 0
  Deletion requests: 0
  Next phase of allocation key applications: 0
  Number of random generation queries: 0
  Failed requests: 0
  [Statistics IKEv2]
  Encrypt packets of requests: 0
  Encapsulate packets of requests: 0
  Decrypt packets of requests: 0
  Decapsulating requests for package: 0
  HMAC calculation queries: 0
  ITS creation queries: 0
  SA asked to generate a new key: 0
  Deletion requests: 0
  Next phase of allocation key applications: 0
  Number of random generation queries: 0
  Failed requests: 0
  [IPsec statistics]
  Encrypt packets of requests: 0
  Encapsulate packets of requests: 0
  Decrypt packets of requests: 0
  Decapsulating requests for package: 0
  HMAC calculation queries: 0
  
  ITS creation queries: 0
  SA asked to generate a new key: 0
  Deletion requests: 0
  Next phase of allocation key applications: 0
  Number of random generation queries: 0
  Failed requests: 0
  [SSL statistics]
  Encrypt packets of queries: 19331
  Encapsulate packets of queries: 19331
  Decrypt packets of queries: 437
  Package requests decapsulating: 437
  HMAC calculation queries: 19768
  ITS creation queries: 178
  SA asked to generate a new key: 0
  Requests to remove SA: 176
  Next phase of allocation key applications: 0
  Number of random generation queries: 0
  Failed requests: 0
  [Statistical SSH are not taken in charge]
  [Statistics SRTP]
  Encrypt packets of requests: 0
  Encapsulate packets of requests: 0
  Decrypt packets of requests: 0
  Decapsulating requests for package: 0
  HMAC calculation queries: 0
  ITS creation queries: 0
  SA asked to generate a new key: 0
  Deletion requests: 0
  Next phase of allocation key applications: 0
  Number of random generation queries: 0
  Failed requests: 0
  [Statistics]
  Encrypt packets of requests: 0
  Encapsulate packets of requests: 0
  Decrypt packets of requests: 0
  Decapsulating requests for package: 0
  HMAC calculation queries: 6238
  ITS creation queries: 0
  SA asked to generate a new key: 0
  Deletion requests: 0
  Next phase of allocation key applications: 0
  Number of queries random generation: 76
  Failure of queries: 9

  door-71 # sh crypto ca trustpoints

  Trustpoint ASDM_TrustPoint0:
  Configured for the production of a self-signed certificate.

  Trustpoint ASDM_TrustPoint1:
  Configured for the production of a self-signed certificate.

  If you need something more, then spread!
  Please explain why it is that I don't want to work?

  Hello

  When the IPSEC tunnel does not come to the top, the first thing comes to my mind is to run a tracer of package from the CLI and the phases in it. Please run this command from your firewall side and share the output. I've just compiled this command with the random ip address and ports of your given range.

  Packet-trace entry inside tcp 10.1.72.2 1233 10.1.61.2 443 detailed

  Best regards

  Amandine

• Widows XP does not connect to my network.

  Widows XP does not connect to my network. (wired or wireless) The network is functional and all I can understand is ipsec driver service could not start because the specified file is not found. I tried to reinstall the drivers for my wireless card, an external wireless adapter and plug it directly into the router. It detects the network but will not connect to it.

  This could be caused by a virus.  What application antivirus do you use, and is up to date?

  In particular, see tcpip.sys.

  There are probably several copies of this file on a typical system of Windows XP.  The copy of 'work' found in C:\Windows\system32\drivers with a backup copy in C:\Windows\system32\dllcache.

  You can have additional copies in C:\Windows\$hf_mig$\KB951748\SP3QFE and C:\Windows\$hf_mig$\KB2509553\SP3QFE

  Assuming that your system is up-to-date, the tcpip.sys version should be 5.1.2600.5625.  It should be 353 KB (361 600 bytes).

  You might consider doing a virus scan online with, for example, http://www.eset.com/us/online-scanner/ or download and analysis with the multi-AV tool of David Lipman, which you can find here http://www.multi-av.thespykiller.co.uk/

  I also suggest to download, install, update and equipped with a system full scan with two of these free tools:
  Malwarebytes AntiMalware
  SUPERAntiSpyware

• Atheros AR9285 in CQ61-410US wireless network card does not connect to the Internet after the update of the adapter driver

  I have a Compaq Presario CQ61-410US (WA974UA) which is equipped with an Atheros AR9285 B/G/N wireless network adapter.   The laptop Internet access was fast and stable when using a Wi - Fi N.   Its pilot AR9285 was the initial version of the 8.0.0.172 factory.  But because there were so many subsequent driver updates, I've updated the display driver version from the support page 8.9.9.316 (sp48755.exe).  However, after updating the driver, I immediately lost Internet access.   The laptop is running Windows 7 Home Premium with Service Pack 1 and 64-bit.

  The driver seems to be installed OK, but it does not connect to the Internet.  Here is the status of the driver: 1) in Device Manager it appears OK and is presented as working properly.  (2) in the results of IPCONFIG/all, it there is no entry for the wireless adapter and without IP addresses are affected.  Here are the results of the IPCONFIG/all command:

  C:\Users\Karen>ipconfig/all

  Windows IP configuration

  Name of the host...: KarensLaptop
  Primary Dns suffix...:
  Node... type: hybrid
  Active... IP routing: No.
  Active... proxy WINS: No.

  Ethernet connection to the Local network card:
   
  State of the media...: Media disconnected
  Connection - a DNS suffix is specific. :
  Description...: Realtek PCIe FE Family Controller
  Physical address: 00-26 - 9th - JJ - 83 - 9 c
  DHCP active...: Yes
  Autoconfiguration enabled... Yes

  Tunnel adapter isatap. {E52D6F3E-5080 4B3B - 8BE7 - B7CFD7E137D1}:

  State of the media...: Media disconnected
  Connection - a DNS suffix is specific. :
  ... Description: Microsoft ISHTHP adapter
  Physical address: 00-00 - 00 - 00 - 00 - 00 - 00 - E0
  DHCP active...: No.
  Auto connection...: Yes

  Map of tunnel Teredo Tunneling Pseudo - Interface:

  State of the media...:...: media disconnected
  Connection - a DNS suffix is specific. :
  ... Description: Teredo Tunneling Pseudo - Interface
  Physical address.... : 00-00 - 00 - 00 - 00 - 00 - 00 - E0
  DHCP active...: No.
  Autoconfiguration enabled...: Yes

  C:\Users\Karen >

  (3) Trying to Connect through connections network does not a list of known available networks and instead says "not connected - no connection is available."

  I have read several messages from the HP Forum and tried a lot of things, including the installation of various updates driver later thanks to the version 10.0.0.222, but I still can't the driver to connect to the Internet.  I also changed my router "n" has only B/G as the AR9285 pilot has a history of problems with Wireless N.  Even back to the original driver version 8.0.0.172 provides an Internet connection.

  Any advice would be appreciated.

  Hello:

  I'm glad that you were able to restore your internet connection.

  I'd go with the latest driver HP vice one from another source.

  The only time wherever I go outside HP for wireless network drivers is if you have an Intel wireless card.

  My recommendation is to use the free MS Security Essentials antivirus/antispyware, which never interfere with how "things important works" on your PC, such as network connections.

  http://www.Microsoft.com/en-US/Download/details.aspx?ID=5201

  Your router with a hardware firewall and a software firewall Windows. I don't see the importance of adding other firewalls.

  Unless you have a lot of albums secret info on your PC that pirates would like to get my hands on, these fully functional security roadblocks are adequate for most of us.

• New Windows 7 Asus computer laptop does not connect to internet

  ASUS A52JR - X 1 laptop computer

  He'll find a network.  It doesn't let me access the network files.  It does not connect to the internet, but it's getting an IP address.  DNS does not, even if it has the IP of the router listed as a DNS server.

  I disabled IPv6 based on other peoples problems, but it doesn't seem to help.  I tried to update the driver for the CARD, but it doesn't seem to help.   I'll try update driver video, to see if it helped, but the pilot was not available on the main site (Radeon 5470) and I don't know how it would be useful anyway.

  Diagnose Windows said try restarting the router, which I did, but it did not help.  If I skip this step, said diagnosis "the default gateway is not available."

  There is also a tunnel of the card, even after disabling IPv6.  I don't know if this is normal or not.

  Any help would be appreciated.

  What router are you using? You can turn off proxy DNS? If this is not
  possible, you should be able to get the IP addresses of the DNS servers of your ISP
  and configure those statically. The use of routers IP means that the router is
  Proxy DNS. Looks like proxy DNS does not work.
   
  On Wednesday, may 5, 2010 14:31:07 + 0000, Tedsternator wrote:
   
  > ASUS A52JR - X 1 laptop
  >
  > It will find a network. It doesn't let me access the network files. It does not connect to the internet, but it's getting an IP address. DNS does not, even if it has the IP of the router listed as a DNS server.
  >
  > I disabled IPv6 based on other peoples problems, but it doesn't seem to help. I tried to update the driver for the CARD, but it doesn't seem to help. I'll try update driver video, to see if it helped, but the pilot was not available on the main site (Radeon 5470) and I don't know how it would be useful anyway.
  >
  > Diagnose Windows said try restarting the router, which I did, but it did not help. If I skip this step, said diagnosis "the default gateway is not available."
  >
  > There is also a tunnel of the card, even after disabling IPv6. I don't know if this is normal or not.
  >
  > Any help would be appreciated.
   

  Barb Bowman www.digitalmediaphile.com

• App store, Safari and iTunes does not connect to the Internet after installing macOS Sierra

  App store, Safari and iTunes does not connect to the Internet after installing macOS Sierra

  After upgrade 'OS X El Capitan' to "macOS Sierra" window only empty "App store" and page "Safari" made its appearance, no error message shows. store "iTunes" and "Dictionary" does not connect too.

  But Google chrome works well.

  So have you tried the next steps in your original post that Safari does not work after installing macOS Sierra:

  (1) x OS: "Unable to connect" or "unable to connect to the App Store. An internet connection is required"- Apple Support

  2) Advanced the steps to correct the problems with the iTunes Store - Apple Support connection

• Messages does not connect to the Yahoo IM account?

  Messages app v9.2, currently works very well with my Google account and iMessage, also worked with my Yahoo Messenger account, but recently (today?) does not connect to it.

  I know that Yahoo has made changes to their Instant Messaging System. This change affected only Messages?

  Hello

  I can't connect either (I didn't realize that I do not use)

  However going on the Yahoo Site and change the password does nothing.

  With the help of their option 'insecure Apps' does nothing no more (there was an email saying I was using access to messaging through an unsafe application - but I have not used their messaging service for a very long time.)

  It does say read more suggests, is not Mail (after OS X 10.9 is OK)

  He does not on access to their e-mail service.

  There is no option in Messages to try to activate disable SSL you can with AIM or Jabber accounts

  I have looked in the help (a little) but still found nothing.

  

  20:49 Tuesday. October 4, 2016

   iMac 2.5 Ghz i5 2011 (El Capitan)
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro (Snow Leopard 10.6.8) 2 GB
   Mac OS X (10.6.8).
   iPhone and iPad (2)

• iPhone 5 sec Bluetooth does not connect

  My 5s Bluetooth iphone works fine one day, the next day it does not connect to my Boise, helmet or Fitbit.   My Bluetooth is on, I have it enabled or disabled and you have rebooted my phone.  I have updated to IOS 10.0.2.

  I was able to pair with my ipad.

  Hello

  Try the procedure described in this article to support > get help to connect a Bluetooth device accessory with your iPhone, iPad or iPod touch - Apple Support

• Bluetooth does not connect on iOS 10 and sierra OS

  I just bought an iphone 7, Apple Watch 2 and I updated my computer to sierra yesterday.

  I wanted to do the auto unlock with my watch, but my phone does not connect to the Mac with bluetooth. He wants to connect and the phone is displayed in the bluetooth settings, it says on my phone to pair if the numbers are the same, and then he "fails to connect. so im lost and I can't use my watch.

  I have reset my watch (by unpairing), iphone (by resetting all settings) and rebooted my computer.

  It seems that the "it just works era" is over for apple.

  If misery loves company, I'm here!  Just posted my new iphone 7 + setting BLUETOOTH is not 'discover' one of my devices (in 2015 Lexus and Bose radio/speakers).  In addition my iPad and iPad air are also not 'discover' devices!  I think that this happened once I installed the latest ios 10.0.2 software on all my devices.  Please reply if you receive some 'advice' from someone in the "know"!  Thank you!

• I just got a new modem (Arris SB6190) and now my Airport Extreme does not connect.  It worked fine with the previous modem (a rented one TWC).  Help!

  I just got a new modem (Arris SB6190) and now my Airport Extreme does not connect.  It worked fine with the previous modem (a rented one TWC).  Help!

  Always recommended to reset the airport back to settings by default and then set up again whenever you have a new modem or change your Internet Service provider.

  Turn off the new modem for at least 30 minutes. More is better.

  Perform a hard reset on the AirPort Extreme, then it turned off.

  Make sure that the Ethernet cable connects the modem to the "O" on the AirPort Extreme WAN port

  After the power of the modem 30 minutes down, turn on the modem and let it run for at least 5 minutes by itself.

  Then, turn on the airport and let it run a few minutes

  Set up AirPort Extreme again

  Important note... There are many reports of problems with the modem Arris SB and airports. Both are great products, but they do seem to work perfectly together for some users.

• Thunderbird does not connect with the server

  Another recent problem is Thunderbird does not connect with the server. I don't know if sent mail will go out, but I know I'm nothing receive. My internet connection works well for FF or another browser. I checked my settings and they seem OK. I checked the default settings in Win10x64 and they are correct. Any ideas?

  Although windows 10 is new for us all. How do solve you. I have other solution with very similar issues.